monitor

package
v1.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: Apache-2.0 Imports: 24 Imported by: 15

Documentation

Index

Constants

View Source 
const (
	DbgCaptureUnspec = iota
	DbgCaptureReserved1
	DbgCaptureReserved2
	DbgCaptureReserved3
	DbgCaptureDelivery
	DbgCaptureFromLb
	DbgCaptureAfterV46
	DbgCaptureAfterV64
	DbgCaptureProxyPre
	DbgCaptureProxyPost
	DbgCaptureSnatPre
	DbgCaptureSnatPost
)

must be in sync with <bpf/lib/dbg.h>

View Source 
const (
	DbgUnspec = iota
	DbgGeneric
	DbgLocalDelivery
	DbgEncap
	DbgLxcFound
	DbgPolicyDenied
	DbgCtLookup
	DbgCtLookupRev
	DbgCtMatch
	DbgCtCreated
	DbgCtCreated2
	DbgIcmp6Handle
	DbgIcmp6Request
	DbgIcmp6Ns
	DbgIcmp6TimeExceeded
	DbgCtVerdict
	DbgDecap
	DbgPortMap
	DbgErrorRet
	DbgToHost
	DbgToStack
	DbgPktHash
	DbgLb6LookupFrontend
	DbgLb6LookupFrontendFail
	DbgLb6LookupBackendSlot
	DbgLb6LookupBackendSlotSuccess
	DbgLb6LookupBackendSlotV2Fail
	DbgLb6LookupBackendFail
	DbgLb6ReverseNatLookup
	DbgLb6ReverseNat
	DbgLb4LookupFrontend
	DbgLb4LookupFrontendFail
	DbgLb4LookupBackendSlot
	DbgLb4LookupBackendSlotSuccess
	DbgLb4LookupBackendSlotV2Fail
	DbgLb4LookupBackendFail
	DbgLb4ReverseNatLookup
	DbgLb4ReverseNat
	DbgLb4LoopbackSnat
	DbgLb4LoopbackSnatRev
	DbgCtLookup4
	DbgRRBackendSlotSel
	DbgRevProxyLookup
	DbgRevProxyFound
	DbgRevProxyUpdate
	DbgL4Policy
	DbgNetdevInCluster
	DbgNetdevEncap4
	DbgCTLookup41
	DbgCTLookup42
	DbgCTCreated4
	DbgCTLookup61
	DbgCTLookup62
	DbgCTCreated6
	DbgSkipProxy
	DbgL4Create
	DbgIPIDMapFailed4
	DbgIPIDMapFailed6
	DbgIPIDMapSucceed4
	DbgIPIDMapSucceed6
	DbgLbStaleCT
	DbgInheritIdentity
	DbgSkLookup4
	DbgSkLookup6
	DbgSkAssign
	DbgL7LB
	DbgLb6LoopbackSnat
	DbgLb6LoopbackSnatRev
)

must be in sync with <bpf/lib/dbg.h>

View Source 
const (
	CtNew uint32 = iota
	CtEstablished
	CtReply
	CtRelated
)

must be in sync with <bpf/lib/conntrack.h>

View Source 
const (
	DropNotifyVersion0 = iota
	DropNotifyVersion1
	DropNotifyVersion2
	DropNotifyVersion3
)
View Source 
const (
	// DropNotifyFlagIsIPv6 is set in DropNotify.Flags when it refers to an IPv6 flow.
	DropNotifyFlagIsIPv6 uint8 = 1 << iota
	// DropNotifyFlagIsL3Device is set in DropNotify.Flags when it refers to a L3 device.
	DropNotifyFlagIsL3Device
	// DropNotifyFlagIsVXLAN is set in DropNotify.Flags when it refers to an overlay VXLAN packet.
	DropNotifyFlagIsVXLAN
	// DropNotifyFlagIsGeneve is set in DropNotify.Flags when it refers to an overlay Geneve packet.
	DropNotifyFlagIsGeneve
)
View Source 
const (
	// PolicyVerdictNotifyLen is the length (in bytes) of the PolicyVerdictNotify message
	// header, i.e. the offset of the packet data provided in a policy verdict notification.
	PolicyVerdictNotifyLen = 40

	// PolicyVerdictNotifyFlagDirection is the bit mask in Flags that
	// corresponds to the direction of a traffic
	PolicyVerdictNotifyFlagDirection = 0x3

	// PolicyVerdictNotifyFlagIsIPv6 is the bit mask in Flags that
	// corresponds to whether the traffic is IPv6 or not
	PolicyVerdictNotifyFlagIsIPv6 = 0x4

	// PolicyVerdictNotifyFlagMatchType is the bit mask in Flags that
	// corresponds to the policy match type
	PolicyVerdictNotifyFlagMatchType = 0x38

	// PolicyVerdictNotifyFlagIsAudited is the bit mask in Flags that
	// corresponds to whether the traffic was allowed due to the audit mode
	PolicyVerdictNotifyFlagIsAudited = 0x40

	// PolicyVerdictNotifyFlagIsL3 is the bit mask in Flags that
	// corresponds to whether the traffic is from a L3 device or not
	PolicyVerdictNotifyFlagIsL3 = 0x80

	// PolicyVerdictNotifyFlagMatchTypeBitOffset is the bit offset in Flags that
	// corresponds to the policy match type
	PolicyVerdictNotifyFlagMatchTypeBitOffset = 3
)
View Source 
const (
	XlatePointUnknown = iota
	XlatePointPreDirectionFwd
	XlatePointPostDirectionFwd
	XlatePointPreDirectionRev
	XlatePointPostDirectionRev
)

Service translation event point in socket trace event messages

View Source 
const (
	L4ProtocolUnknown = iota
	L4ProtocolTCP
	L4ProtocolUDP
)

L4 protocol for socket trace event messages

View Source 
const (
	// TraceNotifyFlagIsIPv6 is set in TraceNotify.Flags when the
	// notification refers to an IPv6 flow
	TraceNotifyFlagIsIPv6 uint8 = 1 << iota
	// TraceNotifyFlagIsL3Device is set in TraceNotify.Flags when the
	// notification refers to a L3 device.
	TraceNotifyFlagIsL3Device
	// TraceNotifyFlagIsVXLAN is set in TraceNotify.Flags when the
	// notification refers to an overlay VXLAN packet.
	TraceNotifyFlagIsVXLAN
	// TraceNotifyFlagIsGeneve is set in TraceNotify.Flags when the
	// notification refers to an overlay Geneve packet.
	TraceNotifyFlagIsGeneve
)
View Source 
const (
	TraceNotifyVersion0 = iota
	TraceNotifyVersion1
	TraceNotifyVersion2
)
View Source 
const (
	TraceReasonPolicy = iota
	TraceReasonCtEstablished
	TraceReasonCtReply
	TraceReasonCtRelated
	TraceReasonCtDeprecatedReopened
	TraceReasonUnknown
	TraceReasonSRv6Encap
	TraceReasonSRv6Decap
	TraceReasonDeprecatedEncryptOverlay
	// TraceReasonEncryptMask is the bit used to indicate encryption or not.
	TraceReasonEncryptMask = uint8(0x80)
)

Reasons for forwarding a packet, keep in sync with api/v1/flow/flow.proto

View Source 
const DebugCaptureExtensionDisabled = 0
View Source 
const (
	// DebugCaptureLen is the amount of packet data in a packet capture message
	DebugCaptureLen = 24
)
View Source 
const (
	// DebugMsgLen is the amount of packet data in a packet capture message
	DebugMsgLen = 20
)
View Source 
const DropNotifyExtensionDisabled = 0
View Source 
const PolicyVerdictExtensionDisabled = 0
View Source 
const TraceNotifyExtensionDisabled = 0
View Source 
const TraceSockNotifyFlagIPv6 uint8 = 0x1
View Source 
const (
	TraceSockNotifyLen = 40
)

Variables

This section is empty.

Functions

func Dissect 

func Dissect(buf *bufio.Writer, dissect bool, data []byte, opts *decodeOpts)

Dissect parses and prints the provided data if dissect is set to true, otherwise the data is printed as HEX output

func GetAllTypes 

func GetAllTypes() []string

GetAllTypes returns a slice of all known message types, sorted

func GetConnectionSummary 

func GetConnectionSummary(data []byte, opts *decodeOpts) string

GetConnectionSummary decodes the data into layers and returns a connection summary in the format:

- sIP:sPort -> dIP:dPort, e.g. 1.1.1.1:2000 -> 2.2.2.2:80 - sIP -> dIP icmpCode, 1.1.1.1 -> 2.2.2.2 echo-request - <inner> [tunnel sIP:sPort -> dIP:dPort type], e.g. 1.1.1.1:2000 -> 2.2.2.2:80 [tunnel 5.5.5.5:8472 -> 6.6.6.6:32767 vxlan]

func GetPolicyActionString 

func GetPolicyActionString(verdict int32, audit bool) string

GetPolicyActionString returns the action string corresponding to the action

Types

type ConnectionInfo 

type ConnectionInfo struct {
	SrcIP            net.IP
	DstIP            net.IP
	SrcPort          uint16
	DstPort          uint16
	Proto            string
	IcmpCode         string
	VrrpType         string
	VrrpVrID         string
	VrrpPriority     string
	IgmpType         string
	IgmpGroupAddress string
	Tunnel           *ConnectionInfo
}

ConnectionInfo contains tuple information (IP addresses, ports, protocol) and protocol-specific fields (e.g., ICMP, VRRP, IGMP) for a connection.

type DebugCapture 

type DebugCapture struct {
	api.DefaultSrcDstGetter
	Type    uint8 `align:"type"`
	SubType uint8 `align:"subtype"`
	// Source, if populated, is the ID of the source endpoint.
	Source     uint16 `align:"source"`
	Hash       uint32 `align:"hash"`
	OrigLen    uint32 `align:"len_orig"`
	Len        uint16 `align:"len_cap"`
	Version    uint8  `align:"version"`
	ExtVersion uint8  `align:"ext_version"`
	Arg1       uint32 `align:"arg1"`
	Arg2       uint32 `align:"arg2"`
}

DebugCapture is the metadata sent along with a captured packet frame

func (*DebugCapture) DataOffset added in v1.19.0 

func (n *DebugCapture) DataOffset() uint

DataOffset returns the offset from the beginning of DebugCapture where the notification data begins.

func (*DebugCapture) Decode added in v1.19.0 

func (n *DebugCapture) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

func (*DebugCapture) Dump added in v1.19.0 

func (n *DebugCapture) Dump(args *api.DumpArgs)

Dump prints the message according to the verbosity level specified

func (*DebugCapture) DumpInfo 

func (n *DebugCapture) DumpInfo(buf *bufio.Writer, data []byte, linkMonitor getters.LinkGetter)

DumpInfo prints a summary of the capture messages.

func (*DebugCapture) DumpJSON 

func (n *DebugCapture) DumpJSON(buf *bufio.Writer, data []byte, cpuPrefix string, linkMonitor getters.LinkGetter)

DumpJSON prints notification in json format

func (*DebugCapture) DumpVerbose 

func (n *DebugCapture) DumpVerbose(buf *bufio.Writer, dissect bool, data []byte, prefix string)

DumpVerbose prints the captured packet in human readable format

func (*DebugCapture) GetSrc added in v1.19.0 

func (n *DebugCapture) GetSrc() uint16

GetSrc retrieves the source endpoint for the message.

type DebugCaptureVerbose 

type DebugCaptureVerbose struct {
	CPUPrefix string `json:"cpu,omitempty"`
	Type      string `json:"type,omitempty"`
	Mark      string `json:"mark,omitempty"`
	Message   string `json:"message,omitempty"`
	Prefix    string `json:"prefix,omitempty"`

	Source uint16 `json:"source"`
	Bytes  uint16 `json:"bytes"`

	Summary string `json:"summary,omitempty"`
}

DebugCaptureVerbose represents a json notification printed by monitor

func DebugCaptureToVerbose 

func DebugCaptureToVerbose(n *DebugCapture, linkMonitor getters.LinkGetter) DebugCaptureVerbose

DebugCaptureToVerbose creates verbose notification from base TraceNotify

type DebugMsg 

type DebugMsg struct {
	api.DefaultSrcDstGetter
	Type    uint8  `align:"type"`
	SubType uint8  `align:"subtype"`
	Source  uint16 `align:"source"`
	Hash    uint32 `align:"hash"`
	Arg1    uint32 `align:"arg1"`
	Arg2    uint32 `align:"arg2"`
	Arg3    uint32 `align:"arg3"`
}

DebugMsg is the message format of the debug message found in the BPF ring buffer

func (*DebugMsg) Decode added in v1.19.0 

func (n *DebugMsg) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

func (*DebugMsg) Dump 

func (n *DebugMsg) Dump(args *api.DumpArgs)

Dump prints the message according to the verbosity level specified

func (*DebugMsg) GetSrc added in v1.19.0 

func (n *DebugMsg) GetSrc() uint16

GetSrc retrieves the source endpoint for the message.

func (*DebugMsg) Message 

func (n *DebugMsg) Message(linkMonitor getters.LinkGetter) string

Message returns the debug message in a human-readable format

type DissectSummary 

type DissectSummary struct {
	Ethernet string `json:"ethernet,omitempty"`
	IPv4     string `json:"ipv4,omitempty"`
	IPv6     string `json:"ipv6,omitempty"`
	TCP      string `json:"tcp,omitempty"`
	UDP      string `json:"udp,omitempty"`
	SCTP     string `json:"sctp,omitempty"`
	ICMPv4   string `json:"icmpv4,omitempty"`
	ICMPv6   string `json:"icmpv6,omitempty"`
	VRRP     string `json:"vrrp,omitempty"`
	IGMP     string `json:"igmp,omitempty"`
	L2       *Flow  `json:"l2,omitempty"`
	L3       *Flow  `json:"l3,omitempty"`
	L4       *Flow  `json:"l4,omitempty"`

	Tunnel *Tunnel `json:"tunnel,omitempty"`
}

DissectSummary bundles decoded layers into json-marshallable message

func GetDissectSummary 

func GetDissectSummary(data []byte, opts *decodeOpts) *DissectSummary

GetDissectSummary returns DissectSummary created from data

type DropNotify 

type DropNotify struct {
	Type       uint8                    `align:"type"`
	SubType    uint8                    `align:"subtype"`
	Source     uint16                   `align:"source"`
	Hash       uint32                   `align:"hash"`
	OrigLen    uint32                   `align:"len_orig"`
	CapLen     uint16                   `align:"len_cap"`
	Version    uint8                    `align:"version"`
	ExtVersion uint8                    `align:"ext_version"`
	SrcLabel   identity.NumericIdentity `align:"src_label"`
	DstLabel   identity.NumericIdentity `align:"dst_label"`
	DstID      uint32                   `align:"dst_id"`
	Line       uint16                   `align:"line"`
	File       uint8                    `align:"file"`
	ExtError   int8                     `align:"ext_error"`
	Ifindex    uint32                   `align:"ifindex"`
	Flags      uint8                    `align:"flags"`

	IPTraceID uint64 `align:"ip_trace_id"`
	// contains filtered or unexported fields
}

DropNotify is the message format of a drop notification in the BPF ring buffer

func (*DropNotify) DataOffset added in v1.17.0 

func (n *DropNotify) DataOffset() uint

DataOffset returns the offset from the beginning of DropNotify where the notification data begins.

Returns zero for invalid or unknown DropNotify messages.

func (*DropNotify) Decode added in v1.19.0 

func (n *DropNotify) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

func (*DropNotify) Dump added in v1.19.0 

func (dn *DropNotify) Dump(args *api.DumpArgs)

Dump prints the message according to the verbosity level specified

func (*DropNotify) DumpInfo 

func (n *DropNotify) DumpInfo(buf *bufio.Writer, data []byte, numeric api.DisplayFormat)

DumpInfo prints a summary of the drop messages.

func (*DropNotify) DumpJSON 

func (n *DropNotify) DumpJSON(buf *bufio.Writer, data []byte, cpuPrefix string)

DumpJSON prints notification in json format

func (*DropNotify) DumpVerbose 

func (n *DropNotify) DumpVerbose(buf *bufio.Writer, dissect bool, data []byte, prefix string, numeric api.DisplayFormat)

DumpVerbose prints the drop notification in human readable form

func (*DropNotify) GetDst added in v1.19.0 

func (n *DropNotify) GetDst() uint16

GetDst retrieves the destination endpoint for the message.

func (*DropNotify) GetSrc added in v1.19.0 

func (n *DropNotify) GetSrc() uint16

GetSrc retrieves the source endpoint for the message.

func (*DropNotify) IsGeneve added in v1.18.0 

func (n *DropNotify) IsGeneve() bool

IsGeneve returns true if the trace refers to an overlay Geneve packet.

func (*DropNotify) IsIPv6 added in v1.17.4 

func (n *DropNotify) IsIPv6() bool

IsIPv6 returns true if the trace refers to an IPv6 packet.

func (*DropNotify) IsL3Device added in v1.17.4 

func (n *DropNotify) IsL3Device() bool

IsL3Device returns true if the trace comes from an L3 device.

func (*DropNotify) IsVXLAN added in v1.18.0 

func (n *DropNotify) IsVXLAN() bool

IsVXLAN returns true if the trace refers to an overlay VXLAN packet.

type DropNotifyVerbose 

type DropNotifyVerbose struct {
	CPUPrefix string `json:"cpu,omitempty"`
	Type      string `json:"type,omitempty"`
	Mark      string `json:"mark,omitempty"`
	Reason    string `json:"reason,omitempty"`

	Source    uint16                   `json:"source"`
	Bytes     uint32                   `json:"bytes"`
	SrcLabel  identity.NumericIdentity `json:"srcLabel"`
	DstLabel  identity.NumericIdentity `json:"dstLabel"`
	DstID     uint32                   `json:"dstID"`
	Line      uint16                   `json:"Line"`
	File      uint8                    `json:"File"`
	ExtError  int8                     `json:"ExtError"`
	Ifindex   uint32                   `json:"Ifindex"`
	IPTraceID uint64                   `json:"IPTraceID,omitempty"`

	Summary *DissectSummary `json:"summary,omitempty"`
}

DropNotifyVerbose represents a json notification printed by monitor

func DropNotifyToVerbose 

func DropNotifyToVerbose(n *DropNotify) DropNotifyVerbose

DropNotifyToVerbose creates verbose notification from DropNotify

type Flow 

type Flow struct {
	Src string `json:"src"`
	Dst string `json:"dst"`
}

Flow contains source and destination

type LogRecordNotify 

type LogRecordNotify struct {
	accesslog.LogRecord
}

LogRecordNotify is a proxy access log notification

func (*LogRecordNotify) Decode added in v1.19.0 

func (l *LogRecordNotify) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

func (*LogRecordNotify) Dump added in v1.19.0 

func (l *LogRecordNotify) Dump(args *api.DumpArgs)

Dump prints the message according to the verbosity level specified

func (*LogRecordNotify) DumpInfo 

func (l *LogRecordNotify) DumpInfo(buf *bufio.Writer)

DumpInfo dumps an access log notification

func (*LogRecordNotify) DumpJSON 

func (l *LogRecordNotify) DumpJSON(buf *bufio.Writer)

DumpJSON prints notification in json format

func (*LogRecordNotify) GetDst added in v1.19.0 

func (l *LogRecordNotify) GetDst() uint16

GetDst retrieves the destination endpoint for the message.

func (*LogRecordNotify) GetSrc added in v1.19.0 

func (l *LogRecordNotify) GetSrc() uint16

GetSrc retrieves the source endpoint for the message

type LogRecordNotifyVerbose 

type LogRecordNotifyVerbose struct {
	Type             string                     `json:"type"`
	ObservationPoint accesslog.ObservationPoint `json:"observationPoint"`
	FlowType         accesslog.FlowType         `json:"flowType"`
	L7Proto          string                     `json:"l7Proto"`
	SrcEpID          uint64                     `json:"srcEpID"`
	SrcEpLabels      []string                   `json:"srcEpLabels"`
	SrcIdentity      uint64                     `json:"srcIdentity"`
	DstEpID          uint64                     `json:"dstEpID"`
	DstEpLabels      []string                   `json:"dstEpLabels"`
	DstIdentity      uint64                     `json:"dstIdentity"`
	Verdict          accesslog.FlowVerdict      `json:"verdict"`
	HTTP             *accesslog.LogRecordHTTP   `json:"http,omitempty"`
	Kafka            *accesslog.LogRecordKafka  `json:"kafka,omitempty"`
	DNS              *accesslog.LogRecordDNS    `json:"dns,omitempty"`
	L7               *accesslog.LogRecordL7     `json:"l7,omitempty"`
}

LogRecordNotifyVerbose represents a json notification printed by monitor

func LogRecordNotifyToVerbose 

func LogRecordNotifyToVerbose(n *LogRecordNotify) LogRecordNotifyVerbose

LogRecordNotifyToVerbose turns LogRecordNotify into json-friendly Verbose structure

type PolicyVerdictNotify 

type PolicyVerdictNotify struct {
	Type        uint8                    `align:"type"`
	SubType     uint8                    `align:"subtype"`
	Source      uint16                   `align:"source"`
	Hash        uint32                   `align:"hash"`
	OrigLen     uint32                   `align:"len_orig"`
	CapLen      uint16                   `align:"len_cap"`
	Version     uint8                    `align:"version"`
	ExtVersion  uint8                    `align:"ext_version"`
	RemoteLabel identity.NumericIdentity `align:"remote_label"`
	Verdict     int32                    `align:"verdict"`
	DstPort     uint16                   `align:"dst_port"`
	Proto       uint8                    `align:"proto"`
	Flags       uint8                    `align:"dir"`
	AuthType    uint8                    `align:"auth_type"`

	Cookie uint32 `align:"cookie"`
	// contains filtered or unexported fields
}

PolicyVerdictNotify is the message format of a policy verdict notification in the bpf ring buffer

func (*PolicyVerdictNotify) DataOffset added in v1.19.0 

func (n *PolicyVerdictNotify) DataOffset() uint

DataOffset returns the offset from the beginning of PolicyVerdictNotify where the notification data begins.

func (*PolicyVerdictNotify) Decode added in v1.19.0 

func (n *PolicyVerdictNotify) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

func (*PolicyVerdictNotify) Dump added in v1.19.0 

func (pn *PolicyVerdictNotify) Dump(args *api.DumpArgs)

Dump prints the message according to the verbosity level specified

func (*PolicyVerdictNotify) DumpInfo 

func (n *PolicyVerdictNotify) DumpInfo(buf *bufio.Writer, data []byte, numeric api.DisplayFormat)

DumpInfo prints a summary of the policy notify messages.

func (*PolicyVerdictNotify) GetAuthType 

func (n *PolicyVerdictNotify) GetAuthType() policy.AuthType

GetAuthType returns string for the authentication method applied (for success verdict) or required (for drops).

func (*PolicyVerdictNotify) GetDst added in v1.19.0 

func (n *PolicyVerdictNotify) GetDst() uint16

GetDst retrieves the security identity for the message. `POLICY_INGRESS` -> `RemoteLabel` is the src security identity. `POLICY_EGRESS` -> `RemoteLabel` is the dst security identity.

func (*PolicyVerdictNotify) GetPolicyMatchType 

func (n *PolicyVerdictNotify) GetPolicyMatchType() api.PolicyMatchType

GetPolicyMatchType returns how the traffic matched the policy

func (*PolicyVerdictNotify) GetSrc added in v1.19.0 

func (n *PolicyVerdictNotify) GetSrc() uint16

GetSrc retrieves the source endpoint for the message.

func (*PolicyVerdictNotify) IsTrafficAudited 

func (n *PolicyVerdictNotify) IsTrafficAudited() bool

IsTrafficAudited returns true if this notify is for traffic that was allowed due to the audit mode

func (*PolicyVerdictNotify) IsTrafficIPv6 

func (n *PolicyVerdictNotify) IsTrafficIPv6() bool

IsTrafficIPv6 returns true if this notify is for IPv6 traffic

func (*PolicyVerdictNotify) IsTrafficIngress 

func (n *PolicyVerdictNotify) IsTrafficIngress() bool

IsTrafficIngress returns true if this notify is for an ingress traffic

func (*PolicyVerdictNotify) IsTrafficL3Device added in v1.17.12 

func (n *PolicyVerdictNotify) IsTrafficL3Device() bool

IsTrafficL3Device returns true if this notify is from a L3 device

type TraceNotify 

type TraceNotify struct {
	Type       uint8                    `align:"type"`
	ObsPoint   uint8                    `align:"subtype"`
	Source     uint16                   `align:"source"`
	Hash       uint32                   `align:"hash"`
	OrigLen    uint32                   `align:"len_orig"`
	CapLen     uint16                   `align:"len_cap"`
	Version    uint8                    `align:"version"`
	ExtVersion uint8                    `align:"ext_version"`
	SrcLabel   identity.NumericIdentity `align:"src_label"`
	DstLabel   identity.NumericIdentity `align:"dst_label"`
	DstID      uint16                   `align:"dst_id"`
	Reason     uint8                    `align:"reason"`
	Flags      uint8                    `align:"flags"`
	Ifindex    uint32                   `align:"ifindex"`
	OrigIP     types.IPv6               `align:"$union0"`
	IPTraceID  uint64                   `align:"ip_trace_id"`
}

TraceNotify is the message format of a trace notification in the BPF ring buffer

func (*TraceNotify) DataOffset 

func (n *TraceNotify) DataOffset() uint

DataOffset returns the offset from the beginning of TraceNotify where the trace notify data begins.

Returns zero for invalid or unknown TraceNotify messages.

func (*TraceNotify) Decode added in v1.19.0 

func (tn *TraceNotify) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

func (*TraceNotify) Dump added in v1.19.0 

func (tn *TraceNotify) Dump(args *api.DumpArgs)

Dump prints the message according to the verbosity level specified

func (*TraceNotify) DumpInfo 

func (n *TraceNotify) DumpInfo(buf *bufio.Writer, data []byte, numeric api.DisplayFormat, linkMonitor getters.LinkGetter)

DumpInfo prints a summary of the trace messages.

func (*TraceNotify) DumpJSON 

func (n *TraceNotify) DumpJSON(buf *bufio.Writer, data []byte, cpuPrefix string, linkMonitor getters.LinkGetter)

DumpJSON prints notification in json format

func (*TraceNotify) DumpVerbose 

func (n *TraceNotify) DumpVerbose(buf *bufio.Writer, dissect bool, data []byte, prefix string, numeric api.DisplayFormat, linkMonitor getters.LinkGetter)

DumpVerbose prints the trace notification in human readable form

func (*TraceNotify) GetDst added in v1.19.0 

func (tn *TraceNotify) GetDst() uint16

GetDst retrieves the destination endpoint or proxy destination port according to the message subtype.

func (*TraceNotify) GetSrc added in v1.19.0 

func (tn *TraceNotify) GetSrc() uint16

GetSrc retrieves the source endpoint for the message.

func (*TraceNotify) IsEncrypted added in v1.17.4 

func (n *TraceNotify) IsEncrypted() bool

IsEncrypted returns true when the notification has the encrypt flag set, false otherwise.

func (*TraceNotify) IsGeneve added in v1.18.0 

func (n *TraceNotify) IsGeneve() bool

IsGeneve returns true if the trace refers to an overlay Geneve packet.

func (*TraceNotify) IsIPv6 added in v1.17.4 

func (n *TraceNotify) IsIPv6() bool

IsIPv6 returns true if the trace refers to an IPv6 packet.

func (*TraceNotify) IsL3Device added in v1.17.4 

func (n *TraceNotify) IsL3Device() bool

IsL3Device returns true if the trace comes from an L3 device.

func (*TraceNotify) IsVXLAN added in v1.18.0 

func (n *TraceNotify) IsVXLAN() bool

IsVXLAN returns true if the trace refers to an overlay VXLAN packet.

func (*TraceNotify) OriginalIP 

func (n *TraceNotify) OriginalIP() net.IP

OriginalIP returns the original source IP if reverse NAT was performed on the flow

func (*TraceNotify) TraceReason added in v1.17.4 

func (n *TraceNotify) TraceReason() uint8

TraceReason returns the trace reason for this notification, see the TraceReason* constants.

func (*TraceNotify) TraceReasonIsDecap added in v1.17.4 

func (n *TraceNotify) TraceReasonIsDecap() bool

TraceReasonIsDecap returns true when the trace reason is decapsulation related, false otherwise.

func (*TraceNotify) TraceReasonIsEncap added in v1.17.4 

func (n *TraceNotify) TraceReasonIsEncap() bool

TraceReasonIsEncap returns true when the trace reason is encapsulation related, false otherwise.

func (*TraceNotify) TraceReasonIsKnown added in v1.17.4 

func (n *TraceNotify) TraceReasonIsKnown() bool

TraceReasonIsKnown returns false when the trace reason is unknown, true otherwise.

func (*TraceNotify) TraceReasonIsReply added in v1.17.4 

func (n *TraceNotify) TraceReasonIsReply() bool

TraceReasonIsReply returns true when the trace reason is TraceReasonCtReply, false otherwise.

type TraceNotifyVerbose 

type TraceNotifyVerbose struct {
	CPUPrefix        string `json:"cpu,omitempty"`
	Type             string `json:"type,omitempty"`
	Mark             string `json:"mark,omitempty"`
	Ifindex          string `json:"ifindex,omitempty"`
	State            string `json:"state,omitempty"`
	ObservationPoint string `json:"observationPoint"`
	TraceSummary     string `json:"traceSummary"`

	Source    uint16                   `json:"source"`
	Bytes     uint32                   `json:"bytes"`
	SrcLabel  identity.NumericIdentity `json:"srcLabel"`
	DstLabel  identity.NumericIdentity `json:"dstLabel"`
	DstID     uint16                   `json:"dstID"`
	IPTraceID uint64                   `json:"IpTraceID"`

	Summary *DissectSummary `json:"summary,omitempty"`
}

TraceNotifyVerbose represents a json notification printed by monitor

func TraceNotifyToVerbose 

func TraceNotifyToVerbose(n *TraceNotify, linkMonitor getters.LinkGetter) TraceNotifyVerbose

TraceNotifyToVerbose creates verbose notification from base TraceNotify

type TraceSockNotify 

type TraceSockNotify struct {
	api.DefaultSrcDstGetter

	Type       uint8  `align:"type"`
	XlatePoint uint8  `align:"xlate_point"`
	L4Proto    uint8  `align:"l4_proto"`
	Flags      uint8  `align:"ipv6"`
	DstPort    uint16 `align:"dst_port"`

	SockCookie uint64     `align:"sock_cookie"`
	CgroupId   uint64     `align:"cgroup_id"`
	DstIP      types.IPv6 `align:"dst_ip"`
	// contains filtered or unexported fields
}

TraceSockNotify is message format for socket trace notifications sent from datapath. Keep this in sync to the datapath structure (trace_sock_notify) defined in bpf/lib/trace_sock.h

func (*TraceSockNotify) Decode added in v1.19.0 

func (t *TraceSockNotify) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

func (*TraceSockNotify) Dump added in v1.19.0 

func (t *TraceSockNotify) Dump(args *api.DumpArgs)

Dump prints the message according to the verbosity level specified

func (*TraceSockNotify) IP 

func (t *TraceSockNotify) IP() net.IP

IP returns the IPv4 or IPv6 address field.

func (*TraceSockNotify) L4ProtoStr 

func (t *TraceSockNotify) L4ProtoStr() string

func (*TraceSockNotify) XlatePointStr 

func (t *TraceSockNotify) XlatePointStr() string

type Tunnel added in v1.18.0 

type Tunnel struct {
	Ethernet string `json:"ethernet,omitempty"`
	IPv4     string `json:"ipv4,omitempty"`
	IPv6     string `json:"ipv6,omitempty"`
	UDP      string `json:"udp,omitempty"`
	VXLAN    string `json:"vxlan,omitempty"`
	GENEVE   string `json:"geneve,omitempty"`
	L2       *Flow  `json:"l2,omitempty"`
	L3       *Flow  `json:"l3,omitempty"`
	L4       *Flow  `json:"l4,omitempty"`
}

Tunnel holds VXLAN or GENEVE tunnel info for DissectSummary.

Source Files

View all Source files

Directories

Path Synopsis
consumer
listener
Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.
 Package format provides stdout formatting of monitor messages for reuse by command-line clients of the monitor event channel.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.