Documentation
¶
Overview ¶
Package config implements network tracing configuration
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
ebpf.Config
// NPMEnabled is whether the network performance monitoring feature is explicitly enabled or not
NPMEnabled bool
// CollectTCPv4Conns specifies whether the tracer should collect traffic statistics for TCPv4 connections
CollectTCPv4Conns bool
// CollectTCPv6Conns specifies whether the tracer should collect traffic statistics for TCPv6 connections
CollectTCPv6Conns bool
// CollectUDPv4Conns specifies whether the tracer should collect traffic statistics for UDPv4 connections
CollectUDPv4Conns bool
// CollectUDPv6Conns specifies whether the tracer should collect traffic statistics for UDPv6 connections
CollectUDPv6Conns bool
// CollectLocalDNS specifies whether the tracer should capture traffic for local DNS calls
CollectLocalDNS bool
// DNSInspection specifies whether the tracer should enhance connection data with domain names by inspecting DNS traffic
// Notice this does *not* depend on CollectLocalDNS
DNSInspection bool
// CollectDNSStats specifies whether the tracer should enhance connection data with relevant DNS stats
// It is relevant *only* when DNSInspection is enabled.
CollectDNSStats bool
// CollectDNSDomains specifies whether collected DNS stats would be scoped by domain
// It is relevant *only* when DNSInspection and CollectDNSStats is enabled.
CollectDNSDomains bool
// DNSTimeout determines the length of time to wait before considering a DNS Query to have timed out
DNSTimeout time.Duration
// MaxDNSStats determines the number of separate DNS Stats objects DNSStatkeeper can have at any given time
// These stats objects get flushed on every client request (default 30s check interval)
MaxDNSStats int
// Embedded USM configuration
*USMConfig
// UDPConnTimeout determines the length of traffic inactivity between two
// (IP, port)-pairs before declaring a UDP connection as inactive. This is
// set to /proc/sys/net/netfilter/nf_conntrack_udp_timeout on Linux by
// default.
UDPConnTimeout time.Duration
// UDPStreamTimeout is the timeout for udp streams. This is set to
// /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream on Linux by
// default.
UDPStreamTimeout time.Duration
// TCPConnTimeout is like UDPConnTimeout, but for TCP connections. TCP connections are cleared when
// the BPF module receives a tcp_close call, but TCP connections also age out to catch cases where
// tcp_close is not intercepted for some reason.
TCPConnTimeout time.Duration
// MaxTrackedConnections specifies the maximum number of connections we can track. This determines the size of the eBPF Maps
MaxTrackedConnections uint32
// MaxClosedConnectionsBuffered represents the maximum number of closed connections we'll buffer in memory. These closed connections
// get flushed on every client request (default 30s check interval)
MaxClosedConnectionsBuffered uint32
// MaxFailedConnectionsBuffered represents the maximum number of failed connections we'll buffer in memory. These connections will be
// removed from memory as they are matched to closed connections
MaxFailedConnectionsBuffered uint32
// ClosedConnectionFlushThreshold represents the number of closed connections stored before signalling
// the agent to flush the connections. This value only valid on Windows
ClosedConnectionFlushThreshold int
// MaxDNSStatsBuffered represents the maximum number of DNS stats we'll buffer in memory. These stats
// get flushed on every client request (default 30s check interval)
MaxDNSStatsBuffered int
// MaxConnectionsStateBuffered represents the maximum number of state objects that we'll store in memory. These state objects store
// the stats for a connection so we can accurately determine traffic change between client requests.
MaxConnectionsStateBuffered int
// ClientStateExpiry specifies the max time a client (e.g. process-agent)'s state will be stored in memory before being evicted.
ClientStateExpiry time.Duration
// EnableConntrack enables probing conntrack for network address translation
EnableConntrack bool
// IgnoreConntrackInitFailure will ignore any conntrack initialization failiures during system-probe load. If this is set to false, system-probe
// will fail to start if there is a conntrack initialization failure.
IgnoreConntrackInitFailure bool
// ConntrackMaxStateSize specifies the maximum number of connections with NAT we can track
ConntrackMaxStateSize int
// ConntrackRateLimit specifies the maximum number of netlink messages *per second* that can be processed
// Setting it to -1 disables the limit and can result in a high CPU usage.
ConntrackRateLimit int
// ConntrackRateLimitInterval specifies the interval at which the rate limiter is updated
ConntrackRateLimitInterval time.Duration
// ConntrackInitTimeout specifies how long we wait for conntrack to initialize before failing
ConntrackInitTimeout time.Duration
// EnableConntrackAllNamespaces enables network address translation via netlink for all namespaces that are peers of the root namespace.
// default is true
EnableConntrackAllNamespaces bool
// EnableEbpfConntracker enables the ebpf based network conntracker
EnableEbpfConntracker bool
// EnableCiliumLBConntracker enables the cilium load balancer conntracker
EnableCiliumLBConntracker bool
// ClosedChannelSize specifies the size for closed channel for the tracer
ClosedChannelSize int
// ClosedBufferWakeupCount specifies the number of events that will buffer in a perf buffer before userspace is woken up.
ClosedBufferWakeupCount int
// ExcludedSourceConnections is a map of source connections to blacklist
ExcludedSourceConnections map[string][]string
// ExcludedDestinationConnections is a map of destination connections to blacklist
ExcludedDestinationConnections map[string][]string
// OffsetGuessThreshold is the size of the byte threshold we will iterate over when guessing offsets
OffsetGuessThreshold uint64
// EnableMonotonicCount (Windows only) determines if we will calculate send/recv bytes of connections with headers and retransmits
EnableMonotonicCount bool
// EnableGatewayLookup enables looking up gateway information for connection destinations
EnableGatewayLookup bool
// RecordedQueryTypes enables specific DNS query types to be recorded
RecordedQueryTypes []string
// EnableProcessEventMonitoring enables consuming CWS process monitoring events from the runtime security module
EnableProcessEventMonitoring bool
// MaxProcessesTracked is the maximum number of processes whose information is stored in the network module
MaxProcessesTracked int
// EnableContainerStore enables reading resolv.conf out of container filesystems. Requires EnableProcessEventMonitoring.
EnableContainerStore bool
// MaxContainersTracked is the maximum number of containers whose resolv.conf information is stored in the network module
MaxContainersTracked int
// EnableRootNetNs disables using the network namespace of the root process (1)
// for things like creating netlink sockets for conntrack updates, etc.
EnableRootNetNs bool
// ProtocolClassificationEnabled specifies whether the tracer should enhance connection data with protocols names by
// classifying the L7 protocols being used.
ProtocolClassificationEnabled bool
// TCPFailedConnectionsEnabled specifies whether the tracer will track & report TCP error codes
TCPFailedConnectionsEnabled bool
// EnableNPMConnectionRollup enables aggregating connections by rolling up ephemeral ports
EnableNPMConnectionRollup bool
// NPMRingbuffersEnabled specifies whether ringbuffers are enabled or not
NPMRingbuffersEnabled bool
// EnableEbpfless enables the use of network tracing without eBPF using packet capture.
EnableEbpfless bool
// EnableFentry enables the experimental fentry tracer (disabled by default)
EnableFentry bool
// CustomBatchingEnabled enables the use of custom batching for eBPF perf events with perf buffers
CustomBatchingEnabled bool
// ExpectedTagsDuration is the duration for which we add host and container tags to our payloads, to handle the race
// in the backend for processing host/container tags and resolving them in our own pipelines.
ExpectedTagsDuration time.Duration
// EnableCertCollection enables the collection of TLS certificates via userspace probing
EnableCertCollection bool
// CertCollectionMapCleanerInterval is the interval between eBPF map cleaning for TLS cert collection
CertCollectionMapCleanerInterval time.Duration
// DirectSend controls whether we send payloads directly from system-probe or they are queried from process-agent.
// Not supported on Windows
DirectSend bool
}
Config stores all flags used by the network eBPF tracer
func (*Config) FailedConnectionsSupported ¶
FailedConnectionsSupported returns true if the config & TCP v4 || v6 is enabled
func (*Config) GetRootNetNs ¶
GetRootNetNs returns the network namespace to use for creating, e.g., netlink sockets
This will be the host's default network namespace if network_config.enable_root_netns is set to true (the default); otherwise this will be the default network namespace for the current process
func (*Config) RingBufferSupportedNPM ¶
RingBufferSupportedNPM returns true if the kernel supports ring buffers and the config enables them
func (*Config) RingBufferSupportedUSM ¶
RingBufferSupportedUSM returns true if the kernel supports ring buffers and the config enables them
type ReplaceRule ¶
type ReplaceRule struct {
// Pattern specifies the regexp pattern to be used when replacing. It must compile.
Pattern string `mapstructure:"pattern"`
// Re holds the compiled Pattern and is only used internally.
Re *regexp.Regexp `mapstructure:"-" json:"-"`
// Repl specifies the replacement string to be used when Pattern matches.
Repl string `mapstructure:"repl"`
}
ReplaceRule specifies a replace rule.
type USMConfig ¶
type USMConfig struct {
// ServiceMonitoringEnabled is whether the service monitoring feature is enabled or not
ServiceMonitoringEnabled bool
// MaxUSMConcurrentRequests represents the maximum number of requests (for a single protocol)
// that can happen concurrently at a given point in time. This parameter is used for sizing our eBPF maps.
MaxUSMConcurrentRequests uint32
// EnableUSMQuantization enables endpoint quantization for USM programs
EnableUSMQuantization bool
// EnableUSMConnectionRollup enables the aggregation of connection data belonging to a same (client, server) pair
EnableUSMConnectionRollup bool
// EnableUSMRingBuffers enables the use of eBPF Ring Buffer types on supported kernels
EnableUSMRingBuffers bool
// EnableUSMEventStream enables USM to use the event stream instead of netlink for receiving process events
EnableUSMEventStream bool
// USMKernelBufferPages defines the number of pages to allocate for the USM kernel buffer
USMKernelBufferPages int
// USMDataChannelSize specifies the size of the data channel for USM
USMDataChannelSize int
// DirectConsumerBufferWakeupCountPerCPU specifies the number of events per CPU that will buffer in a perf buffer before userspace is woken up for USM direct consumer.
// For ring buffers (which are shared across all CPUs), this value is multiplied by the CPU count.
DirectConsumerBufferWakeupCountPerCPU int
// DirectConsumerChannelSize specifies the channel buffer size multiplier for USM direct consumer.
DirectConsumerChannelSize int
// DirectConsumerKernelBufferSizePerCPU specifies the base buffer size for USM direct consumer kernel buffer.
// For perf buffers, this value is rounded up to the nearest page size multiple (per-CPU).
// For ring buffers, this value is multiplied by CPU count and rounded to the nearest power of 2 (total size).
DirectConsumerKernelBufferSizePerCPU int
// DisableMapPreallocation controls whether eBPF maps should disable preallocation (BPF_F_NO_PREALLOC flag).
// When true, maps allocate entries on-demand instead of preallocating the full map size, improving memory efficiency.
DisableMapPreallocation bool
// EnableHTTPMonitoring specifies whether the tracer should monitor HTTP traffic
EnableHTTPMonitoring bool
// MaxHTTPStatsBuffered represents the maximum number of HTTP stats we'll buffer in memory
MaxHTTPStatsBuffered int
// HTTPMapCleanerInterval is the interval to run the cleaner function
HTTPMapCleanerInterval time.Duration
// HTTPIdleConnectionTTL is the time an idle connection counted as "inactive" and should be deleted
HTTPIdleConnectionTTL time.Duration
// HTTPReplaceRules are rules for replacing HTTP path patterns
HTTPReplaceRules []*ReplaceRule
// HTTPUseDirectConsumer forces the use of direct consumer for HTTP monitoring instead of batch consumer
// When true, direct consumer is used if kernel supports it (>=5.8.0), otherwise falls back to batch consumer
// When false (default), batch consumer is always used regardless of kernel version
HTTPUseDirectConsumer bool
// HTTP Windows-specific Configuration
// MaxTrackedHTTPConnections max number of http(s) flows that will be concurrently tracked (Windows only)
MaxTrackedHTTPConnections int64
// HTTPNotificationThreshold is the number of connections to hold in the kernel before signalling (Windows only)
HTTPNotificationThreshold int64
// HTTPMaxRequestFragment is the size of the HTTP path buffer to be retrieved (Windows only)
HTTPMaxRequestFragment int64
// EnableHTTP2Monitoring specifies whether the tracer should monitor HTTP2 traffic
EnableHTTP2Monitoring bool
// HTTP2DynamicTableMapCleanerInterval is the interval to run the cleaner function
HTTP2DynamicTableMapCleanerInterval time.Duration
// EnableKafkaMonitoring specifies whether the tracer should monitor Kafka traffic
EnableKafkaMonitoring bool
// MaxKafkaStatsBuffered represents the maximum number of Kafka stats we'll buffer in memory
MaxKafkaStatsBuffered int
// EnablePostgresMonitoring specifies whether the tracer should monitor Postgres traffic
EnablePostgresMonitoring bool
// MaxPostgresStatsBuffered represents the maximum number of Postgres stats we'll buffer in memory
MaxPostgresStatsBuffered int
// MaxPostgresTelemetryBuffer represents the maximum size of the telemetry buffer size for Postgres
MaxPostgresTelemetryBuffer int
// EnableRedisMonitoring specifies whether the tracer should monitor Redis traffic
EnableRedisMonitoring bool
// RedisTrackResources specifies whether to track Redis resource names (keys) or only methods
RedisTrackResources bool
// MaxRedisStatsBuffered represents the maximum number of Redis stats we'll buffer in memory
MaxRedisStatsBuffered int
// EnableNativeTLSMonitoring specifies whether the USM should monitor HTTPS traffic via native libraries
// Supported libraries: OpenSSL, GnuTLS, LibCrypto
EnableNativeTLSMonitoring bool
// EnableGoTLSSupport specifies whether the tracer should monitor HTTPS traffic done through Go's standard library
EnableGoTLSSupport bool
// GoTLSExcludeSelf specifies whether USM's GoTLS module should avoid hooking the system-probe test binary
GoTLSExcludeSelf bool
// EnableNodeJSMonitoring specifies whether USM should monitor NodeJS TLS traffic
EnableNodeJSMonitoring bool
// EnableIstioMonitoring specifies whether USM should monitor Istio traffic
EnableIstioMonitoring bool
// EnvoyPath specifies the envoy path to be used for Istio monitoring
EnvoyPath string
}
USMConfig contains all configuration specific to Universal Service Monitoring (USM)
func NewUSMConfig ¶
NewUSMConfig creates a new USM configuration from the system probe config
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.