View Source
const (
	// TriremeCgroupPath is the standard Trireme cgroup path
	TriremeCgroupPath = "/trireme/"

	// TriremeUIDCgroupPath is the standard path for UID based activations
	TriremeUIDCgroupPath = "/trireme_uid/"

	// TriremeSocket is the standard API server Trireme socket path
	TriremeSocket = "/var/run/trireme.sock"


View Source
var (
	// EventMap used for validations
	EventMap = map[Event]*struct{}{
		"start":   nil,
		"stop":    nil,
		"update":  nil,
		"create":  nil,
		"destroy": nil,
		"pause":   nil,
		"unpause": nil,
		"resync":  nil,


func ConvertServicesToPortList

func ConvertServicesToPortList(services []Service) string

    ConvertServicesToPortList converts an array of services to a port list

    func ConvertServicesToProtocolPortList

    func ConvertServicesToProtocolPortList(services []Service) (string, string)

      ConvertServicesToProtocolPortList converts an array of services to tcp/udp port list


      type Event

      type Event string

        Event represents the event picked up by the monitor.

        const (
        	EventStart   Event = "start"
        	EventStop    Event = "stop"
        	EventUpdate  Event = "update"
        	EventCreate  Event = "create"
        	EventDestroy Event = "destroy"
        	EventPause   Event = "pause"
        	EventUnpause Event = "unpause"
        	EventResync  Event = "resync"

          Values of the events

          type EventHandler

          type EventHandler func(ctx context.Context, event *EventInfo) error

            A EventHandler is type of event handler functions.

            type EventInfo

            type EventInfo struct {
            	// EventType refers to one of the standard events that Trireme handles.
            	EventType Event `json:"eventtype,omitempty"`
            	// PUType is the the type of the PU
            	PUType PUType `json:"putype,omitempty"`
            	// The PUID is a unique value for the Processing Unit. Ideally this should be the UUID.
            	PUID string `json:"puid,omitempty"`
            	// The Name is a user-friendly name for the Processing Unit.
            	Name string `json:"name,omitempty"`
            	// Tags represents the set of MetadataTags associated with this PUID.
            	Tags []string `json:"tags,omitempty"`
            	// The path for the Network Namespace.
            	NS string `json:"namespace,omitempty"`
            	// Cgroup is the path to the cgroup - used for deletes
            	Cgroup string `json:"cgroup,omitempty"`
            	// IPs is a map of all the IPs that fully belong to this processing Unit.
            	IPs map[string]string `json:"ipaddressesutype,omitempty"`
            	// Services is a list of services of interest - for host control
            	Services []Service `json:"services,omitempty"`
            	// The PID is the PID on the system where this Processing Unit is running.
            	PID int32 `json:"pid,omitempty"`
            	// HostService indicates that the request is for the root namespace
            	HostService bool `json:"hostservice,omitempty"`
            	// NetworkOnlyTraffic indicates that traffic towards the applications must be controlled.
            	NetworkOnlyTraffic bool `json:"networktrafficonly,omitempty"`
            	// Root indicates that this request is coming from a roor user. Its overwritten by the enforcer
            	Root bool `json:"root,omitempty"`

              EventInfo is a generic structure that defines all the information related to a PU event. EventInfo should be used as a normalized struct container that

              type EventResponse

              type EventResponse struct {
              	Error string

                EventResponse encapsulate the error response if any.

                type PUType

                type PUType int

                  PUType defines the PU type

                  const (
                  	// ContainerPU indicates that this PU is a container
                  	ContainerPU PUType = iota
                  	// LinuxProcessPU indicates that this is Linux process
                  	// KubernetesPU indicates that this is KubernetesPod
                  	// UIDLoginPU -- PU representing a user session
                  	// TransientPU PU -- placeholder to run processing. This should not
                  	// be inserted in any cache. This is valid only for processing a packet

                  type Service

                  type Service struct {
                  	// Ports are the corresponding ports
                  	Ports *portspec.PortSpec `json:"ports,omitempty"`
                  	// Port is the service port. This has been deprecated and will be removed in later releases 01/13/2018
                  	Port uint16
                  	// Protocol is the protocol number
                  	Protocol uint8 `json:"protocol,omitempty"`
                  	// Addresses are the IP addresses. An empty list means
                  	Addresses []*net.IPNet `json:"addresses,omitempty"`
                  	// FQDNs is the list of FQDNs for the service.
                  	FQDNs []string `json:"fqdns,omitempty"`

                    Service is a protocol/port service of interest - used to pass user requests

                    type State

                    type State int

                      A State describes the state of the PU.

                      const (
                      	// StateStarted is the state of a started PU.
                      	StateStarted State = iota + 1
                      	// StateStopped is the state of stopped PU.
                      	// StatePaused is the state of a paused PU.
                      	// StateDestroyed is the state of destroyed PU.
                      	// StateUnknwown is the state of PU in an unknown state.