config

package
v0.0.0-...-234771b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 26, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package config implements network tracing configuration

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	ebpf.Config

	// NPMEnabled is whether the network performance monitoring feature is explicitly enabled or not
	NPMEnabled bool

	// ServiceMonitoringEnabled is whether the service monitoring feature is enabled or not
	ServiceMonitoringEnabled bool

	// CollectTCPv4Conns specifies whether the tracer should collect traffic statistics for TCPv4 connections
	CollectTCPv4Conns bool

	// CollectTCPv6Conns specifies whether the tracer should collect traffic statistics for TCPv6 connections
	CollectTCPv6Conns bool

	// CollectUDPv4Conns specifies whether the tracer should collect traffic statistics for UDPv4 connections
	CollectUDPv4Conns bool

	// CollectUDPv6Conns specifies whether the tracer should collect traffic statistics for UDPv6 connections
	CollectUDPv6Conns bool

	// CollectLocalDNS specifies whether the tracer should capture traffic for local DNS calls
	CollectLocalDNS bool

	// DNSInspection specifies whether the tracer should enhance connection data with domain names by inspecting DNS traffic
	// Notice this does *not* depend on CollectLocalDNS
	DNSInspection bool

	// CollectDNSStats specifies whether the tracer should enhance connection data with relevant DNS stats
	// It is relevant *only* when DNSInspection is enabled.
	CollectDNSStats bool

	// CollectDNSDomains specifies whether collected DNS stats would be scoped by domain
	// It is relevant *only* when DNSInspection and CollectDNSStats is enabled.
	CollectDNSDomains bool

	// DNSTimeout determines the length of time to wait before considering a DNS Query to have timed out
	DNSTimeout time.Duration

	// MaxDNSStats determines the number of separate DNS Stats objects DNSStatkeeper can have at any given time
	// These stats objects get flushed on every client request (default 30s check interval)
	MaxDNSStats int

	// EnableHTTPMonitoring specifies whether the tracer should monitor HTTP traffic
	EnableHTTPMonitoring bool

	// EnableHTTP2Monitoring specifies whether the tracer should monitor HTTP2 traffic
	EnableHTTP2Monitoring bool

	// EnableKafkaMonitoring specifies whether the tracer should monitor Kafka traffic
	EnableKafkaMonitoring bool

	// EnablePostgresMonitoring specifies whether the tracer should monitor Postgres traffic.
	EnablePostgresMonitoring bool

	// EnableRedisMonitoring specifies whether the tracer should monitor Redis traffic.
	EnableRedisMonitoring bool

	// EnableNativeTLSMonitoring specifies whether the USM should monitor HTTPS traffic via native libraries.
	// Supported libraries: OpenSSL, GnuTLS, LibCrypto.
	EnableNativeTLSMonitoring bool

	// EnableIstioMonitoring specifies whether USM should monitor Istio traffic
	EnableIstioMonitoring bool

	// EnvoyPath specifies the envoy path to be used for Istio monitoring
	EnvoyPath string

	// EnableNodeJSMonitoring specifies whether USM should monitor NodeJS TLS traffic
	EnableNodeJSMonitoring bool

	// EnableGoTLSSupport specifies whether the tracer should monitor HTTPS
	// traffic done through Go's standard library's TLS implementation
	EnableGoTLSSupport bool

	// GoTLSExcludeSelf specifies whether USM's GoTLS module should avoid
	// hooking the system-probe test binary. Defaults to true.
	GoTLSExcludeSelf bool

	// MaxTrackedHTTPConnections max number of http(s) flows that will be concurrently tracked.
	// value is currently Windows only
	MaxTrackedHTTPConnections int64

	// HTTPNotificationThreshold is the number of connections to hold in the kernel before signalling
	// to be retrieved.  Currently Windows only
	HTTPNotificationThreshold int64

	// HTTPMaxRequestFragment is the size of the HTTP path buffer to be retrieved.
	// Currently Windows only
	HTTPMaxRequestFragment int64

	// UDPConnTimeout determines the length of traffic inactivity between two
	// (IP, port)-pairs before declaring a UDP connection as inactive. This is
	// set to /proc/sys/net/netfilter/nf_conntrack_udp_timeout on Linux by
	// default.
	UDPConnTimeout time.Duration

	// UDPStreamTimeout is the timeout for udp streams. This is set to
	// /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream on Linux by
	// default.
	UDPStreamTimeout time.Duration

	// TCPConnTimeout is like UDPConnTimeout, but for TCP connections. TCP connections are cleared when
	// the BPF module receives a tcp_close call, but TCP connections also age out to catch cases where
	// tcp_close is not intercepted for some reason.
	TCPConnTimeout time.Duration

	// MaxTrackedConnections specifies the maximum number of connections we can track. This determines the size of the eBPF Maps
	MaxTrackedConnections uint32

	// MaxClosedConnectionsBuffered represents the maximum number of closed connections we'll buffer in memory. These closed connections
	// get flushed on every client request (default 30s check interval)
	MaxClosedConnectionsBuffered uint32

	// MaxFailedConnectionsBuffered represents the maximum number of failed connections we'll buffer in memory. These connections will be
	// removed from memory as they are matched to closed connections
	MaxFailedConnectionsBuffered uint32

	// ClosedConnectionFlushThreshold represents the number of closed connections stored before signalling
	// the agent to flush the connections.  This value only valid on Windows
	ClosedConnectionFlushThreshold int

	// MaxDNSStatsBuffered represents the maximum number of DNS stats we'll buffer in memory. These stats
	// get flushed on every client request (default 30s check interval)
	MaxDNSStatsBuffered int

	// MaxUSMConcurrentRequests represents the maximum number of requests (for a single protocol)
	// that can happen concurrently at a given point in time. This parameter is used for sizing our eBPF maps.
	MaxUSMConcurrentRequests uint32

	// MaxHTTPStatsBuffered represents the maximum number of HTTP stats we'll buffer in memory. These stats
	// get flushed on every client request (default 30s check interval)
	MaxHTTPStatsBuffered int

	// MaxKafkaStatsBuffered represents the maximum number of Kafka stats we'll buffer in memory. These stats
	// get flushed on every client request (default 30s check interval)
	MaxKafkaStatsBuffered int

	// MaxPostgresTelemetryBuffer represents the maximum size of the telemetry buffer size for Postgres.
	MaxPostgresTelemetryBuffer int

	// MaxPostgresStatsBuffered represents the maximum number of Postgres stats we'll buffer in memory. These stats
	// get flushed on every client request (default 30s check interval)
	MaxPostgresStatsBuffered int

	// MaxRedisStatsBuffered represents the maximum number of Redis stats we'll buffer in memory. These stats
	// get flushed on every client request (default 30s check interval)
	MaxRedisStatsBuffered int

	// MaxConnectionsStateBuffered represents the maximum number of state objects that we'll store in memory. These state objects store
	// the stats for a connection so we can accurately determine traffic change between client requests.
	MaxConnectionsStateBuffered int

	// ClientStateExpiry specifies the max time a client (e.g. process-agent)'s state will be stored in memory before being evicted.
	ClientStateExpiry time.Duration

	// EnableConntrack enables probing conntrack for network address translation
	EnableConntrack bool

	// IgnoreConntrackInitFailure will ignore any conntrack initialization failiures during system-probe load. If this is set to false, system-probe
	// will fail to start if there is a conntrack initialization failure.
	IgnoreConntrackInitFailure bool

	// ConntrackMaxStateSize specifies the maximum number of connections with NAT we can track
	ConntrackMaxStateSize int

	// ConntrackRateLimit specifies the maximum number of netlink messages *per second* that can be processed
	// Setting it to -1 disables the limit and can result in a high CPU usage.
	ConntrackRateLimit int

	// ConntrackRateLimitInterval specifies the interval at which the rate limiter is updated
	ConntrackRateLimitInterval time.Duration

	// ConntrackInitTimeout specifies how long we wait for conntrack to initialize before failing
	ConntrackInitTimeout time.Duration

	// EnableConntrackAllNamespaces enables network address translation via netlink for all namespaces that are peers of the root namespace.
	// default is true
	EnableConntrackAllNamespaces bool

	// EnableEbpfConntracker enables the ebpf based network conntracker
	EnableEbpfConntracker bool

	// EnableCiliumLBConntracker enables the cilium load balancer conntracker
	EnableCiliumLBConntracker bool

	// ClosedChannelSize specifies the size for closed channel for the tracer
	ClosedChannelSize int

	// ExcludedSourceConnections is a map of source connections to blacklist
	ExcludedSourceConnections map[string][]string

	// ExcludedDestinationConnections is a map of destination connections to blacklist
	ExcludedDestinationConnections map[string][]string

	// OffsetGuessThreshold is the size of the byte threshold we will iterate over when guessing offsets
	OffsetGuessThreshold uint64

	// EnableMonotonicCount (Windows only) determines if we will calculate send/recv bytes of connections with headers and retransmits
	EnableMonotonicCount bool

	// EnableGatewayLookup enables looking up gateway information for connection destinations
	EnableGatewayLookup bool

	// RecordedQueryTypes enables specific DNS query types to be recorded
	RecordedQueryTypes []string

	// HTTP replace rules
	HTTPReplaceRules []*ReplaceRule

	// EnableProcessEventMonitoring enables consuming CWS process monitoring events from the runtime security module
	EnableProcessEventMonitoring bool

	// MaxProcessesTracked is the maximum number of processes whose information is stored in the network module
	MaxProcessesTracked int

	// EnableRootNetNs disables using the network namespace of the root process (1)
	// for things like creating netlink sockets for conntrack updates, etc.
	EnableRootNetNs bool

	// HTTP2DynamicTableMapCleanerInterval is the interval to run the cleaner function.
	HTTP2DynamicTableMapCleanerInterval time.Duration

	// HTTPMapCleanerInterval is the interval to run the cleaner function.
	HTTPMapCleanerInterval time.Duration

	// HTTPIdleConnectionTTL is the time an idle connection counted as "inactive" and should be deleted.
	HTTPIdleConnectionTTL time.Duration

	// ProtocolClassificationEnabled specifies whether the tracer should enhance connection data with protocols names by
	// classifying the L7 protocols being used.
	ProtocolClassificationEnabled bool

	// TCPFailedConnectionsEnabled specifies whether the tracer will track & report TCP error codes
	TCPFailedConnectionsEnabled bool

	// EnableNPMConnectionRollup enables aggregating connections by rolling up ephemeral ports
	EnableNPMConnectionRollup bool

	// EnableUSMQuantization enables endpoint quantization for USM programs
	EnableUSMQuantization bool

	// NPMRingbuffersEnabled specifies whether ringbuffers are enabled or not
	NPMRingbuffersEnabled bool

	// EnableUSMConnectionRollup enables the aggregation of connection data belonging to a same (client, server) pair
	EnableUSMConnectionRollup bool

	// EnableUSMRingBuffers enables the use of eBPF Ring Buffer types on
	// supported kernels.
	// Defaults to true. Setting this to false on a Kernel that supports ring
	// buffers (>=5.8) will result in forcing the use of Perf Maps instead.
	EnableUSMRingBuffers bool

	EnableEbpfless bool

	// EnableUSMEventStream enables USM to use the event stream instead
	// of netlink for receiving process events.
	EnableUSMEventStream bool
}

Config stores all flags used by the network eBPF tracer

func New

func New() *Config

New creates a config for the network tracer

func (*Config) FailedConnectionsSupported

func (c *Config) FailedConnectionsSupported() bool

FailedConnectionsSupported returns true if the config & TCP v4 || v6 is enabled

func (*Config) GetRootNetNs

func (c *Config) GetRootNetNs() (netns.NsHandle, error)

GetRootNetNs returns the network namespace to use for creating, e.g., netlink sockets

This will be the host's default network namespace if network_config.enable_root_netns is set to true (the default); otherwise this will be the default network namespace for the current process

func (*Config) RingBufferSupportedNPM

func (c *Config) RingBufferSupportedNPM() bool

RingBufferSupportedNPM returns true if the kernel supports ring buffers and the config enables them

type ReplaceRule

type ReplaceRule struct {
	// Pattern specifies the regexp pattern to be used when replacing. It must compile.
	Pattern string `mapstructure:"pattern"`

	// Re holds the compiled Pattern and is only used internally.
	Re *regexp.Regexp `mapstructure:"-" json:"-"`

	// Repl specifies the replacement string to be used when Pattern matches.
	Repl string `mapstructure:"repl"`
}

ReplaceRule specifies a replace rule.

Directories

Path Synopsis
Package sysctl implements reading of system parameters such as system limits
Package sysctl implements reading of system parameters such as system limits

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL