connections

package
v1.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NetlinkFlowToAntreaConnection 

func NetlinkFlowToAntreaConnection(conn *conntrack.Flow) *flowexporter.Connection

func NewConnTrackOvsAppCtl 

func NewConnTrackOvsAppCtl(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, isAntreaProxyEnabled bool) *connTrackOvsCtl

func NewConnTrackSystem 

func NewConnTrackSystem(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, isAntreaProxyEnabled bool) *connTrackSystem

TODO: detect the endianness of the system when initializing conntrack dumper to handle situations on big-endian platforms. All connection labels are required to store in little endian format in conntrack dumper.

func NewConnectionStore 

func NewConnectionStore(
	ifaceStore interfacestore.InterfaceStore,
	proxier proxy.Proxier,
	o *flowexporter.FlowExporterOptions) connectionStore

func SetupConntrackParameters 

func SetupConntrackParameters() error

Types

type ConnTrackDumper 

type ConnTrackDumper interface {
	// DumpFlows returns a list of filtered connections and the number of total connections.
	DumpFlows(zoneFilter uint16) ([]*flowexporter.Connection, int, error)
	// GetMaxConnections returns the size of the connection tracking table.
	GetMaxConnections() (int, error)
}

ConnTrackDumper is an interface that is used to dump connections from conntrack module. This supports dumping through netfilter socket (OVS kernel datapath) and ovs-appctl command (OVS userspace datapath). In future, support will be extended to Windows.

func InitializeConnTrackDumper 

func InitializeConnTrackDumper(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, ovsDatapathType ovsconfig.OVSDatapathType, isAntreaProxyEnabled bool) ConnTrackDumper

InitializeConnTrackDumper initializes the ConnTrackDumper interface for different OS and datapath types.

type ConntrackConnectionStore 

type ConntrackConnectionStore struct {
	// contains filtered or unexported fields
}

func NewConntrackConnectionStore 

func NewConntrackConnectionStore(
	connTrackDumper ConnTrackDumper,
	v4Enabled bool,
	v6Enabled bool,
	npQuerier querier.AgentNetworkPolicyInfoQuerier,
	ifaceStore interfacestore.InterfaceStore,
	proxier proxy.Proxier,
	o *flowexporter.FlowExporterOptions,
) *ConntrackConnectionStore

func (*ConntrackConnectionStore) AcquireConnStoreLock added in v1.4.0 

func (cs *ConntrackConnectionStore) AcquireConnStoreLock()

func (*ConntrackConnectionStore) AddConnToMap added in v1.2.0 

func (cs *ConntrackConnectionStore) AddConnToMap(connKey *flowexporter.ConnectionKey, conn *flowexporter.Connection)

AddConnToMap adds the connection to connections map given connection key. This is used only for unit tests.

func (*ConntrackConnectionStore) AddOrUpdateConn 

func (cs *ConntrackConnectionStore) AddOrUpdateConn(conn *flowexporter.Connection)

AddOrUpdateConn updates the connection if it is already present, i.e., update timestamp, counters etc., or adds a new connection with the resolved K8s metadata.

func (*ConntrackConnectionStore) ForAllConnectionsDo 

func (cs *ConntrackConnectionStore) ForAllConnectionsDo(callback flowexporter.ConnectionMapCallBack) error

ForAllConnectionsDo execute the callback for each connection in connection map.

func (*ConntrackConnectionStore) ForAllConnectionsDoWithoutLock added in v1.7.0 

func (cs *ConntrackConnectionStore) ForAllConnectionsDoWithoutLock(callback flowexporter.ConnectionMapCallBack) error

ForAllConnectionsDoWithoutLock execute the callback for each connection in connection map, without grabbing the lock. Caller is expected to grab lock.

func (*ConntrackConnectionStore) GetConnByKey 

func (cs *ConntrackConnectionStore) GetConnByKey(connKey flowexporter.ConnectionKey) (*flowexporter.Connection, bool)

GetConnByKey gets the connection in connection map given the connection key.

func (*ConntrackConnectionStore) GetExpiredConns added in v1.4.0 

func (cs *ConntrackConnectionStore) GetExpiredConns(expiredConns []flowexporter.Connection, currTime time.Time, maxSize int) ([]flowexporter.Connection, time.Duration)

func (*ConntrackConnectionStore) GetPriorityQueue added in v1.5.0 

func (cs *ConntrackConnectionStore) GetPriorityQueue() *priorityqueue.ExpirePriorityQueue

func (*ConntrackConnectionStore) Poll 

func (cs *ConntrackConnectionStore) Poll() ([]int, error)

Poll calls into conntrackDumper interface to dump conntrack flows. It returns the number of connections for each address family, as a slice. In dual-stack clusters, the slice will contain 2 values (number of IPv4 connections first, then number of IPv6 connections). TODO: As optimization, only poll invalid/closed connections during every poll, and poll the established connections right before the export.

func (*ConntrackConnectionStore) ReleaseConnStoreLock added in v1.4.0 

func (cs *ConntrackConnectionStore) ReleaseConnStoreLock()

func (*ConntrackConnectionStore) Run 

func (cs *ConntrackConnectionStore) Run(stopCh <-chan struct{})

Run enables the periodical polling of conntrack connections at a given flowPollInterval.

func (*ConntrackConnectionStore) UpdateConnAndQueue added in v1.4.0 

func (cs *ConntrackConnectionStore) UpdateConnAndQueue(pqItem *flowexporter.ItemToExpire, currTime time.Time)

UpdateConnAndQueue deletes the inactive connection from keyToItem map, without adding it back to the PQ. In this way, we can avoid to reset the item's expire time every time we encounter it in the PQ. The method also updates active connection's stats fields and adds it back to the PQ.

type DenyConnectionStore 

type DenyConnectionStore struct {
	// contains filtered or unexported fields
}

func NewDenyConnectionStore 

func NewDenyConnectionStore(ifaceStore interfacestore.InterfaceStore, proxier proxy.Proxier, o *flowexporter.FlowExporterOptions) *DenyConnectionStore

func (*DenyConnectionStore) AcquireConnStoreLock added in v1.4.0 

func (cs *DenyConnectionStore) AcquireConnStoreLock()

func (*DenyConnectionStore) AddConnToMap added in v1.2.0 

func (cs *DenyConnectionStore) AddConnToMap(connKey *flowexporter.ConnectionKey, conn *flowexporter.Connection)

AddConnToMap adds the connection to connections map given connection key. This is used only for unit tests.

func (*DenyConnectionStore) AddOrUpdateConn 

func (ds *DenyConnectionStore) AddOrUpdateConn(conn *flowexporter.Connection, timeSeen time.Time, bytes uint64)

AddOrUpdateConn updates the connection if it is already present, i.e., update timestamp, counters etc., or adds a new connection with the resolved K8s metadata.

func (*DenyConnectionStore) ForAllConnectionsDo 

func (cs *DenyConnectionStore) ForAllConnectionsDo(callback flowexporter.ConnectionMapCallBack) error

ForAllConnectionsDo execute the callback for each connection in connection map.

func (*DenyConnectionStore) ForAllConnectionsDoWithoutLock added in v1.7.0 

func (cs *DenyConnectionStore) ForAllConnectionsDoWithoutLock(callback flowexporter.ConnectionMapCallBack) error

ForAllConnectionsDoWithoutLock execute the callback for each connection in connection map, without grabbing the lock. Caller is expected to grab lock.

func (*DenyConnectionStore) GetConnByKey 

func (cs *DenyConnectionStore) GetConnByKey(connKey flowexporter.ConnectionKey) (*flowexporter.Connection, bool)

GetConnByKey gets the connection in connection map given the connection key.

func (*DenyConnectionStore) GetExpiredConns added in v1.4.0 

func (ds *DenyConnectionStore) GetExpiredConns(expiredConns []flowexporter.Connection, currTime time.Time, maxSize int) ([]flowexporter.Connection, time.Duration)

func (*DenyConnectionStore) GetPriorityQueue added in v1.5.0 

func (ds *DenyConnectionStore) GetPriorityQueue() *priorityqueue.ExpirePriorityQueue

func (*DenyConnectionStore) ReleaseConnStoreLock added in v1.4.0 

func (cs *DenyConnectionStore) ReleaseConnStoreLock()

func (*DenyConnectionStore) RunPeriodicDeletion added in v1.2.1 

func (ds *DenyConnectionStore) RunPeriodicDeletion(stopCh <-chan struct{})

func (*DenyConnectionStore) UpdateConnAndQueue added in v1.4.0 

func (cs *DenyConnectionStore) UpdateConnAndQueue(pqItem *flowexporter.ItemToExpire, currTime time.Time)

UpdateConnAndQueue deletes the inactive connection from keyToItem map, without adding it back to the PQ. In this way, we can avoid to reset the item's expire time every time we encounter it in the PQ. The method also updates active connection's stats fields and adds it back to the PQ.

type NetFilterConnTrack 

type NetFilterConnTrack interface {
	Dial() error
	DumpFlowsInCtZone(zoneFilter uint16) ([]*flowexporter.Connection, error)
}

NetFilterConnTrack interface helps for testing the code that contains the third party library functions ("github.com/ti-mo/conntrack")

Source Files

View all Source files

Directories

Path Synopsis
Package testing is a generated GoMock package.
 Package testing is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.