Documentation
¶
Index ¶
- Constants
- type EBPFTracker
- func (c *EBPFTracker) Close() error
- func (c *EBPFTracker) LastActivity(pid uint32) (time.Time, error)
- func (c *EBPFTracker) PutPodIP(ip netip.Addr) error
- func (c *EBPFTracker) RemovePid(pid uint32) error
- func (c *EBPFTracker) RemovePodIP(ip netip.Addr) error
- func (c *EBPFTracker) TrackPid(pid uint32) error
- type NoActivityRecordedErr
- type NoopTracker
- func (n NoopTracker) Close() error
- func (n NoopTracker) LastActivity(pid uint32) (time.Time, error)
- func (n NoopTracker) PutPodIP(ip netip.Addr) error
- func (n NoopTracker) RemovePid(pid uint32) error
- func (n NoopTracker) RemovePodIP(ip netip.Addr) error
- func (n NoopTracker) TrackPid(pid uint32) error
- type PIDResolver
- type Tracker
Constants ¶
const ( TCPEventsMap = "tcp_events" PodKubeletAddrsMapv4 = "pod_kubelet_addrs_v4" PodKubeletAddrsMapv6 = "pod_kubelet_addrs_v6" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EBPFTracker ¶
type EBPFTracker struct {
PIDResolver
// contains filtered or unexported fields
}
func (*EBPFTracker) Close ¶
func (c *EBPFTracker) Close() error
func (*EBPFTracker) LastActivity ¶
func (c *EBPFTracker) LastActivity(pid uint32) (time.Time, error)
LastActivity returns a time.Time of the last tcp activity recorded of the process belonging to the pid (or a child-process of the pid).
func (*EBPFTracker) PutPodIP ¶ added in v0.7.0
func (c *EBPFTracker) PutPodIP(ip netip.Addr) error
RemovePodIPv4 adds the pod IP to the tracker unless it already exists.
func (*EBPFTracker) RemovePid ¶
func (c *EBPFTracker) RemovePid(pid uint32) error
RemovePid removes the pid from the TcpEvents map.
func (*EBPFTracker) RemovePodIP ¶ added in v0.7.0
func (c *EBPFTracker) RemovePodIP(ip netip.Addr) error
RemovePodIPv4 removes the pod IP from the tracker.
func (*EBPFTracker) TrackPid ¶
func (c *EBPFTracker) TrackPid(pid uint32) error
TrackPid puts the pid into the TcpEvents map meaning tcp events of the process belonging to that pid will be tracked.
type NoActivityRecordedErr ¶
type NoActivityRecordedErr struct{}
func (NoActivityRecordedErr) Error ¶
func (err NoActivityRecordedErr) Error() string
type NoopTracker ¶
type NoopTracker struct {
PIDResolver
// contains filtered or unexported fields
}
func NewNoopTracker ¶
func NewNoopTracker(scaleDownDuration time.Duration) NoopTracker
func (NoopTracker) Close ¶
func (n NoopTracker) Close() error
func (NoopTracker) LastActivity ¶
func (n NoopTracker) LastActivity(pid uint32) (time.Time, error)
func (NoopTracker) RemovePid ¶
func (n NoopTracker) RemovePid(pid uint32) error
func (NoopTracker) RemovePodIP ¶ added in v0.7.0
func (n NoopTracker) RemovePodIP(ip netip.Addr) error
func (NoopTracker) TrackPid ¶
func (n NoopTracker) TrackPid(pid uint32) error
type PIDResolver ¶
PIDResolver allows to customize how the PIDs of the connection tracker are resolved. This can be useful if the shim is already running in a container (e.g. when using Kind), so it can resolve the PID of the container to the ones of the host that ebpf sees.
type Tracker ¶
type Tracker interface {
PIDResolver
// TrackPid starts connection tracking of the specified process.
TrackPid(pid uint32) error
// TrackPid stops connection tracking of the specified process.
RemovePid(pid uint32) error
// LastActivity returns the time of the last TCP activity of the specified process.
LastActivity(pid uint32) (time.Time, error)
// Close the activity tracker.
Close() error
// PutPodIP inserts a pod IP into the pod-to-kubelet map, helping with
// ignoring probes coming from kubelet within the tracker.
PutPodIP(ip netip.Addr) error
// RemovePodIP removes a pod IP from the pod-to-kubelet map.
RemovePodIP(ip netip.Addr) error
}
func LoadEBPFTracker ¶ added in v0.2.0
LoadEBPFTracker loads the eBPF program and attaches the kretprobe to track connections system-wide.
func NewEBPFTracker ¶
NewEBPFTracker returns a TCP connection tracker that will keep track of the last TCP accept of specific processes. It writes the results to an ebpf map keyed with the PID and the value contains the timestamp of the last observed accept.
Source Files