Documentation ¶
Overview ¶
Package config implements network tracing configuration
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { ebpf.Config // NPMEnabled is whether the network performance monitoring feature is explicitly enabled or not NPMEnabled bool // ServiceMonitoringEnabled is whether the service monitoring feature is enabled or not ServiceMonitoringEnabled bool // CollectTCPv4Conns specifies whether the tracer should collect traffic statistics for TCPv4 connections CollectTCPv4Conns bool // CollectTCPv6Conns specifies whether the tracer should collect traffic statistics for TCPv6 connections CollectTCPv6Conns bool // CollectUDPv4Conns specifies whether the tracer should collect traffic statistics for UDPv4 connections CollectUDPv4Conns bool // CollectUDPv6Conns specifies whether the tracer should collect traffic statistics for UDPv6 connections CollectUDPv6Conns bool // CollectLocalDNS specifies whether the tracer should capture traffic for local DNS calls CollectLocalDNS bool // DNSInspection specifies whether the tracer should enhance connection data with domain names by inspecting DNS traffic // Notice this does *not* depend on CollectLocalDNS DNSInspection bool // CollectDNSStats specifies whether the tracer should enhance connection data with relevant DNS stats // It is relevant *only* when DNSInspection is enabled. CollectDNSStats bool // CollectDNSDomains specifies whether collected DNS stats would be scoped by domain // It is relevant *only* when DNSInspection and CollectDNSStats is enabled. CollectDNSDomains bool // DNSTimeout determines the length of time to wait before considering a DNS Query to have timed out DNSTimeout time.Duration // MaxDNSStats determines the number of separate DNS Stats objects DNSStatkeeper can have at any given time // These stats objects get flushed on every client request (default 30s check interval) MaxDNSStats int // EnableHTTPMonitoring specifies whether the tracer should monitor HTTP traffic EnableHTTPMonitoring bool // EnableHTTP2Monitoring specifies whether the tracer should monitor HTTP2 traffic EnableHTTP2Monitoring bool // EnableKafkaMonitoring specifies whether the tracer should monitor Kafka traffic EnableKafkaMonitoring bool // EnablePostgresMonitoring specifies whether the tracer should monitor Postgres traffic. EnablePostgresMonitoring bool // EnableRedisMonitoring specifies whether the tracer should monitor Redis traffic. EnableRedisMonitoring bool // EnableNativeTLSMonitoring specifies whether the USM should monitor HTTPS traffic via native libraries. // Supported libraries: OpenSSL, GnuTLS, LibCrypto. EnableNativeTLSMonitoring bool // EnableIstioMonitoring specifies whether USM should monitor Istio traffic EnableIstioMonitoring bool // EnvoyPath specifies the envoy path to be used for Istio monitoring EnvoyPath string // EnableNodeJSMonitoring specifies whether USM should monitor NodeJS TLS traffic EnableNodeJSMonitoring bool // EnableGoTLSSupport specifies whether the tracer should monitor HTTPS // traffic done through Go's standard library's TLS implementation EnableGoTLSSupport bool // GoTLSExcludeSelf specifies whether USM's GoTLS module should avoid // hooking the system-probe test binary. Defaults to true. GoTLSExcludeSelf bool // MaxTrackedHTTPConnections max number of http(s) flows that will be concurrently tracked. // value is currently Windows only MaxTrackedHTTPConnections int64 // HTTPNotificationThreshold is the number of connections to hold in the kernel before signalling // to be retrieved. Currently Windows only HTTPNotificationThreshold int64 // HTTPMaxRequestFragment is the size of the HTTP path buffer to be retrieved. // Currently Windows only HTTPMaxRequestFragment int64 // UDPConnTimeout determines the length of traffic inactivity between two // (IP, port)-pairs before declaring a UDP connection as inactive. This is // set to /proc/sys/net/netfilter/nf_conntrack_udp_timeout on Linux by // default. UDPConnTimeout time.Duration // UDPStreamTimeout is the timeout for udp streams. This is set to // /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream on Linux by // default. UDPStreamTimeout time.Duration // TCPConnTimeout is like UDPConnTimeout, but for TCP connections. TCP connections are cleared when // the BPF module receives a tcp_close call, but TCP connections also age out to catch cases where // tcp_close is not intercepted for some reason. TCPConnTimeout time.Duration // MaxTrackedConnections specifies the maximum number of connections we can track. This determines the size of the eBPF Maps MaxTrackedConnections uint32 // MaxClosedConnectionsBuffered represents the maximum number of closed connections we'll buffer in memory. These closed connections // get flushed on every client request (default 30s check interval) MaxClosedConnectionsBuffered uint32 // MaxFailedConnectionsBuffered represents the maximum number of failed connections we'll buffer in memory. These connections will be // removed from memory as they are matched to closed connections MaxFailedConnectionsBuffered uint32 // ClosedConnectionFlushThreshold represents the number of closed connections stored before signalling // the agent to flush the connections. This value only valid on Windows ClosedConnectionFlushThreshold int // MaxDNSStatsBuffered represents the maximum number of DNS stats we'll buffer in memory. These stats // get flushed on every client request (default 30s check interval) MaxDNSStatsBuffered int // MaxUSMConcurrentRequests represents the maximum number of requests (for a single protocol) // that can happen concurrently at a given point in time. This parameter is used for sizing our eBPF maps. MaxUSMConcurrentRequests uint32 // MaxHTTPStatsBuffered represents the maximum number of HTTP stats we'll buffer in memory. These stats // get flushed on every client request (default 30s check interval) MaxHTTPStatsBuffered int // MaxKafkaStatsBuffered represents the maximum number of Kafka stats we'll buffer in memory. These stats // get flushed on every client request (default 30s check interval) MaxKafkaStatsBuffered int // MaxPostgresTelemetryBuffer represents the maximum size of the telemetry buffer size for Postgres. MaxPostgresTelemetryBuffer int // MaxPostgresStatsBuffered represents the maximum number of Postgres stats we'll buffer in memory. These stats // get flushed on every client request (default 30s check interval) MaxPostgresStatsBuffered int // MaxRedisStatsBuffered represents the maximum number of Redis stats we'll buffer in memory. These stats // get flushed on every client request (default 30s check interval) MaxRedisStatsBuffered int // MaxConnectionsStateBuffered represents the maximum number of state objects that we'll store in memory. These state objects store // the stats for a connection so we can accurately determine traffic change between client requests. MaxConnectionsStateBuffered int // ClientStateExpiry specifies the max time a client (e.g. process-agent)'s state will be stored in memory before being evicted. ClientStateExpiry time.Duration // EnableConntrack enables probing conntrack for network address translation EnableConntrack bool // IgnoreConntrackInitFailure will ignore any conntrack initialization failiures during system-probe load. If this is set to false, system-probe // will fail to start if there is a conntrack initialization failure. IgnoreConntrackInitFailure bool // ConntrackMaxStateSize specifies the maximum number of connections with NAT we can track ConntrackMaxStateSize int // ConntrackRateLimit specifies the maximum number of netlink messages *per second* that can be processed // Setting it to -1 disables the limit and can result in a high CPU usage. ConntrackRateLimit int // ConntrackRateLimitInterval specifies the interval at which the rate limiter is updated ConntrackRateLimitInterval time.Duration // ConntrackInitTimeout specifies how long we wait for conntrack to initialize before failing ConntrackInitTimeout time.Duration // EnableConntrackAllNamespaces enables network address translation via netlink for all namespaces that are peers of the root namespace. // default is true EnableConntrackAllNamespaces bool // EnableEbpfConntracker enables the ebpf based network conntracker EnableEbpfConntracker bool // EnableCiliumLBConntracker enables the cilium load balancer conntracker EnableCiliumLBConntracker bool // ClosedChannelSize specifies the size for closed channel for the tracer ClosedChannelSize int // ClosedBufferWakeupCount specifies the number of events that will buffer in a perf buffer before userspace is woken up. ClosedBufferWakeupCount int // ExcludedSourceConnections is a map of source connections to blacklist ExcludedSourceConnections map[string][]string // ExcludedDestinationConnections is a map of destination connections to blacklist ExcludedDestinationConnections map[string][]string // OffsetGuessThreshold is the size of the byte threshold we will iterate over when guessing offsets OffsetGuessThreshold uint64 // EnableMonotonicCount (Windows only) determines if we will calculate send/recv bytes of connections with headers and retransmits EnableMonotonicCount bool // EnableGatewayLookup enables looking up gateway information for connection destinations EnableGatewayLookup bool // RecordedQueryTypes enables specific DNS query types to be recorded RecordedQueryTypes []string // HTTP replace rules HTTPReplaceRules []*ReplaceRule // EnableProcessEventMonitoring enables consuming CWS process monitoring events from the runtime security module EnableProcessEventMonitoring bool // MaxProcessesTracked is the maximum number of processes whose information is stored in the network module MaxProcessesTracked int // EnableRootNetNs disables using the network namespace of the root process (1) // for things like creating netlink sockets for conntrack updates, etc. EnableRootNetNs bool // HTTP2DynamicTableMapCleanerInterval is the interval to run the cleaner function. HTTP2DynamicTableMapCleanerInterval time.Duration // HTTPMapCleanerInterval is the interval to run the cleaner function. HTTPMapCleanerInterval time.Duration // HTTPIdleConnectionTTL is the time an idle connection counted as "inactive" and should be deleted. HTTPIdleConnectionTTL time.Duration // ProtocolClassificationEnabled specifies whether the tracer should enhance connection data with protocols names by // classifying the L7 protocols being used. ProtocolClassificationEnabled bool // TCPFailedConnectionsEnabled specifies whether the tracer will track & report TCP error codes TCPFailedConnectionsEnabled bool // EnableNPMConnectionRollup enables aggregating connections by rolling up ephemeral ports EnableNPMConnectionRollup bool // EnableUSMQuantization enables endpoint quantization for USM programs EnableUSMQuantization bool // NPMRingbuffersEnabled specifies whether ringbuffers are enabled or not NPMRingbuffersEnabled bool // EnableUSMConnectionRollup enables the aggregation of connection data belonging to a same (client, server) pair EnableUSMConnectionRollup bool // EnableUSMRingBuffers enables the use of eBPF Ring Buffer types on // supported kernels. // Defaults to true. Setting this to false on a Kernel that supports ring // buffers (>=5.8) will result in forcing the use of Perf Maps instead. EnableUSMRingBuffers bool EnableEbpfless bool // EnableUSMEventStream enables USM to use the event stream instead // of netlink for receiving process events. EnableUSMEventStream bool // CustomBatchingEnabled enables the use of custom batching for eBPF perf events with perf buffers CustomBatchingEnabled bool }
Config stores all flags used by the network eBPF tracer
func (*Config) FailedConnectionsSupported ¶
FailedConnectionsSupported returns true if the config & TCP v4 || v6 is enabled
func (*Config) GetRootNetNs ¶
GetRootNetNs returns the network namespace to use for creating, e.g., netlink sockets
This will be the host's default network namespace if network_config.enable_root_netns is set to true (the default); otherwise this will be the default network namespace for the current process
func (*Config) RingBufferSupportedNPM ¶
RingBufferSupportedNPM returns true if the kernel supports ring buffers and the config enables them
type ReplaceRule ¶
type ReplaceRule struct { // Pattern specifies the regexp pattern to be used when replacing. It must compile. Pattern string `mapstructure:"pattern"` // Re holds the compiled Pattern and is only used internally. Re *regexp.Regexp `mapstructure:"-" json:"-"` // Repl specifies the replacement string to be used when Pattern matches. Repl string `mapstructure:"repl"` }
ReplaceRule specifies a replace rule.
Click to show internal directories.
Click to hide internal directories.