- conntrack/event.go: TrafficEvent type - conntrack/filter.go: WG subnet filter, IsExternal, ProtoName - conntrack/subscriber.go: netlink conntrack DESTROY subscriber - writer/log.go: JSON line writer with mutex - resolver/peers.go: WG IP → peer name from conf files + endpoint index - resolver/services.go: IP:port → service name from services.json - config/config.go: reads wgctl.json, sensible defaults - cmd/root.go: CLI flags - main.go: wires everything together - DESTROY events only: full byte/packet counts per connection - filters to WireGuard subnet, marks external traffic
29 lines
No EOL
874 B
Go
29 lines
No EOL
874 B
Go
package conntrack
|
|
|
|
import "time"
|
|
|
|
// EventType represents the type of traffic event
|
|
type EventType string
|
|
|
|
const (
|
|
EventAccept EventType = "accept"
|
|
EventExternal EventType = "external"
|
|
)
|
|
|
|
// TrafficEvent is the normalized event written to the log
|
|
type TrafficEvent struct {
|
|
Timestamp time.Time `json:"ts"`
|
|
Peer string `json:"peer"`
|
|
SrcIP string `json:"src_ip"`
|
|
DstIP string `json:"dst_ip"`
|
|
DstPort uint16 `json:"dst_port"`
|
|
Proto string `json:"proto"`
|
|
BytesOrig uint64 `json:"bytes_orig"`
|
|
BytesReply uint64 `json:"bytes_reply"`
|
|
PacketsOrig uint64 `json:"packets_orig"`
|
|
PacketsReply uint64 `json:"packets_reply"`
|
|
DurationSec float64 `json:"duration_sec"`
|
|
Service string `json:"service,omitempty"`
|
|
Event EventType `json:"event"`
|
|
External bool `json:"external"`
|
|
} |