collector

package
v1.3.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 13, 2026 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ICMP = "icmp"
	TCP  = "tcp"
	UDP  = "udp"
	SCTP = "sctp"

	IPv4 = "ipv4"
	IPv6 = "ipv6"
)

Protocol constants.

Variables

View Source 
var (
	ErrFalcoEventIsNotFlow   = errors.New("ignoring falco event, not a network flow")
	ErrFalcoIncompleteL3Flow = errors.New("ignoring incomplete falco l3 network flow")
	ErrFalcoIncompleteL4Flow = errors.New("ignoring incomplete falco l4 network flow")
	ErrFalcoInvalidPort      = errors.New("ignoring incomplete falco flow due to bad ports")
	ErrFalcoTimestamp        = errors.New("incomplete or incorrectly formatted timestamp found in Falco flow")
)

Errors for Falco flow parsing.

Functions

func ConvertCiliumFlow 

func ConvertCiliumFlow(flowResp *observer.GetFlowsResponse) *pb.CiliumFlow

ConvertCiliumFlow converts a GetFlowsResponse object to a CiliumFlow object.

func CreateLayer3Message 

func CreateLayer3Message(source string, destination string, ipVersion string) (*pb.IP, error)

CreateLayer3Message creates a Layer3 IP message from source/destination addresses.

func CreateLayer4Message 

func CreateLayer4Message(proto string, srcPort, dstPort uint32, ipVersion string) (*pb.Layer4, error)

CreateLayer4Message converts event protocol and ports to a Layer4 proto message.

func FilterIllumioTraffic 

func FilterIllumioTraffic(body string) bool

FilterIllumioTraffic filters out events related to Illumio network traffic.

func IsCiliumAvailable 

func IsCiliumAvailable(ctx context.Context, logger *zap.Logger, clientset kubernetes.Interface, ciliumNamespaces []string, tlsAuthProps tls.AuthProperties) bool

IsCiliumAvailable checks if Cilium Hubble Relay is available in the cluster.

func IsOVNKDeployed 

func IsOVNKDeployed(ctx context.Context, logger *zap.Logger, ovnkNamespace string, clientset kubernetes.Interface) bool

IsOVNKDeployed checks for the presence of the OVN-Kubernetes namespace. https://ovn-kubernetes.io/installation/launching-ovn-kubernetes-on-kind/#run-the-kind-deployment-with-podman

func NewFalcoEventHandler 

func NewFalcoEventHandler(eventChan chan<- string) http.HandlerFunc

NewFalcoEventHandler creates a new HTTP handler function for processing Falco events.

func NewTemplateSystem 

func NewTemplateSystem(logger *zap.Logger) (*netflows.BasicTemplateSystem, error)

NewTemplateSystem creates a template system for IPFIX message. It reads the template set from a binary file and adds it to the template system.

func ParseIPVersion 

func ParseIPVersion(decodedValue []byte) (string, error)

ParseIPVersion converts a byte slice into an IP version string (e.g., "ipv4" or "ipv6"). Returns an error if the slice is not the correct size or the IP version is unknown.

func ParseIPv4Address 

func ParseIPv4Address(b []byte) (string, error)

ParseIPv4Address converts a byte slice into an IPv4 address string. Returns an error if the slice is not the correct size.

func ParseIPv6Address 

func ParseIPv6Address(b []byte) (string, error)

ParseIPv6Address converts a byte slice into an IPv6 address string. Returns an error if the slice is not the correct size.

func ParsePodNetworkInfo 

func ParsePodNetworkInfo(input string) (*pb.FiveTupleFlow, error)

ParsePodNetworkInfo parses the input string to extract network information into a FiveTupleFlow message.

func ParsePort 

func ParsePort(decodedValue []byte) (uint16, error)

ParsePort converts a byte slice into a uint16 port number using BigEndian encoding. Returns an error if the slice is not the correct size.

func ParseProtocol 

func ParseProtocol(decodedValue []byte) (string, error)

ParseProtocol converts a byte slice into a protocol string based on IANA protocol numbers. Returns an error if the slice is not the correct size or the protocol is unknown.

Types

type CiliumFlowCollector 

type CiliumFlowCollector struct {
	// contains filtered or unexported fields
}

CiliumFlowCollector collects flows from Cilium Hubble Relay running in this cluster.

func NewCiliumFlowCollector 

func NewCiliumFlowCollector(ctx context.Context, logger *zap.Logger, clientset kubernetes.Interface, ciliumNamespaces []string, tlsAuthProperties tls.AuthProperties) (*CiliumFlowCollector, error)

NewCiliumFlowCollector connects to Cilium Hubble Relay, sets up an Observer client, and returns a new Collector using it. It tries namespaces until discovery succeeds.

func (*CiliumFlowCollector) ExportCiliumFlows 

func (fm *CiliumFlowCollector) ExportCiliumFlows(ctx context.Context, flowSink FlowSink) error

ExportCiliumFlows makes one stream gRPC call to hubble-relay to collect, convert, and export flows into the given stream.

type FalcoEvent 

type FalcoEvent struct {
	// Timestamp is the time the network event occurred. ISO 8601 format
	Timestamp *timestamppb.Timestamp `json:"time"`
	// SrcIP is the source IP address involved in the network event.
	SrcIP string `json:"srcip"`
	// DstIP is the destination IP address involved in the network event.
	DstIP string `json:"dstip"`
	// SrcPort is the source port number involved in the network event.
	SrcPort string `json:"srcport"`
	// DstPort is the destination port number involved in the network event.
	DstPort string `json:"dstport"`
	// Proto is the protocol used in the network event (e.g., TCP, UDP).
	Proto string `json:"proto"`
	// IpVersion is the version used in the network event (e.g. ipv4, ipv6).
	IpVersion string `json:"prototype"`
}

FalcoEvent represents the network information extracted from a Falco event.

type FlowSink 

type FlowSink interface {
	CacheFlow(ctx context.Context, flow pb.Flow) error
	IncrementFlowsReceived()
}

FlowSink is the interface for caching network flows.

type K8sClientGetter 

type K8sClientGetter interface {
	GetClientset() kubernetes.Interface
}

K8sClientGetter provides access to Kubernetes client.

type OVNKCollector 

type OVNKCollector struct {
	// contains filtered or unexported fields
}

OVNKCollector collects IPFIX flows from OVN-Kubernetes.

func NewOVNKCollector 

func NewOVNKCollector(logger *zap.Logger, ipfixCollectorPort string, flowSink FlowSink) *OVNKCollector

NewOVNKCollector creates a new OVN-K IPFIX collector.

func (*OVNKCollector) RunIPFIXCollector 

func (c *OVNKCollector) RunIPFIXCollector(ctx context.Context) error

RunIPFIXCollector runs the UDP listener for OVN-K IPFIX flows. It blocks until the context is canceled.

type OVNKFlow 

type OVNKFlow struct {
	SourceIP        string
	DestinationIP   string
	SourcePort      uint16
	DestinationPort uint16
	Protocol        string
	IPVersion       string
	StartTimestamp  *timestamppb.Timestamp
	EndTimestamp    *timestamppb.Timestamp
}

OVNKFlow represents a flow captured from OVN-Kubernetes.

func ProcessDataRecord 

func ProcessDataRecord(dataRecord netflows.DataRecord, exportTime uint32) (OVNKFlow, error)

ProcessDataRecord processes a single data record and converts it into an OVNFlow. If any parsing step fails, it returns an error and skips the record.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.