connections

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2021 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NetlinkFlowToAntreaConnection 

func NetlinkFlowToAntreaConnection(conn *conntrack.Flow) *flowexporter.Connection

func NewConnTrackOvsAppCtl 

func NewConnTrackOvsAppCtl(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, isAntreaProxyEnabled bool) *connTrackOvsCtl

func NewConnTrackSystem 

func NewConnTrackSystem(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, isAntreaProxyEnabled bool) *connTrackSystem

TODO: detect the endianness of the system when initializing conntrack dumper to handle situations on big-endian platforms. All connection labels are required to store in little endian format in conntrack dumper.

func NewConnectionStore 

func NewConnectionStore(
	ifaceStore interfacestore.InterfaceStore,
	proxier proxy.Proxier,
	staleConnectionTimeout time.Duration,
) connectionStore

func SetupConntrackParameters 

func SetupConntrackParameters() error

Types

type ConnTrackDumper 

type ConnTrackDumper interface {
	// DumpFlows returns a list of filtered connections and the number of total connections.
	DumpFlows(zoneFilter uint16) ([]*flowexporter.Connection, int, error)
	// GetMaxConnections returns the size of the connection tracking table.
	GetMaxConnections() (int, error)
}

ConnTrackDumper is an interface that is used to dump connections from conntrack module. This supports dumping through netfilter socket (OVS kernel datapath) and ovs-appctl command (OVS userspace datapath). In future, support will be extended to Windows.

func InitializeConnTrackDumper 

func InitializeConnTrackDumper(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, ovsDatapathType ovsconfig.OVSDatapathType, isAntreaProxyEnabled bool) ConnTrackDumper

InitializeConnTrackDumper initializes the ConnTrackDumper interface for different OS and datapath types.

type ConntrackConnectionStore 

type ConntrackConnectionStore struct {
	// contains filtered or unexported fields
}

func NewConntrackConnectionStore 

func NewConntrackConnectionStore(
	connTrackDumper ConnTrackDumper,
	flowRecords *flowrecords.FlowRecords,
	ifaceStore interfacestore.InterfaceStore,
	v4Enabled bool,
	v6Enabled bool,
	proxier proxy.Proxier,
	npQuerier querier.AgentNetworkPolicyInfoQuerier,
	pollInterval time.Duration,
	staleConnectionTimeout time.Duration,
) *ConntrackConnectionStore

func (*ConntrackConnectionStore) AddConnToMap added in v1.2.0 

func (cs *ConntrackConnectionStore) AddConnToMap(connKey *flowexporter.ConnectionKey, conn *flowexporter.Connection)

AddConnToMap adds the connection to connections map given connection key. This is used only for unit tests.

func (*ConntrackConnectionStore) AddOrUpdateConn 

func (cs *ConntrackConnectionStore) AddOrUpdateConn(conn *flowexporter.Connection)

AddOrUpdateConn updates the connection if it is already present, i.e., update timestamp, counters etc., or adds a new connection with the resolved K8s metadata.

func (*ConntrackConnectionStore) DeleteConnWithoutLock 

func (cs *ConntrackConnectionStore) DeleteConnWithoutLock(connKey flowexporter.ConnectionKey) error

DeleteConnWithoutLock deletes the connection from the connection map given the connection key without grabbing the lock. Caller is expected to grab lock.

func (*ConntrackConnectionStore) ForAllConnectionsDo 

func (cs *ConntrackConnectionStore) ForAllConnectionsDo(callback flowexporter.ConnectionMapCallBack) error

ForAllConnectionsDo execute the callback for each connection in connection map.

func (*ConntrackConnectionStore) GetConnByKey 

func (cs *ConntrackConnectionStore) GetConnByKey(connKey flowexporter.ConnectionKey) (*flowexporter.Connection, bool)

GetConnByKey gets the connection in connection map given the connection key.

func (*ConntrackConnectionStore) Poll 

func (cs *ConntrackConnectionStore) Poll() ([]int, error)

Poll calls into conntrackDumper interface to dump conntrack flows. It returns the number of connections for each address family, as a slice. In dual-stack clusters, the slice will contain 2 values (number of IPv4 connections first, then number of IPv6 connections). TODO: As optimization, only poll invalid/closed connections during every poll, and poll the established connections right before the export.

func (*ConntrackConnectionStore) Run 

func (cs *ConntrackConnectionStore) Run(stopCh <-chan struct{})

Run enables the periodical polling of conntrack connections at a given flowPollInterval.

type DenyConnectionStore 

type DenyConnectionStore struct {
	// contains filtered or unexported fields
}

func NewDenyConnectionStore 

func NewDenyConnectionStore(ifaceStore interfacestore.InterfaceStore,
	proxier proxy.Proxier, staleConnectionTimeout time.Duration) *DenyConnectionStore

func (*DenyConnectionStore) AddConnToMap added in v1.2.0 

func (cs *DenyConnectionStore) AddConnToMap(connKey *flowexporter.ConnectionKey, conn *flowexporter.Connection)

AddConnToMap adds the connection to connections map given connection key. This is used only for unit tests.

func (*DenyConnectionStore) AddOrUpdateConn 

func (ds *DenyConnectionStore) AddOrUpdateConn(conn *flowexporter.Connection, timeSeen time.Time, bytes uint64)

AddOrUpdateConn updates the connection if it is already present, i.e., update timestamp, counters etc., or adds a new connection with the resolved K8s metadata.

func (*DenyConnectionStore) DeleteConnWithoutLock 

func (ds *DenyConnectionStore) DeleteConnWithoutLock(connKey flowexporter.ConnectionKey) error

DeleteConnWithoutLock deletes the connection from the connection map given the connection key without grabbing the lock. Caller is expected to grab lock.

func (*DenyConnectionStore) ForAllConnectionsDo 

func (cs *DenyConnectionStore) ForAllConnectionsDo(callback flowexporter.ConnectionMapCallBack) error

ForAllConnectionsDo execute the callback for each connection in connection map.

func (*DenyConnectionStore) GetConnByKey 

func (cs *DenyConnectionStore) GetConnByKey(connKey flowexporter.ConnectionKey) (*flowexporter.Connection, bool)

GetConnByKey gets the connection in connection map given the connection key.

func (*DenyConnectionStore) ResetConnStatsWithoutLock 

func (ds *DenyConnectionStore) ResetConnStatsWithoutLock(connKey flowexporter.ConnectionKey)

ResetConnStatsWithoutLock resets DeltaBytes and DeltaPackets of connection after exporting without grabbing the lock. Caller is expected to grab lock.

func (*DenyConnectionStore) RunPeriodicDeletion added in v1.2.1 

func (ds *DenyConnectionStore) RunPeriodicDeletion(stopCh <-chan struct{})

type NetFilterConnTrack 

type NetFilterConnTrack interface {
	Dial() error
	DumpFlowsInCtZone(zoneFilter uint16) ([]*flowexporter.Connection, error)
}

NetFilterConnTrack interface helps for testing the code that contains the third party library functions ("github.com/ti-mo/conntrack")

Source Files

View all Source files

Directories

Path Synopsis
Package testing is a generated GoMock package.
 Package testing is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.