Documentation ¶
Index ¶
- Constants
- func DecodeTraceNotify(data []byte, tn *TraceNotify) error
- func Dissect(dissect bool, data []byte)
- func GetAllTypes() []string
- func GetConnectionSummary(data []byte) string
- func GetPolicyActionString(verdict int32, audit bool) string
- type ConnectionInfo
- type DebugCapture
- type DebugCaptureVerbose
- type DebugMsg
- type DissectSummary
- type DropNotify
- type DropNotifyVerbose
- type Flow
- type LogRecordNotify
- type LogRecordNotifyVerbose
- type PolicyVerdictNotify
- type TraceNotify
- type TraceNotifyV0
- type TraceNotifyV1
- type TraceNotifyVerbose
Constants ¶
const ( DbgCaptureUnspec = iota DbgCaptureReserved1 DbgCaptureReserved2 DbgCaptureReserved3 DbgCaptureDelivery DbgCaptureFromLb DbgCaptureAfterV46 DbgCaptureAfterV64 DbgCaptureProxyPre DbgCaptureProxyPost DbgCaptureSnatPre DbgCaptureSnatPost )
must be in sync with <bpf/lib/dbg.h>
const ( DbgUnspec = iota DbgGeneric DbgLocalDelivery DbgEncap DbgLxcFound DbgPolicyDenied DbgCtLookup DbgCtLookupRev DbgCtMatch DbgCtCreated DbgCtCreated2 DbgIcmp6Handle DbgIcmp6Request DbgIcmp6Ns DbgIcmp6TimeExceeded DbgCtVerdict DbgDecap DbgPortMap DbgErrorRet DbgToHost DbgToStack DbgPktHash DbgLb6LookupMaster DbgLb6LookupMasterFail DbgLb6LookupSlave DbgLb6LookupSlaveSuccess DbgLb6LookupSlaveV2Fail DbgLb6LookupBackendFail DbgLb6ReverseNatLookup DbgLb6ReverseNat DbgLb4LookupMaster DbgLb4LookupMasterFail DbgLb4LookupSlave DbgLb4LookupSlaveSuccess DbgLb4LookupSlaveV2Fail DbgLb4LookupBackendFail DbgLb4ReverseNatLookup DbgLb4ReverseNat DbgLb4LoopbackSnat DbgLb4LoopbackSnatRev DbgCtLookup4 DbgRRSlaveSel DbgRevProxyLookup DbgRevProxyFound DbgRevProxyUpdate DbgL4Policy DbgNetdevInCluster DbgNetdevEncap4 DbgCTLookup41 DbgCTLookup42 DbgCTCreated4 DbgCTLookup61 DbgCTLookup62 DbgCTCreated6 DbgSkipProxy DbgL4Create DbgIPIDMapFailed4 DbgIPIDMapFailed6 DbgIPIDMapSucceed4 DbgIPIDMapSucceed6 DbgLbStaleCT DbgInheritIdentity )
must be in sync with <bpf/lib/dbg.h>
const ( CtNew uint32 = iota CtEstablished CtReply CtRelated )
must be in sync with <bpf/lib/conntrack.h>
const ( // PolicyVerdictNotifyLen is the amount of packet data provided in a Policy notification PolicyVerdictNotifyLen = 32 // PolicyVerdictNotifyFlagDirection is the bit mask in Flags that // corresponds to the direction of a traffic PolicyVerdictNotifyFlagDirection = 0x3 // PolicyVerdictNotifyFlagIsIPv6 is the bit mask in Flags that // corresponds to whether the traffic is IPv6 or not PolicyVerdictNotifyFlagIsIPv6 = 0x4 // PolicyVerdictNotifyFlagMatchType is the bit mask in Flags that // corresponds to the policy match type PolicyVerdictNotifyFlagMatchType = 0x38 // PolicyVerdictNotifyFlagIsAudited is the bit mask in Flags that // corresponds to whether the traffic was allowed due to the audit mode PolicyVerdictNotifyFlagIsAudited = 0x40 // PolicyVerdictNotifyFlagMatchTypeBitOffset is the bit offset in Flags that // corresponds to the policy match type PolicyVerdictNotifyFlagMatchTypeBitOffset = 3 )
const ( TraceNotifyVersion0 = iota TraceNotifyVersion1 )
const ( TraceReasonPolicy = iota TraceReasonCtEstablished TraceReasonCtReply TraceReasonCtRelated )
Reasons for forwarding a packet.
const (
// DebugCaptureLen is the amount of packet data in a packet capture message
DebugCaptureLen = 24
)
const (
// DropNotifyLen is the amount of packet data provided in a drop notification
DropNotifyLen = 32
)
const ( // TraceNotifyFlagIsIPv6 is set in TraceNotify.Flags when the // notification refers to an IPv6 flow TraceNotifyFlagIsIPv6 uint8 = 1 )
const ( // TraceReasonEncryptMask is the bit used to indicate encryption or not TraceReasonEncryptMask uint8 = 0x80 )
Variables ¶
This section is empty.
Functions ¶
func DecodeTraceNotify ¶
func DecodeTraceNotify(data []byte, tn *TraceNotify) error
DecodeTraceNotify will decode 'data' into the provided TraceNotify structure
func Dissect ¶
Dissect parses and prints the provided data if dissect is set to true, otherwise the data is printed as HEX output
func GetAllTypes ¶
func GetAllTypes() []string
GetAllTypes returns a slice of all known message types, sorted
func GetConnectionSummary ¶
GetConnectionSummary decodes the data into layers and returns a connection summary in the format:
- sIP:sPort -> dIP:dPort, e.g. 1.1.1.1:2000 -> 2.2.2.2:80 - sIP -> dIP icmpCode, 1.1.1.1 -> 2.2.2.2 echo-request
func GetPolicyActionString ¶
GetPolicyActionString returns the action string corresponding to the action
Types ¶
type ConnectionInfo ¶
type ConnectionInfo struct { SrcIP net.IP DstIP net.IP SrcPort uint16 DstPort uint16 Proto string IcmpCode string }
ConnectionInfo contains tuple information and icmp code for a connection
func GetConnectionInfo ¶
func GetConnectionInfo(data []byte) *ConnectionInfo
GetConnectionInfo returns the ConnectionInfo structure from data
type DebugCapture ¶
type DebugCapture struct { Type uint8 SubType uint8 // Source, if populated, is the ID of the source endpoint. Source uint16 Hash uint32 Len uint32 OrigLen uint32 Arg1 uint32 Arg2 uint32 }
DebugCapture is the metadata sent along with a captured packet frame
func (*DebugCapture) DumpInfo ¶
func (n *DebugCapture) DumpInfo(data []byte)
DumpInfo prints a summary of the capture messages.
func (*DebugCapture) DumpJSON ¶
func (n *DebugCapture) DumpJSON(data []byte, cpuPrefix string)
DumpJSON prints notification in json format
func (*DebugCapture) DumpVerbose ¶
func (n *DebugCapture) DumpVerbose(dissect bool, data []byte, prefix string)
DumpVerbose prints the captured packet in human readable format
type DebugCaptureVerbose ¶
type DebugCaptureVerbose struct { CPUPrefix string `json:"cpu,omitempty"` Type string `json:"type,omitempty"` Mark string `json:"mark,omitempty"` Message string `json:"message,omitempty"` Prefix string `json:"prefix,omitempty"` Source uint16 `json:"source"` Bytes uint32 `json:"bytes"` Summary string `json:"summary,omitempty"` }
DebugCaptureVerbose represents a json notification printed by monitor
func DebugCaptureToVerbose ¶
func DebugCaptureToVerbose(n *DebugCapture) DebugCaptureVerbose
DebugCaptureToVerbose creates verbose notification from base TraceNotify
type DebugMsg ¶
type DebugMsg struct { Type uint8 SubType uint8 Source uint16 Hash uint32 Arg1 uint32 Arg2 uint32 Arg3 uint32 }
DebugMsg is the message format of the debug message found in the BPF ring buffer
type DissectSummary ¶
type DissectSummary struct { Ethernet string `json:"ethernet,omitempty"` IPv4 string `json:"ipv4,omitempty"` IPv6 string `json:"ipv6,omitempty"` TCP string `json:"tcp,omitempty"` UDP string `json:"udp,omitempty"` ICMPv4 string `json:"icmpv4,omitempty"` ICMPv6 string `json:"icmpv6,omitempty"` L2 *Flow `json:"l2,omitempty"` L3 *Flow `json:"l3,omitempty"` L4 *Flow `json:"l4,omitempty"` }
DissectSummary bundles decoded layers into json-marshallable message
func GetDissectSummary ¶
func GetDissectSummary(data []byte) *DissectSummary
GetDissectSummary returns DissectSummary created from data
type DropNotify ¶
type DropNotify struct { Type uint8 SubType uint8 Source uint16 Hash uint32 OrigLen uint32 CapLen uint32 SrcLabel uint32 DstLabel uint32 DstID uint32 Unused uint32 }
DropNotify is the message format of a drop notification in the BPF ring buffer
func (*DropNotify) DumpInfo ¶
func (n *DropNotify) DumpInfo(data []byte)
DumpInfo prints a summary of the drop messages.
func (*DropNotify) DumpJSON ¶
func (n *DropNotify) DumpJSON(data []byte, cpuPrefix string)
DumpJSON prints notification in json format
func (*DropNotify) DumpVerbose ¶
func (n *DropNotify) DumpVerbose(dissect bool, data []byte, prefix string)
DumpVerbose prints the drop notification in human readable form
type DropNotifyVerbose ¶
type DropNotifyVerbose struct { CPUPrefix string `json:"cpu,omitempty"` Type string `json:"type,omitempty"` Mark string `json:"mark,omitempty"` Reason string `json:"reason,omitempty"` Source uint16 `json:"source"` Bytes uint32 `json:"bytes"` SrcLabel uint32 `json:"srcLabel"` DstLabel uint32 `json:"dstLabel"` DstID uint32 `json:"dstID"` Summary *DissectSummary `json:"summary,omitempty"` }
DropNotifyVerbose represents a json notification printed by monitor
func DropNotifyToVerbose ¶
func DropNotifyToVerbose(n *DropNotify) DropNotifyVerbose
DropNotifyToVerbose creates verbose notification from DropNotify
type LogRecordNotify ¶
LogRecordNotify is a proxy access log notification
func (*LogRecordNotify) DumpInfo ¶
func (l *LogRecordNotify) DumpInfo()
DumpInfo dumps an access log notification
func (*LogRecordNotify) DumpJSON ¶
func (l *LogRecordNotify) DumpJSON()
DumpJSON prints notification in json format
type LogRecordNotifyVerbose ¶
type LogRecordNotifyVerbose struct { Type string `json:"type"` ObservationPoint accesslog.ObservationPoint `json:"observationPoint"` FlowType accesslog.FlowType `json:"flowType"` L7Proto string `json:"l7Proto"` SrcEpID uint64 `json:"srcEpID"` SrcEpLabels []string `json:"srcEpLabels"` SrcIdentity uint64 `json:"srcIdentity"` DstEpID uint64 `json:"dstEpID"` DstEpLabels []string `json:"dstEpLabels"` DstIdentity uint64 `json:"dstIdentity"` Verdict accesslog.FlowVerdict `json:"verdict"` HTTP *accesslog.LogRecordHTTP `json:"http,omitempty"` Kafka *accesslog.LogRecordKafka `json:"kafka,omitempty"` DNS *accesslog.LogRecordDNS `json:"dns,omitempty"` L7 *accesslog.LogRecordL7 `json:"l7,omitempty"` }
LogRecordNotifyVerbose represents a json notification printed by monitor
func LogRecordNotifyToVerbose ¶
func LogRecordNotifyToVerbose(n *LogRecordNotify) LogRecordNotifyVerbose
LogRecordNotifyToVerbose turns LogRecordNotify into json-friendly Verbose structure
type PolicyVerdictNotify ¶
type PolicyVerdictNotify struct { Type uint8 SubType uint8 Source uint16 Hash uint32 OrigLen uint32 CapLen uint16 Version uint16 RemoteLabel uint32 Verdict int32 DstPort uint16 Proto uint8 Flags uint8 Pad1 uint32 }
PolicyVerdictNotify is the message format of a policy verdict notification in the bpf ring buffer
func (*PolicyVerdictNotify) DumpInfo ¶
func (n *PolicyVerdictNotify) DumpInfo(data []byte)
DumpInfo prints a summary of the policy notify messages.
func (*PolicyVerdictNotify) GetPolicyMatchType ¶
func (n *PolicyVerdictNotify) GetPolicyMatchType() api.PolicyMatchType
GetPolicyMatchType returns how the traffic matched the policy
func (*PolicyVerdictNotify) IsTrafficAudited ¶
func (n *PolicyVerdictNotify) IsTrafficAudited() bool
IsTrafficAudited returns true if this notify is for traffic that was allowed due to the audit mode
func (*PolicyVerdictNotify) IsTrafficIPv6 ¶
func (n *PolicyVerdictNotify) IsTrafficIPv6() bool
IsTrafficIPv6 returns true if this notify is for IPv6 traffic
func (*PolicyVerdictNotify) IsTrafficIngress ¶
func (n *PolicyVerdictNotify) IsTrafficIngress() bool
IsTrafficIngress returns true if this notify is for an ingress traffic
type TraceNotify ¶
type TraceNotify TraceNotifyV1
TraceNotify is the message format of a trace notification in the BPF ring buffer
func (*TraceNotify) DataOffset ¶
func (n *TraceNotify) DataOffset() uint
DataOffset returns the offset from the beginning of TraceNotify where the trace notify data begins.
Returns zero for invalid or unknown TraceNotify messages.
func (*TraceNotify) DumpInfo ¶
func (n *TraceNotify) DumpInfo(data []byte)
DumpInfo prints a summary of the trace messages.
func (*TraceNotify) DumpJSON ¶
func (n *TraceNotify) DumpJSON(data []byte, cpuPrefix string)
DumpJSON prints notification in json format
func (*TraceNotify) DumpVerbose ¶
func (n *TraceNotify) DumpVerbose(dissect bool, data []byte, prefix string)
DumpVerbose prints the trace notification in human readable form
func (*TraceNotify) OriginalIP ¶
func (n *TraceNotify) OriginalIP() net.IP
OriginalIP returns the original source IP if reverse NAT was performed on the flow
type TraceNotifyV0 ¶
type TraceNotifyV0 struct { Type uint8 ObsPoint uint8 Source uint16 Hash uint32 OrigLen uint32 CapLen uint16 Version uint16 SrcLabel uint32 DstLabel uint32 DstID uint16 Reason uint8 Flags uint8 Ifindex uint32 }
TraceNotifyV0 is the common message format for versions 0 and 1.
type TraceNotifyV1 ¶
type TraceNotifyV1 struct { TraceNotifyV0 OrigIP types.IPv6 }
TraceNotifyV1 is the version 1 message format.
type TraceNotifyVerbose ¶
type TraceNotifyVerbose struct { CPUPrefix string `json:"cpu,omitempty"` Type string `json:"type,omitempty"` Mark string `json:"mark,omitempty"` Ifindex string `json:"ifindex,omitempty"` State string `json:"state,omitempty"` ObservationPoint string `json:"observationPoint"` TraceSummary string `json:"traceSummary"` Source uint16 `json:"source"` Bytes uint32 `json:"bytes"` SrcLabel uint32 `json:"srcLabel"` DstLabel uint32 `json:"dstLabel"` DstID uint16 `json:"dstID"` Summary *DissectSummary `json:"summary,omitempty"` }
TraceNotifyVerbose represents a json notification printed by monitor
func TraceNotifyToVerbose ¶
func TraceNotifyToVerbose(n *TraceNotify) TraceNotifyVerbose
TraceNotifyToVerbose creates verbose notification from base TraceNotify
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package alignchecker is a thin wrapper around pkg/alignchecker to validate monitor object alignment.
|
Package alignchecker is a thin wrapper around pkg/alignchecker to validate monitor object alignment. |
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.
|
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel. |