endpoint

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 27, 2017 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Addr            = "addr" // typically IPv4
	Port            = "port"
	Conntracked     = "conntracked"
	EBPF            = "eBPF"
	Procspied       = "procspied"
	ReverseDNSNames = "reverse_dns_names"
	SnoopedDNSNames = "snooped_dns_names"
)

Node metadata keys.

Variables

View Source
var IsConntrackSupported = func(procRoot string) error {

	f := filepath.Join(procRoot, eventsPath)
	contents, err := ioutil.ReadFile(f)
	if err != nil {
		return err
	}
	if string(contents) == "0" {
		return fmt.Errorf("conntrack events (%s) are disabled", f)
	}
	return nil
}

IsConntrackSupported returns true if conntrack is suppported by the kernel

View Source
var SpyDuration = prometheus.NewSummaryVec(
	prometheus.SummaryOpts{
		Namespace: "scope",
		Subsystem: "probe",
		Name:      "spy_duration_seconds",
		Help:      "Time in seconds spent spying on active connections.",
		MaxAge:    10 * time.Second,
	},
	[]string{},
)

SpyDuration is an exported prometheus metric

Functions

This section is empty.

Types

type DNSSnooper added in v1.0.0

type DNSSnooper struct {
	// contains filtered or unexported fields
}

DNSSnooper is a snopper of DNS queries

func NewDNSSnooper added in v1.0.0

func NewDNSSnooper() (*DNSSnooper, error)

NewDNSSnooper creates a new snooper of DNS queries

func (*DNSSnooper) CachedNamesForIP added in v1.0.0

func (s *DNSSnooper) CachedNamesForIP(ip string) []string

CachedNamesForIP obtains the domains associated to an IP, obtained while snooping A-record queries

func (*DNSSnooper) Stop added in v1.0.0

func (s *DNSSnooper) Stop()

Stop makes the snooper stop inspecting DNS communications

type EbpfTracker added in v1.3.0

type EbpfTracker struct {
	sync.Mutex
	// contains filtered or unexported fields
}

EbpfTracker contains the sets of open and closed TCP connections. Closed connections are kept in the `closedConnections` slice for one iteration of `walkConnections`.

type Reporter

type Reporter struct {
	// contains filtered or unexported fields
}

Reporter generates Reports containing the Endpoint topology.

func NewReporter

func NewReporter(conf ReporterConfig) *Reporter

NewReporter creates a new Reporter that invokes procspy.Connections to generate a report.Report that contains every discovered (spied) connection on the host machine, at the granularity of host and port. That information is stored in the Endpoint topology. It optionally enriches that topology with process (PID) information.

func (Reporter) Name added in v0.10.0

func (Reporter) Name() string

Name of this reporter, for metrics gathering

func (*Reporter) Report

func (r *Reporter) Report() (report.Report, error)

Report implements Reporter.

func (*Reporter) Stop added in v0.7.0

func (r *Reporter) Stop()

Stop stop stop

type ReporterConfig added in v1.0.0

type ReporterConfig struct {
	HostID       string
	HostName     string
	SpyProcs     bool
	UseConntrack bool
	WalkProc     bool
	UseEbpfConn  bool
	ProcRoot     string
	BufferSize   int
	ProcessCache *process.CachingWalker
	Scanner      procspy.ConnectionScanner
	DNSSnooper   *DNSSnooper
}

ReporterConfig are the config options for the endpoint reporter.

Directories

Path Synopsis
Package procspy lists TCP connections, and optionally tries to find the owning processes.
Package procspy lists TCP connections, and optionally tries to find the owning processes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL