Documentation

Index

Constants

View Source
const (
	DbgCaptureUnspec = iota
	DbgCaptureReserved1
	DbgCaptureReserved2
	DbgCaptureReserved3
	DbgCaptureDelivery
	DbgCaptureFromLb
	DbgCaptureAfterV46
	DbgCaptureAfterV64
	DbgCaptureProxyPre
	DbgCaptureProxyPost
	DbgCaptureSnatPre
	DbgCaptureSnatPost
)

    must be in sync with <bpf/lib/dbg.h>

    View Source
    const (
    	DbgUnspec = iota
    	DbgGeneric
    	DbgLocalDelivery
    	DbgEncap
    	DbgLxcFound
    	DbgPolicyDenied
    	DbgCtLookup
    	DbgCtLookupRev
    	DbgCtMatch
    	DbgCtCreated
    	DbgCtCreated2
    	DbgIcmp6Handle
    	DbgIcmp6Request
    	DbgIcmp6Ns
    	DbgIcmp6TimeExceeded
    	DbgCtVerdict
    	DbgDecap
    	DbgPortMap
    	DbgErrorRet
    	DbgToHost
    	DbgToStack
    	DbgPktHash
    	DbgLb6LookupMaster
    	DbgLb6LookupMasterFail
    	DbgLb6LookupBackendSlot
    	DbgLb6LookupBackendSlotSuccess
    	DbgLb6LookupBackendSlotV2Fail
    	DbgLb6LookupBackendFail
    	DbgLb6ReverseNatLookup
    	DbgLb6ReverseNat
    	DbgLb4LookupMaster
    	DbgLb4LookupMasterFail
    	DbgLb4LookupBackendSlot
    	DbgLb4LookupBackendSlotSuccess
    	DbgLb4LookupBackendSlotV2Fail
    	DbgLb4LookupBackendFail
    	DbgLb4ReverseNatLookup
    	DbgLb4ReverseNat
    	DbgLb4LoopbackSnat
    	DbgLb4LoopbackSnatRev
    	DbgCtLookup4
    	DbgRRBackendSlotSel
    	DbgRevProxyLookup
    	DbgRevProxyFound
    	DbgRevProxyUpdate
    	DbgL4Policy
    	DbgNetdevInCluster
    	DbgNetdevEncap4
    	DbgCTLookup41
    	DbgCTLookup42
    	DbgCTCreated4
    	DbgCTLookup61
    	DbgCTLookup62
    	DbgCTCreated6
    	DbgSkipProxy
    	DbgL4Create
    	DbgIPIDMapFailed4
    	DbgIPIDMapFailed6
    	DbgIPIDMapSucceed4
    	DbgIPIDMapSucceed6
    	DbgLbStaleCT
    	DbgInheritIdentity
    	DbgSkLookup4
    	DbgSkLookup6
    	DbgSkAssign
    )

      must be in sync with <bpf/lib/dbg.h>

      View Source
      const (
      	CtNew uint32 = iota
      	CtEstablished
      	CtReply
      	CtRelated
      )

        must be in sync with <bpf/lib/conntrack.h>

        View Source
        const (
        	// PolicyVerdictNotifyLen is the amount of packet data provided in a Policy notification
        	PolicyVerdictNotifyLen = 32
        
        	// PolicyVerdictNotifyFlagDirection is the bit mask in Flags that
        	// corresponds to the direction of a traffic
        	PolicyVerdictNotifyFlagDirection = 0x3
        
        	// PolicyVerdictNotifyFlagIsIPv6 is the bit mask in Flags that
        	// corresponds to whether the traffic is IPv6 or not
        	PolicyVerdictNotifyFlagIsIPv6 = 0x4
        
        	// PolicyVerdictNotifyFlagMatchType is the bit mask in Flags that
        	// corresponds to the policy match type
        	PolicyVerdictNotifyFlagMatchType = 0x38
        
        	// PolicyVerdictNotifyFlagIsAudited is the bit mask in Flags that
        	// corresponds to whether the traffic was allowed due to the audit mode
        	PolicyVerdictNotifyFlagIsAudited = 0x40
        
        	// PolicyVerdictNotifyFlagMatchTypeBitOffset is the bit offset in Flags that
        	// corresponds to the policy match type
        	PolicyVerdictNotifyFlagMatchTypeBitOffset = 3
        )
        View Source
        const (
        	TraceNotifyVersion0 = iota
        	TraceNotifyVersion1
        )
        View Source
        const (
        	TraceReasonPolicy = iota
        	TraceReasonCtEstablished
        	TraceReasonCtReply
        	TraceReasonCtRelated
        	TraceReasonCtReopened
        )

          Reasons for forwarding a packet.

          View Source
          const (
          	// DebugCaptureLen is the amount of packet data in a packet capture message
          	DebugCaptureLen = 24
          )
          View Source
          const (
          	// DropNotifyLen is the amount of packet data provided in a drop notification
          	DropNotifyLen = 32
          )
          View Source
          const (
          	// TraceNotifyFlagIsIPv6 is set in TraceNotify.Flags when the
          	// notification refers to an IPv6 flow
          	TraceNotifyFlagIsIPv6 uint8 = 1
          )
          View Source
          const (
          
          	// TraceReasonEncryptMask is the bit used to indicate encryption or not
          	TraceReasonEncryptMask uint8 = 0x80
          )

          Variables

          This section is empty.

          Functions

          func DecodeTraceNotify

          func DecodeTraceNotify(data []byte, tn *TraceNotify) error

            DecodeTraceNotify will decode 'data' into the provided TraceNotify structure

            func Dissect

            func Dissect(dissect bool, data []byte)

              Dissect parses and prints the provided data if dissect is set to true, otherwise the data is printed as HEX output

              func GetAllTypes

              func GetAllTypes() []string

                GetAllTypes returns a slice of all known message types, sorted

                func GetConnectionSummary

                func GetConnectionSummary(data []byte) string

                  GetConnectionSummary decodes the data into layers and returns a connection summary in the format:

                  - sIP:sPort -> dIP:dPort, e.g. 1.1.1.1:2000 -> 2.2.2.2:80 - sIP -> dIP icmpCode, 1.1.1.1 -> 2.2.2.2 echo-request

                  func GetPolicyActionString

                  func GetPolicyActionString(verdict int32, audit bool) string

                    GetPolicyActionString returns the action string corresponding to the action

                    Types

                    type ConnectionInfo

                    type ConnectionInfo struct {
                    	SrcIP    net.IP
                    	DstIP    net.IP
                    	SrcPort  uint16
                    	DstPort  uint16
                    	Proto    string
                    	IcmpCode string
                    }

                      ConnectionInfo contains tuple information and icmp code for a connection

                      func GetConnectionInfo

                      func GetConnectionInfo(data []byte) *ConnectionInfo

                        GetConnectionInfo returns the ConnectionInfo structure from data

                        type DebugCapture

                        type DebugCapture struct {
                        	Type    uint8
                        	SubType uint8
                        	// Source, if populated, is the ID of the source endpoint.
                        	Source  uint16
                        	Hash    uint32
                        	Len     uint32
                        	OrigLen uint32
                        	Arg1    uint32
                        	Arg2    uint32
                        }

                          DebugCapture is the metadata sent along with a captured packet frame

                          func (*DebugCapture) DumpInfo

                          func (n *DebugCapture) DumpInfo(data []byte)

                            DumpInfo prints a summary of the capture messages.

                            func (*DebugCapture) DumpJSON

                            func (n *DebugCapture) DumpJSON(data []byte, cpuPrefix string)

                              DumpJSON prints notification in json format

                              func (*DebugCapture) DumpVerbose

                              func (n *DebugCapture) DumpVerbose(dissect bool, data []byte, prefix string)

                                DumpVerbose prints the captured packet in human readable format

                                type DebugCaptureVerbose

                                type DebugCaptureVerbose struct {
                                	CPUPrefix string `json:"cpu,omitempty"`
                                	Type      string `json:"type,omitempty"`
                                	Mark      string `json:"mark,omitempty"`
                                	Message   string `json:"message,omitempty"`
                                	Prefix    string `json:"prefix,omitempty"`
                                
                                	Source uint16 `json:"source"`
                                	Bytes  uint32 `json:"bytes"`
                                
                                	Summary string `json:"summary,omitempty"`
                                }

                                  DebugCaptureVerbose represents a json notification printed by monitor

                                  func DebugCaptureToVerbose

                                  func DebugCaptureToVerbose(n *DebugCapture) DebugCaptureVerbose

                                    DebugCaptureToVerbose creates verbose notification from base TraceNotify

                                    type DebugMsg

                                    type DebugMsg struct {
                                    	Type    uint8
                                    	SubType uint8
                                    	Source  uint16
                                    	Hash    uint32
                                    	Arg1    uint32
                                    	Arg2    uint32
                                    	Arg3    uint32
                                    }

                                      DebugMsg is the message format of the debug message found in the BPF ring buffer

                                      func (*DebugMsg) Dump

                                      func (n *DebugMsg) Dump(prefix string)

                                        Dump prints the debug message in a human readable format.

                                        func (*DebugMsg) DumpInfo

                                        func (n *DebugMsg) DumpInfo(data []byte)

                                          DumpInfo prints a summary of a subset of the debug messages which are related to sending, not processing, of packets.

                                          func (*DebugMsg) DumpJSON

                                          func (n *DebugMsg) DumpJSON(cpuPrefix string)

                                            DumpJSON prints notification in json format

                                            type DissectSummary

                                            type DissectSummary struct {
                                            	Ethernet string `json:"ethernet,omitempty"`
                                            	IPv4     string `json:"ipv4,omitempty"`
                                            	IPv6     string `json:"ipv6,omitempty"`
                                            	TCP      string `json:"tcp,omitempty"`
                                            	UDP      string `json:"udp,omitempty"`
                                            	ICMPv4   string `json:"icmpv4,omitempty"`
                                            	ICMPv6   string `json:"icmpv6,omitempty"`
                                            	L2       *Flow  `json:"l2,omitempty"`
                                            	L3       *Flow  `json:"l3,omitempty"`
                                            	L4       *Flow  `json:"l4,omitempty"`
                                            }

                                              DissectSummary bundles decoded layers into json-marshallable message

                                              func GetDissectSummary

                                              func GetDissectSummary(data []byte) *DissectSummary

                                                GetDissectSummary returns DissectSummary created from data

                                                type DropNotify

                                                type DropNotify struct {
                                                	Type     uint8
                                                	SubType  uint8
                                                	Source   uint16
                                                	Hash     uint32
                                                	OrigLen  uint32
                                                	CapLen   uint32
                                                	SrcLabel uint32
                                                	DstLabel uint32
                                                	DstID    uint32
                                                	Unused   uint32
                                                }

                                                  DropNotify is the message format of a drop notification in the BPF ring buffer

                                                  func (*DropNotify) DumpInfo

                                                  func (n *DropNotify) DumpInfo(data []byte)

                                                    DumpInfo prints a summary of the drop messages.

                                                    func (*DropNotify) DumpJSON

                                                    func (n *DropNotify) DumpJSON(data []byte, cpuPrefix string)

                                                      DumpJSON prints notification in json format

                                                      func (*DropNotify) DumpVerbose

                                                      func (n *DropNotify) DumpVerbose(dissect bool, data []byte, prefix string)

                                                        DumpVerbose prints the drop notification in human readable form

                                                        type DropNotifyVerbose

                                                        type DropNotifyVerbose struct {
                                                        	CPUPrefix string `json:"cpu,omitempty"`
                                                        	Type      string `json:"type,omitempty"`
                                                        	Mark      string `json:"mark,omitempty"`
                                                        	Reason    string `json:"reason,omitempty"`
                                                        
                                                        	Source   uint16 `json:"source"`
                                                        	Bytes    uint32 `json:"bytes"`
                                                        	SrcLabel uint32 `json:"srcLabel"`
                                                        	DstLabel uint32 `json:"dstLabel"`
                                                        	DstID    uint32 `json:"dstID"`
                                                        
                                                        	Summary *DissectSummary `json:"summary,omitempty"`
                                                        }

                                                          DropNotifyVerbose represents a json notification printed by monitor

                                                          func DropNotifyToVerbose

                                                          func DropNotifyToVerbose(n *DropNotify) DropNotifyVerbose

                                                            DropNotifyToVerbose creates verbose notification from DropNotify

                                                            type Flow

                                                            type Flow struct {
                                                            	Src string `json:"src"`
                                                            	Dst string `json:"dst"`
                                                            }

                                                              Flow contains source and destination

                                                              type LogRecordNotify

                                                              type LogRecordNotify struct {
                                                              	accesslog.LogRecord
                                                              }

                                                                LogRecordNotify is a proxy access log notification

                                                                func (*LogRecordNotify) DumpInfo

                                                                func (l *LogRecordNotify) DumpInfo()

                                                                  DumpInfo dumps an access log notification

                                                                  func (*LogRecordNotify) DumpJSON

                                                                  func (l *LogRecordNotify) DumpJSON()

                                                                    DumpJSON prints notification in json format

                                                                    type LogRecordNotifyVerbose

                                                                    type LogRecordNotifyVerbose struct {
                                                                    	Type             string                     `json:"type"`
                                                                    	ObservationPoint accesslog.ObservationPoint `json:"observationPoint"`
                                                                    	FlowType         accesslog.FlowType         `json:"flowType"`
                                                                    	L7Proto          string                     `json:"l7Proto"`
                                                                    	SrcEpID          uint64                     `json:"srcEpID"`
                                                                    	SrcEpLabels      []string                   `json:"srcEpLabels"`
                                                                    	SrcIdentity      uint64                     `json:"srcIdentity"`
                                                                    	DstEpID          uint64                     `json:"dstEpID"`
                                                                    	DstEpLabels      []string                   `json:"dstEpLabels"`
                                                                    	DstIdentity      uint64                     `json:"dstIdentity"`
                                                                    	Verdict          accesslog.FlowVerdict      `json:"verdict"`
                                                                    	HTTP             *accesslog.LogRecordHTTP   `json:"http,omitempty"`
                                                                    	Kafka            *accesslog.LogRecordKafka  `json:"kafka,omitempty"`
                                                                    	DNS              *accesslog.LogRecordDNS    `json:"dns,omitempty"`
                                                                    	L7               *accesslog.LogRecordL7     `json:"l7,omitempty"`
                                                                    }

                                                                      LogRecordNotifyVerbose represents a json notification printed by monitor

                                                                      func LogRecordNotifyToVerbose

                                                                      func LogRecordNotifyToVerbose(n *LogRecordNotify) LogRecordNotifyVerbose

                                                                        LogRecordNotifyToVerbose turns LogRecordNotify into json-friendly Verbose structure

                                                                        type PolicyVerdictNotify

                                                                        type PolicyVerdictNotify struct {
                                                                        	Type        uint8
                                                                        	SubType     uint8
                                                                        	Source      uint16
                                                                        	Hash        uint32
                                                                        	OrigLen     uint32
                                                                        	CapLen      uint16
                                                                        	Version     uint16
                                                                        	RemoteLabel uint32
                                                                        	Verdict     int32
                                                                        	DstPort     uint16
                                                                        	Proto       uint8
                                                                        	Flags       uint8
                                                                        	Pad1        uint32
                                                                        }

                                                                          PolicyVerdictNotify is the message format of a policy verdict notification in the bpf ring buffer

                                                                          func (*PolicyVerdictNotify) DumpInfo

                                                                          func (n *PolicyVerdictNotify) DumpInfo(data []byte)

                                                                            DumpInfo prints a summary of the policy notify messages.

                                                                            func (*PolicyVerdictNotify) GetPolicyMatchType

                                                                            func (n *PolicyVerdictNotify) GetPolicyMatchType() api.PolicyMatchType

                                                                              GetPolicyMatchType returns how the traffic matched the policy

                                                                              func (*PolicyVerdictNotify) IsTrafficAudited

                                                                              func (n *PolicyVerdictNotify) IsTrafficAudited() bool

                                                                                IsTrafficAudited returns true if this notify is for traffic that was allowed due to the audit mode

                                                                                func (*PolicyVerdictNotify) IsTrafficIPv6

                                                                                func (n *PolicyVerdictNotify) IsTrafficIPv6() bool

                                                                                  IsTrafficIPv6 returns true if this notify is for IPv6 traffic

                                                                                  func (*PolicyVerdictNotify) IsTrafficIngress

                                                                                  func (n *PolicyVerdictNotify) IsTrafficIngress() bool

                                                                                    IsTrafficIngress returns true if this notify is for an ingress traffic

                                                                                    type TraceNotify

                                                                                    type TraceNotify TraceNotifyV1

                                                                                      TraceNotify is the message format of a trace notification in the BPF ring buffer

                                                                                      func (*TraceNotify) DataOffset

                                                                                      func (n *TraceNotify) DataOffset() uint

                                                                                        DataOffset returns the offset from the beginning of TraceNotify where the trace notify data begins.

                                                                                        Returns zero for invalid or unknown TraceNotify messages.

                                                                                        func (*TraceNotify) DumpInfo

                                                                                        func (n *TraceNotify) DumpInfo(data []byte)

                                                                                          DumpInfo prints a summary of the trace messages.

                                                                                          func (*TraceNotify) DumpJSON

                                                                                          func (n *TraceNotify) DumpJSON(data []byte, cpuPrefix string)

                                                                                            DumpJSON prints notification in json format

                                                                                            func (*TraceNotify) DumpVerbose

                                                                                            func (n *TraceNotify) DumpVerbose(dissect bool, data []byte, prefix string)

                                                                                              DumpVerbose prints the trace notification in human readable form

                                                                                              func (*TraceNotify) OriginalIP

                                                                                              func (n *TraceNotify) OriginalIP() net.IP

                                                                                                OriginalIP returns the original source IP if reverse NAT was performed on the flow

                                                                                                type TraceNotifyV0

                                                                                                type TraceNotifyV0 struct {
                                                                                                	Type     uint8
                                                                                                	ObsPoint uint8
                                                                                                	Source   uint16
                                                                                                	Hash     uint32
                                                                                                	OrigLen  uint32
                                                                                                	CapLen   uint16
                                                                                                	Version  uint16
                                                                                                	SrcLabel uint32
                                                                                                	DstLabel uint32
                                                                                                	DstID    uint16
                                                                                                	Reason   uint8
                                                                                                	Flags    uint8
                                                                                                	Ifindex  uint32
                                                                                                }

                                                                                                  TraceNotifyV0 is the common message format for versions 0 and 1.

                                                                                                  type TraceNotifyV1

                                                                                                  type TraceNotifyV1 struct {
                                                                                                  	TraceNotifyV0
                                                                                                  	OrigIP types.IPv6
                                                                                                  }

                                                                                                    TraceNotifyV1 is the version 1 message format.

                                                                                                    type TraceNotifyVerbose

                                                                                                    type TraceNotifyVerbose struct {
                                                                                                    	CPUPrefix        string `json:"cpu,omitempty"`
                                                                                                    	Type             string `json:"type,omitempty"`
                                                                                                    	Mark             string `json:"mark,omitempty"`
                                                                                                    	Ifindex          string `json:"ifindex,omitempty"`
                                                                                                    	State            string `json:"state,omitempty"`
                                                                                                    	ObservationPoint string `json:"observationPoint"`
                                                                                                    	TraceSummary     string `json:"traceSummary"`
                                                                                                    
                                                                                                    	Source   uint16 `json:"source"`
                                                                                                    	Bytes    uint32 `json:"bytes"`
                                                                                                    	SrcLabel uint32 `json:"srcLabel"`
                                                                                                    	DstLabel uint32 `json:"dstLabel"`
                                                                                                    	DstID    uint16 `json:"dstID"`
                                                                                                    
                                                                                                    	Summary *DissectSummary `json:"summary,omitempty"`
                                                                                                    }

                                                                                                      TraceNotifyVerbose represents a json notification printed by monitor

                                                                                                      func TraceNotifyToVerbose

                                                                                                      func TraceNotifyToVerbose(n *TraceNotify) TraceNotifyVerbose

                                                                                                        TraceNotifyToVerbose creates verbose notification from base TraceNotify

                                                                                                        Directories

                                                                                                        Path Synopsis
                                                                                                        Package alignchecker is a thin wrapper around pkg/alignchecker to validate monitor object alignment.
                                                                                                        Package alignchecker is a thin wrapper around pkg/alignchecker to validate monitor object alignment.
                                                                                                        Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.
                                                                                                        Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.