github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/enforcer/nfqdatapath/nflog/nflog_windows.go

github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/enforcer/nfqdatapath/nflog/nflog_windows.go (about)

     1  // +build windows
     2  
     3  package nflog
     4  
     5  import (
     6  	"context"
     7  	"fmt"
     8  	"syscall"
     9  	"time"
    10  
    11  	"go.aporeto.io/enforcerd/trireme-lib/collector"
    12  	"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/counters"
    13  	"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/packet"
    14  	"go.aporeto.io/enforcerd/trireme-lib/utils/cache"
    15  	"go.aporeto.io/enforcerd/trireme-lib/utils/frontman"
    16  	"go.uber.org/zap"
    17  )
    18  
    19  // NfLogWindows has nflog data for windows
    20  type NfLogWindows struct { // nolint:golint // ignore type name stutters
    21  	getPUContext    GetPUContextFunc
    22  	ipv4groupSource uint16
    23  	ipv4groupDest   uint16
    24  	collector       collector.EventCollector
    25  	flowReportCache cache.DataStore
    26  }
    27  
    28  // NewNFLogger provides an NFLog instance
    29  func NewNFLogger(ipv4groupSource, ipv4groupDest uint16, getPUContext GetPUContextFunc, collector collector.EventCollector) NFLogger {
    30  	nfLog := &NfLogWindows{
    31  		ipv4groupSource: ipv4groupSource,
    32  		ipv4groupDest:   ipv4groupDest,
    33  		collector:       collector,
    34  		getPUContext:    getPUContext,
    35  	}
    36  	nfLog.flowReportCache = cache.NewCacheWithExpirationNotifier("flowReportCache", time.Second*5, nfLog.logExpirationNotifier)
    37  	return nfLog
    38  }
    39  
    40  // Run does nothing for Windows
    41  func (n *NfLogWindows) Run(ctx context.Context) {
    42  }
    43  
    44  // NfLogHandler handles log info from our Windows driver
    45  func (n *NfLogWindows) NfLogHandler(logPacketInfo *frontman.LogPacketInfo, packetHeaderBytes []byte) error {
    46  	var puIsSource bool
    47  	switch uint16(logPacketInfo.GroupID) {
    48  	case n.ipv4groupSource:
    49  		puIsSource = false
    50  	case n.ipv4groupDest:
    51  		puIsSource = true
    52  	default:
    53  		return fmt.Errorf("unrecognized log group id: %d", logPacketInfo.GroupID)
    54  	}
    55  
    56  	ipPacket, err := packet.New(packet.PacketTypeNetwork, packetHeaderBytes, "", false)
    57  	if err != nil {
    58  		counters.IncrementCounter(counters.ErrNfLogError)
    59  		zap.L().Debug("Error while processing nflog packet", zap.Error(err))
    60  		return nil
    61  	}
    62  
    63  	record, packetEvent, err := recordFromNFLogData(packetHeaderBytes, syscall.UTF16ToString(logPacketInfo.LogPrefix[:]),
    64  		ipPacket.IPProto(), ipPacket.SourceAddress(), ipPacket.DestinationAddress(), ipPacket.SourcePort(), ipPacket.DestPort(),
    65  		n.getPUContext, puIsSource)
    66  	if err != nil {
    67  		return err
    68  	}
    69  
    70  	if record != nil {
    71  		handleFlowReport(n.flowReportCache, n.collector, record, puIsSource)
    72  	}
    73  	if packetEvent != nil {
    74  		n.collector.CollectPacketEvent(packetEvent)
    75  	}
    76  
    77  	return nil
    78  }
    79  
    80  func (n *NfLogWindows) logExpirationNotifier(_ interface{}, item interface{}) {
    81  	if item != nil {
    82  		// Basically we had an observed flow report that didn't get reported yet.
    83  		record := item.(*collector.FlowRecord)
    84  		n.collector.CollectFlowEvent(record)
    85  	}
    86  }