collector

package
v0.0.0-...-7726874 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 11, 2020 License: GPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// EventName is the constant used to store the name of the event type
	EventName = "EventName"

	// EventTypeFlow is the constant used to store event of type flows
	EventTypeFlow = "FlowEvents"

	// EventTypeContainer is the constant used to store event of type container
	EventTypeContainer = "ContainerEvents"

	// EventTypeContainerStart is the constant used to store event of type container start
	EventTypeContainerStart = "ContainerStartEvents"

	// EventTypeContainerStop is the constant used to store event of type container stop
	EventTypeContainerStop = "ContainerStopEvents"
)
View Source
const (
	// FlowReject indicates that a flow was rejected
	FlowReject = "reject"
	// FlowAccept logs that a flow is accepted
	FlowAccept = "accept"
	// MissingToken indicates that the token was missing
	MissingToken = "missingtoken"
	// InvalidToken indicates that the token was invalid
	InvalidToken = "token"
	// InvalidFormat indicates that the packet metadata were not correct
	InvalidFormat = "format"
	// InvalidHeader indicates that the TCP header was not there.
	InvalidHeader = "header"
	// InvalidPayload indicates that the TCP payload was not there or bad.
	InvalidPayload = "payload"
	// InvalidContext indicates that there was no context in the metadata
	InvalidContext = "context"
	// InvalidConnection indicates that there was no connection found
	InvalidConnection = "connection"
	// InvalidState indicates that a packet was received without proper state information
	InvalidState = "state"
	// InvalidNonse indicates that the nonse check failed
	InvalidNonse = "nonse"
	// PolicyDrop indicates that the flow is rejected because of the policy decision
	PolicyDrop = "policy"
	// APIPolicyDrop indicates that the request was dropped because of failed API validation.
	APIPolicyDrop = "api"
	// UnableToDial indicates that the proxy cannot dial out the connection
	UnableToDial = "dial"
	// CompressedTagMismatch indicates that the compressed tag version is dissimilar
	CompressedTagMismatch = "compressedtagmismatch"
	// EncryptionMismatch indicates that the policy encryption varies between client and server enforcer
	EncryptionMismatch = "encryptionmismatch"
	// DatapathVersionMismatch indicates that the datapath version is dissimilar
	DatapathVersionMismatch = "datapathversionmismatch"
	// PacketDrop indicate a single packet drop
	PacketDrop = "packetdrop"
)

Flow event description

View Source
const (
	// ContainerStart indicates a container start event
	ContainerStart = "start"
	// ContainerStop indicates a container stop event
	ContainerStop = "stop"
	// ContainerCreate indicates a container create event
	ContainerCreate = "create"
	// ContainerDelete indicates a container delete event
	ContainerDelete = "delete"
	// ContainerUpdate indicates a container policy update event
	ContainerUpdate = "update"
	// ContainerFailed indicates an event that a container was stopped because of policy issues
	ContainerFailed = "forcestop"
	// ContainerIgnored indicates that the container will be ignored by Trireme
	ContainerIgnored = "ignore"
	// ContainerDeleteUnknown indicates that policy for an unknown  container was deleted
	ContainerDeleteUnknown = "unknowncontainer"
)

Container event description

View Source
const (
	// PolicyValid Normal flow accept
	PolicyValid = "V"
	// DefaultEndPoint  provides a string for unknown container sources
	DefaultEndPoint = "default"
	// SomeClaimsSource provides a string for some claims flow source.
	SomeClaimsSource = "some-claims"
)

Variables

This section is empty.

Functions

func HashHashWithNamespace

func HashHashWithNamespace(claimsHash string, namespace string) (string, error)

HashHashWithNamespace hash the given claim hash with the given namespace.

func StatsFlowHash

func StatsFlowHash(r *FlowRecord) string

StatsFlowHash is a hash function to hash flows

func StatsUserHash

func StatsUserHash(r *UserRecord) error

StatsUserHash is a hash function to hash user records.

Types

type ContainerRecord

type ContainerRecord struct {
	ContextID string
	IPAddress policy.ExtendedMap
	Tags      *policy.TagStore
	Event     string
}

ContainerRecord is a statistics record for a container

type CounterReport

type CounterReport struct {
	Namespace string
	ContextID string
	Counters  []Counters
}

CounterReport is called from the PU which reports Counters from the datapath

type Counters

type Counters struct {
	Name  string
	Value uint32
}

Counters represent a single entry with name and current val

type DNSRequestReport

type DNSRequestReport struct {
	Namespace  string
	Source     *EndPoint
	NameLookup string
	Error      string
	Count      int
	Ts         time.Time
}

DNSRequestReport object is used to report dns requests being made by PU's

type DataAdder

type DataAdder interface {
	CreateDB(string) error
	AddData(tags map[string]string, fields map[string]interface{}) error
	ExecuteQuery(query string, dbname string) (*client.Response, error)
}

DataAdder interface has all the methods required to interact with influxdb api

type DefaultCollector

type DefaultCollector struct{}

DefaultCollector implements a default collector infrastructure to syslog

func (*DefaultCollector) CollectContainerEvent

func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)

CollectContainerEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectCounterEvent

func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)

CollectCounterEvent collect counters from the datapath

func (*DefaultCollector) CollectDNSRequests

func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)

CollectDNSRequests collect counters from the datapath

func (*DefaultCollector) CollectFlowEvent

func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)

CollectFlowEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectPacketEvent

func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)

CollectPacketEvent collects packet events from the datapath

func (*DefaultCollector) CollectTraceEvent

func (d *DefaultCollector) CollectTraceEvent(records []string)

CollectTraceEvent collects iptables trace events

func (*DefaultCollector) CollectUserEvent

func (d *DefaultCollector) CollectUserEvent(record *UserRecord)

CollectUserEvent is part of the EventCollector interface.

type EndPoint

type EndPoint struct {
	ID         string
	IP         string
	URI        string
	HTTPMethod string
	UserID     string
	Type       EndPointType
	Port       uint16
}

EndPoint is a structure that holds all the endpoint information

type EndPointType

type EndPointType byte

EndPointType is the type of an endpoint (PU or an external IP address )

const (
	// EndPointTypeExternalIP indicates that the endpoint is an external IP address
	EndPointTypeExternalIP EndPointType = iota
	// EnpointTypePU indicates that the endpoint is a PU.
	EnpointTypePU
	// EndpointTypeClaims indicates that the endpoint is of type claims.
	EndpointTypeClaims
)

func (*EndPointType) String

func (e *EndPointType) String() string

type EventCollector

type EventCollector interface {

	// CollectFlowEvent collect a  flow event.
	CollectFlowEvent(record *FlowRecord)

	// CollectContainerEvent collects a container events
	CollectContainerEvent(record *ContainerRecord)

	// CollectUserEvent  collects a user event
	CollectUserEvent(record *UserRecord)

	// CollectTraceEvent collects a set of trace messages generated with Iptables trace command
	CollectTraceEvent(records []string)

	// CollectPacketEvent collects packet event from nfqdatapath
	CollectPacketEvent(report *PacketReport)

	// CollectCounterEvent collects the counters from
	CollectCounterEvent(counterReport *CounterReport)

	// CollectDNSRequests collects the dns requests
	CollectDNSRequests(request *DNSRequestReport)
}

EventCollector is the interface for collecting events.

func NewDefaultCollector

func NewDefaultCollector() EventCollector

NewDefaultCollector returns a default implementation of an EventCollector

func NewInfluxDBCollector

func NewInfluxDBCollector(user, pass, url, db string, insecureSkipVerify bool) EventCollector

NewInfluxDBCollector returns a collector implementation for InfluxDB

type FlowRecord

type FlowRecord struct {
	ContextID        string
	Namespace        string
	Source           *EndPoint
	Destination      *EndPoint
	Tags             *policy.TagStore
	DropReason       string
	PolicyID         string
	ObservedPolicyID string
	ServiceType      policy.ServiceType
	ServiceID        string
	Count            int
	Action           policy.ActionType
	ObservedAction   policy.ActionType
	L4Protocol       uint8
}

FlowRecord describes a flow record for statistis

func (*FlowRecord) String

func (f *FlowRecord) String() string

type Influxdb

type Influxdb struct {
	// contains filtered or unexported fields
}

Influxdb inplements a DataAdder interface for influxDB

func NewDBConnection

func NewDBConnection(user string, pass string, addr string, db string, insecureSkipVerify bool) (*Influxdb, error)

NewDBConnection is used to create a new client and return influxdb handle

func (*Influxdb) AddData

func (d *Influxdb) AddData(tags map[string]string, fields map[string]interface{}) error

AddData is used to add data to the batch

func (*Influxdb) CollectContainerEvent

func (d *Influxdb) CollectContainerEvent(record *ContainerRecord)

CollectContainerEvent implements trireme collector interface

func (*Influxdb) CollectCounterEvent

func (d *Influxdb) CollectCounterEvent(counterReport *CounterReport)

CollectCounterEvent collects the counters from

func (*Influxdb) CollectDNSRequests

func (d *Influxdb) CollectDNSRequests(request *DNSRequestReport)

CollectDNSRequests collects the dns requests

func (*Influxdb) CollectFlowEvent

func (d *Influxdb) CollectFlowEvent(record *FlowRecord)

CollectFlowEvent implements trireme collector interface

func (*Influxdb) CollectPacketEvent

func (d *Influxdb) CollectPacketEvent(report *PacketReport)

CollectPacketEvent collects packet event from nfqdatapath

func (*Influxdb) CollectTraceEvent

func (d *Influxdb) CollectTraceEvent(records []string)

CollectTraceEvent collects a set of trace messages generated with Iptables trace command

func (*Influxdb) CollectUserEvent

func (d *Influxdb) CollectUserEvent(record *UserRecord)

CollectUserEvent implements trireme collector interface

func (*Influxdb) CreateDB

func (d *Influxdb) CreateDB(dbname string) error

CreateDB is used to create a new databases given name

func (*Influxdb) ExecuteQuery

func (d *Influxdb) ExecuteQuery(query string, dbname string) (*client.Response, error)

ExecuteQuery is used to execute a query given a database name

func (*Influxdb) Start

func (d *Influxdb) Start() error

Start is used to start listening for data

func (*Influxdb) Stop

func (d *Influxdb) Stop() error

Stop is used to stop and return from listen goroutine

type PacketReport

type PacketReport struct {
	TCPFlags        int
	Claims          []string
	DestinationIP   string
	DestinationPort int
	DropReason      string
	Encrypt         bool
	Event           packettracing.PacketEvent
	Length          int
	Mark            int
	Namespace       string
	PacketID        int
	Protocol        int
	PUID            string
	SourceIP        string
	SourcePort      int
	TriremePacket   bool
	Payload         []byte
}

PacketReport is the struct which is used to report packets captured in datapath

type UserRecord

type UserRecord struct {
	ID        string
	Namespace string
	Claims    []string
}

UserRecord reports a new user access. These will be reported periodically.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL