Retracted
Documentation
¶
Index ¶
- Constants
- func BeautifyKey(key string) string
- func ConnectionSummary(c ConnectionStats, names map[util.Address][]string) string
- func IsBlacklistedConnection(scf []*ConnectionFilter, dcf []*ConnectionFilter, conn *ConnectionStats) bool
- type ConnTypeFilter
- type ConnectionDirection
- type ConnectionFamily
- type ConnectionFilter
- type ConnectionStats
- type ConnectionType
- type Connections
- type ConnectionsTelemetry
- type DNSPacketType
- type IPTranslation
- type PortMapping
- type ReverseDNS
- type State
Constants ¶
const (
// DEBUGCLIENT is the ClientID for debugging
DEBUGCLIENT = "-1"
)
const (
MaxStateMapSize = 10000
)
This const limits the maximum size of the state map. Benchmark results show that allocated space is less than 3MB for 10000 entries.
Variables ¶
This section is empty.
Functions ¶
func BeautifyKey ¶
BeautifyKey returns a human readable byte key (used for debugging purposes) it should be in sync with ByteKey Note: This is only used in /debug/* endpoints
func ConnectionSummary ¶
func ConnectionSummary(c ConnectionStats, names map[util.Address][]string) string
ConnectionSummary returns a string summarizing a connection
func IsBlacklistedConnection ¶
func IsBlacklistedConnection(scf []*ConnectionFilter, dcf []*ConnectionFilter, conn *ConnectionStats) bool
IsBlacklistedConnection returns true if a given connection should be excluded by the tracer based on user defined filters
Types ¶
type ConnTypeFilter ¶
ConnTypeFilter holds user-defined protocols
type ConnectionDirection ¶
type ConnectionDirection uint8
ConnectionDirection indicates if the connection is incoming to the host or outbound
const ( // INCOMING represents connections inbound to the host INCOMING ConnectionDirection = 1 // OUTGOING represents outbound connections from the host OUTGOING ConnectionDirection = 2 // LOCAL represents connections that don't leave the host LOCAL ConnectionDirection = 3 // NONE represents connections that have no direction (udp, for example) NONE ConnectionDirection = 4 )
func (ConnectionDirection) String ¶
func (d ConnectionDirection) String() string
type ConnectionFamily ¶
type ConnectionFamily uint8
ConnectionFamily will be either v4 or v6
const ( // AFINET represents v4 connections AFINET ConnectionFamily = 0 // AFINET6 represents v6 connections AFINET6 ConnectionFamily = 1 )
type ConnectionFilter ¶
type ConnectionFilter struct {
IP *net.IPNet // If nil, then all IPs will be considered matching.
AllPorts ConnTypeFilter
Ports map[uint16]ConnTypeFilter
}
ConnectionFilter holds a user-defined blacklisted IP/CIDR, and ports
func ParseConnectionFilters ¶
func ParseConnectionFilters(filters map[string][]string) (blacklist []*ConnectionFilter)
ParseConnectionFilters takes the user defined blacklist and returns a slice of ConnectionFilters
type ConnectionStats ¶
type ConnectionStats struct {
Source util.Address
Dest util.Address
MonotonicSentBytes uint64
LastSentBytes uint64
MonotonicRecvBytes uint64
LastRecvBytes uint64
// Last time the stats for this connection were updated
LastUpdateEpoch uint64
MonotonicRetransmits uint32
LastRetransmits uint32
RTT uint32 // Stored in µs
RTTVar uint32
Pid uint32
NetNS uint32
SPort uint16
DPort uint16
Type ConnectionType
Family ConnectionFamily
Direction ConnectionDirection
IPTranslation *IPTranslation
IntraHost bool
DNSSuccessfulResponses uint32
DNSFailedResponses uint32
DNSTimeouts uint32
DNSSuccessLatencySum uint64
DNSFailureLatencySum uint64
}
ConnectionStats stores statistics for a single connection. Field order in the struct should be 8-byte aligned
func (ConnectionStats) ByteKey ¶
func (c ConnectionStats) ByteKey(buffer *bytes.Buffer) ([]byte, error)
ByteKey returns a unique key for this connection represented as a byte array It's as following:
32b 16b 16b 4b 4b 32/128b 32/128b
| PID | SPORT | DPORT | Family | Type | SrcAddr | DestAddr
func (ConnectionStats) String ¶
func (c ConnectionStats) String() string
type ConnectionType ¶
type ConnectionType uint8
ConnectionType will be either TCP or UDP
const ( // TCP connection type TCP ConnectionType = 0 // UDP connection type UDP ConnectionType = 1 )
func (ConnectionType) String ¶
func (c ConnectionType) String() string
type Connections ¶
type Connections struct {
DNS map[util.Address][]string
Conns []ConnectionStats
Telemetry *ConnectionsTelemetry
}
Connections wraps a collection of ConnectionStats
type ConnectionsTelemetry ¶
type ConnectionsTelemetry struct {
MonotonicKprobesTriggered int64
MonotonicKprobesMissed int64
MonotonicConntrackRegisters int64
MonotonicConntrackRegistersDropped int64
MonotonicDNSPacketsProcessed int64
MonotonicConnsClosed int64
ConnsBpfMapSize int64
}
ConnectionsTelemetry stores telemetry from the system probe
type DNSPacketType ¶
type DNSPacketType uint8
DNSPacketType tells us whether the packet is a query or a reply (successful/failed)
const ( // SuccessfulResponse means the packet contains a DNS response and the response code is 0 (no error) SuccessfulResponse DNSPacketType = iota // FailedResponse means the packet contains a DNS response and the response code is not 0 FailedResponse // Query means the packet contains a DNS query Query )
type IPTranslation ¶
type IPTranslation struct {
ReplSrcIP util.Address
ReplDstIP util.Address
ReplSrcPort uint16
ReplDstPort uint16
}
IPTranslation can be associated with a connection to show the connection is NAT'd
type PortMapping ¶
PortMapping tracks which ports a pid is listening on
func NewPortMapping ¶
func NewPortMapping(procRoot string, collectTCP, collectIPv6 bool) *PortMapping
NewPortMapping creates a new PortMapping instance
func (*PortMapping) AddMapping ¶
func (pm *PortMapping) AddMapping(port uint16)
AddMapping indicates that something is listening on the provided port
func (*PortMapping) IsListening ¶
func (pm *PortMapping) IsListening(port uint16) bool
IsListening returns true if something is listening on the given port
func (*PortMapping) ReadInitialState ¶
func (pm *PortMapping) ReadInitialState() error
ReadInitialState reads the /proc filesystem and determines which ports are being listened on
func (*PortMapping) ReadInitialUDPState ¶
func (pm *PortMapping) ReadInitialUDPState() error
ReadInitialUDPState reads the /proc filesystem and determines which ports are being used as UDP server
func (*PortMapping) RemoveMapping ¶
func (pm *PortMapping) RemoveMapping(port uint16)
RemoveMapping indicates that the provided port is no longer being listened on
type ReverseDNS ¶
type ReverseDNS interface {
Resolve([]ConnectionStats) map[util.Address][]string
GetDNSStats() map[dnsKey]dnsStats
GetStats() map[string]int64
Close()
}
ReverseDNS translates IPs to names
func NewNullReverseDNS ¶
func NewNullReverseDNS() ReverseDNS
NewNullReverseDNS returns a dummy implementation of ReverseDNS
type State ¶
type State interface {
// Connections returns the list of connections for the given client when provided the latest set of active connections
Connections(
clientID string,
latestTime uint64,
latestConns []ConnectionStats,
dns map[dnsKey]dnsStats,
) []ConnectionStats
// StoreClosedConnection stores a new closed connection
StoreClosedConnection(conn ConnectionStats)
// RemoveClient stops tracking stateful data for a given client
RemoveClient(clientID string)
// RemoveExpiredClients removes expired clients from the state
RemoveExpiredClients(now time.Time)
// RemoveConnections removes the given keys from the state
RemoveConnections(keys []string)
// GetStats returns a map of statistics about the current network state
GetStats() map[string]interface{}
// DebugState returns a map with the current network state for a client ID
DumpState(clientID string) map[string]interface{}
}
State takes care of handling the logic for: - closed connections - sent and received bytes per connection
Source Files
Directories