Documentation ¶
Index ¶
- Constants
- func BeautifyKey(key string) string
- func ConnectionSummary(c *ConnectionStats, names map[util.Address][]string) string
- func IsExcludedConnection(scf []*ConnectionFilter, dcf []*ConnectionFilter, conn *ConnectionStats) bool
- func ReadInitialState(procRoot string, protocol ConnectionType, collectIPv6 bool) (map[PortMapping]struct{}, error)
- type ConnTypeFilter
- type ConnectionDirection
- type ConnectionFamily
- type ConnectionFilter
- type ConnectionStats
- type ConnectionType
- type Connections
- type ConnectionsTelemetry
- type DNSKey
- type DNSPacketType
- type DNSStats
- type Delta
- type IPTranslation
- type PacketSource
- type PortMapping
- type ReverseDNS
- type Route
- type RouteCache
- type Router
- type RuntimeCompilationTelemetry
- type SocketFilterSnooper
- type State
- type Subnet
- type Via
Constants ¶
const ( // DEBUGCLIENT is the ClientID for debugging DEBUGCLIENT = "-1" // DNSResponseCodeNoError is the value that indicates that the DNS reply contains no errors. // We could have used layers.DNSResponseCodeNoErr here. But importing the gopacket library only for this // constant is not worth the increased memory cost. DNSResponseCodeNoError = 0 // ConnectionByteKeyMaxLen represents the maximum size in bytes of a connection byte key ConnectionByteKeyMaxLen = 41 )
const (
MaxStateMapSize = 10000
)
This const limits the maximum size of the state map. Benchmark results show that allocated space is less than 3MB for 10000 entries.
Variables ¶
This section is empty.
Functions ¶
func BeautifyKey ¶
BeautifyKey returns a human readable byte key (used for debugging purposes) it should be in sync with ByteKey Note: This is only used in /debug/* endpoints
func ConnectionSummary ¶
func ConnectionSummary(c *ConnectionStats, names map[util.Address][]string) string
ConnectionSummary returns a string summarizing a connection
func IsExcludedConnection ¶
func IsExcludedConnection(scf []*ConnectionFilter, dcf []*ConnectionFilter, conn *ConnectionStats) bool
IsExcludedConnection returns true if a given connection should be excluded by the tracer based on user defined filters
func ReadInitialState ¶
func ReadInitialState(procRoot string, protocol ConnectionType, collectIPv6 bool) (map[PortMapping]struct{}, error)
ReadInitialState reads the /proc filesystem and determines which ports are being listened on
Types ¶
type ConnTypeFilter ¶
ConnTypeFilter holds user-defined protocols
type ConnectionDirection ¶
type ConnectionDirection uint8
ConnectionDirection indicates if the connection is incoming to the host or outbound
const ( // INCOMING represents connections inbound to the host INCOMING ConnectionDirection = 1 // OUTGOING represents outbound connections from the host OUTGOING ConnectionDirection = 2 // LOCAL represents connections that don't leave the host LOCAL ConnectionDirection = 3 // NONE represents connections that have no direction (udp, for example) NONE ConnectionDirection = 4 )
func (ConnectionDirection) String ¶
func (d ConnectionDirection) String() string
type ConnectionFamily ¶
type ConnectionFamily uint8
ConnectionFamily will be either v4 or v6
const ( // AFINET represents v4 connections AFINET ConnectionFamily = 0 // AFINET6 represents v6 connections AFINET6 ConnectionFamily = 1 )
func (ConnectionFamily) String ¶
func (c ConnectionFamily) String() string
type ConnectionFilter ¶
type ConnectionFilter struct { IP *net.IPNet // If nil, then all IPs will be considered matching. AllPorts ConnTypeFilter Ports map[uint16]ConnTypeFilter }
ConnectionFilter holds a user-defined blacklisted IP/CIDR, and ports
func ParseConnectionFilters ¶
func ParseConnectionFilters(filters map[string][]string) (blacklist []*ConnectionFilter)
ParseConnectionFilters takes the user defined blacklist and returns a slice of ConnectionFilters
type ConnectionStats ¶
type ConnectionStats struct { Source util.Address Dest util.Address MonotonicSentBytes uint64 LastSentBytes uint64 MonotonicRecvBytes uint64 LastRecvBytes uint64 // Last time the stats for this connection were updated LastUpdateEpoch uint64 MonotonicRetransmits uint32 LastRetransmits uint32 RTT uint32 // Stored in µs RTTVar uint32 // MonotonicTCPEstablished indicates whether or not the TCP connection was established // after system-probe initialization. // * A value of 0 means that this connection was established before system-probe was initialized; // * Value 1 represents a connection that was established after system-probe started; // * Values greater than 1 should be rare, but can occur when multiple connections // are established with the same tuple betweeen two agent checks; MonotonicTCPEstablished uint32 LastTCPEstablished uint32 MonotonicTCPClosed uint32 LastTCPClosed uint32 Pid uint32 NetNS uint32 SPort uint16 DPort uint16 Type ConnectionType Family ConnectionFamily Direction ConnectionDirection IPTranslation *IPTranslation IntraHost bool DNSSuccessfulResponses uint32 DNSFailedResponses uint32 DNSTimeouts uint32 DNSSuccessLatencySum uint64 DNSFailureLatencySum uint64 DNSCountByRcode map[uint32]uint32 DNSStatsByDomain map[string]DNSStats Via *Via }
ConnectionStats stores statistics for a single connection. Field order in the struct should be 8-byte aligned
func (ConnectionStats) ByteKey ¶
func (c ConnectionStats) ByteKey(buf []byte) ([]byte, error)
ByteKey returns a unique key for this connection represented as a byte array It's as following:
4B 2B 2B .5B .5B 4/16B 4/16B = 17/41B 32b 16b 16b 4b 4b 32/128b 32/128b
| PID | SPORT | DPORT | Family | Type | SrcAddr | DestAddr
func (ConnectionStats) String ¶
func (c ConnectionStats) String() string
type ConnectionType ¶
type ConnectionType uint8
ConnectionType will be either TCP or UDP
const ( // TCP connection type TCP ConnectionType = 0 // UDP connection type UDP ConnectionType = 1 )
func (ConnectionType) String ¶
func (c ConnectionType) String() string
type Connections ¶
type Connections struct { DNS map[util.Address][]string Conns []ConnectionStats ConnTelemetry *ConnectionsTelemetry CompilationTelemetryByAsset map[string]RuntimeCompilationTelemetry HTTP map[http.Key]http.RequestStats }
Connections wraps a collection of ConnectionStats
type ConnectionsTelemetry ¶
type ConnectionsTelemetry struct { MonotonicKprobesTriggered int64 MonotonicKprobesMissed int64 MonotonicConntrackRegisters int64 MonotonicConntrackRegistersDropped int64 MonotonicDNSPacketsProcessed int64 MonotonicConnsClosed int64 ConnsBpfMapSize int64 MonotonicUDPSendsProcessed int64 MonotonicUDPSendsMissed int64 ConntrackSamplingPercent int64 }
ConnectionsTelemetry stores telemetry from the system probe related to connections collection
type DNSKey ¶
type DNSKey struct {
// contains filtered or unexported fields
}
DNSKey is an identifier for a set of DNS connections
type DNSPacketType ¶
type DNSPacketType uint8
DNSPacketType tells us whether the packet is a query or a reply (successful/failed)
const ( // SuccessfulResponse means the packet contains a DNS response and the response code is 0 (no error) SuccessfulResponse DNSPacketType = iota // FailedResponse means the packet contains a DNS response and the response code is not 0 FailedResponse // Query means the packet contains a DNS query Query )
type DNSStats ¶
type DNSStats struct { DNSTimeouts uint32 DNSSuccessLatencySum uint64 DNSFailureLatencySum uint64 DNSCountByRcode map[uint32]uint32 }
DNSStats holds statistics corresponding to a particular domain
type Delta ¶
type Delta struct { Connections []ConnectionStats HTTP map[http.Key]http.RequestStats }
Delta represents a delta of network data compared to the last call to State.
type IPTranslation ¶
type IPTranslation struct { ReplSrcIP util.Address ReplDstIP util.Address ReplSrcPort uint16 ReplDstPort uint16 }
IPTranslation can be associated with a connection to show the connection is NAT'd
type PacketSource ¶
type PacketSource interface { // VisitPackets reads all new raw packets that are available, invoking the given callback for each packet. // If no packet is available, VisitPacket returns immediately. // The format of the packet is dependent on the implementation of PacketSource -- i.e. it may be an ethernet frame, or a IP frame. // The data buffer is reused between invocations of VisitPacket and thus should not be pointed to. // If the cancel channel is closed, VisitPackets will stop reading. VisitPackets(cancel <-chan struct{}, visitor func(data []byte, timestamp time.Time) error) error // Stats returns a map of counters, meant to be reported as telemetry Stats() map[string]int64 // PacketType returns the type of packet this source reads PacketType() gopacket.LayerType // Close closes the packet source Close() }
PacketSource reads raw packet data
type PortMapping ¶
PortMapping represents a port binding
type ReverseDNS ¶
type ReverseDNS interface { Resolve([]ConnectionStats) map[util.Address][]string GetDNSStats() map[DNSKey]map[string]DNSStats GetStats() map[string]int64 Close() }
ReverseDNS translates IPs to names
func NewNullReverseDNS ¶
func NewNullReverseDNS() ReverseDNS
NewNullReverseDNS returns a dummy implementation of ReverseDNS
type RouteCache ¶
RouteCache is the interface to a cache that stores routes for a given (source, destination, net ns) tuple
func NewRouteCache ¶
func NewRouteCache(size int, router Router) RouteCache
NewRouteCache creates a new RouteCache
type Router ¶
Router is an interface to get a route for a (source, destination, net ns) tuple
func NewNetlinkRouter ¶
NewNetlinkRouter create a Router that queries routes via netlink
type RuntimeCompilationTelemetry ¶
type RuntimeCompilationTelemetry struct { RuntimeCompilationEnabled bool RuntimeCompilationResult int32 RuntimeCompilationDuration int64 }
RuntimeCompilationTelemetry stores telemetry related to the runtime compilation of various assets
type SocketFilterSnooper ¶
type SocketFilterSnooper struct {
// contains filtered or unexported fields
}
SocketFilterSnooper is a DNS traffic snooper built on top of an eBPF SOCKET_FILTER
func NewSocketFilterSnooper ¶
func NewSocketFilterSnooper(cfg *config.Config, source PacketSource) (*SocketFilterSnooper, error)
NewSocketFilterSnooper returns a new SocketFilterSnooper
func (*SocketFilterSnooper) Close ¶
func (s *SocketFilterSnooper) Close()
Close terminates the DNS traffic snooper as well as the underlying socket and the attached filter
func (*SocketFilterSnooper) GetDNSStats ¶
func (s *SocketFilterSnooper) GetDNSStats() map[DNSKey]map[string]DNSStats
GetDNSStats gets the latest DNSStats keyed by unique DNSKey, and domain
func (*SocketFilterSnooper) GetStats ¶
func (s *SocketFilterSnooper) GetStats() map[string]int64
GetStats returns stats for use with telemetry
func (*SocketFilterSnooper) Resolve ¶
func (s *SocketFilterSnooper) Resolve(connections []ConnectionStats) map[util.Address][]string
Resolve IPs to DNS addresses
type State ¶
type State interface { // GetDelta returns the a Delta object for given client when provided the latest set of active connections GetDelta( clientID string, latestTime uint64, latestConns []ConnectionStats, dns map[DNSKey]map[string]DNSStats, http map[http.Key]http.RequestStats, ) Delta // StoreClosedConnection stores a new closed connection StoreClosedConnection(conn *ConnectionStats) // RemoveClient stops tracking stateful data for a given client RemoveClient(clientID string) // RemoveExpiredClients removes expired clients from the state RemoveExpiredClients(now time.Time) // RemoveConnections removes the given keys from the state RemoveConnections(keys []string) // GetStats returns a map of statistics about the current network state GetStats() map[string]interface{} // DebugState returns a map with the current network state for a client ID DumpState(clientID string) map[string]interface{} }
State takes care of handling the logic for: - closed connections - sent and received bytes per connection