Herbert Wolverson
|
f44af37670
|
WIP - Compiles RTT data into the tracker, strong type RTTs to clarify the unit confusion. Web side is not done yet.
|
2024-03-15 12:15:11 -05:00 |
|
Herbert Wolverson
|
56b170f7e4
|
Truly minimal RTT to userspace eBPF ringbuffer implementation. This
breaks a lot of things - no RTTs are currently recorded or acted
upon. The goal is to measure the scale of the load hit for receiving
these events.
|
2024-03-15 09:45:49 -05:00 |
|
Herbert Wolverson
|
3ad023f69c
|
Fix circuit flows display from last patch.
|
2024-03-15 09:02:07 -05:00 |
|
Herbert Wolverson
|
318e20dad7
|
These numbers line up on the iZones tracker, with wireshark dumps for comparison. This is a WIP - don't apply this. Unbreaking some of my previous code.
|
2024-03-15 08:32:06 -05:00 |
|
Herbert Wolverson
|
56dd4b6750
|
It's not quite done yet, but I spent the last 2 hours matching observed RTT, checking with Wireshark, and looking to see if the numbers line up. Implements a small buffer for RTT values per flow. Shrinks some stack entries. Will require a map rebuild.
|
2024-03-14 14:07:06 -05:00 |
|
Herbert Wolverson
|
69508d2753
|
Remove two variables and use pointers instead to save stack space.
|
2024-03-14 12:40:33 -05:00 |
|
Herbert Wolverson
|
a937820a87
|
Move rate estimate from 64-bits to 32-bits, saving some bytes.
|
2024-03-14 11:03:43 -05:00 |
|
Herbert Wolverson
|
8ec361b095
|
Fix a reporting message that was meant to be compile-conditional.
|
2024-03-14 10:42:22 -05:00 |
|
Herbert Wolverson
|
fbb3960b50
|
Warning fix
|
2024-03-14 08:52:36 -05:00 |
|
Herbert Wolverson
|
eab9df4874
|
Missing file from previous commit
|
2024-03-13 14:56:59 -05:00 |
|
Herbert Wolverson
|
fb91e8313a
|
Very silly commit - adds a /showoff page to the node manager firing particles from all endpoints at my ISP in Missouri. Will turn into something useful in the future.
|
2024-03-13 14:45:53 -05:00 |
|
Herbert Wolverson
|
a63ff0a6f1
|
Rename all flowbee "retries" to "tcp_retransmits" in code, and
"retransmits" in visible HTML.
|
2024-03-13 08:20:36 -05:00 |
|
Herbert Wolverson
|
fae96280b9
|
Actually limit the top 10 endpoints to being 10
|
2024-03-12 16:41:57 -05:00 |
|
Herbert Wolverson
|
c16f06b0ab
|
Sort countries by download bytes not upload
|
2024-03-12 15:47:29 -05:00 |
|
Herbert Wolverson
|
66a19c04a4
|
First example of an actual summary report - we can group flow endpoints in a 5-minute report.
|
2024-03-12 15:19:07 -05:00 |
|
Herbert Wolverson
|
1fb5838ebe
|
Remove a test call that was spamming the logs.
|
2024-03-12 14:46:47 -05:00 |
|
Herbert Wolverson
|
e46aafe5ae
|
Silly performance: making 12k mutex locks when I need one was really dumb.
|
2024-03-12 14:20:35 -05:00 |
|
Herbert Wolverson
|
5a3f90412d
|
Working geocode system, albeit not as useful as I hoped.
|
2024-03-12 14:02:36 -05:00 |
|
Herbert Wolverson
|
55f24cf71b
|
Revert previous bad idea
|
2024-03-12 11:38:19 -05:00 |
|
Herbert Wolverson
|
07239b3d24
|
That should avoid some flow duplication that was hitting too hard.
|
2024-03-12 11:30:13 -05:00 |
|
Herbert Wolverson
|
3ca7ca8a0d
|
Lower threshold for capturing RTT by rate
|
2024-03-12 10:52:41 -05:00 |
|
Herbert Wolverson
|
e20d6d39b0
|
Another try at a flow system that cleans up.
|
2024-03-12 10:29:08 -05:00 |
|
Herbert Wolverson
|
3d9b52e627
|
More cleanup and logic improvements based on observation. In particular, flow cleanup is more accurate now, and we're a bit more aggressive in what RTT data we accept.
|
2024-03-12 08:57:29 -05:00 |
|
Herbert Wolverson
|
213a27498e
|
Improve the flow cleanup logic.
|
2024-03-12 08:21:33 -05:00 |
|
Herbert Wolverson
|
79247e07f0
|
Fix a really silly mistake. I did NOT mean to always store the worst RTT we've ever seen.
|
2024-03-11 15:26:23 -05:00 |
|
Herbert Wolverson
|
d93726e538
|
Only report RTT for flows exceeding 4kbps - to eliminate noise from basically idle connections.
|
2024-03-11 15:03:47 -05:00 |
|
Herbert Wolverson
|
71fd1d558f
|
Probable fix for building this on earlier kernel versions.
|
2024-03-11 14:04:41 -05:00 |
|
Herbert Wolverson
|
445cdcda81
|
Remove most of the Heimdall mode 1 path, cleaning up the execution path now that we have global flow tracking.
|
2024-03-11 13:27:42 -05:00 |
|
Herbert Wolverson
|
91a48bc275
|
Use the new flows system rather than Heimdall to display the circuits flows tab. Not complete yet - the backend is all there still. Also needs some tweaking on the hyperfocus for packet capture mode.
|
2024-03-11 12:24:18 -05:00 |
|
Herbert Wolverson
|
eb281b3edd
|
Revert from a dashmap to a regular mutex for the flow container. Performance improved, and flow removal is less troublesome.
|
2024-03-11 11:20:27 -05:00 |
|
Herbert Wolverson
|
82ecd5eb17
|
Eliminate all time fetching calls except one, and store the result in the dissector. Minor speed improvement.
|
2024-03-10 21:11:55 -05:00 |
|
Herbert Wolverson
|
4a8be30c09
|
First update of the 'recently finished flows' mechanism for tracking the last 5 minutes of data.
|
2024-03-09 10:29:49 -06:00 |
|
Herbert Wolverson
|
79fa1d42a8
|
Revert per-ms timings for now.
|
2024-03-08 14:53:49 -06:00 |
|
Herbert Wolverson
|
1fb151aa1b
|
Minimal protocol analysis beginnings.
|
2024-03-08 14:52:02 -06:00 |
|
Herbert Wolverson
|
5202f447dc
|
Begin adding a little UI
|
2024-03-08 14:03:29 -06:00 |
|
Herbert Wolverson
|
6b384b2a5f
|
Include ASN assessment in flows data.
|
2024-03-08 13:15:49 -06:00 |
|
Herbert Wolverson
|
b1cd8e5ed4
|
Setup initial stage of ASN analysis - downloading and loading the table, periodic upgrades.
|
2024-03-08 12:11:37 -06:00 |
|
Herbert Wolverson
|
9c7a9849ad
|
Replace mutex locked vector with a dashmap for flow data, to ease sharing and update rather than replace cycle.
|
2024-03-08 09:32:15 -06:00 |
|
Herbert Wolverson
|
b7d43567ff
|
Reworked the NetFlow code to batch packets into single submissions of up to 30 packets at a time.
|
2024-03-07 12:51:08 -06:00 |
|
Herbert Wolverson
|
04b0cd4246
|
Fix warning
|
2024-03-07 11:38:12 -06:00 |
|
Herbert Wolverson
|
33c1efdd2c
|
IPv6 encoding matches the same pattern, needs testing.
|
2024-03-07 11:27:33 -06:00 |
|
Herbert Wolverson
|
34a2ec7b88
|
Refactor netflow v9 into readable code, and the IPv4 version is at least somewhat working now.
|
2024-03-07 11:19:02 -06:00 |
|
Herbert Wolverson
|
10c56f9353
|
This time with a theoretically valid header...
|
2024-03-05 14:54:57 -06:00 |
|
Herbert Wolverson
|
b649f7004e
|
Netflow v9. Probably doesn't work yet, committing before I change PC.
|
2024-03-05 14:05:18 -06:00 |
|
Herbert Wolverson
|
a5bef2851a
|
Refactor to clean code up.
|
2024-03-05 11:02:47 -06:00 |
|
Herbert Wolverson
|
f0ddbe62f8
|
Netflow V5 is largely working. Still a few kinks to work out, but the exporter sends them out - and they are received correctly by my test ehnt setup.
|
2024-03-05 09:31:49 -06:00 |
|
Herbert Wolverson
|
43befe6c9c
|
Enable binpacking for on-a-stick mode.
|
2024-03-05 09:08:41 -06:00 |
|
Herbert Wolverson
|
bc5a6d68a1
|
Fix on-a-stick support.
|
2024-03-05 08:45:36 -06:00 |
|
Herbert Wolverson
|
28e861aeee
|
First attempt at adding NetFlow v5 support.
|
2024-03-05 08:44:57 -06:00 |
|
Herbert Wolverson
|
13f2fabe4c
|
Merge branch 'develop' into per_flow
|
2024-03-02 09:16:08 -06:00 |
|