The highest tagged major version is v11.

collector

package

v10.292.0+incompatible Latest Latest Go to latest Published: Apr 23, 2021 License: Apache-2.0 Imports: 8 Imported by: 11

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aporeto-inc/trireme-lib

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ConnectionExceptionReportHash(r *ConnectionExceptionReport) uint64
func StatsFlowContentHash(r *FlowRecord) (contenthash uint64)
func StatsFlowHash(r *FlowRecord) (flowhash, contenthash uint64)
func StatsUserHash(r *UserRecord) error
type ConnectionExceptionReport
type ContainerRecord
type CounterReport
type Counters
type DNSRequestReport
type DefaultCollector
- func (d *DefaultCollector) CollectConnectionExceptionReport(report *ConnectionExceptionReport)
- func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)
- func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)
- func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)
- func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)
- func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)
- func (d *DefaultCollector) CollectPingEvent(report *PingReport)
- func (d *DefaultCollector) CollectTraceEvent(records []string)
- func (d *DefaultCollector) CollectUserEvent(record *UserRecord)
type EndPoint
type EndPointType
- func (e *EndPointType) String() string
type EventCollector
- func NewDefaultCollector() EventCollector
type FlowRecord
- func (f *FlowRecord) String() string
type IPTablesTrace
type IPTablesTraceRecord
type PacketReport
type PingReport
type UserRecord

Constants ¶

View Source

const (
	// FlowReject indicates that a flow was rejected
	FlowReject = "reject"
	// FlowAccept logs that a flow is accepted
	FlowAccept = "accept"
	// MissingToken indicates that the token was missing
	MissingToken = "missingtoken"
	// InvalidToken indicates that the token was invalid
	InvalidToken = "token"
	// InvalidFormat indicates that the packet metadata were not correct
	InvalidFormat = "format"
	// InvalidHeader indicates that the TCP header was not there.
	InvalidHeader = "header"
	// InvalidPayload indicates that the TCP payload was not there or bad.
	InvalidPayload = "payload"
	// InvalidContext indicates that there was no context in the metadata
	InvalidContext = "context"
	// InvalidConnection indicates that there was no connection found
	InvalidConnection = "connection"
	// InvalidState indicates that a packet was received without proper state information
	InvalidState = "state"
	// InvalidNonse indicates that the nonse check failed
	InvalidNonse = "nonse"
	// PolicyDrop indicates that the flow is rejected because of the policy decision
	PolicyDrop = "policy"
	// APIPolicyDrop indicates that the request was dropped because of failed API validation.
	APIPolicyDrop = "api"
	// UnableToDial indicates that the proxy cannot dial out the connection
	UnableToDial = "dial"
	// CompressedTagMismatch indicates that the compressed tag version is dissimilar
	CompressedTagMismatch = "compressedtagmismatch"
	// EncryptionMismatch indicates that the policy encryption varies between client and server enforcer
	EncryptionMismatch = "encryptionmismatch"
	// DatapathVersionMismatch indicates that the datapath version is dissimilar
	DatapathVersionMismatch = "datapathversionmismatch"
	// PacketDrop indicate a single packet drop
	PacketDrop = "packetdrop"
)

Flow event description

View Source

const (
	// ContainerStart indicates a container start event
	ContainerStart = "start"
	// ContainerStop indicates a container stop event
	ContainerStop = "stop"
	// ContainerCreate indicates a container create event
	ContainerCreate = "create"
	// ContainerDelete indicates a container delete event
	ContainerDelete = "delete"
	// ContainerUpdate indicates a container policy update event
	ContainerUpdate = "update"
	// ContainerFailed indicates an event that a container was stopped because of policy issues
	ContainerFailed = "forcestop"
	// ContainerIgnored indicates that the container will be ignored by Trireme
	ContainerIgnored = "ignore"
	// ContainerDeleteUnknown indicates that policy for an unknown  container was deleted
	ContainerDeleteUnknown = "unknowncontainer"
)

Container event description

View Source

const (
	// PolicyValid Normal flow accept
	PolicyValid = "V"
	// DefaultEndPoint  provides a string for unknown container sources
	DefaultEndPoint = "default"
	// SomeClaimsSource provides a string for some claims flow source.
	SomeClaimsSource = "some-claims"
)

Variables ¶

This section is empty.

Functions ¶

func ConnectionExceptionReportHash ¶

func ConnectionExceptionReportHash(r *ConnectionExceptionReport) uint64

ConnectionExceptionReportHash is a hash function to hash connection exception reports.

func StatsFlowContentHash ¶

func StatsFlowContentHash(r *FlowRecord) (contenthash uint64)

StatsFlowContentHash is a hash function to hash flows. Ignores source ports. Returns contenthash - hash with all contents to compare quickly and report when changes are observed

func StatsFlowHash ¶

func StatsFlowHash(r *FlowRecord) (flowhash, contenthash uint64)

StatsFlowHash is a hash function to hash flows. Ignores source ports. Returns two hashes flowhash - minimal with SIP/DIP/Dport contenthash - hash with all contents to compare quickly and report when changes are observed

func StatsUserHash ¶

func StatsUserHash(r *UserRecord) error

StatsUserHash is a hash function to hash user records.

Types ¶

type ConnectionExceptionReport ¶

type ConnectionExceptionReport struct {
	Timestamp       time.Time
	PUID            string
	Namespace       string
	Protocol        int
	SourceIP        string
	DestinationIP   string
	DestinationPort uint16
	State           string
	Reason          string
	Value           uint32
}

ConnectionExceptionReport represents a single connection exception report from datapath.

type ContainerRecord ¶

type ContainerRecord struct {
	ContextID string
	IPAddress policy.ExtendedMap
	Tags      *policy.TagStore
	Event     string
}

ContainerRecord is a statistics record for a container

type CounterReport ¶

type CounterReport struct {
	Namespace string
	PUID      string
	Timestamp int64
	Counters  []Counters
}

CounterReport is called from the PU which reports Counters from the datapath

type Counters ¶

type Counters uint32

Counters represent a single entry with name and current val

type DNSRequestReport ¶

type DNSRequestReport struct {
	ContextID   string
	Namespace   string
	Source      *EndPoint
	Destination *EndPoint
	NameLookup  string
	Error       string
	Count       int
	Ts          time.Time
	IPs         []string
}

DNSRequestReport object is used to report dns requests being made by PU's

type DefaultCollector ¶

type DefaultCollector struct{}

DefaultCollector implements a default collector infrastructure to syslog

func (*DefaultCollector) CollectConnectionExceptionReport ¶

func (d *DefaultCollector) CollectConnectionExceptionReport(report *ConnectionExceptionReport)

CollectConnectionExceptionReport collects the connection exception report

func (*DefaultCollector) CollectContainerEvent ¶

func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)

CollectContainerEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectCounterEvent ¶

func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)

CollectCounterEvent collect counters from the datapath

func (*DefaultCollector) CollectDNSRequests ¶

func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)

CollectDNSRequests collect counters from the datapath

func (*DefaultCollector) CollectFlowEvent ¶

func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)

CollectFlowEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectPacketEvent ¶

func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)

CollectPacketEvent collects packet events from the datapath

func (*DefaultCollector) CollectPingEvent ¶

func (d *DefaultCollector) CollectPingEvent(report *PingReport)

CollectPingEvent collects ping events from the datapath

func (*DefaultCollector) CollectTraceEvent ¶

func (d *DefaultCollector) CollectTraceEvent(records []string)

CollectTraceEvent collects iptables trace events

func (*DefaultCollector) CollectUserEvent ¶

func (d *DefaultCollector) CollectUserEvent(record *UserRecord)

CollectUserEvent is part of the EventCollector interface.

type EndPoint ¶ added in v1.0.24

type EndPoint struct {
	ID         string
	IP         string
	URI        string
	HTTPMethod string
	UserID     string
	Type       EndPointType
	Port       uint16
}

EndPoint is a structure that holds all the endpoint information

type EndPointType ¶ added in v1.0.24

type EndPointType byte

EndPointType is the type of an endpoint (PU or an external IP address )

const (
	// EndPointTypeExternalIP indicates that the endpoint is an external IP address
	EndPointTypeExternalIP EndPointType = iota
	// EndPointTypePU indicates that the endpoint is a PU.
	EndPointTypePU
	// EndPointTypeClaims indicates that the endpoint is of type claims.
	EndPointTypeClaims
)

func (*EndPointType) String ¶ added in v1.0.24

func (e *EndPointType) String() string

type EventCollector ¶

type EventCollector interface {

	// CollectFlowEvent collect a  flow event.
	CollectFlowEvent(record *FlowRecord)

	// CollectContainerEvent collects a container events
	CollectContainerEvent(record *ContainerRecord)

	// CollectUserEvent  collects a user event
	CollectUserEvent(record *UserRecord)

	// CollectTraceEvent collects a set of trace messages generated with Iptables trace command
	CollectTraceEvent(records []string)

	// CollectPacketEvent collects packet event from nfqdatapath
	CollectPacketEvent(report *PacketReport)

	// CollectCounterEvent collects the counters from
	CollectCounterEvent(counterReport *CounterReport)

	// CollectDNSRequests collects the dns requests
	CollectDNSRequests(request *DNSRequestReport)

	// CollectPingEvent collects the ping events
	CollectPingEvent(report *PingReport)

	// CollectConnectionExceptionReport collects the connection exception report
	CollectConnectionExceptionReport(report *ConnectionExceptionReport)
}

EventCollector is the interface for collecting events.

func NewDefaultCollector ¶

func NewDefaultCollector() EventCollector

NewDefaultCollector returns a default implementation of an EventCollector

type FlowRecord ¶

type FlowRecord struct {
	ContextID             string
	Namespace             string
	Source                EndPoint
	Destination           EndPoint
	Tags                  []string
	DropReason            string
	PolicyID              string
	ObservedPolicyID      string
	ServiceType           policy.ServiceType
	ServiceID             string
	Count                 int
	Action                policy.ActionType
	ObservedAction        policy.ActionType
	ObservedActionType    policy.ObserveActionType
	L4Protocol            uint8
	SourceController      string
	DestinationController string
	RuleName              string
}

FlowRecord describes a flow record for statistis

func (*FlowRecord) String ¶ added in v1.0.24

func (f *FlowRecord) String() string

type IPTablesTrace ¶

type IPTablesTrace struct {
	Namespace string
	Timestamp int64
	Records   []*IPTablesTraceRecord
}

IPTablesTrace is a bundle of iptables trace records

type IPTablesTraceRecord ¶

type IPTablesTraceRecord struct {
	TTL                  int
	Chain                string
	DestinationIP        string
	DestinationInterface string
	DestinationPort      int
	Length               int
	PacketID             int
	Protocol             int
	RuleID               int
	SourceIP             string
	SourceInterface      string
	SourcePort           int
	TableName            string
}

IPTablesTraceRecord is the info parsed out from a trace event message

type PacketReport ¶

type PacketReport struct {
	TCPFlags        int
	Claims          []string
	DestinationIP   string
	DestinationPort int
	DropReason      string
	Encrypt         bool
	Event           packettracing.PacketEvent
	Length          int
	Mark            int
	Namespace       string
	PacketID        int
	Protocol        int
	PUID            string
	SourceIP        string
	SourcePort      int
	TriremePacket   bool
	Timestamp       int64
	Payload         []byte
}

PacketReport is the struct which is used to report packets captured in datapath

type PingReport ¶

type PingReport struct {
	PingID               string
	IterationID          int
	Type                 gaia.PingProbeTypeValue
	PUID                 string
	Namespace            string
	FourTuple            string
	RTT                  string
	Protocol             int
	ServiceType          string
	PayloadSize          int
	PayloadSizeType      gaia.PingProbePayloadSizeTypeValue
	PolicyID             string
	PolicyAction         policy.ActionType
	AgentVersion         string
	ApplicationListening bool
	SeqNum               uint32
	TargetTCPNetworks    bool
	ExcludedNetworks     bool
	Error                string
	Claims               []string
	ClaimsType           gaia.PingProbeClaimsTypeValue
	ACLPolicyID          string
	ACLPolicyAction      policy.ActionType
	PeerCertIssuer       string
	PeerCertSubject      string
	PeerCertExpiry       time.Time
	IsServer             bool
	ServiceID            string

	// Remote pu fields.
	RemoteController    string
	RemotePUID          string
	RemoteEndpointType  EndPointType
	RemoteNamespace     string
	RemoteNamespaceType gaia.PingProbeRemoteNamespaceTypeValue
}

PingReport represents a single ping report from datapath.

type UserRecord ¶

type UserRecord struct {
	ID        string
	Namespace string
	Claims    []string
}

UserRecord reports a new user access. These will be reported periodically.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mockcollector Package mockcollector is a generated GoMock package.	Package mockcollector is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL