collector

package
Version: v10.296.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 19, 2021 License: Apache-2.0 Imports: 8 Imported by: 11

Documentation

Index

Constants

View Source
const (
	// FlowReject indicates that a flow was rejected
	FlowReject = "reject"
	// FlowAccept logs that a flow is accepted
	FlowAccept = "accept"
	// MissingToken indicates that the token was missing
	MissingToken = "missingtoken"
	// InvalidToken indicates that the token was invalid
	InvalidToken = "token"
	// InvalidFormat indicates that the packet metadata were not correct
	InvalidFormat = "format"
	// InvalidHeader indicates that the TCP header was not there.
	InvalidHeader = "header"
	// InvalidPayload indicates that the TCP payload was not there or bad.
	InvalidPayload = "payload"
	// InvalidContext indicates that there was no context in the metadata
	InvalidContext = "context"
	// InvalidConnection indicates that there was no connection found
	InvalidConnection = "connection"
	// InvalidState indicates that a packet was received without proper state information
	InvalidState = "state"
	// InvalidNonse indicates that the nonse check failed
	InvalidNonse = "nonse"
	// PolicyDrop indicates that the flow is rejected because of the policy decision
	PolicyDrop = "policy"
	// APIPolicyDrop indicates that the request was dropped because of failed API validation.
	APIPolicyDrop = "api"
	// UnableToDial indicates that the proxy cannot dial out the connection
	UnableToDial = "dial"
	// CompressedTagMismatch indicates that the compressed tag version is dissimilar
	CompressedTagMismatch = "compressedtagmismatch"
	// EncryptionMismatch indicates that the policy encryption varies between client and server enforcer
	EncryptionMismatch = "encryptionmismatch"
	// DatapathVersionMismatch indicates that the datapath version is dissimilar
	DatapathVersionMismatch = "datapathversionmismatch"
	// PacketDrop indicate a single packet drop
	PacketDrop = "packetdrop"
)

Flow event description

View Source
const (
	// ContainerStart indicates a container start event
	ContainerStart = "start"
	// ContainerStop indicates a container stop event
	ContainerStop = "stop"
	// ContainerCreate indicates a container create event
	ContainerCreate = "create"
	// ContainerDelete indicates a container delete event
	ContainerDelete = "delete"
	// ContainerUpdate indicates a container policy update event
	ContainerUpdate = "update"
	// ContainerFailed indicates an event that a container was stopped because of policy issues
	ContainerFailed = "forcestop"
	// ContainerIgnored indicates that the container will be ignored by Trireme
	ContainerIgnored = "ignore"
	// ContainerDeleteUnknown indicates that policy for an unknown  container was deleted
	ContainerDeleteUnknown = "unknowncontainer"
)

Container event description

View Source
const (
	// PolicyValid Normal flow accept
	PolicyValid = "V"
	// DefaultEndPoint  provides a string for unknown container sources
	DefaultEndPoint = "default"
	// SomeClaimsSource provides a string for some claims flow source.
	SomeClaimsSource = "some-claims"
)

Variables

This section is empty.

Functions

func ConnectionExceptionReportHash

func ConnectionExceptionReportHash(r *ConnectionExceptionReport) uint64

ConnectionExceptionReportHash is a hash function to hash connection exception reports.

func StatsFlowContentHash

func StatsFlowContentHash(r *FlowRecord) (contenthash uint64)

StatsFlowContentHash is a hash function to hash flows. Ignores source ports. Returns contenthash - hash with all contents to compare quickly and report when changes are observed

func StatsFlowHash

func StatsFlowHash(r *FlowRecord) (flowhash, contenthash uint64)

StatsFlowHash is a hash function to hash flows. Ignores source ports. Returns two hashes flowhash - minimal with SIP/DIP/Dport contenthash - hash with all contents to compare quickly and report when changes are observed

func StatsUserHash

func StatsUserHash(r *UserRecord) error

StatsUserHash is a hash function to hash user records.

Types

type ConnectionExceptionReport

type ConnectionExceptionReport struct {
	Timestamp       time.Time
	PUID            string
	Namespace       string
	Protocol        int
	SourceIP        string
	DestinationIP   string
	DestinationPort uint16
	State           string
	Reason          string
	Value           uint32
}

ConnectionExceptionReport represents a single connection exception report from datapath.

type ContainerRecord

type ContainerRecord struct {
	ContextID string
	IPAddress policy.ExtendedMap
	Tags      *policy.TagStore
	Event     string
}

ContainerRecord is a statistics record for a container

type CounterReport

type CounterReport struct {
	Namespace string
	PUID      string
	Timestamp int64
	Counters  []Counters
}

CounterReport is called from the PU which reports Counters from the datapath

type Counters

type Counters uint32

Counters represent a single entry with name and current val

type DNSRequestReport

type DNSRequestReport struct {
	ContextID   string
	Namespace   string
	Source      *EndPoint
	Destination *EndPoint
	NameLookup  string
	Error       string
	Count       int
	Ts          time.Time
	IPs         []string
}

DNSRequestReport object is used to report dns requests being made by PU's

type DefaultCollector

type DefaultCollector struct{}

DefaultCollector implements a default collector infrastructure to syslog

func (*DefaultCollector) CollectConnectionExceptionReport

func (d *DefaultCollector) CollectConnectionExceptionReport(report *ConnectionExceptionReport)

CollectConnectionExceptionReport collects the connection exception report

func (*DefaultCollector) CollectContainerEvent

func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)

CollectContainerEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectCounterEvent

func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)

CollectCounterEvent collect counters from the datapath

func (*DefaultCollector) CollectDNSRequests

func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)

CollectDNSRequests collect counters from the datapath

func (*DefaultCollector) CollectFlowEvent

func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)

CollectFlowEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectPacketEvent

func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)

CollectPacketEvent collects packet events from the datapath

func (*DefaultCollector) CollectPingEvent

func (d *DefaultCollector) CollectPingEvent(report *PingReport)

CollectPingEvent collects ping events from the datapath

func (*DefaultCollector) CollectTraceEvent

func (d *DefaultCollector) CollectTraceEvent(records []string)

CollectTraceEvent collects iptables trace events

func (*DefaultCollector) CollectUserEvent

func (d *DefaultCollector) CollectUserEvent(record *UserRecord)

CollectUserEvent is part of the EventCollector interface.

type EndPoint

type EndPoint struct {
	ID         string
	IP         string
	URI        string
	HTTPMethod string
	UserID     string
	Type       EndPointType
	Port       uint16
}

EndPoint is a structure that holds all the endpoint information

type EndPointType

type EndPointType byte

EndPointType is the type of an endpoint (PU or an external IP address )

const (
	// EndPointTypeExternalIP indicates that the endpoint is an external IP address
	EndPointTypeExternalIP EndPointType = iota
	// EndPointTypePU indicates that the endpoint is a PU.
	EndPointTypePU
	// EndPointTypeClaims indicates that the endpoint is of type claims.
	EndPointTypeClaims
)

func (*EndPointType) String

func (e *EndPointType) String() string

type EventCollector

type EventCollector interface {

	// CollectFlowEvent collect a  flow event.
	CollectFlowEvent(record *FlowRecord)

	// CollectContainerEvent collects a container events
	CollectContainerEvent(record *ContainerRecord)

	// CollectUserEvent  collects a user event
	CollectUserEvent(record *UserRecord)

	// CollectTraceEvent collects a set of trace messages generated with Iptables trace command
	CollectTraceEvent(records []string)

	// CollectPacketEvent collects packet event from nfqdatapath
	CollectPacketEvent(report *PacketReport)

	// CollectCounterEvent collects the counters from
	CollectCounterEvent(counterReport *CounterReport)

	// CollectDNSRequests collects the dns requests
	CollectDNSRequests(request *DNSRequestReport)

	// CollectPingEvent collects the ping events
	CollectPingEvent(report *PingReport)

	// CollectConnectionExceptionReport collects the connection exception report
	CollectConnectionExceptionReport(report *ConnectionExceptionReport)
}

EventCollector is the interface for collecting events.

func NewDefaultCollector

func NewDefaultCollector() EventCollector

NewDefaultCollector returns a default implementation of an EventCollector

type FlowRecord

type FlowRecord struct {
	ContextID             string
	Namespace             string
	Source                EndPoint
	Destination           EndPoint
	Tags                  []string
	DropReason            string
	PolicyID              string
	ObservedPolicyID      string
	ServiceType           policy.ServiceType
	ServiceID             string
	Count                 int
	Action                policy.ActionType
	ObservedAction        policy.ActionType
	ObservedActionType    policy.ObserveActionType
	L4Protocol            uint8
	SourceController      string
	DestinationController string
	RuleName              string
}

FlowRecord describes a flow record for statistis

func (*FlowRecord) String

func (f *FlowRecord) String() string

type IPTablesTrace

type IPTablesTrace struct {
	Namespace string
	Timestamp int64
	Records   []*IPTablesTraceRecord
}

IPTablesTrace is a bundle of iptables trace records

type IPTablesTraceRecord

type IPTablesTraceRecord struct {
	TTL                  int
	Chain                string
	DestinationIP        string
	DestinationInterface string
	DestinationPort      int
	Length               int
	PacketID             int
	Protocol             int
	RuleID               int
	SourceIP             string
	SourceInterface      string
	SourcePort           int
	TableName            string
}

IPTablesTraceRecord is the info parsed out from a trace event message

type PacketReport

type PacketReport struct {
	TCPFlags        int
	Claims          []string
	DestinationIP   string
	DestinationPort int
	DropReason      string
	Encrypt         bool
	Event           packettracing.PacketEvent
	Length          int
	Mark            int
	Namespace       string
	PacketID        int
	Protocol        int
	PUID            string
	SourceIP        string
	SourcePort      int
	TriremePacket   bool
	Timestamp       int64
	Payload         []byte
}

PacketReport is the struct which is used to report packets captured in datapath

type PingReport

type PingReport struct {
	PingID               string
	IterationID          int
	Type                 gaia.PingProbeTypeValue
	PUID                 string
	Namespace            string
	FourTuple            string
	RTT                  string
	Protocol             int
	ServiceType          string
	PayloadSize          int
	PayloadSizeType      gaia.PingProbePayloadSizeTypeValue
	PolicyID             string
	PolicyAction         policy.ActionType
	AgentVersion         string
	ApplicationListening bool
	SeqNum               uint32
	TargetTCPNetworks    bool
	ExcludedNetworks     bool
	Error                string
	Claims               []string
	ClaimsType           gaia.PingProbeClaimsTypeValue
	ACLPolicyID          string
	ACLPolicyAction      policy.ActionType
	PeerCertIssuer       string
	PeerCertSubject      string
	PeerCertExpiry       time.Time
	IsServer             bool
	ServiceID            string

	// Remote pu fields.
	RemoteController    string
	RemotePUID          string
	RemoteEndpointType  EndPointType
	RemoteNamespace     string
	RemoteNamespaceType gaia.PingProbeRemoteNamespaceTypeValue
}

PingReport represents a single ping report from datapath.

type UserRecord

type UserRecord struct {
	ID        string
	Namespace string
	Claims    []string
}

UserRecord reports a new user access. These will be reported periodically.

Directories

Path Synopsis
Package mockcollector is a generated GoMock package.
Package mockcollector is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto