monitor

package
v1.14.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2024 License: Apache-2.0 Imports: 27 Imported by: 13

Documentation

Index

Constants

View Source
const (
	DbgCaptureUnspec = iota
	DbgCaptureReserved1
	DbgCaptureReserved2
	DbgCaptureReserved3
	DbgCaptureDelivery
	DbgCaptureFromLb
	DbgCaptureAfterV46
	DbgCaptureAfterV64
	DbgCaptureProxyPre
	DbgCaptureProxyPost
	DbgCaptureSnatPre
	DbgCaptureSnatPost
)

must be in sync with <bpf/lib/dbg.h>

View Source
const (
	DbgUnspec = iota
	DbgGeneric
	DbgLocalDelivery
	DbgEncap
	DbgLxcFound
	DbgPolicyDenied
	DbgCtLookup
	DbgCtLookupRev
	DbgCtMatch
	DbgCtCreated
	DbgCtCreated2
	DbgIcmp6Handle
	DbgIcmp6Request
	DbgIcmp6Ns
	DbgIcmp6TimeExceeded
	DbgCtVerdict
	DbgDecap
	DbgPortMap
	DbgErrorRet
	DbgToHost
	DbgToStack
	DbgPktHash
	DbgLb6LookupFrontend
	DbgLb6LookupFrontendFail
	DbgLb6LookupBackendSlot
	DbgLb6LookupBackendSlotSuccess
	DbgLb6LookupBackendSlotV2Fail
	DbgLb6LookupBackendFail
	DbgLb6ReverseNatLookup
	DbgLb6ReverseNat
	DbgLb4LookupFrontend
	DbgLb4LookupFrontendFail
	DbgLb4LookupBackendSlot
	DbgLb4LookupBackendSlotSuccess
	DbgLb4LookupBackendSlotV2Fail
	DbgLb4LookupBackendFail
	DbgLb4ReverseNatLookup
	DbgLb4ReverseNat
	DbgLb4LoopbackSnat
	DbgLb4LoopbackSnatRev
	DbgCtLookup4
	DbgRRBackendSlotSel
	DbgRevProxyLookup
	DbgRevProxyFound
	DbgRevProxyUpdate
	DbgL4Policy
	DbgNetdevInCluster
	DbgNetdevEncap4
	DbgCTLookup41
	DbgCTLookup42
	DbgCTCreated4
	DbgCTLookup61
	DbgCTLookup62
	DbgCTCreated6
	DbgSkipProxy
	DbgL4Create
	DbgIPIDMapFailed4
	DbgIPIDMapFailed6
	DbgIPIDMapSucceed4
	DbgIPIDMapSucceed6
	DbgLbStaleCT
	DbgInheritIdentity
	DbgSkLookup4
	DbgSkLookup6
	DbgSkAssign
	DbgL7LB
)

must be in sync with <bpf/lib/dbg.h>

View Source
const (
	CtNew uint32 = iota
	CtEstablished
	CtReply
	CtRelated
)

must be in sync with <bpf/lib/conntrack.h>

View Source
const (
	// PolicyVerdictNotifyLen is the amount of packet data provided in a Policy notification
	PolicyVerdictNotifyLen = 32

	// PolicyVerdictNotifyFlagDirection is the bit mask in Flags that
	// corresponds to the direction of a traffic
	PolicyVerdictNotifyFlagDirection = 0x3

	// PolicyVerdictNotifyFlagIsIPv6 is the bit mask in Flags that
	// corresponds to whether the traffic is IPv6 or not
	PolicyVerdictNotifyFlagIsIPv6 = 0x4

	// PolicyVerdictNotifyFlagMatchType is the bit mask in Flags that
	// corresponds to the policy match type
	PolicyVerdictNotifyFlagMatchType = 0x38

	// PolicyVerdictNotifyFlagIsAudited is the bit mask in Flags that
	// corresponds to whether the traffic was allowed due to the audit mode
	PolicyVerdictNotifyFlagIsAudited = 0x40

	// PolicyVerdictNotifyFlagMatchTypeBitOffset is the bit offset in Flags that
	// corresponds to the policy match type
	PolicyVerdictNotifyFlagMatchTypeBitOffset = 3
)
View Source
const (
	XlatePointUnknown = iota
	XlatePointPreDirectionFwd
	XlatePointPostDirectionFwd
	XlatePointPreDirectionRev
	XlatePointPostDirectionRev
)

Service translation event point in socket trace event messages

View Source
const (
	L4ProtocolUnknown = iota
	L4ProtocolTCP
	L4ProtocolUDP
)

L4 protocol for socket trace event messages

View Source
const (
	TraceNotifyVersion0 = iota
	TraceNotifyVersion1
)
View Source
const (
	TraceReasonPolicy = iota
	TraceReasonCtEstablished
	TraceReasonCtReply
	TraceReasonCtRelated
	TraceReasonCtReopened
	TraceReasonUnknown
	TraceReasonSRv6Encap
	TraceReasonSRv6Decap
)

Reasons for forwarding a packet.

View Source
const (
	// DebugCaptureLen is the amount of packet data in a packet capture message
	DebugCaptureLen = 24
)
View Source
const (
	// DropNotifyLen is the amount of packet data provided in a drop notification
	DropNotifyLen = 36
)
View Source
const (
	// RecorderCaptureLen is the amount of data in the RecorderCapture message
	RecorderCaptureLen = 24
)
View Source
const (
	// TraceNotifyFlagIsIPv6 is set in TraceNotify.Flags when the
	// notification refers to an IPv6 flow
	TraceNotifyFlagIsIPv6 uint8 = 1
)
View Source
const (

	// TraceReasonEncryptMask is the bit used to indicate encryption or not
	TraceReasonEncryptMask uint8 = 0x80
)
View Source
const TraceSockNotifyFlagIPv6 uint8 = 0x1

Variables

This section is empty.

Functions

func DecodeTraceNotify

func DecodeTraceNotify(data []byte, tn *TraceNotify) error

DecodeTraceNotify will decode 'data' into the provided TraceNotify structure

func Dissect

func Dissect(dissect bool, data []byte)

Dissect parses and prints the provided data if dissect is set to true, otherwise the data is printed as HEX output

func GetAllTypes

func GetAllTypes() []string

GetAllTypes returns a slice of all known message types, sorted

func GetConnectionSummary

func GetConnectionSummary(data []byte) string

GetConnectionSummary decodes the data into layers and returns a connection summary in the format:

- sIP:sPort -> dIP:dPort, e.g. 1.1.1.1:2000 -> 2.2.2.2:80 - sIP -> dIP icmpCode, 1.1.1.1 -> 2.2.2.2 echo-request

func GetPolicyActionString

func GetPolicyActionString(verdict int32, audit bool) string

GetPolicyActionString returns the action string corresponding to the action

func TraceReasonIsDecap added in v1.14.7

func TraceReasonIsDecap(reason uint8) bool

func TraceReasonIsEncap added in v1.14.7

func TraceReasonIsEncap(reason uint8) bool

func TraceReasonIsKnown

func TraceReasonIsKnown(reason uint8) bool

Types

type ConnectionInfo

type ConnectionInfo struct {
	SrcIP    net.IP
	DstIP    net.IP
	SrcPort  uint16
	DstPort  uint16
	Proto    string
	IcmpCode string
}

ConnectionInfo contains tuple information and icmp code for a connection

func GetConnectionInfo

func GetConnectionInfo(data []byte) *ConnectionInfo

GetConnectionInfo returns the ConnectionInfo structure from data

type DebugCapture

type DebugCapture struct {
	Type    uint8
	SubType uint8
	// Source, if populated, is the ID of the source endpoint.
	Source  uint16
	Hash    uint32
	Len     uint32
	OrigLen uint32
	Arg1    uint32
	Arg2    uint32
}

DebugCapture is the metadata sent along with a captured packet frame

func (*DebugCapture) DumpInfo

func (n *DebugCapture) DumpInfo(data []byte, linkMonitor getters.LinkGetter)

DumpInfo prints a summary of the capture messages.

func (*DebugCapture) DumpJSON

func (n *DebugCapture) DumpJSON(data []byte, cpuPrefix string, linkMonitor getters.LinkGetter)

DumpJSON prints notification in json format

func (*DebugCapture) DumpVerbose

func (n *DebugCapture) DumpVerbose(dissect bool, data []byte, prefix string)

DumpVerbose prints the captured packet in human readable format

type DebugCaptureVerbose

type DebugCaptureVerbose struct {
	CPUPrefix string `json:"cpu,omitempty"`
	Type      string `json:"type,omitempty"`
	Mark      string `json:"mark,omitempty"`
	Message   string `json:"message,omitempty"`
	Prefix    string `json:"prefix,omitempty"`

	Source uint16 `json:"source"`
	Bytes  uint32 `json:"bytes"`

	Summary string `json:"summary,omitempty"`
}

DebugCaptureVerbose represents a json notification printed by monitor

func DebugCaptureToVerbose

func DebugCaptureToVerbose(n *DebugCapture, linkMonitor getters.LinkGetter) DebugCaptureVerbose

DebugCaptureToVerbose creates verbose notification from base TraceNotify

type DebugMsg

type DebugMsg struct {
	Type    uint8
	SubType uint8
	Source  uint16
	Hash    uint32
	Arg1    uint32
	Arg2    uint32
	Arg3    uint32
}

DebugMsg is the message format of the debug message found in the BPF ring buffer

func (*DebugMsg) Dump

func (n *DebugMsg) Dump(prefix string, linkMonitor getters.LinkGetter)

Dump prints the debug message in a human readable format.

func (*DebugMsg) DumpInfo

func (n *DebugMsg) DumpInfo(data []byte)

DumpInfo prints a summary of a subset of the debug messages which are related to sending, not processing, of packets.

func (*DebugMsg) DumpJSON

func (n *DebugMsg) DumpJSON(cpuPrefix string, linkMonitor getters.LinkGetter)

DumpJSON prints notification in json format

func (*DebugMsg) Message

func (n *DebugMsg) Message(linkMonitor getters.LinkGetter) string

Message returns the debug message in a human-readable format

type DisplayFormat

type DisplayFormat bool
const (
	DisplayLabel   DisplayFormat = false
	DisplayNumeric DisplayFormat = true
)

type DissectSummary

type DissectSummary struct {
	Ethernet string `json:"ethernet,omitempty"`
	IPv4     string `json:"ipv4,omitempty"`
	IPv6     string `json:"ipv6,omitempty"`
	TCP      string `json:"tcp,omitempty"`
	UDP      string `json:"udp,omitempty"`
	SCTP     string `json:"sctp,omitempty"`
	ICMPv4   string `json:"icmpv4,omitempty"`
	ICMPv6   string `json:"icmpv6,omitempty"`
	L2       *Flow  `json:"l2,omitempty"`
	L3       *Flow  `json:"l3,omitempty"`
	L4       *Flow  `json:"l4,omitempty"`
}

DissectSummary bundles decoded layers into json-marshallable message

func GetDissectSummary

func GetDissectSummary(data []byte) *DissectSummary

GetDissectSummary returns DissectSummary created from data

type DropNotify

type DropNotify struct {
	Type     uint8
	SubType  uint8
	Source   uint16
	Hash     uint32
	OrigLen  uint32
	CapLen   uint32
	SrcLabel identity.NumericIdentity
	DstLabel identity.NumericIdentity
	DstID    uint32
	Line     uint16
	File     uint8
	ExtError int8
	Ifindex  uint32
}

DropNotify is the message format of a drop notification in the BPF ring buffer

func (*DropNotify) DumpInfo

func (n *DropNotify) DumpInfo(data []byte, numeric DisplayFormat)

DumpInfo prints a summary of the drop messages.

func (*DropNotify) DumpJSON

func (n *DropNotify) DumpJSON(data []byte, cpuPrefix string)

DumpJSON prints notification in json format

func (*DropNotify) DumpVerbose

func (n *DropNotify) DumpVerbose(dissect bool, data []byte, prefix string, numeric DisplayFormat)

DumpVerbose prints the drop notification in human readable form

type DropNotifyVerbose

type DropNotifyVerbose struct {
	CPUPrefix string `json:"cpu,omitempty"`
	Type      string `json:"type,omitempty"`
	Mark      string `json:"mark,omitempty"`
	Reason    string `json:"reason,omitempty"`

	Source   uint16                   `json:"source"`
	Bytes    uint32                   `json:"bytes"`
	SrcLabel identity.NumericIdentity `json:"srcLabel"`
	DstLabel identity.NumericIdentity `json:"dstLabel"`
	DstID    uint32                   `json:"dstID"`
	Line     uint16                   `json:"Line"`
	File     uint8                    `json:"File"`
	ExtError int8                     `json:"ExtError"`
	Ifindex  uint32                   `json:"Ifindex"`

	Summary *DissectSummary `json:"summary,omitempty"`
}

DropNotifyVerbose represents a json notification printed by monitor

func DropNotifyToVerbose

func DropNotifyToVerbose(n *DropNotify) DropNotifyVerbose

DropNotifyToVerbose creates verbose notification from DropNotify

type Flow

type Flow struct {
	Src string `json:"src"`
	Dst string `json:"dst"`
}

Flow contains source and destination

type LogRecordNotify

type LogRecordNotify struct {
	accesslog.LogRecord
}

LogRecordNotify is a proxy access log notification

func (*LogRecordNotify) DumpInfo

func (l *LogRecordNotify) DumpInfo()

DumpInfo dumps an access log notification

func (*LogRecordNotify) DumpJSON

func (l *LogRecordNotify) DumpJSON()

DumpJSON prints notification in json format

type LogRecordNotifyVerbose

type LogRecordNotifyVerbose struct {
	Type             string                     `json:"type"`
	ObservationPoint accesslog.ObservationPoint `json:"observationPoint"`
	FlowType         accesslog.FlowType         `json:"flowType"`
	L7Proto          string                     `json:"l7Proto"`
	SrcEpID          uint64                     `json:"srcEpID"`
	SrcEpLabels      []string                   `json:"srcEpLabels"`
	SrcIdentity      uint64                     `json:"srcIdentity"`
	DstEpID          uint64                     `json:"dstEpID"`
	DstEpLabels      []string                   `json:"dstEpLabels"`
	DstIdentity      uint64                     `json:"dstIdentity"`
	Verdict          accesslog.FlowVerdict      `json:"verdict"`
	HTTP             *accesslog.LogRecordHTTP   `json:"http,omitempty"`
	Kafka            *accesslog.LogRecordKafka  `json:"kafka,omitempty"`
	DNS              *accesslog.LogRecordDNS    `json:"dns,omitempty"`
	L7               *accesslog.LogRecordL7     `json:"l7,omitempty"`
}

LogRecordNotifyVerbose represents a json notification printed by monitor

func LogRecordNotifyToVerbose

func LogRecordNotifyToVerbose(n *LogRecordNotify) LogRecordNotifyVerbose

LogRecordNotifyToVerbose turns LogRecordNotify into json-friendly Verbose structure

type PolicyVerdictNotify

type PolicyVerdictNotify struct {
	Type        uint8
	SubType     uint8
	Source      uint16
	Hash        uint32
	OrigLen     uint32
	CapLen      uint16
	Version     uint16
	RemoteLabel identity.NumericIdentity
	Verdict     int32
	DstPort     uint16
	Proto       uint8
	Flags       uint8
	AuthType    uint8
	Pad1        uint8
	Pad2        uint16
}

PolicyVerdictNotify is the message format of a policy verdict notification in the bpf ring buffer

func (*PolicyVerdictNotify) DumpInfo

func (n *PolicyVerdictNotify) DumpInfo(data []byte, numeric DisplayFormat)

DumpInfo prints a summary of the policy notify messages.

func (*PolicyVerdictNotify) GetAuthType

func (n *PolicyVerdictNotify) GetAuthType() policy.AuthType

GetAuthType returns string for the authentication method applied (for success verdict) or required (for drops).

func (*PolicyVerdictNotify) GetPolicyMatchType

func (n *PolicyVerdictNotify) GetPolicyMatchType() api.PolicyMatchType

GetPolicyMatchType returns how the traffic matched the policy

func (*PolicyVerdictNotify) IsTrafficAudited

func (n *PolicyVerdictNotify) IsTrafficAudited() bool

IsTrafficAudited returns true if this notify is for traffic that was allowed due to the audit mode

func (*PolicyVerdictNotify) IsTrafficIPv6

func (n *PolicyVerdictNotify) IsTrafficIPv6() bool

IsTrafficIPv6 returns true if this notify is for IPv6 traffic

func (*PolicyVerdictNotify) IsTrafficIngress

func (n *PolicyVerdictNotify) IsTrafficIngress() bool

IsTrafficIngress returns true if this notify is for an ingress traffic

type RecorderCapture

type RecorderCapture struct {
	Type     uint8
	SubType  uint8
	RuleID   uint16
	Reserved uint32
	TimeBoot uint64
	CapLen   uint32
	Len      uint32
}

RecorderCapture is the message format of a pcap capture in the bpf ring buffer

func (*RecorderCapture) DumpInfo

func (n *RecorderCapture) DumpInfo(data []byte)

DumpInfo prints a summary of the recorder notify messages.

type TraceNotify

type TraceNotify TraceNotifyV1

TraceNotify is the message format of a trace notification in the BPF ring buffer

func (*TraceNotify) DataOffset

func (n *TraceNotify) DataOffset() uint

DataOffset returns the offset from the beginning of TraceNotify where the trace notify data begins.

Returns zero for invalid or unknown TraceNotify messages.

func (*TraceNotify) DumpInfo

func (n *TraceNotify) DumpInfo(data []byte, numeric DisplayFormat, linkMonitor getters.LinkGetter)

DumpInfo prints a summary of the trace messages.

func (*TraceNotify) DumpJSON

func (n *TraceNotify) DumpJSON(data []byte, cpuPrefix string, linkMonitor getters.LinkGetter)

DumpJSON prints notification in json format

func (*TraceNotify) DumpVerbose

func (n *TraceNotify) DumpVerbose(dissect bool, data []byte, prefix string, numeric DisplayFormat, linkMonitor getters.LinkGetter)

DumpVerbose prints the trace notification in human readable form

func (*TraceNotify) OriginalIP

func (n *TraceNotify) OriginalIP() net.IP

OriginalIP returns the original source IP if reverse NAT was performed on the flow

type TraceNotifyV0

type TraceNotifyV0 struct {
	Type     uint8
	ObsPoint uint8
	Source   uint16
	Hash     uint32
	OrigLen  uint32
	CapLen   uint16
	Version  uint16
	SrcLabel identity.NumericIdentity
	DstLabel identity.NumericIdentity
	DstID    uint16
	Reason   uint8
	Flags    uint8
	Ifindex  uint32
}

TraceNotifyV0 is the common message format for versions 0 and 1.

type TraceNotifyV1

type TraceNotifyV1 struct {
	TraceNotifyV0
	OrigIP types.IPv6
}

TraceNotifyV1 is the version 1 message format.

type TraceNotifyVerbose

type TraceNotifyVerbose struct {
	CPUPrefix        string `json:"cpu,omitempty"`
	Type             string `json:"type,omitempty"`
	Mark             string `json:"mark,omitempty"`
	Ifindex          string `json:"ifindex,omitempty"`
	State            string `json:"state,omitempty"`
	ObservationPoint string `json:"observationPoint"`
	TraceSummary     string `json:"traceSummary"`

	Source   uint16                   `json:"source"`
	Bytes    uint32                   `json:"bytes"`
	SrcLabel identity.NumericIdentity `json:"srcLabel"`
	DstLabel identity.NumericIdentity `json:"dstLabel"`
	DstID    uint16                   `json:"dstID"`

	Summary *DissectSummary `json:"summary,omitempty"`
}

TraceNotifyVerbose represents a json notification printed by monitor

func TraceNotifyToVerbose

func TraceNotifyToVerbose(n *TraceNotify, linkMonitor getters.LinkGetter) TraceNotifyVerbose

TraceNotifyToVerbose creates verbose notification from base TraceNotify

type TraceSockNotify

type TraceSockNotify struct {
	Type       uint8
	XlatePoint uint8
	DstIP      types.IPv6
	DstPort    uint16
	SockCookie uint64
	CgroupId   uint64
	L4Proto    uint8
	Flags      uint8
}

TraceSockNotify is message format for socket trace notifications sent from datapath. Keep this in sync to the datapath structure (trace_sock_notify) defined in bpf/lib/trace_sock.h

func (*TraceSockNotify) DumpDebug

func (t *TraceSockNotify) DumpDebug(prefix string)

func (*TraceSockNotify) IP

func (t *TraceSockNotify) IP() net.IP

IP returns the IPv4 or IPv6 address field.

func (*TraceSockNotify) L4ProtoStr

func (t *TraceSockNotify) L4ProtoStr() string

func (*TraceSockNotify) XlatePointStr

func (t *TraceSockNotify) XlatePointStr() string

Directories

Path Synopsis
Package alignchecker is a thin wrapper around pkg/alignchecker to validate monitor object alignment.
Package alignchecker is a thin wrapper around pkg/alignchecker to validate monitor object alignment.
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL