utils

package
v0.0.1-pre.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 15, 2024 License: MIT Imports: 23 Imported by: 0

Documentation

Overview

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Index

Constants

View Source
const (
	Verdict_RETRANSMISSION flow.Verdict = 15
	Verdict_DNS            flow.Verdict = 16
	TypeUrl                string       = "retina.sh"
)

Additional Verdicts to be used for flow objects

View Source
const (
	// Common Counters across os distributions (should these be asynch or synch)
	// make sure IsMetric is updated if you add a new metric here
	DropCountTotalName                   = "drop_count"
	DropBytesTotalName                   = "drop_bytes"
	ForwardCountTotalName                = "forward_count"
	ForwardBytesTotalName                = "forward_bytes"
	TcpStateGaugeName                    = "tcp_state"
	TcpConnectionRemoteGaugeName         = "tcp_connection_remote"
	TcpConnectionStatsName               = "tcp_connection_stats"
	TcpFlagCounters                      = "tcp_flag_counters"
	TcpRetransCount                      = "tcp_retransmission_count"
	IpConnectionStatsName                = "ip_connection_stats"
	UdpConnectionStatsName               = "udp_connection_stats"
	UdpActiveSocketsCounterName          = "udp_active_sockets"
	InterfaceStatsName                   = "interface_stats"
	DNSRequestCounterName                = "dns_request_count"
	DNSResponseCounterName               = "dns_response_count"
	NodeApiServerLatencyName             = "node_apiserver_latency"
	NodeApiServerTcpHandshakeLatencyName = "node_apiserver_handshake_latency"
	NoResponseFromApiServerName          = "node_apiserver_no_response"

	// Common Gauges across os distributions
	NodeConnectivityStatusName         = "node_connectivity_status"
	NodeConnectivityLatencySecondsName = "node_connectivity_latency_seconds"
)

Variables

View Source
var (

	// todo move to attributes pkg?
	Type           = "type"
	Reason         = "reason"
	Direction      = "direction"
	SourceNodeName = "source_node_name"
	TargetNodeName = "target_node_name"
	State          = "state"
	Address        = "address"
	Port           = "port"
	StatName       = "statistic_name"
	InterfaceName  = "interface_name"
	Flag           = "flag"
	Endpoint       = "endpoint"
	AclRule        = "aclrule"
	Active         = "ACTIVE"

	// TCP Connection Statistic Names
	ResetCount           = "ResetCount"
	ClosedFin            = "ClosedFin"
	ResetSyn             = "ResetSyn"
	TcpHalfOpenTimeouts  = "TcpHalfOpenTimeouts"
	Verified             = "Verified"
	TimedOutCount        = "TimedOutCount"
	TimeWaitExpiredCount = "TimeWaitExpiredCount"

	// Events types
	Kernel          = "kernel"
	EnricherRing    = "enricher_ring"
	BufferedChannel = "buffered_channel"
	ExternalChannel = "external_channel"

	// TCP Flags
	SYN    = "SYN"
	SYNACK = "SYNACK"
	ACK    = "ACK"
	FIN    = "FIN"
	RST    = "RST"
	PSH    = "PSH"
	ECE    = "ECE"
	CWR    = "CWR"
	NS     = "NS"
	URG    = "URG"

	DataPlane = "dataplane"
	Linux     = "linux"
	Windows   = "windows"

	// DNS labels.
	DNSLabels = []string{"return_code", "query_type", "query", "response", "num_response"}
)
View Source
var (
	DNSType_name = map[int32]string{
		0: "UNKNOWN",
		1: "QUERY",
		2: "RESPONSE",
	}
	DNSType_value = map[string]int32{
		"UNKNOWN":  0,
		"QUERY":    1,
		"RESPONSE": 2,
	}
)

Enum value maps for DNSType.

View Source
var File_pkg_utils_metadata_proto protoreflect.FileDescriptor

Functions

func AddDnsInfo

func AddDnsInfo(f *flow.Flow, qType string, rCode uint32, query string, qTypes []string, numAnswers int, ips []string)

func AddPacketSize

func AddPacketSize(f *flow.Flow, packetSize uint64)

func AddTcpFlags

func AddTcpFlags(f *flow.Flow, syn, ack, fin, rst, psh, urg uint16)

func AddTcpID

func AddTcpID(f *flow.Flow, id uint64)

Add TSval/TSecr to the flow as TCP ID. The TSval/TSecr works as ID for the flow. We will use this ID to calculate latency.

func CompareStringSlice

func CompareStringSlice(a, b []string) bool

func DecodeRequestBody

func DecodeRequestBody(request *http.Request, iface interface{}) (err error)

func DnsRcodeToString

func DnsRcodeToString(f *flow.Flow) string

DNS Return code to string.

func EncodeResponseBody

func EncodeResponseBody(w http.ResponseWriter, iface interface{}) error

func GetInterface

func GetInterface(name string, interfaceType string) (netlink.Link, error)

Get all the veth interfaces. Similar to ip link show type veth

func GetPluginEventAttributes

func GetPluginEventAttributes(attrs []attribute.KeyValue, pluginName, eventName, timestamp string) []attribute.KeyValue

func GetTcpID

func GetTcpID(f *flow.Flow) uint64

func HostToNetShort

func HostToNetShort(i uint16) uint16

HostToNetShort converts a 16-bit integer from host to network byte order, aka "htons"

func Ip2int

func Ip2int(ip []byte) (res uint32, err error)

func IsAdvancedMetric

func IsAdvancedMetric(name string) bool

IsAdvancedMetric is a helper function to determine if a name is an advanced metric

func OpenRawSocket

func OpenRawSocket(index int) (int, error)

func PacketSize

func PacketSize(f *flow.Flow) uint64

func Retry

func Retry(f func() error, retry int) (err error)

Exponential backoff retry logic.

func StringPtr

func StringPtr(v string) *string

func ToFlow

func ToFlow(
	ts int64,
	sourceIP, destIP net.IP,
	sourcePort, destPort uint32,
	proto uint8,
	observationPoint uint32,
	verdict flow.Verdict,
	dropReason uint32,
) *flow.Flow

ToFlow returns a flow.Flow object. This sets up a L3/L4 flow object. sourceIP, destIP are IPv4 addresses. sourcePort, destPort are TCP/UDP ports. proto is the protocol number. Ref: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml . observationPoint is the observation point+direction of the flow. 0 is from n/w stack to container, 1 is from container to stack, 2 is from host to network and 3 is from network to host. ts is the timestamp in nanoseconds.

Types

type DNSType

type DNSType int32
const (
	DNSType_UNKNOWN  DNSType = 0
	DNSType_QUERY    DNSType = 1
	DNSType_RESPONSE DNSType = 2
)

func GetDns

func GetDns(f *flow.Flow) (*flow.DNS, DNSType, uint32)

func (DNSType) Descriptor

func (DNSType) Descriptor() protoreflect.EnumDescriptor

func (DNSType) Enum

func (x DNSType) Enum() *DNSType

func (DNSType) EnumDescriptor deprecated

func (DNSType) EnumDescriptor() ([]byte, []int)

Deprecated: Use DNSType.Descriptor instead.

func (DNSType) Number

func (x DNSType) Number() protoreflect.EnumNumber

func (DNSType) String

func (x DNSType) String() string

func (DNSType) Type

func (DNSType) Type() protoreflect.EnumType

type RetinaMetadata

type RetinaMetadata struct {
	Bytes uint64 `protobuf:"varint,1,opt,name=bytes,proto3" json:"bytes,omitempty"`
	// DNS metadata.
	DnsType      DNSType `protobuf:"varint,2,opt,name=dns_type,json=dnsType,proto3,enum=utils.DNSType" json:"dns_type,omitempty"`
	NumResponses uint32  `protobuf:"varint,3,opt,name=num_responses,json=numResponses,proto3" json:"num_responses,omitempty"`
	// TCP ID. Either Tsval or Tsecr will be set.
	TcpId uint64 `protobuf:"varint,4,opt,name=tcp_id,json=tcpId,proto3" json:"tcp_id,omitempty"`
	// contains filtered or unexported fields
}

func (*RetinaMetadata) Descriptor deprecated

func (*RetinaMetadata) Descriptor() ([]byte, []int)

Deprecated: Use RetinaMetadata.ProtoReflect.Descriptor instead.

func (*RetinaMetadata) GetBytes

func (x *RetinaMetadata) GetBytes() uint64

func (*RetinaMetadata) GetDnsType

func (x *RetinaMetadata) GetDnsType() DNSType

func (*RetinaMetadata) GetNumResponses

func (x *RetinaMetadata) GetNumResponses() uint32

func (*RetinaMetadata) GetTcpId

func (x *RetinaMetadata) GetTcpId() uint64

func (*RetinaMetadata) ProtoMessage

func (*RetinaMetadata) ProtoMessage()

func (*RetinaMetadata) ProtoReflect

func (x *RetinaMetadata) ProtoReflect() protoreflect.Message

func (*RetinaMetadata) Reset

func (x *RetinaMetadata) Reset()

func (*RetinaMetadata) String

func (x *RetinaMetadata) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL