Documentation
¶
Overview ¶
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Copyright (c) Microsoft Corporation. Licensed under the MIT license.
Index ¶
- Constants
- Variables
- func AddDnsInfo(f *flow.Flow, qType string, rCode uint32, query string, qTypes []string, ...)
- func AddPacketSize(f *flow.Flow, packetSize uint64)
- func AddTcpFlags(f *flow.Flow, syn, ack, fin, rst, psh, urg uint16)
- func AddTcpID(f *flow.Flow, id uint64)
- func CompareStringSlice(a, b []string) bool
- func DecodeRequestBody(request *http.Request, iface interface{}) (err error)
- func DnsRcodeToString(f *flow.Flow) string
- func EncodeResponseBody(w http.ResponseWriter, iface interface{}) error
- func GetInterface(name string, interfaceType string) (netlink.Link, error)
- func GetPluginEventAttributes(attrs []attribute.KeyValue, pluginName, eventName, timestamp string) []attribute.KeyValue
- func GetTcpID(f *flow.Flow) uint64
- func HostToNetShort(i uint16) uint16
- func Int2ip(nn uint32) net.IP
- func Ip2int(ip []byte) (res uint32, err error)
- func IsAdvancedMetric(name string) bool
- func OpenRawSocket(index int) (int, error)
- func PacketSize(f *flow.Flow) uint64
- func Retry(f func() error, retry int) (err error)
- func StringPtr(v string) *string
- func ToFlow(ts int64, sourceIP, destIP net.IP, sourcePort, destPort uint32, proto uint8, ...) *flow.Flow
- func Uint32Ptr(v uint32) *uint32
- type DNSType
- type RetinaMetadata
- func (*RetinaMetadata) Descriptor() ([]byte, []int)deprecated
- func (x *RetinaMetadata) GetBytes() uint64
- func (x *RetinaMetadata) GetDnsType() DNSType
- func (x *RetinaMetadata) GetNumResponses() uint32
- func (x *RetinaMetadata) GetTcpId() uint64
- func (*RetinaMetadata) ProtoMessage()
- func (x *RetinaMetadata) ProtoReflect() protoreflect.Message
- func (x *RetinaMetadata) Reset()
- func (x *RetinaMetadata) String() string
Constants ¶
View Source
const ( Verdict_RETRANSMISSION flow.Verdict = 15 Verdict_DNS flow.Verdict = 16 TypeUrl string = "retina.sh" )
Additional Verdicts to be used for flow objects
View Source
const ( // Common Counters across os distributions (should these be asynch or synch) // make sure IsMetric is updated if you add a new metric here DropCountTotalName = "drop_count" DropBytesTotalName = "drop_bytes" ForwardCountTotalName = "forward_count" ForwardBytesTotalName = "forward_bytes" TcpStateGaugeName = "tcp_state" TcpConnectionRemoteGaugeName = "tcp_connection_remote" TcpConnectionStatsName = "tcp_connection_stats" TcpFlagCounters = "tcp_flag_counters" TcpRetransCount = "tcp_retransmission_count" IpConnectionStatsName = "ip_connection_stats" UdpConnectionStatsName = "udp_connection_stats" UdpActiveSocketsCounterName = "udp_active_sockets" InterfaceStatsName = "interface_stats" DNSRequestCounterName = "dns_request_count" DNSResponseCounterName = "dns_response_count" NodeApiServerLatencyName = "node_apiserver_latency" NodeApiServerTcpHandshakeLatencyName = "node_apiserver_handshake_latency" NoResponseFromApiServerName = "node_apiserver_no_response" // Common Gauges across os distributions NodeConnectivityStatusName = "node_connectivity_status" NodeConnectivityLatencySecondsName = "node_connectivity_latency_seconds" )
Variables ¶
View Source
var ( // todo move to attributes pkg? Type = "type" Reason = "reason" Direction = "direction" SourceNodeName = "source_node_name" TargetNodeName = "target_node_name" State = "state" Address = "address" Port = "port" StatName = "statistic_name" InterfaceName = "interface_name" Flag = "flag" Endpoint = "endpoint" AclRule = "aclrule" Active = "ACTIVE" // TCP Connection Statistic Names ResetCount = "ResetCount" ClosedFin = "ClosedFin" ResetSyn = "ResetSyn" TcpHalfOpenTimeouts = "TcpHalfOpenTimeouts" Verified = "Verified" TimedOutCount = "TimedOutCount" TimeWaitExpiredCount = "TimeWaitExpiredCount" // Events types Kernel = "kernel" EnricherRing = "enricher_ring" BufferedChannel = "buffered_channel" ExternalChannel = "external_channel" // TCP Flags SYN = "SYN" SYNACK = "SYNACK" ACK = "ACK" FIN = "FIN" RST = "RST" PSH = "PSH" ECE = "ECE" CWR = "CWR" NS = "NS" URG = "URG" DataPlane = "dataplane" Linux = "linux" Windows = "windows" // DNS labels. DNSLabels = []string{"return_code", "query_type", "query", "response", "num_response"} )
View Source
var ( DNSType_name = map[int32]string{ 0: "UNKNOWN", 1: "QUERY", 2: "RESPONSE", } DNSType_value = map[string]int32{ "UNKNOWN": 0, "QUERY": 1, "RESPONSE": 2, } )
Enum value maps for DNSType.
View Source
var File_pkg_utils_metadata_proto protoreflect.FileDescriptor
Functions ¶
func AddDnsInfo ¶
func AddPacketSize ¶
func AddTcpFlags ¶
func AddTcpID ¶
Add TSval/TSecr to the flow as TCP ID. The TSval/TSecr works as ID for the flow. We will use this ID to calculate latency.
func CompareStringSlice ¶
func DecodeRequestBody ¶
func EncodeResponseBody ¶
func EncodeResponseBody(w http.ResponseWriter, iface interface{}) error
func GetInterface ¶
Get all the veth interfaces. Similar to ip link show type veth
func HostToNetShort ¶
HostToNetShort converts a 16-bit integer from host to network byte order, aka "htons"
func IsAdvancedMetric ¶
IsAdvancedMetric is a helper function to determine if a name is an advanced metric
func OpenRawSocket ¶
func PacketSize ¶
func ToFlow ¶
func ToFlow( ts int64, sourceIP, destIP net.IP, sourcePort, destPort uint32, proto uint8, observationPoint uint32, verdict flow.Verdict, dropReason uint32, ) *flow.Flow
ToFlow returns a flow.Flow object. This sets up a L3/L4 flow object. sourceIP, destIP are IPv4 addresses. sourcePort, destPort are TCP/UDP ports. proto is the protocol number. Ref: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml . observationPoint is the observation point+direction of the flow. 0 is from n/w stack to container, 1 is from container to stack, 2 is from host to network and 3 is from network to host. ts is the timestamp in nanoseconds.
Types ¶
type DNSType ¶
type DNSType int32
func (DNSType) Descriptor ¶
func (DNSType) Descriptor() protoreflect.EnumDescriptor
func (DNSType) EnumDescriptor
deprecated
func (DNSType) Number ¶
func (x DNSType) Number() protoreflect.EnumNumber
func (DNSType) Type ¶
func (DNSType) Type() protoreflect.EnumType
type RetinaMetadata ¶
type RetinaMetadata struct {
Bytes uint64 `protobuf:"varint,1,opt,name=bytes,proto3" json:"bytes,omitempty"`
// DNS metadata.
DnsType DNSType `protobuf:"varint,2,opt,name=dns_type,json=dnsType,proto3,enum=utils.DNSType" json:"dns_type,omitempty"`
NumResponses uint32 `protobuf:"varint,3,opt,name=num_responses,json=numResponses,proto3" json:"num_responses,omitempty"`
// TCP ID. Either Tsval or Tsecr will be set.
TcpId uint64 `protobuf:"varint,4,opt,name=tcp_id,json=tcpId,proto3" json:"tcp_id,omitempty"`
// contains filtered or unexported fields
}
func (*RetinaMetadata) Descriptor
deprecated
func (*RetinaMetadata) Descriptor() ([]byte, []int)
Deprecated: Use RetinaMetadata.ProtoReflect.Descriptor instead.
func (*RetinaMetadata) GetBytes ¶
func (x *RetinaMetadata) GetBytes() uint64
func (*RetinaMetadata) GetDnsType ¶
func (x *RetinaMetadata) GetDnsType() DNSType
func (*RetinaMetadata) GetNumResponses ¶
func (x *RetinaMetadata) GetNumResponses() uint32
func (*RetinaMetadata) GetTcpId ¶
func (x *RetinaMetadata) GetTcpId() uint64
func (*RetinaMetadata) ProtoMessage ¶
func (*RetinaMetadata) ProtoMessage()
func (*RetinaMetadata) ProtoReflect ¶
func (x *RetinaMetadata) ProtoReflect() protoreflect.Message
func (*RetinaMetadata) Reset ¶
func (x *RetinaMetadata) Reset()
func (*RetinaMetadata) String ¶
func (x *RetinaMetadata) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.