Documentation ¶
Index ¶
Constants ¶
const ( ReverseDNSNames = report.ReverseDNSNames SnoopedDNSNames = report.SnoopedDNSNames CopyOf = report.CopyOf )
Node metadata keys.
Variables ¶
var IsConntrackSupported = func(procRoot string) error { f := filepath.Join(procRoot, eventsPath) contents, err := ioutil.ReadFile(f) if err != nil { return err } if string(contents) == "0" { return fmt.Errorf("conntrack events (%s) are disabled", f) } return nil }
IsConntrackSupported returns true if conntrack is suppported by the kernel
Functions ¶
This section is empty.
Types ¶
type DNSSnooper ¶ added in v1.0.0
type DNSSnooper struct {
// contains filtered or unexported fields
}
DNSSnooper is a snopper of DNS queries
func NewDNSSnooper ¶ added in v1.0.0
func NewDNSSnooper() (*DNSSnooper, error)
NewDNSSnooper creates a new snooper of DNS queries
func (*DNSSnooper) CachedNamesForIP ¶ added in v1.0.0
func (s *DNSSnooper) CachedNamesForIP(ip string) []string
CachedNamesForIP obtains the domains associated to an IP, obtained while snooping A-record queries
func (*DNSSnooper) Stop ¶ added in v1.0.0
func (s *DNSSnooper) Stop()
Stop makes the snooper stop inspecting DNS communications
type EbpfTracker ¶ added in v1.3.0
EbpfTracker contains the sets of open and closed TCP connections. Closed connections are kept in the `closedConnections` slice for one iteration of `walkConnections`.
func (*EbpfTracker) LostV4 ¶ added in v1.6.0
func (t *EbpfTracker) LostV4(count uint64)
LostV4 handles IPv4 TCP event misses from the eBPF tracer.
func (*EbpfTracker) LostV6 ¶ added in v1.6.0
func (t *EbpfTracker) LostV6(count uint64)
LostV6 handles IPv4 TCP event misses from the eBPF tracer. This is currently a no-op.
func (*EbpfTracker) TCPEventV4 ¶ added in v1.6.0
func (t *EbpfTracker) TCPEventV4(e tracer.TcpV4)
TCPEventV4 handles IPv4 TCP events from the eBPF tracer
func (*EbpfTracker) TCPEventV6 ¶ added in v1.6.0
func (t *EbpfTracker) TCPEventV6(e tracer.TcpV6)
TCPEventV6 handles IPv6 TCP events from the eBPF tracer. This is currently a no-op.
type Reporter ¶
type Reporter struct {
// contains filtered or unexported fields
}
Reporter generates Reports containing the Endpoint topology.
func NewReporter ¶
func NewReporter(conf ReporterConfig) *Reporter
NewReporter creates a new Reporter that invokes procspy.Connections to generate a report.Report that contains every discovered (spied) connection on the host machine, at the granularity of host and port. That information is stored in the Endpoint topology. It optionally enriches that topology with process (PID) information.
type ReporterConfig ¶ added in v1.0.0
type ReporterConfig struct { HostID string HostName string SpyProcs bool UseConntrack bool WalkProc bool UseEbpfConn bool ProcRoot string BufferSize int ProcessCache *process.CachingWalker Scanner procspy.ConnectionScanner DNSSnooper *DNSSnooper }
ReporterConfig are the config options for the endpoint reporter.