internal

package
v0.0.0-...-e368295 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 2, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var IPBufferPool = sync.Pool{
	New: func() interface{} {
		b := make([]byte, net.IPv6len)
		return &b
	},
}

IPBufferPool is meant to be used in conjunction with `NetIPFromAddress`

Functions

func EncodeConn 

func EncodeConn(conn *Con) ([]byte, error)

EncodeConn netlink encodes a `Con` object

func GenerateBPFSampler 

func GenerateBPFSampler(samplingRate float64) ([]bpf.RawInstruction, error)

GenerateBPFSampler returns BPF assembly for a traffic sampler

func GetNetNamespaceFromPid 

func GetNetNamespaceFromPid(procRoot string, pid int) (netns.NsHandle, error)

GetNetNamespaceFromPid gets the network namespace for a given `pid`

func GetNetNamespaces 

func GetNetNamespaces(procRoot string) ([]netns.NsHandle, error)

GetNetNamespaces returns a list of network namespaces on the machine. The caller is responsible for calling Close() on each of the returned NsHandle's.

func GetRootNetNamespace 

func GetRootNetNamespace(procRoot string) (netns.NsHandle, error)

GetRootNetNamespace gets the root network namespace

func IsNAT 

func IsNAT(c Con) bool

IsNAT returns whether this Con represents a NAT translation

func NetIPFromAddress 

func NetIPFromAddress(addr Address, buf []byte) net.IP

NetIPFromAddress returns a net.IP from an Address Warning: the returned `net.IP` will share the same underlying memory as the given `buf` argument.

func ToLowHigh 

func ToLowHigh(addr Address) (l, h uint64)

ToLowHigh converts an address into a pair of uint64 numbers

func WithAllProcs 

func WithAllProcs(procRoot string, fn func(int) error) error

WithAllProcs will execute `fn` for every pid under procRoot. `fn` is passed the `pid`. If `fn` returns an error the iteration aborts, returning the last error returned from `fn`.

func WithNS 

func WithNS(procRoot string, ns netns.NsHandle, fn func() error) error

WithNS executes the given function in the given network namespace, and then switches back to the previous namespace.

func WithRootNS 

func WithRootNS(procRoot string, fn func() error) error

WithRootNS executes a function within root network namespace and then switch back to the previous namespace. If the thread is already in the root network namespace, the function is executed without calling SYS_SETNS.

Types

type Address 

type Address interface {
	Bytes() []byte
	WriteTo([]byte) int
	String() string
	IsLoopback() bool
	Len() int
}

Address is an IP abstraction that is family (v4/v6) agnostic

func AddressFromNetIP 

func AddressFromNetIP(ip net.IP) Address

AddressFromNetIP returns an Address from a provided net.IP

func AddressFromString 

func AddressFromString(ip string) Address

AddressFromString creates an Address using the string representation of an v4 IP

func V4Address 

func V4Address(ip uint32) Address

V4Address creates an Address using the uint32 representation of an v4 IP

func V4AddressFromBytes 

func V4AddressFromBytes(buf []byte) Address

V4AddressFromBytes creates an Address using the byte representation of an v4 IP

func V6Address 

func V6Address(low, high uint64) Address

V6Address creates an Address using the uint128 representation of an v6 IP

func V6AddressFromBytes 

func V6AddressFromBytes(buf []byte) Address

V6AddressFromBytes creates an Address using the byte representation of an v6 IP

type AttributeScanner 

type AttributeScanner struct {
	// contains filtered or unexported fields
}

AttributeScanner provides an iterator API to traverse each field in a netlink message. The same AttributeScanner instance can be used multiple times with different messages by calling ResetTo(). When scanning a netlink message, every time we "enter" in a nested field, a new NestedFrame is created. Based on https://github.com/mdlayher/netlink/blob/c558cf25207e57bc9cc026d2dd69e2ea2f6abd0e/attribute.go

func NewAttributeScanner 

func NewAttributeScanner() *AttributeScanner

NewAttributeScanner returns a new instance of AttributeScanner

func (*AttributeScanner) Bytes 

func (s *AttributeScanner) Bytes() []byte

Bytes returns the raw bytes of the current Attribute's data.

func (*AttributeScanner) Err 

func (s *AttributeScanner) Err() error

Err returns the first error encountered by the scanner.

func (*AttributeScanner) Nested 

func (s *AttributeScanner) Nested(fn func() error)

Nested executes the given function within a new NestedFrame

func (*AttributeScanner) Next 

func (s *AttributeScanner) Next() bool

Next advances the scanner to the next netlink attribute (within the same NestedFrame). It returns false when no more attributes are present, or an error was encountered.

func (*AttributeScanner) ResetTo 

func (s *AttributeScanner) ResetTo(data []byte) error

ResetTo makes the current AttributeScanner ready for another netlink message

func (*AttributeScanner) Type 

func (s *AttributeScanner) Type() uint16

Type returns the Attribute.Type field of the current netlink attribute pointed to by the scanner.

type CircuitBreaker 

type CircuitBreaker struct {
	// contains filtered or unexported fields
}

CircuitBreaker is meant to enforce a maximum rate of events per second Once the event rate goes above the threshold the circuit breaker will trip and remain open until Reset() is called.

func NewCircuitBreaker 

func NewCircuitBreaker(maxEventsPerSec int64) *CircuitBreaker

NewCircuitBreaker instantiates a new CircuitBreaker that only allows a maxEventsPerSec to pass. The rate of events is calculated using an EWMA.

func (*CircuitBreaker) IsOpen 

func (c *CircuitBreaker) IsOpen() bool

IsOpen returns true when the circuit breaker trips and remain unchanched until Reset() is called.

func (*CircuitBreaker) Rate 

func (c *CircuitBreaker) Rate() int64

Rate returns the current rate of events

func (*CircuitBreaker) Reset 

func (c *CircuitBreaker) Reset()

Reset closes the circuit breaker and its state.

func (*CircuitBreaker) Stop 

func (c *CircuitBreaker) Stop()

Stop stops the circuit breaker.

func (*CircuitBreaker) Tick 

func (c *CircuitBreaker) Tick(n int)

Tick represents one or more events passing through the circuit breaker.

type Con 

type Con struct {
	ct.Con
	NetNS int32
}

Con represents a conntrack entry, along with any network namespace info (nsid)

func (Con) String 

func (c Con) String() string

type Config 

type Config struct {
	Enabled                      bool
	ProcRoot                     string
	ConntrackInitTimeout         time.Duration
	ConntrackRateLimit           int
	ConntrackMaxStateSize        int
	EnableConntrackAllNamespaces bool
}

type ConnectionStats 

type ConnectionStats struct {
	Source net.IP
	Dest   net.IP

	SPort uint16
	DPort uint16
	Type  ConnectionType
}

ConnectionStats stores statistics for a single connection. Field order in the struct should be 8-byte aligned

type ConnectionType 

type ConnectionType uint8

ConnectionType will be either TCP or UDP 

const (
	// TCP connection type
	TCP ConnectionType = 0

	// UDP connection type
	UDP ConnectionType = 1
)

func (ConnectionType) String 

func (c ConnectionType) String() string

type Conntrack 

type Conntrack interface {
	// Exists checks if a connection exists in the conntrack
	// table based on matches to `conn.Origin` or `conn.Reply`.
	Exists(conn *Con) (bool, error)
	// Dump dumps the conntrack table.
	Dump() ([]Con, error)
	// Get gets the conntrack record for a connection. Similar to
	// Exists, but returns the full connection information.
	Get(conn *Con) (Con, error)
	// Close closes the conntrack object
	Close() error
}

Conntrack is an interface to the system conntrack table

func NewConntrack 

func NewConntrack(netNS int) (Conntrack, error)

NewConntrack creates an implementation of the Conntrack interface. `netNS` is the network namespace for the conntrack operations. A value of `0` will use the current thread's network namespace

type Conntracker 

type Conntracker interface {
	GetTranslationForConn(ConnectionStats) *IPTranslation
	DeleteTranslation(ConnectionStats)
	IsSampling() bool
	GetStats() map[string]int64
	Close()
}

Conntracker is a wrapper around go-conntracker that keeps a record of all connections in user space

func NewConntracker 

func NewConntracker(config *Config) (Conntracker, error)

NewConntracker creates a new conntracker with a short term buffer capped at the given size

type Consumer 

type Consumer struct {
	// contains filtered or unexported fields
}

Consumer is responsible for encapsulating all the logic of hooking into Conntrack via a Netlink socket and streaming new connection events.

func NewConsumer 

func NewConsumer(procRoot string, targetRateLimit int, listenAllNamespaces bool) *Consumer

NewConsumer creates a new Conntrack event consumer. targetRateLimit represents the maximum number of netlink messages per second that can be read off the socket

func (*Consumer) DumpTable 

func (c *Consumer) DumpTable(family uint8) (<-chan Event, error)

DumpTable returns a channel of Event objects containing all entries present in the Conntrack table. The channel is closed once all entries are read. This method is meant to be used once during the process initialization of system-probe.

func (*Consumer) Events 

func (c *Consumer) Events() (<-chan Event, error)

Events returns a channel of Event objects (wrapping netlink messages) which receives all new connections added to the Conntrack table.

func (*Consumer) GetStats 

func (c *Consumer) GetStats() map[string]int64

GetStats returns telemetry associated to the Consumer

func (*Consumer) Stop 

func (c *Consumer) Stop()

Stop the consumer

type Decoder 

type Decoder struct {
	// contains filtered or unexported fields
}

Decoder is responsible for decoding netlink messages

func NewDecoder 

func NewDecoder() *Decoder

NewDecoder returns a new netlink message Decoder

func (*Decoder) DecodeAndReleaseEvent 

func (d *Decoder) DecodeAndReleaseEvent(e Event) []Con

DecodeAndReleaseEvent decodes a single Event into a slice of []ct.Con objects and releases the underlying buffer. TODO: Replace the intermediate ct.Con object by the same format we use in the cache

type Event 

type Event struct {
	// contains filtered or unexported fields
}

Event encapsulates the result of a single netlink.Con.Receive() call

func (*Event) Done 

func (e *Event) Done()

Done must be called after decoding events so the underlying buffers can be reclaimed.

func (*Event) Messages 

func (e *Event) Messages() []netlink.Message

Messages returned from the socket read

type IPTranslation 

type IPTranslation struct {
	ReplSrcIP   net.IP
	ReplDstIP   net.IP
	ReplSrcPort uint16
	ReplDstPort uint16
}

type NestedFrame 

type NestedFrame struct {
	// contains filtered or unexported fields
}

A NestedFrame encapsulates the decoding information of a certain nesting level

type Socket 

type Socket struct {
	// contains filtered or unexported fields
}

Socket is an implementation of netlink.Socket (github.com/mdlayher/netlink) It's mostly a copy of the original implementation (netlink.conn) with a few optimizations: * We don't MSG_PEEK as we use a pre-allocated buffer large enough to fit any netlink message; * We use a buffer pool for the message data; * We remove all the synchronization & go-channels cruft and bring it upstream in a cheaper/simpler way (Consumer)

func NewSocket 

func NewSocket() (*Socket, error)

NewSocket creates a new NETLINK socket

func (*Socket) Close 

func (s *Socket) Close() error

Close the socket

func (*Socket) File 

func (s *Socket) File() *os.File

File descriptor of the socket

func (*Socket) GetSockoptInt 

func (s *Socket) GetSockoptInt(level, opt int) (int, error)

GetSockoptInt gets a socket option

func (*Socket) JoinGroup 

func (s *Socket) JoinGroup(group uint32) error

JoinGroup creates a new group membership

func (*Socket) LeaveGroup 

func (s *Socket) LeaveGroup(group uint32) error

LeaveGroup deletes a group membership

func (*Socket) Receive 

func (s *Socket) Receive() ([]netlink.Message, error)

Receive is not implemented. See ReceiveInto

func (*Socket) ReceiveInto 

func (s *Socket) ReceiveInto(b []byte) ([]netlink.Message, int32, error)

ReceiveInto reads one or more netlink.Messages off the socket

func (*Socket) Send 

func (s *Socket) Send(m netlink.Message) error

Send a netlink.Message

func (*Socket) SendMessages 

func (s *Socket) SendMessages(m []netlink.Message) error

SendMessages isn't implemented in our case

func (*Socket) SetBPF 

func (s *Socket) SetBPF(filter []bpf.RawInstruction) error

SetBPF attaches an assembled BPF program to the socket

func (*Socket) SetSockoptInt 

func (s *Socket) SetSockoptInt(level, opt, value int) error

SetSockoptInt sets a socket option

type Version 

type Version uint32

Version is a numerical representation of a kernel version

func HostVersion 

func HostVersion() (Version, error)

HostVersion returns the running kernel version of the host

func VersionCode 

func VersionCode(major, minor, patch byte) Version

VersionCode returns a Version computed from the individual parts of a x.x.x version

func (Version) String 

func (v Version) String() string

String returns a string representing the version in x.x.x format

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.