Documentation ¶
Index ¶
Constants ¶
const ( Addr = "addr" // typically IPv4 Port = "port" Conntracked = "conntracked" EBPF = "eBPF" Procspied = "procspied" ReverseDNSNames = "reverse_dns_names" SnoopedDNSNames = "snooped_dns_names" )
Node metadata keys.
Variables ¶
var IsConntrackSupported = func(procRoot string) error { f := filepath.Join(procRoot, eventsPath) contents, err := ioutil.ReadFile(f) if err != nil { return err } if string(contents) == "0" { return fmt.Errorf("conntrack events (%s) are disabled", f) } return nil }
IsConntrackSupported returns true if conntrack is suppported by the kernel
var SpyDuration = prometheus.NewSummaryVec( prometheus.SummaryOpts{ Namespace: "scope", Subsystem: "probe", Name: "spy_duration_seconds", Help: "Time in seconds spent spying on active connections.", MaxAge: 10 * time.Second, }, []string{}, )
SpyDuration is an exported prometheus metric
Functions ¶
This section is empty.
Types ¶
type DNSSnooper ¶ added in v1.0.0
type DNSSnooper struct {
// contains filtered or unexported fields
}
DNSSnooper is a snopper of DNS queries
func NewDNSSnooper ¶ added in v1.0.0
func NewDNSSnooper() (*DNSSnooper, error)
NewDNSSnooper creates a new snooper of DNS queries
func (*DNSSnooper) CachedNamesForIP ¶ added in v1.0.0
func (s *DNSSnooper) CachedNamesForIP(ip string) []string
CachedNamesForIP obtains the domains associated to an IP, obtained while snooping A-record queries
func (*DNSSnooper) Stop ¶ added in v1.0.0
func (s *DNSSnooper) Stop()
Stop makes the snooper stop inspecting DNS communications
type EbpfTracker ¶ added in v1.3.0
EbpfTracker contains the sets of open and closed TCP connections. Closed connections are kept in the `closedConnections` slice for one iteration of `walkConnections`.
type Reporter ¶
type Reporter struct {
// contains filtered or unexported fields
}
Reporter generates Reports containing the Endpoint topology.
func NewReporter ¶
func NewReporter(conf ReporterConfig) *Reporter
NewReporter creates a new Reporter that invokes procspy.Connections to generate a report.Report that contains every discovered (spied) connection on the host machine, at the granularity of host and port. That information is stored in the Endpoint topology. It optionally enriches that topology with process (PID) information.
type ReporterConfig ¶ added in v1.0.0
type ReporterConfig struct { HostID string HostName string SpyProcs bool UseConntrack bool WalkProc bool UseEbpfConn bool ProcRoot string BufferSize int ProcessCache *process.CachingWalker Scanner procspy.ConnectionScanner DNSSnooper *DNSSnooper }
ReporterConfig are the config options for the endpoint reporter.