socket

package

v0.5.0 Latest Latest Go to latest Published: Sep 29, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ctrox/zeropod

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
func LoadEBPFTracker() (func() error, error)
type EBPFTracker
type NoActivityRecordedErr
- func (err NoActivityRecordedErr) Error() string
type NoopTracker
- func NewNoopTracker(scaleDownDuration time.Duration) NoopTracker
type PIDResolver
type Tracker
- func NewEBPFTracker() (Tracker, error)

Constants ¶

View Source

const TCPEventsMap = "tcp_events"

Variables ¶

This section is empty.

Functions ¶

func LoadEBPFTracker ¶ added in v0.2.0

func LoadEBPFTracker() (func() error, error)

LoadEBPFTracker loads the eBPF program and attaches the kretprobe to track connections system-wide.

Types ¶

type EBPFTracker ¶

type EBPFTracker struct {
	PIDResolver
	// contains filtered or unexported fields
}

func (*EBPFTracker) Close ¶

func (c *EBPFTracker) Close() error

func (*EBPFTracker) LastActivity ¶

func (c *EBPFTracker) LastActivity(pid uint32) (time.Time, error)

LastActivity returns a time.Time of the last tcp activity recorded of the process belonging to the pid (or a child-process of the pid).

func (*EBPFTracker) RemovePid ¶

func (c *EBPFTracker) RemovePid(pid uint32) error

RemovePid removes the pid from the TcpEvents map.

func (*EBPFTracker) TrackPid ¶

func (c *EBPFTracker) TrackPid(pid uint32) error

TrackPid puts the pid into the TcpEvents map meaning tcp events of the process belonging to that pid will be tracked.

type NoActivityRecordedErr ¶

type NoActivityRecordedErr struct{}

func (NoActivityRecordedErr) Error ¶

func (err NoActivityRecordedErr) Error() string

type NoopTracker ¶

type NoopTracker struct {
	PIDResolver
	// contains filtered or unexported fields
}

func NewNoopTracker ¶

func NewNoopTracker(scaleDownDuration time.Duration) NoopTracker

func (NoopTracker) Close ¶

func (n NoopTracker) Close() error

func (NoopTracker) LastActivity ¶

func (n NoopTracker) LastActivity(pid uint32) (time.Time, error)

func (NoopTracker) RemovePid ¶

func (n NoopTracker) RemovePid(pid uint32) error

func (NoopTracker) TrackPid ¶

func (n NoopTracker) TrackPid(pid uint32) error

type PIDResolver ¶

type PIDResolver interface {
	Resolve(pid uint32) uint32
}

PIDResolver allows to customize how the PIDs of the connection tracker are resolved. This can be useful if the shim is already running in a container (e.g. when using Kind), so it can resolve the PID of the container to the ones of the host that ebpf sees.

type Tracker ¶

type Tracker interface {
	PIDResolver

	// TrackPid starts connection tracking of the specified process.
	TrackPid(pid uint32) error
	// TrackPid stops connection tracking of the specified process.
	RemovePid(pid uint32) error
	// LastActivity returns the time of the last TCP activity of the specified process.
	LastActivity(pid uint32) (time.Time, error)
	// Close the activity tracker.
	Close() error
}

func NewEBPFTracker ¶

func NewEBPFTracker() (Tracker, error)

NewEBPFTracker returns a TCP connection tracker that will keep track of the last TCP accept of specific processes. It writes the results to an ebpf map keyed with the PID and the value contains the timestamp of the last observed accept.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL