Documentation ¶
Index ¶
- Constants
- func HashHashWithNamespace(claimsHash string, namespace string) (string, error)
- func StatsFlowHash(r *FlowRecord) string
- func StatsUserHash(r *UserRecord) error
- type ContainerRecord
- type CounterReport
- type Counters
- type DNSRequestReport
- type DataAdder
- type DefaultCollector
- func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)
- func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)
- func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)
- func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)
- func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)
- func (d *DefaultCollector) CollectTraceEvent(records []string)
- func (d *DefaultCollector) CollectUserEvent(record *UserRecord)
- type EndPoint
- type EndPointType
- type EventCollector
- type FlowRecord
- type Influxdb
- func (d *Influxdb) AddData(tags map[string]string, fields map[string]interface{}) error
- func (d *Influxdb) CollectContainerEvent(record *ContainerRecord)
- func (d *Influxdb) CollectCounterEvent(counterReport *CounterReport)
- func (d *Influxdb) CollectDNSRequests(request *DNSRequestReport)
- func (d *Influxdb) CollectFlowEvent(record *FlowRecord)
- func (d *Influxdb) CollectPacketEvent(report *PacketReport)
- func (d *Influxdb) CollectTraceEvent(records []string)
- func (d *Influxdb) CollectUserEvent(record *UserRecord)
- func (d *Influxdb) CreateDB(dbname string) error
- func (d *Influxdb) ExecuteQuery(query string, dbname string) (*client.Response, error)
- func (d *Influxdb) Start() error
- func (d *Influxdb) Stop() error
- type PacketReport
- type UserRecord
Constants ¶
const ( // EventName is the constant used to store the name of the event type EventName = "EventName" // EventTypeFlow is the constant used to store event of type flows EventTypeFlow = "FlowEvents" // EventTypeContainer is the constant used to store event of type container EventTypeContainer = "ContainerEvents" // EventTypeContainerStart is the constant used to store event of type container start EventTypeContainerStart = "ContainerStartEvents" // EventTypeContainerStop is the constant used to store event of type container stop EventTypeContainerStop = "ContainerStopEvents" )
const ( // FlowReject indicates that a flow was rejected FlowReject = "reject" // FlowAccept logs that a flow is accepted FlowAccept = "accept" // MissingToken indicates that the token was missing MissingToken = "missingtoken" // InvalidToken indicates that the token was invalid InvalidToken = "token" // InvalidFormat indicates that the packet metadata were not correct InvalidFormat = "format" // InvalidHeader indicates that the TCP header was not there. InvalidHeader = "header" // InvalidPayload indicates that the TCP payload was not there or bad. InvalidPayload = "payload" // InvalidContext indicates that there was no context in the metadata InvalidContext = "context" // InvalidConnection indicates that there was no connection found InvalidConnection = "connection" // InvalidState indicates that a packet was received without proper state information InvalidState = "state" // InvalidNonse indicates that the nonse check failed InvalidNonse = "nonse" // PolicyDrop indicates that the flow is rejected because of the policy decision PolicyDrop = "policy" // APIPolicyDrop indicates that the request was dropped because of failed API validation. APIPolicyDrop = "api" // UnableToDial indicates that the proxy cannot dial out the connection UnableToDial = "dial" // CompressedTagMismatch indicates that the compressed tag version is dissimilar CompressedTagMismatch = "compressedtagmismatch" // EncryptionMismatch indicates that the policy encryption varies between client and server enforcer EncryptionMismatch = "encryptionmismatch" // DatapathVersionMismatch indicates that the datapath version is dissimilar DatapathVersionMismatch = "datapathversionmismatch" // PacketDrop indicate a single packet drop PacketDrop = "packetdrop" )
Flow event description
const ( // ContainerStart indicates a container start event ContainerStart = "start" // ContainerStop indicates a container stop event ContainerStop = "stop" // ContainerCreate indicates a container create event ContainerCreate = "create" // ContainerDelete indicates a container delete event ContainerDelete = "delete" // ContainerUpdate indicates a container policy update event ContainerUpdate = "update" // ContainerFailed indicates an event that a container was stopped because of policy issues ContainerFailed = "forcestop" // ContainerIgnored indicates that the container will be ignored by Trireme ContainerIgnored = "ignore" // ContainerDeleteUnknown indicates that policy for an unknown container was deleted ContainerDeleteUnknown = "unknowncontainer" )
Container event description
const ( // PolicyValid Normal flow accept PolicyValid = "V" // DefaultEndPoint provides a string for unknown container sources DefaultEndPoint = "default" // SomeClaimsSource provides a string for some claims flow source. SomeClaimsSource = "some-claims" )
Variables ¶
This section is empty.
Functions ¶
func HashHashWithNamespace ¶
HashHashWithNamespace hash the given claim hash with the given namespace.
func StatsFlowHash ¶
func StatsFlowHash(r *FlowRecord) string
StatsFlowHash is a hash function to hash flows
func StatsUserHash ¶
func StatsUserHash(r *UserRecord) error
StatsUserHash is a hash function to hash user records.
Types ¶
type ContainerRecord ¶
type ContainerRecord struct { ContextID string IPAddress policy.ExtendedMap Tags *policy.TagStore Event string }
ContainerRecord is a statistics record for a container
type CounterReport ¶
CounterReport is called from the PU which reports Counters from the datapath
type DNSRequestReport ¶
type DNSRequestReport struct { Namespace string Source *EndPoint NameLookup string Error string Count int Ts time.Time }
DNSRequestReport object is used to report dns requests being made by PU's
type DataAdder ¶
type DataAdder interface { CreateDB(string) error AddData(tags map[string]string, fields map[string]interface{}) error ExecuteQuery(query string, dbname string) (*client.Response, error) }
DataAdder interface has all the methods required to interact with influxdb api
type DefaultCollector ¶
type DefaultCollector struct{}
DefaultCollector implements a default collector infrastructure to syslog
func (*DefaultCollector) CollectContainerEvent ¶
func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)
CollectContainerEvent is part of the EventCollector interface.
func (*DefaultCollector) CollectCounterEvent ¶
func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)
CollectCounterEvent collect counters from the datapath
func (*DefaultCollector) CollectDNSRequests ¶
func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)
CollectDNSRequests collect counters from the datapath
func (*DefaultCollector) CollectFlowEvent ¶
func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)
CollectFlowEvent is part of the EventCollector interface.
func (*DefaultCollector) CollectPacketEvent ¶
func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)
CollectPacketEvent collects packet events from the datapath
func (*DefaultCollector) CollectTraceEvent ¶
func (d *DefaultCollector) CollectTraceEvent(records []string)
CollectTraceEvent collects iptables trace events
func (*DefaultCollector) CollectUserEvent ¶
func (d *DefaultCollector) CollectUserEvent(record *UserRecord)
CollectUserEvent is part of the EventCollector interface.
type EndPoint ¶
type EndPoint struct { ID string IP string URI string HTTPMethod string UserID string Type EndPointType Port uint16 }
EndPoint is a structure that holds all the endpoint information
type EndPointType ¶
type EndPointType byte
EndPointType is the type of an endpoint (PU or an external IP address )
const ( // EndPointTypeExternalIP indicates that the endpoint is an external IP address EndPointTypeExternalIP EndPointType = iota // EnpointTypePU indicates that the endpoint is a PU. EnpointTypePU // EndpointTypeClaims indicates that the endpoint is of type claims. EndpointTypeClaims )
func (*EndPointType) String ¶
func (e *EndPointType) String() string
type EventCollector ¶
type EventCollector interface { // CollectFlowEvent collect a flow event. CollectFlowEvent(record *FlowRecord) // CollectContainerEvent collects a container events CollectContainerEvent(record *ContainerRecord) // CollectUserEvent collects a user event CollectUserEvent(record *UserRecord) // CollectTraceEvent collects a set of trace messages generated with Iptables trace command CollectTraceEvent(records []string) // CollectPacketEvent collects packet event from nfqdatapath CollectPacketEvent(report *PacketReport) // CollectCounterEvent collects the counters from CollectCounterEvent(counterReport *CounterReport) // CollectDNSRequests collects the dns requests CollectDNSRequests(request *DNSRequestReport) }
EventCollector is the interface for collecting events.
func NewDefaultCollector ¶
func NewDefaultCollector() EventCollector
NewDefaultCollector returns a default implementation of an EventCollector
func NewInfluxDBCollector ¶
func NewInfluxDBCollector(user, pass, url, db string, insecureSkipVerify bool) EventCollector
NewInfluxDBCollector returns a collector implementation for InfluxDB
type FlowRecord ¶
type FlowRecord struct { ContextID string Namespace string Source *EndPoint Destination *EndPoint Tags *policy.TagStore DropReason string PolicyID string ObservedPolicyID string ServiceType policy.ServiceType ServiceID string Count int Action policy.ActionType ObservedAction policy.ActionType L4Protocol uint8 }
FlowRecord describes a flow record for statistis
func (*FlowRecord) String ¶
func (f *FlowRecord) String() string
type Influxdb ¶
type Influxdb struct {
// contains filtered or unexported fields
}
Influxdb inplements a DataAdder interface for influxDB
func NewDBConnection ¶
func NewDBConnection(user string, pass string, addr string, db string, insecureSkipVerify bool) (*Influxdb, error)
NewDBConnection is used to create a new client and return influxdb handle
func (*Influxdb) CollectContainerEvent ¶
func (d *Influxdb) CollectContainerEvent(record *ContainerRecord)
CollectContainerEvent implements trireme collector interface
func (*Influxdb) CollectCounterEvent ¶
func (d *Influxdb) CollectCounterEvent(counterReport *CounterReport)
CollectCounterEvent collects the counters from
func (*Influxdb) CollectDNSRequests ¶
func (d *Influxdb) CollectDNSRequests(request *DNSRequestReport)
CollectDNSRequests collects the dns requests
func (*Influxdb) CollectFlowEvent ¶
func (d *Influxdb) CollectFlowEvent(record *FlowRecord)
CollectFlowEvent implements trireme collector interface
func (*Influxdb) CollectPacketEvent ¶
func (d *Influxdb) CollectPacketEvent(report *PacketReport)
CollectPacketEvent collects packet event from nfqdatapath
func (*Influxdb) CollectTraceEvent ¶
CollectTraceEvent collects a set of trace messages generated with Iptables trace command
func (*Influxdb) CollectUserEvent ¶
func (d *Influxdb) CollectUserEvent(record *UserRecord)
CollectUserEvent implements trireme collector interface
func (*Influxdb) ExecuteQuery ¶
ExecuteQuery is used to execute a query given a database name
type PacketReport ¶
type PacketReport struct { TCPFlags int Claims []string DestinationIP string DestinationPort int DropReason string Encrypt bool Event packettracing.PacketEvent Length int Mark int Namespace string PacketID int Protocol int PUID string SourceIP string SourcePort int TriremePacket bool Payload []byte }
PacketReport is the struct which is used to report packets captured in datapath
type UserRecord ¶
UserRecord reports a new user access. These will be reported periodically.