Comments (7)
I think that's an excellent idea!
That said, I'd probably prefer if this were just integrated directly into the stenographer binary instead of being a side-car, maybe flag-controlled to determine whether it exposes via the current method? Or just another endpoint?
from stenographer.
Agreed 100%. I have something I should be able to share soon for your review!
from stenographer.
@gconnell feel free to take a look at this branch whenever you have time: https://github.com/jshlbrd/stenographer/tree/feature/grpc. The gRPC server is implemented as a goroutine if the user supplies a specific config dictionary in steno.conf (see DESIGN.md in the branch for details) and it's designed to never crash stenotype et al. I have some ideas on how to iterate on this in the future (e.g. there are some stenoread queries clients should probably never try to execute, like "tcp" without time modifiers), but for v1, this is fully tested.
Here's a summary of the file changes:
- Added rpc/rpc.go
- Added protobuf/steno.proto
- Changed config/config.go to support Rpc configuration
- Changed stenographer.go to check for Rpc configuration and (if found) run gRPC server as a goroutine
- Updated README and DESIGN docs to describe Rpc functionality
Aside from any potential bugs in the code, I'm curious how the design of this update looks (especially the protobuf).
from stenographer.
This looks solid to me. The only outlying question I can immediately think of, having implemented something similar in the past, just not with gRPC as we discussed @jshlbrd - how does it handle a zero-length PCAP? So if stenographer doesn't find anything. If I recall correctly, the issue there is Stenographer will send back just the PCAP header, which is normally fine, but can cause problems otherwise. If there is an issue with this, I believe I have the changes I made and can submit a follow-up or side-saddle patch to take care of this situation. Basically, it returns a 404 instead of a header plus zero length PCAP data.
from stenographer.
@aeppert Good question -- it currently doesn't. However, there are multiple cases when gRPC will return a 0-byte stream:
https://github.com/jshlbrd/stenographer/blob/feature/grpc/rpc/rpc.go#L36-L38
https://github.com/jshlbrd/stenographer/blob/feature/grpc/rpc/rpc.go#L56-L60
https://github.com/jshlbrd/stenographer/blob/feature/grpc/rpc/rpc.go#L61-L65
If we'd like to handle the zero-length PCAP (IIRC this is when the resulting PCAP file is 24bytes, right?), then I'd suggest we do it similarly to those ("return nil"). Would probably make the most sense to do it here, right before the PCAP is chunked for streaming: https://github.com/jshlbrd/stenographer/blob/feature/grpc/rpc/rpc.go#L67
An alternate solution to returning nothing is to always return at least one message with a status code that describes what happened. This would alter the protobuf, but would not be difficult to add as long as we could define the status codes (e.g. successful extraction, successful extraction with truncation, general failure, zero-length PCAP, etc.)
For now, I've addressed this in this commit: jshlbrd@49dee77
from stenographer.
PR #202 is submitted, please feel free to review, comment, and make suggestions as you have time. Thanks guys!
from stenographer.
@gconnell This looks solid to me. I would say this meets a solid MVP and a nice step forward. Thoughts?
from stenographer.
Related Issues (20)
- Ubuntu 18.04 Seccomp Failures HOT 11
- Feature Request: Utility to dump offline stenographer sensor data to pcap HOT 4
- [Ubuntu] Stenotype keeps crashing HOT 9
- Prometheus metrics support
- Stenographer will not start on Ubuntu 16.04LTS HOT 1
- Temporary directory created before dropping privileges
- Wishlist: Community ID indexed flow extraction
- VLAN tags HOT 3
- multiple threads writing to same disk causes issues with disk cleanup HOT 10
- No such device exception seen while running install.sh on Ubuntu 18.04 HOT 1
- Export the packet through the stenoread and it will automatically break in 15 minutes HOT 1
- rpm created stenographer doesn't run HOT 3
- Notifying about index completion HOT 1
- Decapsulate ERSPAN
- Watchdog failure stenotype abort after 2 minutes (Debian 10) HOT 15
- BlockFile.AllPackets() fail when using non-standard blocksize
- Not able to set stenotype packet directory HOT 1
- Non-pretty results from output file open failure HOT 3
- PCAP-over-IP client in stenotype
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stenographer.