utils

package
v0.0.0-...-dc3726e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2025 License: MIT Imports: 25 Imported by: 0

Documentation

Overview

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Copyright (c) Microsoft Corporation. Licensed under the MIT license.

Index

Constants

View Source 
const (
	Verdict_RETRANSMISSION flow.Verdict = 15
	Verdict_DNS            flow.Verdict = 16
	TypeUrl                string       = "retina.sh"
)

Additional Verdicts to be used for flow objects

View Source 
const (
	// Common Counters across os distributions (should these be asynch or synch)
	// make sure IsMetric is updated if you add a new metric here
	DroppedPacketsGaugeName              = "drop_count"
	DropBytesGaugeName                   = "drop_bytes"
	ForwardPacketsGaugeName              = "forward_count"
	ForwardBytesGaugeName                = "forward_bytes"
	TCPStateGaugeName                    = "tcp_state"
	TCPConnectionRemoteGaugeName         = "tcp_connection_remote"
	TCPConnectionStatsName               = "tcp_connection_stats"
	TCPFlagGauge                         = "tcp_flag_gauges"
	TCPRetransCount                      = "tcp_retransmission_count"
	IPConnectionStatsName                = "ip_connection_stats"
	UDPConnectionStatsName               = "udp_connection_stats"
	InterfaceStatsName                   = "interface_stats"
	DNSRequestCounterName                = "dns_request_count"
	DNSResponseCounterName               = "dns_response_count"
	NodeAPIServerLatencyName             = "node_apiserver_latency"
	NodeAPIServerTCPHandshakeLatencyName = "node_apiserver_handshake_latency"
	NoResponseFromAPIServerName          = "node_apiserver_no_response"
	InfinibandCounterStatsName           = "infiniband_counter_stats"
	InfinibandStatusParamsName           = "infiniband_status_params"

	// Common Gauges across os distributions
	NodeConnectivityStatusName         = "node_connectivity_status"
	NodeConnectivityLatencySecondsName = "node_connectivity_latency_seconds"
)

Variables

View Source 
var (

	// todo move to attributes pkg?
	Type                  = "type"
	Reason                = "reason"
	Direction             = "direction"
	SourceNodeName        = "source_node_name"
	TargetNodeName        = "target_node_name"
	State                 = "state"
	Address               = "address"
	Port                  = "port"
	StatName              = "statistic_name"
	InterfaceName         = "interface_name"
	InterfaceNameConstant = "all_interfaces"
	Flag                  = "flag"
	Endpoint              = "endpoint"
	AclRule               = "aclrule"
	Active                = "ACTIVE"
	Device                = "device"

	// TCP Connection Statistic Names
	ResetCount           = "ResetCount"
	ClosedFin            = "ClosedFin"
	ResetSyn             = "ResetSyn"
	TcpHalfOpenTimeouts  = "TcpHalfOpenTimeouts"
	Verified             = "Verified"
	TimedOutCount        = "TimedOutCount"
	TimeWaitExpiredCount = "TimeWaitExpiredCount"

	// Events types
	Kernel          = "kernel"
	EnricherRing    = "enricher_ring"
	BufferedChannel = "buffered_channel"
	ExternalChannel = "external_channel"

	// TCP Flags
	SYN    = "SYN"
	SYNACK = "SYNACK"
	ACK    = "ACK"
	FIN    = "FIN"
	RST    = "RST"
	PSH    = "PSH"
	ECE    = "ECE"
	CWR    = "CWR"
	NS     = "NS"
	URG    = "URG"

	DataPlane = "dataplane"
	Linux     = "linux"
	Windows   = "windows"

	// DNS labels.
	DNSRequestLabels  = []string{"query_type", "query"}
	DNSResponseLabels = []string{"return_code", "query_type", "query", "response", "num_response"}
)
View Source 
var (
	DNSType_name = map[int32]string{
		0: "UNKNOWN",
		1: "QUERY",
		2: "RESPONSE",
	}
	DNSType_value = map[string]int32{
		"UNKNOWN":  0,
		"QUERY":    1,
		"RESPONSE": 2,
	}
)

Enum value maps for DNSType.

View Source 
var (
	DropReason_name = map[int32]string{
		0: "IPTABLE_RULE_DROP",
		1: "IPTABLE_NAT_DROP",
		2: "TCP_CONNECT_BASIC",
		3: "TCP_ACCEPT_BASIC",
		4: "TCP_CLOSE_BASIC",
		5: "CONNTRACK_ADD_DROP",
		6: "UNKNOWN_DROP",
	}
	DropReason_value = map[string]int32{
		"IPTABLE_RULE_DROP":  0,
		"IPTABLE_NAT_DROP":   1,
		"TCP_CONNECT_BASIC":  2,
		"TCP_ACCEPT_BASIC":   3,
		"TCP_CLOSE_BASIC":    4,
		"CONNTRACK_ADD_DROP": 5,
		"UNKNOWN_DROP":       6,
	}
)

Enum value maps for DropReason.

View Source 
var File_pkg_utils_metadata_linux_proto protoreflect.FileDescriptor

Functions

func AddDNSInfo 

func AddDNSInfo(f *flow.Flow, meta *RetinaMetadata, qType string, rCode uint32, query string, qTypes []string, numAnswers int, ips []string)

AddDNSInfo adds DNS information to the flow's metadata.

func AddDropReason 

func AddDropReason(f *flow.Flow, meta *RetinaMetadata, dropReason uint16)

AddDropReason adds the drop reason to the flow's metadata.

func AddPacketSize 

func AddPacketSize(meta *RetinaMetadata, packetSize uint32)

AddPacketSize adds the packet size to the flow's metadata.

func AddRetinaMetadata 

func AddRetinaMetadata(f *flow.Flow, meta *RetinaMetadata)

AddRetinaMetadata adds the RetinaMetadata to the flow's extensions field.

func AddTCPFlags 

func AddTCPFlags(f *flow.Flow, syn, ack, fin, rst, psh, urg uint16)

func AddTCPFlagsBool 

func AddTCPFlagsBool(f *flow.Flow, syn, ack, fin, rst, psh, urg bool)

func AddTCPID 

func AddTCPID(meta *RetinaMetadata, id uint64)

Add TSval/TSecr to the flow's metadata as TCP ID. The TSval/TSecr works as ID for the flow. We will use this ID to calculate latency.

func CompareStringSlice 

func CompareStringSlice(a, b []string) bool

func DNSRcodeToString 

func DNSRcodeToString(f *flow.Flow) string

DNS Return code to string.

func DecodeRequestBody 

func DecodeRequestBody(request *http.Request, iface interface{}) (err error)

func DropReasonDescription 

func DropReasonDescription(f *flow.Flow) string

func EncodeResponseBody 

func EncodeResponseBody(w http.ResponseWriter, iface interface{}) error
func GetDefaultOutgoingLinks() ([]netlink.Link, error)

GetDefaultOutgoingLinks gets the outgoing interface by executing an equivalent to `ip route show default 0.0.0.0/0`

func GetDropReasonDesc 

func GetDropReasonDesc(dr DropReason) flow.DropReason

func GetPluginEventAttributes 

func GetPluginEventAttributes(attrs []attribute.KeyValue, pluginName, eventName, timestamp string) []attribute.KeyValue

func GetTCPID 

func GetTCPID(f *flow.Flow) uint64

func HostToNetShort 

func HostToNetShort(i uint16) uint16

HostToNetShort converts a 16-bit integer from host to network byte order, aka "htons"

func Int2ip 

func Int2ip(nn uint32) net.IP

https://gist.github.com/ammario/649d4c0da650162efd404af23e25b86b

func Ip2int 

func Ip2int(ip []byte) (res uint32, err error)

func IsAdvancedMetric 

func IsAdvancedMetric(name string) bool

IsAdvancedMetric is a helper function to determine if a name is an advanced metric

func OpenRawSocket 

func OpenRawSocket(index int) (int, error)

func PacketSize 

func PacketSize(f *flow.Flow) uint32

func Retry 

func Retry(f func() error, retry int) (err error)

Exponential backoff retry logic.

func StringPtr 

func StringPtr(v string) *string

func ToFlow 

func ToFlow(
	l *log.ZapLogger,
	ts int64,
	sourceIP, destIP net.IP,
	sourcePort, destPort uint32,
	proto uint8,
	observationPoint uint8,
	verdict flow.Verdict,
) *flow.Flow

ToFlow returns a flow.Flow object. This sets up a L3/L4 flow object. sourceIP, destIP are IPv4 addresses. sourcePort, destPort are TCP/UDP ports. proto is the protocol number. Ref: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml . observationPoint is the observation point+direction of the flow. 0 is from n/w stack to container, 1 is from container to stack, 2 is from host to network and 3 is from network to host. ts is the timestamp in nanoseconds.

func Uint32Ptr 

func Uint32Ptr(v uint32) *uint32

Inspired by https://github.com/mauriciovasquezbernal/talks/blob/1f2080afe731949a033330c0adc290be8f3fc06d/2022-ebpf-training/2022-10-13/drop/main.go .

Types

type DNSType 

type DNSType int32
const (
	DNSType_UNKNOWN  DNSType = 0
	DNSType_QUERY    DNSType = 1
	DNSType_RESPONSE DNSType = 2
)

func GetDNS 

func GetDNS(f *flow.Flow) (*flow.DNS, DNSType, uint32)

func (DNSType) Descriptor 

func (DNSType) Descriptor() protoreflect.EnumDescriptor

func (DNSType) Enum 

func (x DNSType) Enum() *DNSType

func (DNSType) EnumDescriptor deprecated 

func (DNSType) EnumDescriptor() ([]byte, []int)

Deprecated: Use DNSType.Descriptor instead.

func (DNSType) Number 

func (x DNSType) Number() protoreflect.EnumNumber

func (DNSType) String 

func (x DNSType) String() string

func (DNSType) Type 

func (DNSType) Type() protoreflect.EnumType

type DropReason 

type DropReason int32

Ref: pkg/plugin/dropreason/_cprog/drop_reason.h. 

const (
	DropReason_IPTABLE_RULE_DROP  DropReason = 0
	DropReason_IPTABLE_NAT_DROP   DropReason = 1
	DropReason_TCP_CONNECT_BASIC  DropReason = 2
	DropReason_TCP_ACCEPT_BASIC   DropReason = 3
	DropReason_TCP_CLOSE_BASIC    DropReason = 4
	DropReason_CONNTRACK_ADD_DROP DropReason = 5
	DropReason_UNKNOWN_DROP       DropReason = 6
)

func (DropReason) Descriptor 

func (DropReason) Descriptor() protoreflect.EnumDescriptor

func (DropReason) Enum 

func (x DropReason) Enum() *DropReason

func (DropReason) EnumDescriptor deprecated 

func (DropReason) EnumDescriptor() ([]byte, []int)

Deprecated: Use DropReason.Descriptor instead.

func (DropReason) Number 

func (x DropReason) Number() protoreflect.EnumNumber

func (DropReason) String 

func (x DropReason) String() string

func (DropReason) Type 

func (DropReason) Type() protoreflect.EnumType

type RetinaMetadata 

type RetinaMetadata struct {
	Bytes uint32 `protobuf:"varint,1,opt,name=bytes,proto3" json:"bytes,omitempty"`
	// DNS metadata.
	DnsType      DNSType `protobuf:"varint,2,opt,name=dns_type,json=dnsType,proto3,enum=utils.DNSType" json:"dns_type,omitempty"`
	NumResponses uint32  `protobuf:"varint,3,opt,name=num_responses,json=numResponses,proto3" json:"num_responses,omitempty"`
	// TCP ID. Either Tsval or Tsecr will be set.
	TcpId uint64 `protobuf:"varint,4,opt,name=tcp_id,json=tcpId,proto3" json:"tcp_id,omitempty"`
	// Drop reason in Retina.
	DropReason DropReason `protobuf:"varint,5,opt,name=drop_reason,json=dropReason,proto3,enum=utils.DropReason" json:"drop_reason,omitempty"`
	// contains filtered or unexported fields
}

func (*RetinaMetadata) Descriptor deprecated 

func (*RetinaMetadata) Descriptor() ([]byte, []int)

Deprecated: Use RetinaMetadata.ProtoReflect.Descriptor instead.

func (*RetinaMetadata) GetBytes 

func (x *RetinaMetadata) GetBytes() uint32

func (*RetinaMetadata) GetDnsType 

func (x *RetinaMetadata) GetDnsType() DNSType

func (*RetinaMetadata) GetDropReason 

func (x *RetinaMetadata) GetDropReason() DropReason

func (*RetinaMetadata) GetNumResponses 

func (x *RetinaMetadata) GetNumResponses() uint32

func (*RetinaMetadata) GetTcpId 

func (x *RetinaMetadata) GetTcpId() uint64

func (*RetinaMetadata) ProtoMessage 

func (*RetinaMetadata) ProtoMessage()

func (*RetinaMetadata) ProtoReflect 

func (x *RetinaMetadata) ProtoReflect() protoreflect.Message

func (*RetinaMetadata) Reset 

func (x *RetinaMetadata) Reset()

func (*RetinaMetadata) String 

func (x *RetinaMetadata) String() string

Source Files

View all Source files

Directories

Path Synopsis
testutil
cilium

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.