Documentation ¶
Index ¶
Constants ¶
const ( ReverseDNSNames = report.ReverseDNSNames SnoopedDNSNames = report.SnoopedDNSNames CopyOf = report.CopyOf )
Node metadata keys.
Variables ¶
var IsConntrackSupported = func(procRoot string) error { f := filepath.Join(procRoot, eventsPath) contents, err := ioutil.ReadFile(f) if err != nil { return err } if string(contents) == "0" { return fmt.Errorf("conntrack events (%s) are disabled", f) } return nil }
IsConntrackSupported returns true if conntrack is suppported by the kernel
Functions ¶
This section is empty.
Types ¶
type DNSSnooper ¶
type DNSSnooper struct {
// contains filtered or unexported fields
}
DNSSnooper is a snopper of DNS queries
func NewDNSSnooper ¶
func NewDNSSnooper() (*DNSSnooper, error)
NewDNSSnooper creates a new snooper of DNS queries
func (*DNSSnooper) CachedNamesForIP ¶
func (s *DNSSnooper) CachedNamesForIP(ip string) []string
CachedNamesForIP obtains the domains associated to an IP, obtained while snooping A-record queries
func (*DNSSnooper) Stop ¶
func (s *DNSSnooper) Stop()
Stop makes the snooper stop inspecting DNS communications
type EbpfTracker ¶
EbpfTracker contains the sets of open and closed TCP connections. Closed connections are kept in the `closedConnections` slice for one iteration of `walkConnections`.
func (*EbpfTracker) LostV4 ¶
func (t *EbpfTracker) LostV4(count uint64)
LostV4 handles IPv4 TCP event misses from the eBPF tracer.
func (*EbpfTracker) LostV6 ¶
func (t *EbpfTracker) LostV6(count uint64)
LostV6 handles IPv4 TCP event misses from the eBPF tracer. This is currently a no-op.
func (*EbpfTracker) TCPEventV4 ¶
func (t *EbpfTracker) TCPEventV4(e tracer.TcpV4)
TCPEventV4 handles IPv4 TCP events from the eBPF tracer
func (*EbpfTracker) TCPEventV6 ¶
func (t *EbpfTracker) TCPEventV6(e tracer.TcpV6)
TCPEventV6 handles IPv6 TCP events from the eBPF tracer. This is currently a no-op.
type Reporter ¶
type Reporter struct {
// contains filtered or unexported fields
}
Reporter generates Reports containing the Endpoint topology.
func NewReporter ¶
func NewReporter(conf ReporterConfig) *Reporter
NewReporter creates a new Reporter that invokes procspy.Connections to generate a report.Report that contains every discovered (spied) connection on the host machine, at the granularity of host and port. That information is stored in the Endpoint topology. It optionally enriches that topology with process (PID) information.
type ReporterConfig ¶
type ReporterConfig struct { HostID string HostName string SpyProcs bool UseConntrack bool WalkProc bool UseEbpfConn bool ProcRoot string BufferSize int ProcessCache *process.CachingWalker Scanner procspy.ConnectionScanner DNSSnooper *DNSSnooper }
ReporterConfig are the config options for the endpoint reporter.