utils

package
v0.0.20 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2024 License: MIT Imports: 25 Imported by: 0

Documentation

Overview

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Index

Constants

View Source
const (
	Verdict_RETRANSMISSION flow.Verdict = 15
	Verdict_DNS            flow.Verdict = 16
	TypeUrl                string       = "retina.sh"
)

Additional Verdicts to be used for flow objects

View Source
const (
	// Common Counters across os distributions (should these be asynch or synch)
	// make sure IsMetric is updated if you add a new metric here
	DroppedPacketsGaugeName              = "drop_count"
	DropBytesGaugeName                   = "drop_bytes"
	ForwardPacketsGaugeName              = "forward_count"
	ForwardBytesGaugeName                = "forward_bytes"
	TCPStateGaugeName                    = "tcp_state"
	TCPConnectionRemoteGaugeName         = "tcp_connection_remote"
	TCPConnectionStatsName               = "tcp_connection_stats"
	TCPFlagGauge                         = "tcp_flag_gauges"
	TCPRetransCount                      = "tcp_retransmission_count"
	IPConnectionStatsName                = "ip_connection_stats"
	UDPConnectionStatsName               = "udp_connection_stats"
	InterfaceStatsName                   = "interface_stats"
	DNSRequestCounterName                = "dns_request_count"
	DNSResponseCounterName               = "dns_response_count"
	NodeAPIServerLatencyName             = "node_apiserver_latency"
	NodeAPIServerTCPHandshakeLatencyName = "node_apiserver_handshake_latency"
	NoResponseFromAPIServerName          = "node_apiserver_no_response"
	InfinibandCounterStatsName           = "infiniband_counter_stats"
	InfinibandStatusParamsName           = "infiniband_status_params"

	// Common Gauges across os distributions
	NodeConnectivityStatusName         = "node_connectivity_status"
	NodeConnectivityLatencySecondsName = "node_connectivity_latency_seconds"
)

Variables

View Source
var (

	// todo move to attributes pkg?
	Type                  = "type"
	Reason                = "reason"
	Direction             = "direction"
	SourceNodeName        = "source_node_name"
	TargetNodeName        = "target_node_name"
	State                 = "state"
	Address               = "address"
	Port                  = "port"
	StatName              = "statistic_name"
	InterfaceName         = "interface_name"
	InterfaceNameConstant = "all_interfaces"
	Flag                  = "flag"
	Endpoint              = "endpoint"
	AclRule               = "aclrule"
	Active                = "ACTIVE"
	Device                = "device"

	// TCP Connection Statistic Names
	ResetCount           = "ResetCount"
	ClosedFin            = "ClosedFin"
	ResetSyn             = "ResetSyn"
	TcpHalfOpenTimeouts  = "TcpHalfOpenTimeouts"
	Verified             = "Verified"
	TimedOutCount        = "TimedOutCount"
	TimeWaitExpiredCount = "TimeWaitExpiredCount"

	// Events types
	Kernel          = "kernel"
	EnricherRing    = "enricher_ring"
	BufferedChannel = "buffered_channel"
	ExternalChannel = "external_channel"

	// TCP Flags
	SYN    = "SYN"
	SYNACK = "SYNACK"
	ACK    = "ACK"
	FIN    = "FIN"
	RST    = "RST"
	PSH    = "PSH"
	ECE    = "ECE"
	CWR    = "CWR"
	NS     = "NS"
	URG    = "URG"

	DataPlane = "dataplane"
	Linux     = "linux"
	Windows   = "windows"

	// DNS labels.
	DNSRequestLabels  = []string{"query_type", "query"}
	DNSResponseLabels = []string{"return_code", "query_type", "query", "response", "num_response"}
)
View Source
var (
	DNSType_name = map[int32]string{
		0: "UNKNOWN",
		1: "QUERY",
		2: "RESPONSE",
	}
	DNSType_value = map[string]int32{
		"UNKNOWN":  0,
		"QUERY":    1,
		"RESPONSE": 2,
	}
)

Enum value maps for DNSType.

View Source
var (
	DropReason_name = map[int32]string{
		0: "IPTABLE_RULE_DROP",
		1: "IPTABLE_NAT_DROP",
		2: "TCP_CONNECT_BASIC",
		3: "TCP_ACCEPT_BASIC",
		4: "TCP_CLOSE_BASIC",
		5: "CONNTRACK_ADD_DROP",
		6: "UNKNOWN_DROP",
	}
	DropReason_value = map[string]int32{
		"IPTABLE_RULE_DROP":  0,
		"IPTABLE_NAT_DROP":   1,
		"TCP_CONNECT_BASIC":  2,
		"TCP_ACCEPT_BASIC":   3,
		"TCP_CLOSE_BASIC":    4,
		"CONNTRACK_ADD_DROP": 5,
		"UNKNOWN_DROP":       6,
	}
)

Enum value maps for DropReason.

View Source
var File_metadata_linux_proto protoreflect.FileDescriptor

Functions

func AddDNSInfo added in v0.0.9

func AddDNSInfo(f *flow.Flow, meta *RetinaMetadata, qType string, rCode uint32, query string, qTypes []string, numAnswers int, ips []string)

AddDNSInfo adds DNS information to the flow's metadata.

func AddDropReason added in v0.0.9

func AddDropReason(f *flow.Flow, meta *RetinaMetadata, dropReason uint16)

AddDropReason adds the drop reason to the flow's metadata.

func AddPacketSize

func AddPacketSize(meta *RetinaMetadata, packetSize uint32)

AddPacketSize adds the packet size to the flow's metadata.

func AddRetinaMetadata added in v0.0.9

func AddRetinaMetadata(f *flow.Flow, meta *RetinaMetadata)

AddRetinaMetadata adds the RetinaMetadata to the flow's extensions field.

func AddTCPFlags added in v0.0.9

func AddTCPFlags(f *flow.Flow, syn, ack, fin, rst, psh, urg uint16)

func AddTCPFlagsBool added in v0.0.13

func AddTCPFlagsBool(f *flow.Flow, syn, ack, fin, rst, psh, urg bool)

func AddTCPID added in v0.0.9

func AddTCPID(meta *RetinaMetadata, id uint64)

Add TSval/TSecr to the flow's metadata as TCP ID. The TSval/TSecr works as ID for the flow. We will use this ID to calculate latency.

func CompareStringSlice

func CompareStringSlice(a, b []string) bool

func DNSRcodeToString added in v0.0.9

func DNSRcodeToString(f *flow.Flow) string

DNS Return code to string.

func DecodeRequestBody

func DecodeRequestBody(request *http.Request, iface interface{}) (err error)

func DropReasonDescription added in v0.0.9

func DropReasonDescription(f *flow.Flow) string

func EncodeResponseBody

func EncodeResponseBody(w http.ResponseWriter, iface interface{}) error
func GetDefaultOutgoingLinks() ([]netlink.Link, error)

GetDefaultOutgoingLinks gets the outgoing interface by executing an equivalent to `ip route show default 0.0.0.0/0`

func GetDropReasonDesc added in v0.0.13

func GetDropReasonDesc(dr DropReason) flow.DropReason

func GetPluginEventAttributes

func GetPluginEventAttributes(attrs []attribute.KeyValue, pluginName, eventName, timestamp string) []attribute.KeyValue

func GetTCPID added in v0.0.9

func GetTCPID(f *flow.Flow) uint64

func HostToNetShort

func HostToNetShort(i uint16) uint16

HostToNetShort converts a 16-bit integer from host to network byte order, aka "htons"

func Ip2int

func Ip2int(ip []byte) (res uint32, err error)

func IsAdvancedMetric

func IsAdvancedMetric(name string) bool

IsAdvancedMetric is a helper function to determine if a name is an advanced metric

func OpenRawSocket

func OpenRawSocket(index int) (int, error)

func PacketSize

func PacketSize(f *flow.Flow) uint32

func Retry

func Retry(f func() error, retry int) (err error)

Exponential backoff retry logic.

func StringPtr

func StringPtr(v string) *string

func ToFlow

func ToFlow(
	l *log.ZapLogger,
	ts int64,
	sourceIP, destIP net.IP,
	sourcePort, destPort uint32,
	proto uint8,
	observationPoint uint8,
	verdict flow.Verdict,
) *flow.Flow

ToFlow returns a flow.Flow object. This sets up a L3/L4 flow object. sourceIP, destIP are IPv4 addresses. sourcePort, destPort are TCP/UDP ports. proto is the protocol number. Ref: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml . observationPoint is the observation point+direction of the flow. 0 is from n/w stack to container, 1 is from container to stack, 2 is from host to network and 3 is from network to host. ts is the timestamp in nanoseconds.

Types

type DNSType

type DNSType int32
const (
	DNSType_UNKNOWN  DNSType = 0
	DNSType_QUERY    DNSType = 1
	DNSType_RESPONSE DNSType = 2
)

func GetDNS added in v0.0.9

func GetDNS(f *flow.Flow) (*flow.DNS, DNSType, uint32)

func (DNSType) Descriptor

func (DNSType) Descriptor() protoreflect.EnumDescriptor

func (DNSType) Enum

func (x DNSType) Enum() *DNSType

func (DNSType) EnumDescriptor deprecated

func (DNSType) EnumDescriptor() ([]byte, []int)

Deprecated: Use DNSType.Descriptor instead.

func (DNSType) Number

func (x DNSType) Number() protoreflect.EnumNumber

func (DNSType) String

func (x DNSType) String() string

func (DNSType) Type

func (DNSType) Type() protoreflect.EnumType

type DropReason added in v0.0.9

type DropReason int32

Ref: pkg/plugin/dropreason/_cprog/drop_reason.h.

const (
	DropReason_IPTABLE_RULE_DROP  DropReason = 0
	DropReason_IPTABLE_NAT_DROP   DropReason = 1
	DropReason_TCP_CONNECT_BASIC  DropReason = 2
	DropReason_TCP_ACCEPT_BASIC   DropReason = 3
	DropReason_TCP_CLOSE_BASIC    DropReason = 4
	DropReason_CONNTRACK_ADD_DROP DropReason = 5
	DropReason_UNKNOWN_DROP       DropReason = 6
)

func (DropReason) Descriptor added in v0.0.9

func (DropReason) Descriptor() protoreflect.EnumDescriptor

func (DropReason) Enum added in v0.0.9

func (x DropReason) Enum() *DropReason

func (DropReason) EnumDescriptor deprecated added in v0.0.9

func (DropReason) EnumDescriptor() ([]byte, []int)

Deprecated: Use DropReason.Descriptor instead.

func (DropReason) Number added in v0.0.9

func (x DropReason) Number() protoreflect.EnumNumber

func (DropReason) String added in v0.0.9

func (x DropReason) String() string

func (DropReason) Type added in v0.0.9

type RetinaMetadata

type RetinaMetadata struct {
	Bytes uint32 `protobuf:"varint,1,opt,name=bytes,proto3" json:"bytes,omitempty"`
	// DNS metadata.
	DnsType      DNSType `protobuf:"varint,2,opt,name=dns_type,json=dnsType,proto3,enum=utils.DNSType" json:"dns_type,omitempty"`
	NumResponses uint32  `protobuf:"varint,3,opt,name=num_responses,json=numResponses,proto3" json:"num_responses,omitempty"`
	// TCP ID. Either Tsval or Tsecr will be set.
	TcpId uint64 `protobuf:"varint,4,opt,name=tcp_id,json=tcpId,proto3" json:"tcp_id,omitempty"`
	// Drop reason in Retina.
	DropReason DropReason `protobuf:"varint,5,opt,name=drop_reason,json=dropReason,proto3,enum=utils.DropReason" json:"drop_reason,omitempty"`
	// contains filtered or unexported fields
}

func (*RetinaMetadata) Descriptor deprecated

func (*RetinaMetadata) Descriptor() ([]byte, []int)

Deprecated: Use RetinaMetadata.ProtoReflect.Descriptor instead.

func (*RetinaMetadata) GetBytes

func (x *RetinaMetadata) GetBytes() uint32

func (*RetinaMetadata) GetDnsType

func (x *RetinaMetadata) GetDnsType() DNSType

func (*RetinaMetadata) GetDropReason added in v0.0.9

func (x *RetinaMetadata) GetDropReason() DropReason

func (*RetinaMetadata) GetNumResponses

func (x *RetinaMetadata) GetNumResponses() uint32

func (*RetinaMetadata) GetTcpId

func (x *RetinaMetadata) GetTcpId() uint64

func (*RetinaMetadata) ProtoMessage

func (*RetinaMetadata) ProtoMessage()

func (*RetinaMetadata) ProtoReflect

func (x *RetinaMetadata) ProtoReflect() protoreflect.Message

func (*RetinaMetadata) Reset

func (x *RetinaMetadata) Reset()

func (*RetinaMetadata) String

func (x *RetinaMetadata) String() string

Directories

Path Synopsis
testutil

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL