monitor

package
v1.7.14 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 25, 2021 License: Apache-2.0 Imports: 23 Imported by: 15

Documentation

Index

Constants

View Source
const (
	DbgCaptureUnspec = iota
	DbgCaptureReserved1
	DbgCaptureReserved2
	DbgCaptureReserved3
	DbgCaptureDelivery
	DbgCaptureFromLb
	DbgCaptureAfterV46
	DbgCaptureAfterV64
	DbgCaptureProxyPre
	DbgCaptureProxyPost
	DbgCaptureSnatPre
	DbgCaptureSnatPost
)

must be in sync with <bpf/lib/dbg.h>

View Source
const (
	DbgUnspec = iota
	DbgGeneric
	DbgLocalDelivery
	DbgEncap
	DbgLxcFound
	DbgPolicyDenied
	DbgCtLookup
	DbgCtLookupRev
	DbgCtMatch
	DbgCtCreated
	DbgCtCreated2
	DbgIcmp6Handle
	DbgIcmp6Request
	DbgIcmp6Ns
	DbgIcmp6TimeExceeded
	DbgCtVerdict
	DbgDecap
	DbgPortMap
	DbgErrorRet
	DbgToHost
	DbgToStack
	DbgPktHash
	DbgLb6LookupMaster
	DbgLb6LookupMasterFail
	DbgLb6LookupSlave
	DbgLb6LookupSlaveSuccess
	DbgLb6LookupSlaveV2Fail
	DbgLb6LookupBackendFail
	DbgLb6ReverseNatLookup
	DbgLb6ReverseNat
	DbgLb4LookupMaster
	DbgLb4LookupMasterFail
	DbgLb4LookupSlave
	DbgLb4LookupSlaveSuccess
	DbgLb4LookupSlaveV2Fail
	DbgLb4LookupBackendFail
	DbgLb4ReverseNatLookup
	DbgLb4ReverseNat
	DbgLb4LoopbackSnat
	DbgLb4LoopbackSnatRev
	DbgCtLookup4
	DbgRRSlaveSel
	DbgRevProxyLookup
	DbgRevProxyFound
	DbgRevProxyUpdate
	DbgL4Policy
	DbgNetdevInCluster
	DbgNetdevEncap4
	DbgCTLookup41
	DbgCTLookup42
	DbgCTCreated4
	DbgCTLookup61
	DbgCTLookup62
	DbgCTCreated6
	DbgSkipProxy
	DbgL4Create
	DbgIPIDMapFailed4
	DbgIPIDMapFailed6
	DbgIPIDMapSucceed4
	DbgIPIDMapSucceed6
	DbgLbStaleCT
	DbgInheritIdentity
)

must be in sync with <bpf/lib/dbg.h>

View Source
const (
	CtNew uint32 = iota
	CtEstablished
	CtReply
	CtRelated
)

must be in sync with <bpf/lib/conntrack.h>

View Source
const (
	TraceNotifyVersion0 = iota
	TraceNotifyVersion1
)
View Source
const (
	TraceReasonPolicy = iota
	TraceReasonCtEstablished
	TraceReasonCtReply
	TraceReasonCtRelated
)

Reasons for forwarding a packet.

View Source
const (
	// DebugCaptureLen is the amount of packet data in a packet capture message
	DebugCaptureLen = 24
)
View Source
const (
	// DropNotifyLen is the amount of packet data provided in a drop notification
	DropNotifyLen = 32
)
View Source
const (
	// TraceNotifyFlagIsIPv6 is set in TraceNotify.Flags when the
	// notification refers to an IPv6 flow
	TraceNotifyFlagIsIPv6 uint8 = 1
)
View Source
const (

	// TraceReasonEncryptMask is the bit used to indicate encryption or not
	TraceReasonEncryptMask uint8 = 0x80
)

Variables

This section is empty.

Functions

func DecodeTraceNotify

func DecodeTraceNotify(data []byte, tn *TraceNotify) error

DecodeTraceNotify will decode 'data' into the provided TraceNotify structure

func Dissect

func Dissect(dissect bool, data []byte)

Dissect parses and prints the provided data if dissect is set to true, otherwise the data is printed as HEX output

func GetAllTypes

func GetAllTypes() []string

GetAllTypes returns a slice of all known message types, sorted

func GetConnectionSummary

func GetConnectionSummary(data []byte) string

GetConnectionSummary decodes the data into layers and returns a connection summary in the format:

- sIP:sPort -> dIP:dPort, e.g. 1.1.1.1:2000 -> 2.2.2.2:80 - sIP -> dIP icmpCode, 1.1.1.1 -> 2.2.2.2 echo-request

Types

type DebugCapture

type DebugCapture struct {
	Type    uint8
	SubType uint8
	// Source, if populated, is the ID of the source endpoint.
	Source  uint16
	Hash    uint32
	Len     uint32
	OrigLen uint32
	Arg1    uint32
	Arg2    uint32
}

DebugCapture is the metadata sent along with a captured packet frame

func (*DebugCapture) DumpInfo

func (n *DebugCapture) DumpInfo(data []byte)

DumpInfo prints a summary of the capture messages.

func (*DebugCapture) DumpJSON

func (n *DebugCapture) DumpJSON(data []byte, cpuPrefix string)

DumpJSON prints notification in json format

func (*DebugCapture) DumpVerbose

func (n *DebugCapture) DumpVerbose(dissect bool, data []byte, prefix string)

DumpVerbose prints the captured packet in human readable format

type DebugCaptureVerbose

type DebugCaptureVerbose struct {
	CPUPrefix string `json:"cpu,omitempty"`
	Type      string `json:"type,omitempty"`
	Mark      string `json:"mark,omitempty"`
	Message   string `json:"message,omitempty"`
	Prefix    string `json:"prefix,omitempty"`

	Source uint16 `json:"source"`
	Bytes  uint32 `json:"bytes"`

	Summary string `json:"summary,omitempty"`
}

DebugCaptureVerbose represents a json notification printed by monitor

func DebugCaptureToVerbose

func DebugCaptureToVerbose(n *DebugCapture) DebugCaptureVerbose

DebugCaptureToVerbose creates verbose notification from base TraceNotify

type DebugMsg

type DebugMsg struct {
	Type    uint8
	SubType uint8
	Source  uint16
	Hash    uint32
	Arg1    uint32
	Arg2    uint32
	Arg3    uint32
}

DebugMsg is the message format of the debug message found in the BPF ring buffer

func (*DebugMsg) Dump

func (n *DebugMsg) Dump(prefix string)

Dump prints the debug message in a human readable format.

func (*DebugMsg) DumpInfo

func (n *DebugMsg) DumpInfo(data []byte)

DumpInfo prints a summary of a subset of the debug messages which are related to sending, not processing, of packets.

func (*DebugMsg) DumpJSON

func (n *DebugMsg) DumpJSON(cpuPrefix string)

DumpJSON prints notification in json format

type DissectSummary

type DissectSummary struct {
	Ethernet string `json:"ethernet,omitempty"`
	IPv4     string `json:"ipv4,omitempty"`
	IPv6     string `json:"ipv6,omitempty"`
	TCP      string `json:"tcp,omitempty"`
	UDP      string `json:"udp,omitempty"`
	ICMPv4   string `json:"icmpv4,omitempty"`
	ICMPv6   string `json:"icmpv6,omitempty"`
	L2       *Flow  `json:"l2,omitempty"`
	L3       *Flow  `json:"l3,omitempty"`
	L4       *Flow  `json:"l4,omitempty"`
}

DissectSummary bundles decoded layers into json-marshallable message

func GetDissectSummary

func GetDissectSummary(data []byte) *DissectSummary

GetDissectSummary returns DissectSummary created from data

type DropNotify

type DropNotify struct {
	Type     uint8
	SubType  uint8
	Source   uint16
	Hash     uint32
	OrigLen  uint32
	CapLen   uint32
	SrcLabel uint32
	DstLabel uint32
	DstID    uint32
	Unused   uint32
}

DropNotify is the message format of a drop notification in the BPF ring buffer

func (*DropNotify) DumpInfo

func (n *DropNotify) DumpInfo(data []byte)

DumpInfo prints a summary of the drop messages.

func (*DropNotify) DumpJSON

func (n *DropNotify) DumpJSON(data []byte, cpuPrefix string)

DumpJSON prints notification in json format

func (*DropNotify) DumpVerbose

func (n *DropNotify) DumpVerbose(dissect bool, data []byte, prefix string)

DumpVerbose prints the drop notification in human readable form

type DropNotifyVerbose

type DropNotifyVerbose struct {
	CPUPrefix string `json:"cpu,omitempty"`
	Type      string `json:"type,omitempty"`
	Mark      string `json:"mark,omitempty"`
	Reason    string `json:"reason,omitempty"`

	Source   uint16 `json:"source"`
	Bytes    uint32 `json:"bytes"`
	SrcLabel uint32 `json:"srcLabel"`
	DstLabel uint32 `json:"dstLabel"`
	DstID    uint32 `json:"dstID"`

	Summary *DissectSummary `json:"summary,omitempty"`
}

DropNotifyVerbose represents a json notification printed by monitor

func DropNotifyToVerbose

func DropNotifyToVerbose(n *DropNotify) DropNotifyVerbose

DropNotifyToVerbose creates verbose notification from DropNotify

type Flow

type Flow struct {
	Src string `json:"src"`
	Dst string `json:"dst"`
}

Flow contains source and destination

type LogRecordNotify

type LogRecordNotify struct {
	accesslog.LogRecord
}

LogRecordNotify is a proxy access log notification

func (*LogRecordNotify) DumpInfo

func (l *LogRecordNotify) DumpInfo()

DumpInfo dumps an access log notification

func (*LogRecordNotify) DumpJSON

func (l *LogRecordNotify) DumpJSON()

DumpJSON prints notification in json format

type LogRecordNotifyVerbose

type LogRecordNotifyVerbose struct {
	Type             string                     `json:"type"`
	ObservationPoint accesslog.ObservationPoint `json:"observationPoint"`
	FlowType         accesslog.FlowType         `json:"flowType"`
	L7Proto          string                     `json:"l7Proto"`
	SrcEpID          uint64                     `json:"srcEpID"`
	SrcEpLabels      []string                   `json:"srcEpLabels"`
	SrcIdentity      uint64                     `json:"srcIdentity"`
	DstEpID          uint64                     `json:"dstEpID"`
	DstEpLabels      []string                   `json:"dstEpLabels"`
	DstIdentity      uint64                     `json:"dstIdentity"`
	Verdict          accesslog.FlowVerdict      `json:"verdict"`
	HTTP             *accesslog.LogRecordHTTP   `json:"http,omitempty"`
	Kafka            *accesslog.LogRecordKafka  `json:"kafka,omitempty"`
	DNS              *accesslog.LogRecordDNS    `json:"dns,omitempty"`
	L7               *accesslog.LogRecordL7     `json:"l7,omitempty"`
}

LogRecordNotifyVerbose represents a json notification printed by monitor

func LogRecordNotifyToVerbose

func LogRecordNotifyToVerbose(n *LogRecordNotify) LogRecordNotifyVerbose

LogRecordNotifyToVerbose turns LogRecordNotify into json-friendly Verbose structure

type TraceNotify

type TraceNotify TraceNotifyV1

TraceNotify is the message format of a trace notification in the BPF ring buffer

func (*TraceNotify) DataOffset

func (n *TraceNotify) DataOffset() uint

DataOffset returns the offset from the beginning of TraceNotify where the trace notify data begins.

Returns zero for invalid or unknown TraceNotify messages.

func (*TraceNotify) DumpInfo

func (n *TraceNotify) DumpInfo(data []byte)

DumpInfo prints a summary of the trace messages.

func (*TraceNotify) DumpJSON

func (n *TraceNotify) DumpJSON(data []byte, cpuPrefix string)

DumpJSON prints notification in json format

func (*TraceNotify) DumpVerbose

func (n *TraceNotify) DumpVerbose(dissect bool, data []byte, prefix string)

DumpVerbose prints the trace notification in human readable form

func (*TraceNotify) OriginalIP

func (n *TraceNotify) OriginalIP() net.IP

OriginalIP returns the original source IP if reverse NAT was performed on the flow

type TraceNotifyV0

type TraceNotifyV0 struct {
	Type     uint8
	ObsPoint uint8
	Source   uint16
	Hash     uint32
	OrigLen  uint32
	CapLen   uint16
	Version  uint16
	SrcLabel uint32
	DstLabel uint32
	DstID    uint16
	Reason   uint8
	Flags    uint8
	Ifindex  uint32
}

TraceNotifyV0 is the common message format for versions 0 and 1.

type TraceNotifyV1

type TraceNotifyV1 struct {
	TraceNotifyV0
	OrigIP types.IPv6
}

TraceNotifyV1 is the version 1 message format.

type TraceNotifyVerbose

type TraceNotifyVerbose struct {
	CPUPrefix        string `json:"cpu,omitempty"`
	Type             string `json:"type,omitempty"`
	Mark             string `json:"mark,omitempty"`
	Ifindex          string `json:"ifindex,omitempty"`
	State            string `json:"state,omitempty"`
	ObservationPoint string `json:"observationPoint"`
	TraceSummary     string `json:"traceSummary"`

	Source   uint16 `json:"source"`
	Bytes    uint32 `json:"bytes"`
	SrcLabel uint32 `json:"srcLabel"`
	DstLabel uint32 `json:"dstLabel"`
	DstID    uint16 `json:"dstID"`

	Summary *DissectSummary `json:"summary,omitempty"`
}

TraceNotifyVerbose represents a json notification printed by monitor

func TraceNotifyToVerbose

func TraceNotifyToVerbose(n *TraceNotify) TraceNotifyVerbose

TraceNotifyToVerbose creates verbose notification from base TraceNotify

Directories

Path Synopsis
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL