Documentation
¶
Index ¶
- func NetlinkFlowToAntreaConnection(conn *conntrack.Flow) *flowexporter.Connection
- func NewConnTrackOvsAppCtl(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, ...) *connTrackOvsCtl
- func NewConnTrackSystem(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, ...) *connTrackSystem
- func NewConnectionStore(ifaceStore interfacestore.InterfaceStore, proxier proxy.Proxier) connectionStore
- func SetupConntrackParameters() error
- type ConnTrackDumper
- type ConntrackConnectionStore
- func (cs *ConntrackConnectionStore) AddOrUpdateConn(conn *flowexporter.Connection)
- func (cs *ConntrackConnectionStore) DeleteConnWithoutLock(connKey flowexporter.ConnectionKey) error
- func (cs *ConntrackConnectionStore) ForAllConnectionsDo(callback flowexporter.ConnectionMapCallBack) error
- func (cs *ConntrackConnectionStore) GetConnByKey(connKey flowexporter.ConnectionKey) (*flowexporter.Connection, bool)
- func (cs *ConntrackConnectionStore) Poll() ([]int, error)
- func (cs *ConntrackConnectionStore) Run(stopCh <-chan struct{})
- func (cs *ConntrackConnectionStore) SetExportDone(connKey flowexporter.ConnectionKey) error
- type DenyConnectionStore
- func (ds *DenyConnectionStore) AddOrUpdateConn(conn *flowexporter.Connection, timeSeen time.Time, bytes uint64)
- func (ds *DenyConnectionStore) DeleteConnWithoutLock(connKey flowexporter.ConnectionKey) error
- func (cs *DenyConnectionStore) ForAllConnectionsDo(callback flowexporter.ConnectionMapCallBack) error
- func (cs *DenyConnectionStore) GetConnByKey(connKey flowexporter.ConnectionKey) (*flowexporter.Connection, bool)
- func (ds *DenyConnectionStore) ResetConnStatsWithoutLock(conn *flowexporter.Connection)
- type NetFilterConnTrack
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NetlinkFlowToAntreaConnection ¶
func NetlinkFlowToAntreaConnection(conn *conntrack.Flow) *flowexporter.Connection
func NewConnTrackOvsAppCtl ¶
func NewConnTrackSystem ¶
func NewConnTrackSystem(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, isAntreaProxyEnabled bool) *connTrackSystem
TODO: detect the endianness of the system when initializing conntrack dumper to handle situations on big-endian platforms. All connection labels are required to store in little endian format in conntrack dumper.
func NewConnectionStore ¶
func NewConnectionStore( ifaceStore interfacestore.InterfaceStore, proxier proxy.Proxier, ) connectionStore
func SetupConntrackParameters ¶
func SetupConntrackParameters() error
Types ¶
type ConnTrackDumper ¶
type ConnTrackDumper interface {
// DumpFlows returns a list of filtered connections and the number of total connections.
DumpFlows(zoneFilter uint16) ([]*flowexporter.Connection, int, error)
// GetMaxConnections returns the size of the connection tracking table.
GetMaxConnections() (int, error)
}
ConnTrackDumper is an interface that is used to dump connections from conntrack module. This supports dumping through netfilter socket (OVS kernel datapath) and ovs-appctl command (OVS userspace datapath). In future, support will be extended to Windows.
func InitializeConnTrackDumper ¶
func InitializeConnTrackDumper(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, ovsDatapathType ovsconfig.OVSDatapathType, isAntreaProxyEnabled bool) ConnTrackDumper
InitializeConnTrackDumper initializes the ConnTrackDumper interface for different OS and datapath types.
type ConntrackConnectionStore ¶
type ConntrackConnectionStore struct {
// contains filtered or unexported fields
}
func NewConntrackConnectionStore ¶
func NewConntrackConnectionStore( connTrackDumper ConnTrackDumper, flowRecords *flowrecords.FlowRecords, ifaceStore interfacestore.InterfaceStore, v4Enabled bool, v6Enabled bool, proxier proxy.Proxier, npQuerier querier.AgentNetworkPolicyInfoQuerier, pollInterval time.Duration, ) *ConntrackConnectionStore
func (*ConntrackConnectionStore) AddOrUpdateConn ¶
func (cs *ConntrackConnectionStore) AddOrUpdateConn(conn *flowexporter.Connection)
AddOrUpdateConn updates the connection if it is already present, i.e., update timestamp, counters etc., or adds a new connection with the resolved K8s metadata.
func (*ConntrackConnectionStore) DeleteConnWithoutLock ¶
func (cs *ConntrackConnectionStore) DeleteConnWithoutLock(connKey flowexporter.ConnectionKey) error
DeleteConnWithoutLock deletes the connection from the connection map given the connection key without grabbing the lock. Caller is expected to grab lock.
func (*ConntrackConnectionStore) ForAllConnectionsDo ¶
func (cs *ConntrackConnectionStore) ForAllConnectionsDo(callback flowexporter.ConnectionMapCallBack) error
ForAllConnectionsDo execute the callback for each connection in connection map.
func (*ConntrackConnectionStore) GetConnByKey ¶
func (cs *ConntrackConnectionStore) GetConnByKey(connKey flowexporter.ConnectionKey) (*flowexporter.Connection, bool)
GetConnByKey gets the connection in connection map given the connection key.
func (*ConntrackConnectionStore) Poll ¶
func (cs *ConntrackConnectionStore) Poll() ([]int, error)
Poll calls into conntrackDumper interface to dump conntrack flows. It returns the number of connections for each address family, as a slice. In dual-stack clusters, the slice will contain 2 values (number of IPv4 connections first, then number of IPv6 connections). TODO: As optimization, only poll invalid/closed connections during every poll, and poll the established connections right before the export.
func (*ConntrackConnectionStore) Run ¶
func (cs *ConntrackConnectionStore) Run(stopCh <-chan struct{})
Run enables the periodical polling of conntrack connections at a given flowPollInterval.
func (*ConntrackConnectionStore) SetExportDone ¶
func (cs *ConntrackConnectionStore) SetExportDone(connKey flowexporter.ConnectionKey) error
SetExportDone sets DoneExport field of conntrack connection to true given the connection key.
type DenyConnectionStore ¶
type DenyConnectionStore struct {
// contains filtered or unexported fields
}
func NewDenyConnectionStore ¶
func NewDenyConnectionStore(ifaceStore interfacestore.InterfaceStore, proxier proxy.Proxier) *DenyConnectionStore
func (*DenyConnectionStore) AddOrUpdateConn ¶
func (ds *DenyConnectionStore) AddOrUpdateConn(conn *flowexporter.Connection, timeSeen time.Time, bytes uint64)
AddOrUpdateConn updates the connection if it is already present, i.e., update timestamp, counters etc., or adds a new connection with the resolved K8s metadata.
func (*DenyConnectionStore) DeleteConnWithoutLock ¶
func (ds *DenyConnectionStore) DeleteConnWithoutLock(connKey flowexporter.ConnectionKey) error
DeleteConnWithoutLock deletes the connection from the connection map given the connection key without grabbing the lock. Caller is expected to grab lock.
func (*DenyConnectionStore) ForAllConnectionsDo ¶
func (cs *DenyConnectionStore) ForAllConnectionsDo(callback flowexporter.ConnectionMapCallBack) error
ForAllConnectionsDo execute the callback for each connection in connection map.
func (*DenyConnectionStore) GetConnByKey ¶
func (cs *DenyConnectionStore) GetConnByKey(connKey flowexporter.ConnectionKey) (*flowexporter.Connection, bool)
GetConnByKey gets the connection in connection map given the connection key.
func (*DenyConnectionStore) ResetConnStatsWithoutLock ¶
func (ds *DenyConnectionStore) ResetConnStatsWithoutLock(conn *flowexporter.Connection)
ResetConnStatsWithoutLock resets DeltaBytes and DeltaPackets of connection after exporting without grabbing the lock. Caller is expected to grab lock.
type NetFilterConnTrack ¶
type NetFilterConnTrack interface {
Dial() error
DumpFlowsInCtZone(zoneFilter uint16) ([]*flowexporter.Connection, error)
}
NetFilterConnTrack interface helps for testing the code that contains the third party library functions ("github.com/ti-mo/conntrack")
Source Files
Directories