trireme-lib: go.aporeto.io/trireme-lib/collector Index | Files | Directories

package collector

import "go.aporeto.io/trireme-lib/collector"

Index

Package Files

default.go interfaces.go

Constants

const (
    // FlowReject indicates that a flow was rejected
    FlowReject = "reject"
    // FlowAccept logs that a flow is accepted
    FlowAccept = "accept"
    // MissingToken indicates that the token was missing
    MissingToken = "missingtoken"
    // InvalidToken indicates that the token was invalid
    InvalidToken = "token"
    // InvalidFormat indicates that the packet metadata were not correct
    InvalidFormat = "format"
    // InvalidHeader indicates that the TCP header was not there.
    InvalidHeader = "header"
    // InvalidPayload indicates that the TCP payload was not there or bad.
    InvalidPayload = "payload"
    // InvalidContext indicates that there was no context in the metadata
    InvalidContext = "context"
    // InvalidConnection indicates that there was no connection found
    InvalidConnection = "connection"
    // InvalidState indicates that a packet was received without proper state information
    InvalidState = "state"
    // InvalidNonse indicates that the nonse check failed
    InvalidNonse = "nonse"
    // PolicyDrop indicates that the flow is rejected because of the policy decision
    PolicyDrop = "policy"
    // APIPolicyDrop indicates that the request was dropped because of failed API validation.
    APIPolicyDrop = "api"
    // UnableToDial indicates that the proxy cannot dial out the connection
    UnableToDial = "dial"
    // CompressedTagMismatch indicates that the compressed tag version is dissimilar
    CompressedTagMismatch = "compressedtagmismatch"
    // EncryptionMismatch indicates that the policy encryption varies between client and server enforcer
    EncryptionMismatch = "encryptionmismatch"
    // DatapathVersionMismatch indicates that the datapath version is dissimilar
    DatapathVersionMismatch = "datapathversionmismatch"
    // PacketDrop indicate a single packet drop
    PacketDrop = "packetdrop"
)

Flow event description

const (
    // ContainerStart indicates a container start event
    ContainerStart = "start"
    // ContainerStop indicates a container stop event
    ContainerStop = "stop"
    // ContainerCreate indicates a container create event
    ContainerCreate = "create"
    // ContainerDelete indicates a container delete event
    ContainerDelete = "delete"
    // ContainerUpdate indicates a container policy update event
    ContainerUpdate = "update"
    // ContainerFailed indicates an event that a container was stopped because of policy issues
    ContainerFailed = "forcestop"
    // ContainerIgnored indicates that the container will be ignored by Trireme
    ContainerIgnored = "ignore"
    // ContainerDeleteUnknown indicates that policy for an unknown  container was deleted
    ContainerDeleteUnknown = "unknowncontainer"
)

Container event description

const (
    // PolicyValid Normal flow accept
    PolicyValid = "V"
    // DefaultEndPoint  provides a string for unknown container sources
    DefaultEndPoint = "default"
    // SomeClaimsSource provides a string for some claims flow source.
    SomeClaimsSource = "some-claims"
)

func HashHashWithNamespace Uses

func HashHashWithNamespace(claimsHash string, namespace string) (string, error)

HashHashWithNamespace hash the given claim hash with the given namespace.

func StatsFlowHash Uses

func StatsFlowHash(r *FlowRecord) string

StatsFlowHash is a hash function to hash flows

func StatsUserHash Uses

func StatsUserHash(r *UserRecord) error

StatsUserHash is a hash function to hash user records.

type ContainerRecord Uses

type ContainerRecord struct {
    ContextID string
    IPAddress policy.ExtendedMap
    Tags      *policy.TagStore
    Event     string
}

ContainerRecord is a statistics record for a container

type CounterReport Uses

type CounterReport struct {
    Namespace string
    ContextID string
    Counters  []Counters
}

CounterReport is called from the PU which reports Counters from the datapath

type Counters Uses

type Counters struct {
    Name  string
    Value uint32
}

Counters represent a single entry with name and current val

type DNSRequestReport Uses

type DNSRequestReport struct {
    Namespace  string
    Source     *EndPoint
    NameLookup string
    Error      string
    Count      int
    Ts         time.Time
}

DNSRequestReport object is used to report dns requests being made by PU's

type DefaultCollector Uses

type DefaultCollector struct{}

DefaultCollector implements a default collector infrastructure to syslog

func (*DefaultCollector) CollectContainerEvent Uses

func (d *DefaultCollector) CollectContainerEvent(record *ContainerRecord)

CollectContainerEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectCounterEvent Uses

func (d *DefaultCollector) CollectCounterEvent(report *CounterReport)

CollectCounterEvent collect counters from the datapath

func (*DefaultCollector) CollectDNSRequests Uses

func (d *DefaultCollector) CollectDNSRequests(report *DNSRequestReport)

CollectDNSRequests collect counters from the datapath

func (*DefaultCollector) CollectFlowEvent Uses

func (d *DefaultCollector) CollectFlowEvent(record *FlowRecord)

CollectFlowEvent is part of the EventCollector interface.

func (*DefaultCollector) CollectPacketEvent Uses

func (d *DefaultCollector) CollectPacketEvent(report *PacketReport)

CollectPacketEvent collects packet events from the datapath

func (*DefaultCollector) CollectTraceEvent Uses

func (d *DefaultCollector) CollectTraceEvent(records []string)

CollectTraceEvent collects iptables trace events

func (*DefaultCollector) CollectUserEvent Uses

func (d *DefaultCollector) CollectUserEvent(record *UserRecord)

CollectUserEvent is part of the EventCollector interface.

type EndPoint Uses

type EndPoint struct {
    ID         string
    IP         string
    URI        string
    HTTPMethod string
    UserID     string
    Type       EndPointType
    Port       uint16
}

EndPoint is a structure that holds all the endpoint information

type EndPointType Uses

type EndPointType byte

EndPointType is the type of an endpoint (PU or an external IP address )

const (
    // EndPointTypeExternalIP indicates that the endpoint is an external IP address
    EndPointTypeExternalIP EndPointType = iota
    // EnpointTypePU indicates that the endpoint is a PU.
    EnpointTypePU
    // EndpointTypeClaims indicates that the endpoint is of type claims.
    EndpointTypeClaims
)

func (*EndPointType) String Uses

func (e *EndPointType) String() string

type EventCollector Uses

type EventCollector interface {

    // CollectFlowEvent collect a  flow event.
    CollectFlowEvent(record *FlowRecord)

    // CollectContainerEvent collects a container events
    CollectContainerEvent(record *ContainerRecord)

    // CollectUserEvent  collects a user event
    CollectUserEvent(record *UserRecord)

    // CollectTraceEvent collects a set of trace messages generated with Iptables trace command
    CollectTraceEvent(records []string)

    // CollectPacketEvent collects packet event from nfqdatapath
    CollectPacketEvent(report *PacketReport)

    // CollectCounterEvent collects the counters from
    CollectCounterEvent(counterReport *CounterReport)

    // CollectDNSRequests collects the dns requests
    CollectDNSRequests(request *DNSRequestReport)
}

EventCollector is the interface for collecting events.

func NewDefaultCollector Uses

func NewDefaultCollector() EventCollector

NewDefaultCollector returns a default implementation of an EventCollector

type FlowRecord Uses

type FlowRecord struct {
    ContextID        string
    Namespace        string
    Source           *EndPoint
    Destination      *EndPoint
    Tags             *policy.TagStore
    DropReason       string
    PolicyID         string
    ObservedPolicyID string
    ServiceType      policy.ServiceType
    ServiceID        string
    Count            int
    Action           policy.ActionType
    ObservedAction   policy.ActionType
    L4Protocol       uint8
}

FlowRecord describes a flow record for statistis

func (*FlowRecord) String Uses

func (f *FlowRecord) String() string

type PacketReport Uses

type PacketReport struct {
    TCPFlags        int
    Claims          []string
    DestinationIP   string
    DestinationPort int
    DropReason      string
    Encrypt         bool
    Event           packettracing.PacketEvent
    Length          int
    Mark            int
    Namespace       string
    PacketID        int
    Protocol        int
    PUID            string
    SourceIP        string
    SourcePort      int
    TriremePacket   bool
    Payload         []byte
}

PacketReport is the struct which is used to report packets captured in datapath

type UserRecord Uses

type UserRecord struct {
    ID        string
    Namespace string
    Claims    []string
}

UserRecord reports a new user access. These will be reported periodically.

Directories

PathSynopsis
mockcollectorPackage mockcollector is a generated GoMock package.

Package collector imports 8 packages (graph) and is imported by 58 packages. Updated 2019-09-13. Refresh now. Tools for package owners.