Documentation ¶
Index ¶
- Constants
- func DecodeDebugCapture(data []byte, dbg *DebugCapture) error
- func DecodeDebugMsg(data []byte, dbg *DebugMsg) error
- func DecodeDropNotify(data []byte, dn *DropNotify) error
- func DecodePolicyVerdictNotify(data []byte, pvn *PolicyVerdictNotify) error
- func DecodeTraceNotify(data []byte, tn *TraceNotify) error
- func DecodeTraceSockNotify(data []byte, sock *TraceSockNotify) error
- func Dissect(dissect bool, data []byte)
- func GetAllTypes() []string
- func GetConnectionSummary(data []byte) string
- func GetPolicyActionString(verdict int32, audit bool) string
- func TraceReasonIsKnown(reason uint8) bool
- type ConnectionInfo
- type DebugCapture
- type DebugCaptureVerbose
- type DebugMsg
- type DisplayFormat
- type DissectSummary
- type DropNotify
- type DropNotifyVerbose
- type Flow
- type LogRecordNotify
- type LogRecordNotifyVerbose
- type PolicyVerdictNotify
- func (n *PolicyVerdictNotify) DumpInfo(data []byte, numeric DisplayFormat)
- func (n *PolicyVerdictNotify) GetAuthType() policy.AuthType
- func (n *PolicyVerdictNotify) GetPolicyMatchType() api.PolicyMatchType
- func (n *PolicyVerdictNotify) IsTrafficAudited() bool
- func (n *PolicyVerdictNotify) IsTrafficIPv6() bool
- func (n *PolicyVerdictNotify) IsTrafficIngress() bool
- type RecorderCapture
- type TraceNotify
- func (n *TraceNotify) DataOffset() uint
- func (n *TraceNotify) DumpInfo(data []byte, numeric DisplayFormat, linkMonitor getters.LinkGetter)
- func (n *TraceNotify) DumpJSON(data []byte, cpuPrefix string, linkMonitor getters.LinkGetter)
- func (n *TraceNotify) DumpVerbose(dissect bool, data []byte, prefix string, numeric DisplayFormat, ...)
- func (n *TraceNotify) OriginalIP() net.IP
- type TraceNotifyV0
- type TraceNotifyV1
- type TraceNotifyVerbose
- type TraceSockNotify
Constants ¶
const ( DbgCaptureUnspec = iota DbgCaptureReserved1 DbgCaptureReserved2 DbgCaptureReserved3 DbgCaptureDelivery DbgCaptureFromLb DbgCaptureAfterV46 DbgCaptureAfterV64 DbgCaptureProxyPre DbgCaptureProxyPost DbgCaptureSnatPre DbgCaptureSnatPost )
must be in sync with <bpf/lib/dbg.h>
const ( DbgUnspec = iota DbgGeneric DbgLocalDelivery DbgEncap DbgLxcFound DbgPolicyDenied DbgCtLookup DbgCtLookupRev DbgCtMatch DbgCtCreated DbgCtCreated2 DbgIcmp6Handle DbgIcmp6Request DbgIcmp6Ns DbgIcmp6TimeExceeded DbgCtVerdict DbgDecap DbgPortMap DbgErrorRet DbgToHost DbgToStack DbgPktHash DbgLb6LookupFrontend DbgLb6LookupFrontendFail DbgLb6LookupBackendSlot DbgLb6LookupBackendSlotSuccess DbgLb6LookupBackendSlotV2Fail DbgLb6LookupBackendFail DbgLb6ReverseNatLookup DbgLb6ReverseNat DbgLb4LookupFrontend DbgLb4LookupFrontendFail DbgLb4LookupBackendSlot DbgLb4LookupBackendSlotSuccess DbgLb4LookupBackendSlotV2Fail DbgLb4LookupBackendFail DbgLb4ReverseNatLookup DbgLb4ReverseNat DbgLb4LoopbackSnat DbgLb4LoopbackSnatRev DbgCtLookup4 DbgRRBackendSlotSel DbgRevProxyLookup DbgRevProxyFound DbgRevProxyUpdate DbgL4Policy DbgNetdevInCluster DbgNetdevEncap4 DbgCTLookup41 DbgCTLookup42 DbgCTCreated4 DbgCTLookup61 DbgCTLookup62 DbgCTCreated6 DbgSkipProxy DbgL4Create DbgIPIDMapFailed4 DbgIPIDMapFailed6 DbgIPIDMapSucceed4 DbgIPIDMapSucceed6 DbgLbStaleCT DbgInheritIdentity DbgSkLookup4 DbgSkLookup6 DbgSkAssign DbgL7LB )
must be in sync with <bpf/lib/dbg.h>
const ( CtNew uint32 = iota CtEstablished CtReply CtRelated )
must be in sync with <bpf/lib/conntrack.h>
const ( // PolicyVerdictNotifyLen is the amount of packet data provided in a Policy notification PolicyVerdictNotifyLen = 32 // PolicyVerdictNotifyFlagDirection is the bit mask in Flags that // corresponds to the direction of a traffic PolicyVerdictNotifyFlagDirection = 0x3 // PolicyVerdictNotifyFlagIsIPv6 is the bit mask in Flags that // corresponds to whether the traffic is IPv6 or not PolicyVerdictNotifyFlagIsIPv6 = 0x4 // PolicyVerdictNotifyFlagMatchType is the bit mask in Flags that // corresponds to the policy match type PolicyVerdictNotifyFlagMatchType = 0x38 // PolicyVerdictNotifyFlagIsAudited is the bit mask in Flags that // corresponds to whether the traffic was allowed due to the audit mode PolicyVerdictNotifyFlagIsAudited = 0x40 // PolicyVerdictNotifyFlagMatchTypeBitOffset is the bit offset in Flags that // corresponds to the policy match type PolicyVerdictNotifyFlagMatchTypeBitOffset = 3 )
const ( XlatePointUnknown = iota XlatePointPreDirectionFwd XlatePointPostDirectionFwd XlatePointPreDirectionRev XlatePointPostDirectionRev )
Service translation event point in socket trace event messages
const ( L4ProtocolUnknown = iota L4ProtocolTCP L4ProtocolUDP )
L4 protocol for socket trace event messages
const ( TraceNotifyVersion0 = iota TraceNotifyVersion1 )
const ( TraceReasonPolicy = iota TraceReasonCtEstablished TraceReasonCtReply TraceReasonCtRelated TraceReasonCtReopened TraceReasonUnknown )
Reasons for forwarding a packet.
const (
// DebugCaptureLen is the amount of packet data in a packet capture message
DebugCaptureLen = 24
)
const (
// DebugMsgLen is the amount of packet data in a packet capture message
DebugMsgLen = 20
)
const (
// DropNotifyLen is the amount of packet data provided in a drop notification
DropNotifyLen = 36
)
const (
// RecorderCaptureLen is the amount of data in the RecorderCapture message
RecorderCaptureLen = 24
)
const ( // TraceNotifyFlagIsIPv6 is set in TraceNotify.Flags when the // notification refers to an IPv6 flow TraceNotifyFlagIsIPv6 uint8 = 1 )
const ( // TraceReasonEncryptMask is the bit used to indicate encryption or not TraceReasonEncryptMask uint8 = 0x80 )
const TraceSockNotifyFlagIPv6 uint8 = 0x1
const (
TraceSockNotifyLen = 38
)
Variables ¶
This section is empty.
Functions ¶
func DecodeDebugCapture ¶
func DecodeDebugCapture(data []byte, dbg *DebugCapture) error
DecodeDebugCapture will decode 'data' into the provided DebugCapture structure
func DecodeDebugMsg ¶
DecodeDebugMsg will decode 'data' into the provided DebugMsg structure
func DecodeDropNotify ¶
func DecodeDropNotify(data []byte, dn *DropNotify) error
DecodeDropNotify will decode 'data' into the provided DropNotify structure
func DecodePolicyVerdictNotify ¶
func DecodePolicyVerdictNotify(data []byte, pvn *PolicyVerdictNotify) error
DecodePolicyVerdictNotify will decode 'data' into the provided PolicyVerdictNotify structure
func DecodeTraceNotify ¶
func DecodeTraceNotify(data []byte, tn *TraceNotify) error
DecodeTraceNotify will decode 'data' into the provided TraceNotify structure
func DecodeTraceSockNotify ¶
func DecodeTraceSockNotify(data []byte, sock *TraceSockNotify) error
DecodeTraceSockNotify will decode 'data' into the provided TraceSocNotify structure
func Dissect ¶
Dissect parses and prints the provided data if dissect is set to true, otherwise the data is printed as HEX output
func GetAllTypes ¶
func GetAllTypes() []string
GetAllTypes returns a slice of all known message types, sorted
func GetConnectionSummary ¶
GetConnectionSummary decodes the data into layers and returns a connection summary in the format:
- sIP:sPort -> dIP:dPort, e.g. 1.1.1.1:2000 -> 2.2.2.2:80 - sIP -> dIP icmpCode, 1.1.1.1 -> 2.2.2.2 echo-request
func GetPolicyActionString ¶
GetPolicyActionString returns the action string corresponding to the action
func TraceReasonIsKnown ¶
Types ¶
type ConnectionInfo ¶
type ConnectionInfo struct { SrcIP net.IP DstIP net.IP SrcPort uint16 DstPort uint16 Proto string IcmpCode string }
ConnectionInfo contains tuple information and icmp code for a connection
func GetConnectionInfo ¶
func GetConnectionInfo(data []byte) *ConnectionInfo
GetConnectionInfo returns the ConnectionInfo structure from data
type DebugCapture ¶
type DebugCapture struct { Type uint8 SubType uint8 // Source, if populated, is the ID of the source endpoint. Source uint16 Hash uint32 Len uint32 OrigLen uint32 Arg1 uint32 Arg2 uint32 }
DebugCapture is the metadata sent along with a captured packet frame
func (*DebugCapture) DumpInfo ¶
func (n *DebugCapture) DumpInfo(data []byte, linkMonitor getters.LinkGetter)
DumpInfo prints a summary of the capture messages.
func (*DebugCapture) DumpJSON ¶
func (n *DebugCapture) DumpJSON(data []byte, cpuPrefix string, linkMonitor getters.LinkGetter)
DumpJSON prints notification in json format
func (*DebugCapture) DumpVerbose ¶
func (n *DebugCapture) DumpVerbose(dissect bool, data []byte, prefix string)
DumpVerbose prints the captured packet in human readable format
type DebugCaptureVerbose ¶
type DebugCaptureVerbose struct { CPUPrefix string `json:"cpu,omitempty"` Type string `json:"type,omitempty"` Mark string `json:"mark,omitempty"` Message string `json:"message,omitempty"` Prefix string `json:"prefix,omitempty"` Source uint16 `json:"source"` Bytes uint32 `json:"bytes"` Summary string `json:"summary,omitempty"` }
DebugCaptureVerbose represents a json notification printed by monitor
func DebugCaptureToVerbose ¶
func DebugCaptureToVerbose(n *DebugCapture, linkMonitor getters.LinkGetter) DebugCaptureVerbose
DebugCaptureToVerbose creates verbose notification from base TraceNotify
type DebugMsg ¶
type DebugMsg struct { Type uint8 SubType uint8 Source uint16 Hash uint32 Arg1 uint32 Arg2 uint32 Arg3 uint32 }
DebugMsg is the message format of the debug message found in the BPF ring buffer
func (*DebugMsg) Dump ¶
func (n *DebugMsg) Dump(prefix string, linkMonitor getters.LinkGetter)
Dump prints the debug message in a human readable format.
func (*DebugMsg) DumpInfo ¶
DumpInfo prints a summary of a subset of the debug messages which are related to sending, not processing, of packets.
type DisplayFormat ¶
type DisplayFormat bool
const ( DisplayLabel DisplayFormat = false DisplayNumeric DisplayFormat = true )
type DissectSummary ¶
type DissectSummary struct { Ethernet string `json:"ethernet,omitempty"` IPv4 string `json:"ipv4,omitempty"` IPv6 string `json:"ipv6,omitempty"` TCP string `json:"tcp,omitempty"` UDP string `json:"udp,omitempty"` SCTP string `json:"sctp,omitempty"` ICMPv4 string `json:"icmpv4,omitempty"` ICMPv6 string `json:"icmpv6,omitempty"` L2 *Flow `json:"l2,omitempty"` L3 *Flow `json:"l3,omitempty"` L4 *Flow `json:"l4,omitempty"` }
DissectSummary bundles decoded layers into json-marshallable message
func GetDissectSummary ¶
func GetDissectSummary(data []byte) *DissectSummary
GetDissectSummary returns DissectSummary created from data
type DropNotify ¶
type DropNotify struct { Type uint8 SubType uint8 Source uint16 Hash uint32 OrigLen uint32 CapLen uint32 SrcLabel identity.NumericIdentity DstLabel identity.NumericIdentity DstID uint32 Line uint16 File uint8 ExtError int8 Ifindex uint32 }
DropNotify is the message format of a drop notification in the BPF ring buffer
func (*DropNotify) DumpInfo ¶
func (n *DropNotify) DumpInfo(data []byte, numeric DisplayFormat)
DumpInfo prints a summary of the drop messages.
func (*DropNotify) DumpJSON ¶
func (n *DropNotify) DumpJSON(data []byte, cpuPrefix string)
DumpJSON prints notification in json format
func (*DropNotify) DumpVerbose ¶
func (n *DropNotify) DumpVerbose(dissect bool, data []byte, prefix string, numeric DisplayFormat)
DumpVerbose prints the drop notification in human readable form
type DropNotifyVerbose ¶
type DropNotifyVerbose struct { CPUPrefix string `json:"cpu,omitempty"` Type string `json:"type,omitempty"` Mark string `json:"mark,omitempty"` Reason string `json:"reason,omitempty"` Source uint16 `json:"source"` Bytes uint32 `json:"bytes"` SrcLabel identity.NumericIdentity `json:"srcLabel"` DstLabel identity.NumericIdentity `json:"dstLabel"` DstID uint32 `json:"dstID"` Line uint16 `json:"Line"` File uint8 `json:"File"` ExtError int8 `json:"ExtError"` Ifindex uint32 `json:"Ifindex"` Summary *DissectSummary `json:"summary,omitempty"` }
DropNotifyVerbose represents a json notification printed by monitor
func DropNotifyToVerbose ¶
func DropNotifyToVerbose(n *DropNotify) DropNotifyVerbose
DropNotifyToVerbose creates verbose notification from DropNotify
type LogRecordNotify ¶
LogRecordNotify is a proxy access log notification
func (*LogRecordNotify) DumpInfo ¶
func (l *LogRecordNotify) DumpInfo()
DumpInfo dumps an access log notification
func (*LogRecordNotify) DumpJSON ¶
func (l *LogRecordNotify) DumpJSON()
DumpJSON prints notification in json format
type LogRecordNotifyVerbose ¶
type LogRecordNotifyVerbose struct { Type string `json:"type"` ObservationPoint accesslog.ObservationPoint `json:"observationPoint"` FlowType accesslog.FlowType `json:"flowType"` L7Proto string `json:"l7Proto"` SrcEpID uint64 `json:"srcEpID"` SrcEpLabels []string `json:"srcEpLabels"` SrcIdentity uint64 `json:"srcIdentity"` DstEpID uint64 `json:"dstEpID"` DstEpLabels []string `json:"dstEpLabels"` DstIdentity uint64 `json:"dstIdentity"` Verdict accesslog.FlowVerdict `json:"verdict"` HTTP *accesslog.LogRecordHTTP `json:"http,omitempty"` Kafka *accesslog.LogRecordKafka `json:"kafka,omitempty"` DNS *accesslog.LogRecordDNS `json:"dns,omitempty"` L7 *accesslog.LogRecordL7 `json:"l7,omitempty"` }
LogRecordNotifyVerbose represents a json notification printed by monitor
func LogRecordNotifyToVerbose ¶
func LogRecordNotifyToVerbose(n *LogRecordNotify) LogRecordNotifyVerbose
LogRecordNotifyToVerbose turns LogRecordNotify into json-friendly Verbose structure
type PolicyVerdictNotify ¶
type PolicyVerdictNotify struct { Type uint8 SubType uint8 Source uint16 Hash uint32 OrigLen uint32 CapLen uint16 Version uint16 RemoteLabel identity.NumericIdentity Verdict int32 DstPort uint16 Proto uint8 Flags uint8 AuthType uint8 Pad1 uint8 Pad2 uint16 }
PolicyVerdictNotify is the message format of a policy verdict notification in the bpf ring buffer
func (*PolicyVerdictNotify) DumpInfo ¶
func (n *PolicyVerdictNotify) DumpInfo(data []byte, numeric DisplayFormat)
DumpInfo prints a summary of the policy notify messages.
func (*PolicyVerdictNotify) GetAuthType ¶
func (n *PolicyVerdictNotify) GetAuthType() policy.AuthType
GetAuthType returns string for the authentication method applied (for success verdict) or required (for drops).
func (*PolicyVerdictNotify) GetPolicyMatchType ¶
func (n *PolicyVerdictNotify) GetPolicyMatchType() api.PolicyMatchType
GetPolicyMatchType returns how the traffic matched the policy
func (*PolicyVerdictNotify) IsTrafficAudited ¶
func (n *PolicyVerdictNotify) IsTrafficAudited() bool
IsTrafficAudited returns true if this notify is for traffic that was allowed due to the audit mode
func (*PolicyVerdictNotify) IsTrafficIPv6 ¶
func (n *PolicyVerdictNotify) IsTrafficIPv6() bool
IsTrafficIPv6 returns true if this notify is for IPv6 traffic
func (*PolicyVerdictNotify) IsTrafficIngress ¶
func (n *PolicyVerdictNotify) IsTrafficIngress() bool
IsTrafficIngress returns true if this notify is for an ingress traffic
type RecorderCapture ¶
type RecorderCapture struct { Type uint8 SubType uint8 RuleID uint16 Reserved uint32 TimeBoot uint64 CapLen uint32 Len uint32 }
RecorderCapture is the message format of a pcap capture in the bpf ring buffer
func (*RecorderCapture) DumpInfo ¶
func (n *RecorderCapture) DumpInfo(data []byte)
DumpInfo prints a summary of the recorder notify messages.
type TraceNotify ¶
type TraceNotify TraceNotifyV1
TraceNotify is the message format of a trace notification in the BPF ring buffer
func (*TraceNotify) DataOffset ¶
func (n *TraceNotify) DataOffset() uint
DataOffset returns the offset from the beginning of TraceNotify where the trace notify data begins.
Returns zero for invalid or unknown TraceNotify messages.
func (*TraceNotify) DumpInfo ¶
func (n *TraceNotify) DumpInfo(data []byte, numeric DisplayFormat, linkMonitor getters.LinkGetter)
DumpInfo prints a summary of the trace messages.
func (*TraceNotify) DumpJSON ¶
func (n *TraceNotify) DumpJSON(data []byte, cpuPrefix string, linkMonitor getters.LinkGetter)
DumpJSON prints notification in json format
func (*TraceNotify) DumpVerbose ¶
func (n *TraceNotify) DumpVerbose(dissect bool, data []byte, prefix string, numeric DisplayFormat, linkMonitor getters.LinkGetter)
DumpVerbose prints the trace notification in human readable form
func (*TraceNotify) OriginalIP ¶
func (n *TraceNotify) OriginalIP() net.IP
OriginalIP returns the original source IP if reverse NAT was performed on the flow
type TraceNotifyV0 ¶
type TraceNotifyV0 struct { Type uint8 ObsPoint uint8 Source uint16 Hash uint32 OrigLen uint32 CapLen uint16 Version uint16 SrcLabel identity.NumericIdentity DstLabel identity.NumericIdentity DstID uint16 Reason uint8 Flags uint8 Ifindex uint32 }
TraceNotifyV0 is the common message format for versions 0 and 1. This struct needs to be kept in sync with the decodeTraceNotifyVersion0 func.
type TraceNotifyV1 ¶
type TraceNotifyV1 struct { TraceNotifyV0 OrigIP types.IPv6 }
TraceNotifyV1 is the version 1 message format. This struct needs to be kept in sync with the decodeTraceNotifyVersion1 func.
type TraceNotifyVerbose ¶
type TraceNotifyVerbose struct { CPUPrefix string `json:"cpu,omitempty"` Type string `json:"type,omitempty"` Mark string `json:"mark,omitempty"` Ifindex string `json:"ifindex,omitempty"` State string `json:"state,omitempty"` ObservationPoint string `json:"observationPoint"` TraceSummary string `json:"traceSummary"` Source uint16 `json:"source"` Bytes uint32 `json:"bytes"` SrcLabel identity.NumericIdentity `json:"srcLabel"` DstLabel identity.NumericIdentity `json:"dstLabel"` DstID uint16 `json:"dstID"` Summary *DissectSummary `json:"summary,omitempty"` }
TraceNotifyVerbose represents a json notification printed by monitor
func TraceNotifyToVerbose ¶
func TraceNotifyToVerbose(n *TraceNotify, linkMonitor getters.LinkGetter) TraceNotifyVerbose
TraceNotifyToVerbose creates verbose notification from base TraceNotify
type TraceSockNotify ¶
type TraceSockNotify struct { Type uint8 XlatePoint uint8 DstIP types.IPv6 DstPort uint16 SockCookie uint64 CgroupId uint64 L4Proto uint8 Flags uint8 }
TraceSockNotify is message format for socket trace notifications sent from datapath. Keep this in sync to the datapath structure (trace_sock_notify) defined in bpf/lib/trace_sock.h
func (*TraceSockNotify) DumpDebug ¶
func (t *TraceSockNotify) DumpDebug(prefix string)
func (*TraceSockNotify) IP ¶
func (t *TraceSockNotify) IP() net.IP
IP returns the IPv4 or IPv6 address field.
func (*TraceSockNotify) L4ProtoStr ¶
func (t *TraceSockNotify) L4ProtoStr() string
func (*TraceSockNotify) XlatePointStr ¶
func (t *TraceSockNotify) XlatePointStr() string
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package alignchecker is a thin wrapper around pkg/alignchecker to validate monitor object alignment.
|
Package alignchecker is a thin wrapper around pkg/alignchecker to validate monitor object alignment. |
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.
|
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel. |