View Source
const (
	// FlowReject indicates that a flow was rejected
	FlowReject = "reject"
	// FlowAccept logs that a flow is accepted
	FlowAccept = "accept"
	// MissingToken indicates that the token was missing
	MissingToken = "missingtoken"
	// InvalidToken indicates that the token was invalid
	InvalidToken = "token"
	// InvalidFormat indicates that the packet metadata were not correct
	InvalidFormat = "format"
	// InvalidHeader indicates that the TCP header was not there.
	InvalidHeader = "header"
	// InvalidPayload indicates that the TCP payload was not there or bad.
	InvalidPayload = "payload"
	// InvalidContext indicates that there was no context in the metadata
	InvalidContext = "context"
	// InvalidConnection indicates that there was no connection found
	InvalidConnection = "connection"
	// InvalidState indicates that a packet was received without proper state information
	InvalidState = "state"
	// InvalidNonse indicates that the nonse check failed
	InvalidNonse = "nonse"
	// PolicyDrop indicates that the flow is rejected because of the policy decision
	PolicyDrop = "policy"
	// APIPolicyDrop indicates that the request was dropped because of failed API validation.
	APIPolicyDrop = "api"
	// UnableToDial indicates that the proxy cannot dial out the connection
	UnableToDial = "dial"
	// CompressedTagMismatch indicates that the compressed tag version is dissimilar
	CompressedTagMismatch = "compressedtagmismatch"
	// EncryptionMismatch indicates that the policy encryption varies between client and server enforcer
	EncryptionMismatch = "encryptionmismatch"
	// DatapathVersionMismatch indicates that the datapath version is dissimilar
	DatapathVersionMismatch = "datapathversionmismatch"
	// PacketDrop indicate a single packet drop
	PacketDrop = "packetdrop"

Flow event description

View Source
const (
	// ContainerStart indicates a container start event
	ContainerStart = "start"
	// ContainerStop indicates a container stop event
	ContainerStop = "stop"
	// ContainerCreate indicates a container create event
	ContainerCreate = "create"
	// ContainerDelete indicates a container delete event
	ContainerDelete = "delete"
	// ContainerUpdate indicates a container policy update event
	ContainerUpdate = "update"
	// ContainerFailed indicates an event that a container was stopped because of policy issues
	ContainerFailed = "forcestop"
	// ContainerIgnored indicates that the container will be ignored by Trireme
	ContainerIgnored = "ignore"
	// ContainerDeleteUnknown indicates that policy for an unknown  container was deleted
	ContainerDeleteUnknown = "unknowncontainer"

Container event description

View Source
const (
	// PolicyValid Normal flow accept
	PolicyValid = "V"
	// DefaultEndPoint  provides a string for unknown container sources
	DefaultEndPoint = "default"
	// SomeClaimsSource provides a string for some claims flow source.
	SomeClaimsSource = "some-claims"


This section is empty.


func HashHashWithNamespace

func HashHashWithNamespace(claimsHash string, namespace string) (string, error)

HashHashWithNamespace hash the given claim hash with the given namespace.

func StatsFlowHash

func StatsFlowHash(r *FlowRecord) string

StatsFlowHash is a hash function to hash flows

func StatsUserHash

func StatsUserHash(r *UserRecord) error

StatsUserHash is a hash function to hash user records.


type ContainerRecord

type ContainerRecord struct {
	ContextID string
	IPAddress policy.ExtendedMap
	Tags      *policy.TagStore
	Event     string

ContainerRecord is a statistics record for a container

type CounterReport

type CounterReport struct {
	Namespace string
	ContextID string
	Counters  []Counters

CounterReport is called from the PU which reports Counters from the datapath

type Counters

type Counters struct {
	Name  string
	Value uint32

Counters represent a single entry with name and current val

type DNSRequestReport

type DNSRequestReport struct {
	Namespace  string
	Source     *EndPoint
	NameLookup string
	Error      string
	Count      int
	Ts         time.Time

DNSRequestReport object is used to report dns requests being made by PU's

type DefaultCollector

type DefaultCollector struct{}

DefaultCollector implements a default collector infrastructure to syslog

func (*DefaultCollector) CollectContainerEvent

func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)

CollectContainerEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectCounterEvent

func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)

CollectCounterEvent collect counters from the datapath

func (*DefaultCollector) CollectDNSRequests

func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)

CollectDNSRequests collect counters from the datapath

func (*DefaultCollector) CollectFlowEvent

func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)

CollectFlowEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectPacketEvent

func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)

CollectPacketEvent collects packet events from the datapath

func (*DefaultCollector) CollectPingEvent

func (d *DefaultCollector) CollectPingEvent(report *PingReport)

CollectPingEvent collects ping events from the datapath

func (*DefaultCollector) CollectTraceEvent

func (d *DefaultCollector) CollectTraceEvent(records []string)

CollectTraceEvent collects iptables trace events

func (*DefaultCollector) CollectUserEvent

func (d *DefaultCollector) CollectUserEvent(record *UserRecord)

CollectUserEvent is part of the EventCollector interface.

type EndPoint

type EndPoint struct {
	ID         string
	IP         string
	URI        string
	HTTPMethod string
	UserID     string
	Type       EndPointType
	Port       uint16

EndPoint is a structure that holds all the endpoint information

type EndPointType

type EndPointType byte

EndPointType is the type of an endpoint (PU or an external IP address )

const (
	// EndPointTypeExternalIP indicates that the endpoint is an external IP address
	EndPointTypeExternalIP EndPointType = iota
	// EnpointTypePU indicates that the endpoint is a PU.
	// EndpointTypeClaims indicates that the endpoint is of type claims.

func (*EndPointType) String

func (e *EndPointType) String() string

type EventCollector

type EventCollector interface {

	// CollectFlowEvent collect a  flow event.
	CollectFlowEvent(record *FlowRecord)

	// CollectContainerEvent collects a container events
	CollectContainerEvent(record *ContainerRecord)

	// CollectUserEvent  collects a user event
	CollectUserEvent(record *UserRecord)

	// CollectTraceEvent collects a set of trace messages generated with Iptables trace command
	CollectTraceEvent(records []string)

	// CollectPacketEvent collects packet event from nfqdatapath
	CollectPacketEvent(report *PacketReport)

	// CollectCounterEvent collects the counters from
	CollectCounterEvent(counterReport *CounterReport)

	// CollectDNSRequests collects the dns requests
	CollectDNSRequests(request *DNSRequestReport)

	// CollectPingEvent collects the ping events
	CollectPingEvent(report *PingReport)

EventCollector is the interface for collecting events.

func NewDefaultCollector

func NewDefaultCollector() EventCollector

NewDefaultCollector returns a default implementation of an EventCollector

type FlowRecord

type FlowRecord struct {
	ContextID        string
	Namespace        string
	Source           *EndPoint
	Destination      *EndPoint
	Tags             *policy.TagStore
	DropReason       string
	PolicyID         string
	ObservedPolicyID string
	ServiceType      policy.ServiceType
	ServiceID        string
	Count            int
	Action           policy.ActionType
	ObservedAction   policy.ActionType
	L4Protocol       uint8

FlowRecord describes a flow record for statistis

func (*FlowRecord) String

func (f *FlowRecord) String() string

type PacketReport

type PacketReport struct {
	TCPFlags        int
	Claims          []string
	DestinationIP   string
	DestinationPort int
	DropReason      string
	Encrypt         bool
	Event           packettracing.PacketEvent
	Length          int
	Mark            int
	Namespace       string
	PacketID        int
	Protocol        int
	PUID            string
	SourceIP        string
	SourcePort      int
	TriremePacket   bool
	Payload         []byte

PacketReport is the struct which is used to report packets captured in datapath

type PingReport

type PingReport struct {
	SourceID             string
	SourceNamespace      string
	DestinationID        string
	DestinationNamespace string
	FlowTuple            string
	Latency              string
	AgentVersion         string
	Protocol             int
	ServiceType          string
	PayloadSize          int
	Request              int
	Type                 claimsheader.PingType
	Stage                Stage
	SessionID            string

PingReport represents a single ping report from datapath.

type Stage

type Stage int

Stage represents the checkpoint when the report is sent.

const (
	Origin Stage = iota

Stage options.

func (Stage) String

func (s Stage) String() string

type UserRecord

type UserRecord struct {
	ID        string
	Namespace string
	Claims    []string

UserRecord reports a new user access. These will be reported periodically.


Path Synopsis
Package mockcollector is a generated GoMock package.
Package mockcollector is a generated GoMock package.