Documentation
¶
Index ¶
- Constants
- func BeautifyKey(key string) string
- func ConnectionSummary(c *ConnectionStats, names map[util.Address][]string) string
- func IsExcludedConnection(scf []*ConnectionFilter, dcf []*ConnectionFilter, conn *ConnectionStats) bool
- func ReadInitialState(procRoot string, protocol ConnectionType, collectIPv6 bool) (map[PortMapping]struct{}, error)
- type ConnTypeFilter
- type ConnectionDirection
- type ConnectionFamily
- type ConnectionFilter
- type ConnectionStats
- type ConnectionType
- type Connections
- type ConnectionsTelemetry
- type DNSKey
- type DNSPacketType
- type DNSStats
- type Delta
- type IPTranslation
- type PacketSource
- type PortMapping
- type ReverseDNS
- type Route
- type RouteCache
- type Router
- type RuntimeCompilationTelemetry
- type SocketFilterSnooper
- type State
- type Subnet
- type Via
Constants ¶
const ( // DEBUGCLIENT is the ClientID for debugging DEBUGCLIENT = "-1" // DNSResponseCodeNoError is the value that indicates that the DNS reply contains no errors. // We could have used layers.DNSResponseCodeNoErr here. But importing the gopacket library only for this // constant is not worth the increased memory cost. DNSResponseCodeNoError = 0 // ConnectionByteKeyMaxLen represents the maximum size in bytes of a connection byte key ConnectionByteKeyMaxLen = 41 )
const (
MaxStateMapSize = 10000
)
This const limits the maximum size of the state map. Benchmark results show that allocated space is less than 3MB for 10000 entries.
Variables ¶
This section is empty.
Functions ¶
func BeautifyKey ¶
BeautifyKey returns a human readable byte key (used for debugging purposes) it should be in sync with ByteKey Note: This is only used in /debug/* endpoints
func ConnectionSummary ¶
func ConnectionSummary(c *ConnectionStats, names map[util.Address][]string) string
ConnectionSummary returns a string summarizing a connection
func IsExcludedConnection ¶
func IsExcludedConnection(scf []*ConnectionFilter, dcf []*ConnectionFilter, conn *ConnectionStats) bool
IsExcludedConnection returns true if a given connection should be excluded by the tracer based on user defined filters
func ReadInitialState ¶
func ReadInitialState(procRoot string, protocol ConnectionType, collectIPv6 bool) (map[PortMapping]struct{}, error)
ReadInitialState reads the /proc filesystem and determines which ports are being listened on
Types ¶
type ConnTypeFilter ¶
ConnTypeFilter holds user-defined protocols
type ConnectionDirection ¶
type ConnectionDirection uint8
ConnectionDirection indicates if the connection is incoming to the host or outbound
const ( // INCOMING represents connections inbound to the host INCOMING ConnectionDirection = 1 // OUTGOING represents outbound connections from the host OUTGOING ConnectionDirection = 2 // LOCAL represents connections that don't leave the host LOCAL ConnectionDirection = 3 // NONE represents connections that have no direction (udp, for example) NONE ConnectionDirection = 4 )
func (ConnectionDirection) String ¶
func (d ConnectionDirection) String() string
type ConnectionFamily ¶
type ConnectionFamily uint8
ConnectionFamily will be either v4 or v6
const ( // AFINET represents v4 connections AFINET ConnectionFamily = 0 // AFINET6 represents v6 connections AFINET6 ConnectionFamily = 1 )
func (ConnectionFamily) String ¶
func (c ConnectionFamily) String() string
type ConnectionFilter ¶
type ConnectionFilter struct {
IP *net.IPNet // If nil, then all IPs will be considered matching.
AllPorts ConnTypeFilter
Ports map[uint16]ConnTypeFilter
}
ConnectionFilter holds a user-defined blacklisted IP/CIDR, and ports
func ParseConnectionFilters ¶
func ParseConnectionFilters(filters map[string][]string) (blacklist []*ConnectionFilter)
ParseConnectionFilters takes the user defined blacklist and returns a slice of ConnectionFilters
type ConnectionStats ¶
type ConnectionStats struct {
Source util.Address
Dest util.Address
MonotonicSentBytes uint64
LastSentBytes uint64
MonotonicRecvBytes uint64
LastRecvBytes uint64
// Last time the stats for this connection were updated
LastUpdateEpoch uint64
MonotonicRetransmits uint32
LastRetransmits uint32
RTT uint32 // Stored in µs
RTTVar uint32
// MonotonicTCPEstablished indicates whether or not the TCP connection was established
// after system-probe initialization.
// * A value of 0 means that this connection was established before system-probe was initialized;
// * Value 1 represents a connection that was established after system-probe started;
// * Values greater than 1 should be rare, but can occur when multiple connections
// are established with the same tuple betweeen two agent checks;
MonotonicTCPEstablished uint32
LastTCPEstablished uint32
MonotonicTCPClosed uint32
LastTCPClosed uint32
Pid uint32
NetNS uint32
SPort uint16
DPort uint16
Type ConnectionType
Family ConnectionFamily
Direction ConnectionDirection
IPTranslation *IPTranslation
IntraHost bool
DNSSuccessfulResponses uint32
DNSFailedResponses uint32
DNSTimeouts uint32
DNSSuccessLatencySum uint64
DNSFailureLatencySum uint64
DNSCountByRcode map[uint32]uint32
DNSStatsByDomain map[string]DNSStats
Via *Via
}
ConnectionStats stores statistics for a single connection. Field order in the struct should be 8-byte aligned
func (ConnectionStats) ByteKey ¶
func (c ConnectionStats) ByteKey(buf []byte) ([]byte, error)
ByteKey returns a unique key for this connection represented as a byte array It's as following:
4B 2B 2B .5B .5B 4/16B 4/16B = 17/41B 32b 16b 16b 4b 4b 32/128b 32/128b
| PID | SPORT | DPORT | Family | Type | SrcAddr | DestAddr
func (ConnectionStats) String ¶
func (c ConnectionStats) String() string
type ConnectionType ¶
type ConnectionType uint8
ConnectionType will be either TCP or UDP
const ( // TCP connection type TCP ConnectionType = 0 // UDP connection type UDP ConnectionType = 1 )
func (ConnectionType) String ¶
func (c ConnectionType) String() string
type Connections ¶
type Connections struct {
DNS map[util.Address][]string
Conns []ConnectionStats
ConnTelemetry *ConnectionsTelemetry
CompilationTelemetryByAsset map[string]RuntimeCompilationTelemetry
HTTP map[http.Key]http.RequestStats
}
Connections wraps a collection of ConnectionStats
type ConnectionsTelemetry ¶
type ConnectionsTelemetry struct {
MonotonicKprobesTriggered int64
MonotonicKprobesMissed int64
MonotonicConntrackRegisters int64
MonotonicConntrackRegistersDropped int64
MonotonicDNSPacketsProcessed int64
MonotonicConnsClosed int64
ConnsBpfMapSize int64
MonotonicUDPSendsProcessed int64
MonotonicUDPSendsMissed int64
ConntrackSamplingPercent int64
}
ConnectionsTelemetry stores telemetry from the system probe related to connections collection
type DNSKey ¶
type DNSKey struct {
// contains filtered or unexported fields
}
DNSKey is an identifier for a set of DNS connections
type DNSPacketType ¶
type DNSPacketType uint8
DNSPacketType tells us whether the packet is a query or a reply (successful/failed)
const ( // SuccessfulResponse means the packet contains a DNS response and the response code is 0 (no error) SuccessfulResponse DNSPacketType = iota // FailedResponse means the packet contains a DNS response and the response code is not 0 FailedResponse // Query means the packet contains a DNS query Query )
type DNSStats ¶
type DNSStats struct {
DNSTimeouts uint32
DNSSuccessLatencySum uint64
DNSFailureLatencySum uint64
DNSCountByRcode map[uint32]uint32
}
DNSStats holds statistics corresponding to a particular domain
type Delta ¶
type Delta struct {
Connections []ConnectionStats
HTTP map[http.Key]http.RequestStats
}
Delta represents a delta of network data compared to the last call to State.
type IPTranslation ¶
type IPTranslation struct {
ReplSrcIP util.Address
ReplDstIP util.Address
ReplSrcPort uint16
ReplDstPort uint16
}
IPTranslation can be associated with a connection to show the connection is NAT'd
type PacketSource ¶
type PacketSource interface {
// VisitPackets reads all new raw packets that are available, invoking the given callback for each packet.
// If no packet is available, VisitPacket returns immediately.
// The format of the packet is dependent on the implementation of PacketSource -- i.e. it may be an ethernet frame, or a IP frame.
// The data buffer is reused between invocations of VisitPacket and thus should not be pointed to.
// If the cancel channel is closed, VisitPackets will stop reading.
VisitPackets(cancel <-chan struct{}, visitor func(data []byte, timestamp time.Time) error) error
// Stats returns a map of counters, meant to be reported as telemetry
Stats() map[string]int64
// PacketType returns the type of packet this source reads
PacketType() gopacket.LayerType
// Close closes the packet source
Close()
}
PacketSource reads raw packet data
type PortMapping ¶
PortMapping represents a port binding
type ReverseDNS ¶
type ReverseDNS interface {
Resolve([]ConnectionStats) map[util.Address][]string
GetDNSStats() map[DNSKey]map[string]DNSStats
GetStats() map[string]int64
Close()
}
ReverseDNS translates IPs to names
func NewNullReverseDNS ¶
func NewNullReverseDNS() ReverseDNS
NewNullReverseDNS returns a dummy implementation of ReverseDNS
type RouteCache ¶
RouteCache is the interface to a cache that stores routes for a given (source, destination, net ns) tuple
func NewRouteCache ¶
func NewRouteCache(size int, router Router) RouteCache
NewRouteCache creates a new RouteCache
type Router ¶
Router is an interface to get a route for a (source, destination, net ns) tuple
func NewNetlinkRouter ¶
NewNetlinkRouter create a Router that queries routes via netlink
type RuntimeCompilationTelemetry ¶
type RuntimeCompilationTelemetry struct {
RuntimeCompilationEnabled bool
RuntimeCompilationResult int32
RuntimeCompilationDuration int64
}
RuntimeCompilationTelemetry stores telemetry related to the runtime compilation of various assets
type SocketFilterSnooper ¶
type SocketFilterSnooper struct {
// contains filtered or unexported fields
}
SocketFilterSnooper is a DNS traffic snooper built on top of an eBPF SOCKET_FILTER
func NewSocketFilterSnooper ¶
func NewSocketFilterSnooper(cfg *config.Config, source PacketSource) (*SocketFilterSnooper, error)
NewSocketFilterSnooper returns a new SocketFilterSnooper
func (*SocketFilterSnooper) Close ¶
func (s *SocketFilterSnooper) Close()
Close terminates the DNS traffic snooper as well as the underlying socket and the attached filter
func (*SocketFilterSnooper) GetDNSStats ¶
func (s *SocketFilterSnooper) GetDNSStats() map[DNSKey]map[string]DNSStats
GetDNSStats gets the latest DNSStats keyed by unique DNSKey, and domain
func (*SocketFilterSnooper) GetStats ¶
func (s *SocketFilterSnooper) GetStats() map[string]int64
GetStats returns stats for use with telemetry
func (*SocketFilterSnooper) Resolve ¶
func (s *SocketFilterSnooper) Resolve(connections []ConnectionStats) map[util.Address][]string
Resolve IPs to DNS addresses
type State ¶
type State interface {
// GetDelta returns the a Delta object for given client when provided the latest set of active connections
GetDelta(
clientID string,
latestTime uint64,
latestConns []ConnectionStats,
dns map[DNSKey]map[string]DNSStats,
http map[http.Key]http.RequestStats,
) Delta
// StoreClosedConnection stores a new closed connection
StoreClosedConnection(conn *ConnectionStats)
// RemoveClient stops tracking stateful data for a given client
RemoveClient(clientID string)
// RemoveExpiredClients removes expired clients from the state
RemoveExpiredClients(now time.Time)
// RemoveConnections removes the given keys from the state
RemoveConnections(keys []string)
// GetStats returns a map of statistics about the current network state
GetStats() map[string]interface{}
// DebugState returns a map with the current network state for a client ID
DumpState(clientID string) map[string]interface{}
}
State takes care of handling the logic for: - closed connections - sent and received bytes per connection
Source Files
Directories