ebpfwindows

package
v0.0.33-windows-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 23, 2025 License: MIT Imports: 38 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

View Source 
const (
	DropNotifyVersion0 = iota
	DropNotifyVersion1
	DropNotifyVersion2
)
View Source 
const (
	// TraceNotifyFlagIsIPv6 is set in TraceNotify.Flags when the
	// notification refers to an IPv6 flow
	TraceNotifyFlagIsIPv6 uint8 = 1 << iota
	// TraceNotifyFlagIsL3Device is set in TraceNotify.Flags when the
	// notification refers to a L3 device.
	TraceNotifyFlagIsL3Device
)
View Source 
const (
	TraceNotifyVersion0 = iota
	TraceNotifyVersion1
)
View Source 
const (
	TraceReasonPolicy = iota
	TraceReasonCtEstablished
	TraceReasonCtReply
	TraceReasonCtRelated
	TraceReasonCtDeprecatedReopened
	TraceReasonUnknown
	TraceReasonSRv6Encap
	TraceReasonSRv6Decap
	TraceReasonEncryptOverlay
	// TraceReasonEncryptMask is the bit used to indicate encryption or not.
	TraceReasonEncryptMask = uint8(0x80)
)

Reasons for forwarding a packet, keep in sync with api/v1/flow/flow.proto

View Source 
const MaxInt = int(^uint(0) >> 1)
View Source 
const MessageTypePktmonDrop = 100

Variables

View Source 
var DropInvalid uint8 = 2

DropInvalid is the Invalid packet reason.

View Source 
var DropMin uint8 = 130

DropMin numbers less than this are non-drop reason codes

View Source 
var DropPacketMonitor uint8 = 220

Packet Monitor drop reason

Functions

func BPFFileName 

func BPFFileName(id uint8) string

BPFFileName returns the file name for the given BPF file id.

func DecodeDropNotify 

func DecodeDropNotify(data []byte, dn *DropNotify) error

DecodeDropNotify will decode 'data' into the provided DropNotify structure

func DecodePktmonDrop 

func DecodePktmonDrop(data []byte, pdn *PktmonDropNotify) error

DecodePktmonDrop will decode 'data' into the provided DropNotify structure

func DecodeTraceNotify 

func DecodeTraceNotify(data []byte, tn *TraceNotify) error

DecodeTraceNotify will decode 'data' into the provided TraceNotify structure

func DropReason 

func DropReason(reason uint8) string

DropReason prints the drop reason in a human readable string

func DropReasonExt 

func DropReasonExt(reason uint8, extError uint32) string

func GetLostEventsCount 

func GetLostEventsCount() (uint64, error)

func MetricDirection 

func MetricDirection(dir uint8) string

MetricDirection gets the direction in human readable string format

func New 

func New(cfg *kcfg.Config) registry.Plugin

Types

type DatapathContext 

type DatapathContext struct {
	SrcIP                 netip.Addr
	SrcLabelID            uint32
	DstIP                 netip.Addr
	DstLabelID            uint32
	TraceObservationPoint pb.TraceObservationPoint
}

type DecodedPacket 

type DecodedPacket struct {
	Ethernet        *pb.Ethernet
	IP              *pb.IP
	L4              *pb.Layer4
	SourceIP        netip.Addr
	DestinationIP   netip.Addr
	SourcePort      uint16
	DestinationPort uint16
	Summary         string
}

type DropNotify 

type DropNotify struct {
	Type     uint8
	SubType  uint8
	Source   uint16
	Hash     uint32
	OrigLen  uint32
	CapLen   uint16
	Version  uint16
	SrcLabel identity.NumericIdentity
	DstLabel identity.NumericIdentity
	DstID    uint32
	Line     uint16
	File     uint8
	ExtError int8
	Ifindex  uint32
}

DropNotify is the message format of a drop notification in the BPF ring buffer

func (*DropNotify) DataOffset 

func (n *DropNotify) DataOffset() uint

DataOffset returns the offset from the beginning of DropNotify where the notification data begins.

Returns zero for invalid or unknown DropNotify messages.

func (*DropNotify) IsIPv6 

func (n *DropNotify) IsIPv6() bool

IsIPv6 returns true if the trace refers to an IPv6 packet.

func (*DropNotify) IsL3Device 

func (n *DropNotify) IsL3Device() bool

IsL3Device returns true if the trace comes from an L3 device.

type EndpointResolver 

type EndpointResolver struct {
	// contains filtered or unexported fields
}

func NewEndpointResolver 

func NewEndpointResolver(
	log *slog.Logger,
) *EndpointResolver

func (*EndpointResolver) ResolveEndpoint 

func (r *EndpointResolver) ResolveEndpoint(_ netip.Addr, datapathSecurityIdentity uint32, _ DatapathContext) *pb.Endpoint

type EventsMap 

type EventsMap interface {
	RegisterForCallback(*log.ZapLogger, eventsMapCallback) error
	UnregisterForCallback() error
}

EventsMap interface represents a events map

func NewEventsMap 

func NewEventsMap() EventsMap

NewEventsMap creates a new metrics map

type IterateCallback 

type IterateCallback func(*MetricsKey, *MetricsValue)

IterateCallback represents the signature of the callback function expected by the IterateWithCallback method, which in turn is used to iterate all the keys/values of a metrics map.

type MetricsKey 

type MetricsKey struct {
	Version        uint8
	Reason         uint8
	Direction      uint8
	ExtendedReason uint16
}

func (*MetricsKey) DirectionString 

func (k *MetricsKey) DirectionString() string

DirectionString gets the direction in human readable string format

func (*MetricsKey) DropForwardReason 

func (k *MetricsKey) DropForwardReason() string

DropForwardReason gets the forwarded/dropped reason in human readable string format

func (*MetricsKey) DropPacketMonitorReason 

func (k *MetricsKey) DropPacketMonitorReason() string

DropPacketMonitorReason gets the Packer Monitor dropped reason in human readable string format

func (*MetricsKey) IsDrop 

func (k *MetricsKey) IsDrop() bool

IsDrop checks if the reason is drop or not.

func (*MetricsKey) IsEgress 

func (k *MetricsKey) IsEgress() bool

IsEgress checks if the direction is egress or not.

func (*MetricsKey) IsIngress 

func (k *MetricsKey) IsIngress() bool

IsIngress checks if the direction is ingress or not.

func (*MetricsKey) String 

func (k *MetricsKey) String() string

String returns the key in human readable string format

type MetricsMap 

type MetricsMap interface {
	IterateWithCallback(*log.ZapLogger, IterateCallback) error
}

MetricsMap interface represents a metrics map, and can be reused to implement mock maps for unit tests.

func NewMetricsMap 

func NewMetricsMap() MetricsMap

NewMetricsMap creates a new metrics map

type MetricsValue 

type MetricsValue struct {
	Count uint64
	Bytes uint64
}

type NetEventDataHeader 

type NetEventDataHeader struct {
	Type    uint8
	Version uint16
}

type Parser 

type Parser struct {
	// contains filtered or unexported fields
}

Parser is a parser for L3/L4 payloads

func NewParser 

func NewParser(
	log *slog.Logger,
	opts ...options.Option,
) (*Parser, error)

New returns a new L3/L4 parser

func (*Parser) Decode 

func (p *Parser) Decode(monitorEvent *observerTypes.MonitorEvent) (*v1.Event, error)

Decode decodes a cilium monitor 'payload' and returns a v1.Event with the Event field populated.

type PktmonDropNotify 

type PktmonDropNotify struct {
	VersionHeader NetEventDataHeader
	PktmonHeader  PktmonEvtStreamPacketHeader
}

func (*PktmonDropNotify) DataOffset 

func (n *PktmonDropNotify) DataOffset() uint

DataOffset returns the offset from the beginning of PktmonDropNotify where the notification data begins.

type PktmonEvtStreamMetadata 

type PktmonEvtStreamMetadata struct {
	PktGroupID      uint64
	PktCount        uint16
	AppearanceCount uint16
	DirectionName   uint16
	PacketType      uint16
	ComponentID     uint16
	EdgeID          uint16
	FilterID        uint16
	DropReason      uint32
	DropLocation    uint32
	ProcNum         uint16
	Timestamp       uint64
}

type PktmonEvtStreamPacketDescriptor 

type PktmonEvtStreamPacketDescriptor struct {
	PacketOriginalLength uint32
	PacketLoggedLength   uint32
	PacketMetadataLength uint32
}

type PktmonEvtStreamPacketHeader 

type PktmonEvtStreamPacketHeader struct {
	EventID          uint8
	PacketDescriptor PktmonEvtStreamPacketDescriptor
	Metadata         PktmonEvtStreamMetadata
}

type PktmonPacketType 

type PktmonPacketType uint8
const (
	PktMonPayloadUnknown PktmonPacketType = iota
	PktMonPayloadEthernet
	PktMonPayloadWiFi
	PktMonPayloadIP
	PktMonPayloadHTTP
	PktMonPayloadTCP
	PktMonPayloadUDP
	PktMonPayloadARP
	PktMonPayloadICMP
	PktMonPayloadESP
	PktMonPayloadAH
	PktMonPayloadL4Payload
)

pktmon packet types

type Plugin 

type Plugin struct {
	// contains filtered or unexported fields
}

Plugin is the ebpfwindows plugin

func (*Plugin) Compile 

func (p *Plugin) Compile(context.Context) error

Compile is a no-op for the ebpfwindows plugin

func (*Plugin) Generate 

func (p *Plugin) Generate(context.Context) error

Generate is a no-op for the ebpfwindows plugin

func (*Plugin) Init 

func (p *Plugin) Init() error

Init is a no-op for the ebpfwindows plugin

func (*Plugin) Name 

func (p *Plugin) Name() string

Name returns the name of the ebpfwindows plugin

func (*Plugin) SetupChannel 

func (p *Plugin) SetupChannel(ch chan *v1.Event) error

SetupChannel saves the external channel to which the plugin will send events.

func (*Plugin) Start 

func (p *Plugin) Start(ctx context.Context) error

Start the plugin by starting a periodic timer.

func (*Plugin) Stop 

func (p *Plugin) Stop() error

Stop the plugin by cancelling the periodic timer.

type TraceNotify 

type TraceNotify struct {
	Type     uint8
	ObsPoint uint8
	Source   uint16
	Hash     uint32
	OrigLen  uint32
	CapLen   uint16
	Version  uint16
	SrcLabel identity.NumericIdentity
	DstLabel identity.NumericIdentity
	DstID    uint16
	Reason   uint8
	Flags    uint8
	Ifindex  uint32
	OrigIP   types.IPv6
}

TraceNotify is the message format of a trace notification in the BPF ring buffer

func (*TraceNotify) DataOffset 

func (tn *TraceNotify) DataOffset() uint

DataOffset returns the offset from the beginning of TraceNotify where the trace notify data begins.

Returns zero for invalid or unknown TraceNotify messages.

func (*TraceNotify) IsEncrypted 

func (tn *TraceNotify) IsEncrypted() bool

IsEncrypted returns true when the notification has the encrypt flag set, false otherwise.

func (*TraceNotify) IsIPv6 

func (tn *TraceNotify) IsIPv6() bool

IsIPv6 returns true if the trace refers to an IPv6 packet.

func (*TraceNotify) IsL3Device 

func (tn *TraceNotify) IsL3Device() bool

IsL3Device returns true if the trace comes from an L3 device.

func (*TraceNotify) OriginalIP 

func (tn *TraceNotify) OriginalIP() net.IP

OriginalIP returns the original source IP if reverse NAT was performed on the flow

func (*TraceNotify) TraceReason 

func (tn *TraceNotify) TraceReason() uint8

TraceReason returns the trace reason for this notification, see the TraceReason* constants.

func (*TraceNotify) TraceReasonIsDecap 

func (tn *TraceNotify) TraceReasonIsDecap() bool

TraceReasonIsDecap returns true when the trace reason is decapsulation related, false otherwise.

func (*TraceNotify) TraceReasonIsEncap 

func (tn *TraceNotify) TraceReasonIsEncap() bool

TraceReasonIsEncap returns true when the trace reason is encapsulation related, false otherwise.

func (*TraceNotify) TraceReasonIsKnown 

func (tn *TraceNotify) TraceReasonIsKnown() bool

TraceReasonIsKnown returns false when the trace reason is unknown, true otherwise.

func (*TraceNotify) TraceReasonIsReply 

func (tn *TraceNotify) TraceReasonIsReply() bool

TraceReasonIsReply returns true when the trace reason is TraceReasonCtReply, false otherwise.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.