Documentation ¶
Overview ¶
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Index ¶
- Constants
- Variables
- func AddDNSInfo(f *flow.Flow, meta *RetinaMetadata, qType string, rCode uint32, query string, ...)
- func AddDropReason(f *flow.Flow, meta *RetinaMetadata, dropReason uint16)
- func AddPacketSize(meta *RetinaMetadata, packetSize uint32)
- func AddRetinaMetadata(f *flow.Flow, meta *RetinaMetadata)
- func AddTCPFlags(f *flow.Flow, syn, ack, fin, rst, psh, urg uint16)
- func AddTCPFlagsBool(f *flow.Flow, syn, ack, fin, rst, psh, urg bool)
- func AddTCPID(meta *RetinaMetadata, id uint64)
- func CompareStringSlice(a, b []string) bool
- func DNSRcodeToString(f *flow.Flow) string
- func DecodeRequestBody(request *http.Request, iface interface{}) (err error)
- func DropReasonDescription(f *flow.Flow) string
- func EncodeResponseBody(w http.ResponseWriter, iface interface{}) error
- func GetDefaultOutgoingLinks() ([]netlink.Link, error)
- func GetDropReasonDesc(dr DropReason) flow.DropReason
- func GetPluginEventAttributes(attrs []attribute.KeyValue, pluginName, eventName, timestamp string) []attribute.KeyValue
- func GetTCPID(f *flow.Flow) uint64
- func HostToNetShort(i uint16) uint16
- func Int2ip(nn uint32) net.IP
- func Ip2int(ip []byte) (res uint32, err error)
- func IsAdvancedMetric(name string) bool
- func OpenRawSocket(index int) (int, error)
- func PacketSize(f *flow.Flow) uint32
- func Retry(f func() error, retry int) (err error)
- func StringPtr(v string) *string
- func ToFlow(l *log.ZapLogger, ts int64, sourceIP, destIP net.IP, ...) *flow.Flow
- func Uint32Ptr(v uint32) *uint32
- type DNSType
- type DropReason
- type RetinaMetadata
- func (*RetinaMetadata) Descriptor() ([]byte, []int)deprecated
- func (x *RetinaMetadata) GetBytes() uint32
- func (x *RetinaMetadata) GetDnsType() DNSType
- func (x *RetinaMetadata) GetDropReason() DropReason
- func (x *RetinaMetadata) GetNumResponses() uint32
- func (x *RetinaMetadata) GetTcpId() uint64
- func (*RetinaMetadata) ProtoMessage()
- func (x *RetinaMetadata) ProtoReflect() protoreflect.Message
- func (x *RetinaMetadata) Reset()
- func (x *RetinaMetadata) String() string
Constants ¶
const ( Verdict_RETRANSMISSION flow.Verdict = 15 Verdict_DNS flow.Verdict = 16 TypeUrl string = "retina.sh" )
Additional Verdicts to be used for flow objects
const ( // Common Counters across os distributions (should these be asynch or synch) // make sure IsMetric is updated if you add a new metric here DroppedPacketsGaugeName = "drop_count" DropBytesGaugeName = "drop_bytes" ForwardPacketsGaugeName = "forward_count" ForwardBytesGaugeName = "forward_bytes" TCPStateGaugeName = "tcp_state" TCPConnectionRemoteGaugeName = "tcp_connection_remote" TCPConnectionStatsName = "tcp_connection_stats" TCPFlagGauge = "tcp_flag_gauges" TCPRetransCount = "tcp_retransmission_count" IPConnectionStatsName = "ip_connection_stats" UDPConnectionStatsName = "udp_connection_stats" InterfaceStatsName = "interface_stats" DNSRequestCounterName = "dns_request_count" DNSResponseCounterName = "dns_response_count" NodeAPIServerLatencyName = "node_apiserver_latency" NodeAPIServerTCPHandshakeLatencyName = "node_apiserver_handshake_latency" NoResponseFromAPIServerName = "node_apiserver_no_response" InfinibandCounterStatsName = "infiniband_counter_stats" InfinibandStatusParamsName = "infiniband_status_params" // Common Gauges across os distributions NodeConnectivityStatusName = "node_connectivity_status" NodeConnectivityLatencySecondsName = "node_connectivity_latency_seconds" )
Variables ¶
var ( // todo move to attributes pkg? Type = "type" Reason = "reason" Direction = "direction" SourceNodeName = "source_node_name" TargetNodeName = "target_node_name" State = "state" Address = "address" Port = "port" StatName = "statistic_name" InterfaceName = "interface_name" InterfaceNameConstant = "all_interfaces" Flag = "flag" Endpoint = "endpoint" AclRule = "aclrule" Active = "ACTIVE" Device = "device" // TCP Connection Statistic Names ResetCount = "ResetCount" ClosedFin = "ClosedFin" ResetSyn = "ResetSyn" TcpHalfOpenTimeouts = "TcpHalfOpenTimeouts" Verified = "Verified" TimedOutCount = "TimedOutCount" TimeWaitExpiredCount = "TimeWaitExpiredCount" // Events types Kernel = "kernel" EnricherRing = "enricher_ring" BufferedChannel = "buffered_channel" ExternalChannel = "external_channel" // TCP Flags SYN = "SYN" SYNACK = "SYNACK" ACK = "ACK" FIN = "FIN" RST = "RST" PSH = "PSH" ECE = "ECE" CWR = "CWR" NS = "NS" URG = "URG" DataPlane = "dataplane" Linux = "linux" Windows = "windows" // DNS labels. DNSRequestLabels = []string{"query_type", "query"} DNSResponseLabels = []string{"return_code", "query_type", "query", "response", "num_response"} )
var ( DNSType_name = map[int32]string{ 0: "UNKNOWN", 1: "QUERY", 2: "RESPONSE", } DNSType_value = map[string]int32{ "UNKNOWN": 0, "QUERY": 1, "RESPONSE": 2, } )
Enum value maps for DNSType.
var ( DropReason_name = map[int32]string{ 0: "IPTABLE_RULE_DROP", 1: "IPTABLE_NAT_DROP", 2: "TCP_CONNECT_BASIC", 3: "TCP_ACCEPT_BASIC", 4: "TCP_CLOSE_BASIC", 5: "CONNTRACK_ADD_DROP", 6: "UNKNOWN_DROP", } DropReason_value = map[string]int32{ "IPTABLE_RULE_DROP": 0, "IPTABLE_NAT_DROP": 1, "TCP_CONNECT_BASIC": 2, "TCP_ACCEPT_BASIC": 3, "TCP_CLOSE_BASIC": 4, "CONNTRACK_ADD_DROP": 5, "UNKNOWN_DROP": 6, } )
Enum value maps for DropReason.
var File_metadata_linux_proto protoreflect.FileDescriptor
Functions ¶
func AddDNSInfo ¶ added in v0.0.9
func AddDNSInfo(f *flow.Flow, meta *RetinaMetadata, qType string, rCode uint32, query string, qTypes []string, numAnswers int, ips []string)
AddDNSInfo adds DNS information to the flow's metadata.
func AddDropReason ¶ added in v0.0.9
func AddDropReason(f *flow.Flow, meta *RetinaMetadata, dropReason uint16)
AddDropReason adds the drop reason to the flow's metadata.
func AddPacketSize ¶
func AddPacketSize(meta *RetinaMetadata, packetSize uint32)
AddPacketSize adds the packet size to the flow's metadata.
func AddRetinaMetadata ¶ added in v0.0.9
func AddRetinaMetadata(f *flow.Flow, meta *RetinaMetadata)
AddRetinaMetadata adds the RetinaMetadata to the flow's extensions field.
func AddTCPFlags ¶ added in v0.0.9
func AddTCPFlagsBool ¶ added in v0.0.13
func AddTCPID ¶ added in v0.0.9
func AddTCPID(meta *RetinaMetadata, id uint64)
Add TSval/TSecr to the flow's metadata as TCP ID. The TSval/TSecr works as ID for the flow. We will use this ID to calculate latency.
func CompareStringSlice ¶
func DNSRcodeToString ¶ added in v0.0.9
DNS Return code to string.
func DecodeRequestBody ¶
func DropReasonDescription ¶ added in v0.0.9
func EncodeResponseBody ¶
func EncodeResponseBody(w http.ResponseWriter, iface interface{}) error
func GetDefaultOutgoingLinks ¶ added in v0.0.10
GetDefaultOutgoingLinks gets the outgoing interface by executing an equivalent to `ip route show default 0.0.0.0/0`
func GetDropReasonDesc ¶ added in v0.0.13
func GetDropReasonDesc(dr DropReason) flow.DropReason
func HostToNetShort ¶
HostToNetShort converts a 16-bit integer from host to network byte order, aka "htons"
func IsAdvancedMetric ¶
IsAdvancedMetric is a helper function to determine if a name is an advanced metric
func OpenRawSocket ¶
func PacketSize ¶
func ToFlow ¶
func ToFlow( l *log.ZapLogger, ts int64, sourceIP, destIP net.IP, sourcePort, destPort uint32, proto uint8, observationPoint uint8, verdict flow.Verdict, ) *flow.Flow
ToFlow returns a flow.Flow object. This sets up a L3/L4 flow object. sourceIP, destIP are IPv4 addresses. sourcePort, destPort are TCP/UDP ports. proto is the protocol number. Ref: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml . observationPoint is the observation point+direction of the flow. 0 is from n/w stack to container, 1 is from container to stack, 2 is from host to network and 3 is from network to host. ts is the timestamp in nanoseconds.
Types ¶
type DNSType ¶
type DNSType int32
func (DNSType) Descriptor ¶
func (DNSType) Descriptor() protoreflect.EnumDescriptor
func (DNSType) EnumDescriptor
deprecated
func (DNSType) Number ¶
func (x DNSType) Number() protoreflect.EnumNumber
func (DNSType) Type ¶
func (DNSType) Type() protoreflect.EnumType
type DropReason ¶ added in v0.0.9
type DropReason int32
Ref: pkg/plugin/dropreason/_cprog/drop_reason.h.
const ( DropReason_IPTABLE_RULE_DROP DropReason = 0 DropReason_IPTABLE_NAT_DROP DropReason = 1 DropReason_TCP_CONNECT_BASIC DropReason = 2 DropReason_TCP_ACCEPT_BASIC DropReason = 3 DropReason_TCP_CLOSE_BASIC DropReason = 4 DropReason_CONNTRACK_ADD_DROP DropReason = 5 DropReason_UNKNOWN_DROP DropReason = 6 )
func (DropReason) Descriptor ¶ added in v0.0.9
func (DropReason) Descriptor() protoreflect.EnumDescriptor
func (DropReason) Enum ¶ added in v0.0.9
func (x DropReason) Enum() *DropReason
func (DropReason) EnumDescriptor
deprecated
added in
v0.0.9
func (DropReason) EnumDescriptor() ([]byte, []int)
Deprecated: Use DropReason.Descriptor instead.
func (DropReason) Number ¶ added in v0.0.9
func (x DropReason) Number() protoreflect.EnumNumber
func (DropReason) String ¶ added in v0.0.9
func (x DropReason) String() string
func (DropReason) Type ¶ added in v0.0.9
func (DropReason) Type() protoreflect.EnumType
type RetinaMetadata ¶
type RetinaMetadata struct { Bytes uint32 `protobuf:"varint,1,opt,name=bytes,proto3" json:"bytes,omitempty"` // DNS metadata. DnsType DNSType `protobuf:"varint,2,opt,name=dns_type,json=dnsType,proto3,enum=utils.DNSType" json:"dns_type,omitempty"` NumResponses uint32 `protobuf:"varint,3,opt,name=num_responses,json=numResponses,proto3" json:"num_responses,omitempty"` // TCP ID. Either Tsval or Tsecr will be set. TcpId uint64 `protobuf:"varint,4,opt,name=tcp_id,json=tcpId,proto3" json:"tcp_id,omitempty"` // Drop reason in Retina. DropReason DropReason `protobuf:"varint,5,opt,name=drop_reason,json=dropReason,proto3,enum=utils.DropReason" json:"drop_reason,omitempty"` // contains filtered or unexported fields }
func (*RetinaMetadata) Descriptor
deprecated
func (*RetinaMetadata) Descriptor() ([]byte, []int)
Deprecated: Use RetinaMetadata.ProtoReflect.Descriptor instead.
func (*RetinaMetadata) GetBytes ¶
func (x *RetinaMetadata) GetBytes() uint32
func (*RetinaMetadata) GetDnsType ¶
func (x *RetinaMetadata) GetDnsType() DNSType
func (*RetinaMetadata) GetDropReason ¶ added in v0.0.9
func (x *RetinaMetadata) GetDropReason() DropReason
func (*RetinaMetadata) GetNumResponses ¶
func (x *RetinaMetadata) GetNumResponses() uint32
func (*RetinaMetadata) GetTcpId ¶
func (x *RetinaMetadata) GetTcpId() uint64
func (*RetinaMetadata) ProtoMessage ¶
func (*RetinaMetadata) ProtoMessage()
func (*RetinaMetadata) ProtoReflect ¶
func (x *RetinaMetadata) ProtoReflect() protoreflect.Message
func (*RetinaMetadata) Reset ¶
func (x *RetinaMetadata) Reset()
func (*RetinaMetadata) String ¶
func (x *RetinaMetadata) String() string