trireme-lib: Index | Files | Directories

package collector

import ""


Package Files

default.go interfaces.go


const (
    // FlowReject indicates that a flow was rejected
    FlowReject = "reject"
    // FlowAccept logs that a flow is accepted
    FlowAccept = "accept"
    // MissingToken indicates that the token was missing
    MissingToken = "missingtoken"
    // InvalidToken indicates that the token was invalid
    InvalidToken = "token"
    // InvalidFormat indicates that the packet metadata were not correct
    InvalidFormat = "format"
    // InvalidHeader indicates that the TCP header was not there.
    InvalidHeader = "header"
    // InvalidPayload indicates that the TCP payload was not there or bad.
    InvalidPayload = "payload"
    // InvalidContext indicates that there was no context in the metadata
    InvalidContext = "context"
    // InvalidConnection indicates that there was no connection found
    InvalidConnection = "connection"
    // InvalidState indicates that a packet was received without proper state information
    InvalidState = "state"
    // InvalidNonse indicates that the nonse check failed
    InvalidNonse = "nonse"
    // PolicyDrop indicates that the flow is rejected because of the policy decision
    PolicyDrop = "policy"
    // APIPolicyDrop indicates that the request was dropped because of failed API validation.
    APIPolicyDrop = "api"
    // UnableToDial indicates that the proxy cannot dial out the connection
    UnableToDial = "dial"
    // CompressedTagMismatch indicates that the compressed tag version is dissimilar
    CompressedTagMismatch = "compressedtagmismatch"
    // EncryptionMismatch indicates that the policy encryption varies between client and server enforcer
    EncryptionMismatch = "encryptionmismatch"
    // DatapathVersionMismatch indicates that the datapath version is dissimilar
    DatapathVersionMismatch = "datapathversionmismatch"
    // PacketDrop indicate a single packet drop
    PacketDrop = "packetdrop"

Flow event description

const (
    // ContainerStart indicates a container start event
    ContainerStart = "start"
    // ContainerStop indicates a container stop event
    ContainerStop = "stop"
    // ContainerCreate indicates a container create event
    ContainerCreate = "create"
    // ContainerDelete indicates a container delete event
    ContainerDelete = "delete"
    // ContainerUpdate indicates a container policy update event
    ContainerUpdate = "update"
    // ContainerFailed indicates an event that a container was stopped because of policy issues
    ContainerFailed = "forcestop"
    // ContainerIgnored indicates that the container will be ignored by Trireme
    ContainerIgnored = "ignore"
    // ContainerDeleteUnknown indicates that policy for an unknown  container was deleted
    ContainerDeleteUnknown = "unknowncontainer"

Container event description

const (
    // PolicyValid Normal flow accept
    PolicyValid = "V"
    // DefaultEndPoint  provides a string for unknown container sources
    DefaultEndPoint = "default"
    // SomeClaimsSource provides a string for some claims flow source.
    SomeClaimsSource = "some-claims"

func HashHashWithNamespace Uses

func HashHashWithNamespace(claimsHash string, namespace string) (string, error)

HashHashWithNamespace hash the given claim hash with the given namespace.

func StatsFlowHash Uses

func StatsFlowHash(r *FlowRecord) string

StatsFlowHash is a hash function to hash flows

func StatsUserHash Uses

func StatsUserHash(r *UserRecord) error

StatsUserHash is a hash function to hash user records.

type ContainerRecord Uses

type ContainerRecord struct {
    ContextID string
    IPAddress policy.ExtendedMap
    Tags      *policy.TagStore
    Event     string

ContainerRecord is a statistics record for a container

type CounterReport Uses

type CounterReport struct {
    Namespace string
    PUID      string
    Timestamp int64
    Counters  []Counters

CounterReport is called from the PU which reports Counters from the datapath

type Counters Uses

type Counters uint32

Counters represent a single entry with name and current val

type DNSRequestReport Uses

type DNSRequestReport struct {
    Namespace  string
    Source     *EndPoint
    NameLookup string
    Error      string
    Count      int
    Ts         time.Time

DNSRequestReport object is used to report dns requests being made by PU's

type DefaultCollector Uses

type DefaultCollector struct{}

DefaultCollector implements a default collector infrastructure to syslog

func (*DefaultCollector) CollectContainerEvent Uses

func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)

CollectContainerEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectCounterEvent Uses

func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)

CollectCounterEvent collect counters from the datapath

func (*DefaultCollector) CollectDNSRequests Uses

func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)

CollectDNSRequests collect counters from the datapath

func (*DefaultCollector) CollectFlowEvent Uses

func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)

CollectFlowEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectPacketEvent Uses

func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)

CollectPacketEvent collects packet events from the datapath

func (*DefaultCollector) CollectPingEvent Uses

func (d *DefaultCollector) CollectPingEvent(report *PingReport)

CollectPingEvent collects ping events from the datapath

func (*DefaultCollector) CollectTraceEvent Uses

func (d *DefaultCollector) CollectTraceEvent(records []string)

CollectTraceEvent collects iptables trace events

func (*DefaultCollector) CollectUserEvent Uses

func (d *DefaultCollector) CollectUserEvent(record *UserRecord)

CollectUserEvent is part of the EventCollector interface.

type EndPoint Uses

type EndPoint struct {
    ID         string
    IP         string
    URI        string
    HTTPMethod string
    UserID     string
    Type       EndPointType
    Port       uint16

EndPoint is a structure that holds all the endpoint information

type EndPointType Uses

type EndPointType byte

EndPointType is the type of an endpoint (PU or an external IP address )

const (
    // EndPointTypeExternalIP indicates that the endpoint is an external IP address
    EndPointTypeExternalIP EndPointType = iota
    // EnpointTypePU indicates that the endpoint is a PU.
    // EndpointTypeClaims indicates that the endpoint is of type claims.

func (*EndPointType) String Uses

func (e *EndPointType) String() string

type EventCollector Uses

type EventCollector interface {

    // CollectFlowEvent collect a  flow event.
    CollectFlowEvent(record *FlowRecord)

    // CollectContainerEvent collects a container events
    CollectContainerEvent(record *ContainerRecord)

    // CollectUserEvent  collects a user event
    CollectUserEvent(record *UserRecord)

    // CollectTraceEvent collects a set of trace messages generated with Iptables trace command
    CollectTraceEvent(records []string)

    // CollectPacketEvent collects packet event from nfqdatapath
    CollectPacketEvent(report *PacketReport)

    // CollectCounterEvent collects the counters from
    CollectCounterEvent(counterReport *CounterReport)

    // CollectDNSRequests collects the dns requests
    CollectDNSRequests(request *DNSRequestReport)

    // CollectPingEvent collects the ping events
    CollectPingEvent(report *PingReport)

EventCollector is the interface for collecting events.

func NewDefaultCollector Uses

func NewDefaultCollector() EventCollector

NewDefaultCollector returns a default implementation of an EventCollector

type FlowRecord Uses

type FlowRecord struct {
    ContextID        string
    Namespace        string
    Source           *EndPoint
    Destination      *EndPoint
    Tags             *policy.TagStore
    DropReason       string
    PolicyID         string
    ObservedPolicyID string
    ServiceType      policy.ServiceType
    ServiceID        string
    Count            int
    Action           policy.ActionType
    ObservedAction   policy.ActionType
    L4Protocol       uint8

FlowRecord describes a flow record for statistis

func (*FlowRecord) String Uses

func (f *FlowRecord) String() string

type PacketReport Uses

type PacketReport struct {
    TCPFlags        int
    Claims          []string
    DestinationIP   string
    DestinationPort int
    DropReason      string
    Encrypt         bool
    Event           packettracing.PacketEvent
    Length          int
    Mark            int
    Namespace       string
    PacketID        int
    Protocol        int
    PUID            string
    SourceIP        string
    SourcePort      int
    TriremePacket   bool
    Payload         []byte

PacketReport is the struct which is used to report packets captured in datapath

type PingReport Uses

type PingReport struct {
    SourceID             string
    SourceNamespace      string
    DestinationID        string
    DestinationNamespace string
    FlowTuple            string
    Latency              string
    AgentVersion         string
    Protocol             int
    ServiceType          string
    PayloadSize          int
    Request              int
    Type                 claimsheader.PingType
    Stage                Stage
    SessionID            string

PingReport represents a single ping report from datapath.

type Stage Uses

type Stage int

Stage represents the checkpoint when the report is sent.

const (
    Origin Stage = iota

Stage options.

func (Stage) String Uses

func (s Stage) String() string

type UserRecord Uses

type UserRecord struct {
    ID        string
    Namespace string
    Claims    []string

UserRecord reports a new user access. These will be reported periodically.


mockcollectorPackage mockcollector is a generated GoMock package.

Package collector imports 9 packages (graph) and is imported by 59 packages. Updated 2020-04-02. Refresh now. Tools for package owners.