endpoint

package
v0.0.0-...-554ed94 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 2, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ReverseDNSNames = report.ReverseDNSNames
	SnoopedDNSNames = report.SnoopedDNSNames
	CopyOf          = report.CopyOf
)

Node metadata keys.

Variables

View Source
var IsConntrackSupported = func(procRoot string) error {

	f := filepath.Join(procRoot, eventsPath)
	contents, err := ioutil.ReadFile(f)
	if err != nil {
		return err
	}
	if string(contents) == "0" {
		return fmt.Errorf("conntrack events (%s) are disabled", f)
	}
	return nil
}

IsConntrackSupported returns true if conntrack is suppported by the kernel

Functions

This section is empty.

Types

type DNSSnooper

type DNSSnooper struct {
	// contains filtered or unexported fields
}

DNSSnooper is a snopper of DNS queries

func NewDNSSnooper

func NewDNSSnooper() (*DNSSnooper, error)

NewDNSSnooper creates a new snooper of DNS queries

func (*DNSSnooper) CachedNamesForIP

func (s *DNSSnooper) CachedNamesForIP(ip string) []string

CachedNamesForIP obtains the domains associated to an IP, obtained while snooping A-record queries

func (*DNSSnooper) Stop

func (s *DNSSnooper) Stop()

Stop makes the snooper stop inspecting DNS communications

type EbpfTracker

type EbpfTracker struct {
	sync.Mutex
	// contains filtered or unexported fields
}

EbpfTracker contains the sets of open and closed TCP connections. Closed connections are kept in the `closedConnections` slice for one iteration of `walkConnections`.

func (*EbpfTracker) LostV4

func (t *EbpfTracker) LostV4(count uint64)

LostV4 handles IPv4 TCP event misses from the eBPF tracer.

func (*EbpfTracker) LostV6

func (t *EbpfTracker) LostV6(count uint64)

LostV6 handles IPv4 TCP event misses from the eBPF tracer. This is currently a no-op.

func (*EbpfTracker) TCPEventV4

func (t *EbpfTracker) TCPEventV4(e tracer.TcpV4)

TCPEventV4 handles IPv4 TCP events from the eBPF tracer

func (*EbpfTracker) TCPEventV6

func (t *EbpfTracker) TCPEventV6(e tracer.TcpV6)

TCPEventV6 handles IPv6 TCP events from the eBPF tracer. This is currently a no-op.

type Reporter

type Reporter struct {
	// contains filtered or unexported fields
}

Reporter generates Reports containing the Endpoint topology.

func NewReporter

func NewReporter(conf ReporterConfig) *Reporter

NewReporter creates a new Reporter that invokes procspy.Connections to generate a report.Report that contains every discovered (spied) connection on the host machine, at the granularity of host and port. That information is stored in the Endpoint topology. It optionally enriches that topology with process (PID) information.

func (Reporter) Name

func (Reporter) Name() string

Name of this reporter, for metrics gathering

func (*Reporter) Report

func (r *Reporter) Report() (report.Report, error)

Report implements Reporter.

func (*Reporter) Stop

func (r *Reporter) Stop()

Stop stop stop

type ReporterConfig

type ReporterConfig struct {
	HostID       string
	HostName     string
	SpyProcs     bool
	UseConntrack bool
	WalkProc     bool
	UseEbpfConn  bool
	ProcRoot     string
	BufferSize   int
	ProcessCache *process.CachingWalker
	Scanner      procspy.ConnectionScanner
	DNSSnooper   *DNSSnooper
}

ReporterConfig are the config options for the endpoint reporter.

Directories

Path Synopsis
Package procspy lists TCP connections, and optionally tries to find the owning processes.
Package procspy lists TCP connections, and optionally tries to find the owning processes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL