Documentation
¶
Index ¶
Constants ¶
const ( XMLHeader = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" ConntrackOpenTag = "<conntrack>\n" TimeWait = "TIME_WAIT" TCP = "tcp" New = "new" Update = "update" Destroy = "destroy" )
Constants exported for testing
const ( Addr = "addr" // typically IPv4 Port = "port" Conntracked = "conntracked" Procspied = "procspied" )
Node metadata keys.
Variables ¶
var ConntrackModulePresent = func() bool { f, err := os.Open(modules) if err != nil { return false } defer f.Close() scanner := bufio.NewScanner(f) for scanner.Scan() { line := scanner.Text() if strings.HasPrefix(line, conntrackModule) { return true } } if err := scanner.Err(); err != nil { log.Printf("conntrack error: %v", err) } log.Printf("conntrack: failed to find module %s", conntrackModule) return false }
ConntrackModulePresent returns true if the kernel has the conntrack module present. It is made public for mocking.
var SpyDuration = prometheus.NewSummaryVec( prometheus.SummaryOpts{ Namespace: "scope", Subsystem: "probe", Name: "spy_time_nanoseconds", Help: "Total time spent spying on active connections.", MaxAge: 10 * time.Second, }, []string{}, )
SpyDuration is an exported prometheus metric
Functions ¶
This section is empty.
Types ¶
type Conntracker ¶
Conntracker uses the conntrack command to track network connections
func NewConntracker ¶
func NewConntracker(existingConns bool, args ...string) (*Conntracker, error)
NewConntracker creates and starts a new Conntracter
func (*Conntracker) WalkFlows ¶
func (c *Conntracker) WalkFlows(f func(Flow))
WalkFlows calls f with all active flows and flows that have come and gone since the last call to WalkFlows
type Flow ¶
type Flow struct {
XMLName xml.Name `xml:"flow"`
Metas []Meta `xml:"meta"`
Type string `xml:"type,attr"`
Original, Reply, Independent *Meta `xml:"-"`
}
Flow - these structs are for the parsed conntrack output
type Layer3 ¶
type Layer3 struct {
XMLName xml.Name `xml:"layer3"`
SrcIP string `xml:"src"`
DstIP string `xml:"dst"`
}
Layer3 - these structs are for the parsed conntrack output
type Layer4 ¶
type Layer4 struct {
XMLName xml.Name `xml:"layer4"`
SrcPort int `xml:"sport"`
DstPort int `xml:"dport"`
Proto string `xml:"protoname,attr"`
}
Layer4 - these structs are for the parsed conntrack output
type Meta ¶
type Meta struct {
XMLName xml.Name `xml:"meta"`
Direction string `xml:"direction,attr"`
Layer3 Layer3 `xml:"layer3"`
Layer4 Layer4 `xml:"layer4"`
ID int64 `xml:"id"`
State string `xml:"state"`
}
Meta - these structs are for the parsed conntrack output
type Reporter ¶
type Reporter struct {
// contains filtered or unexported fields
}
Reporter generates Reports containing the Endpoint topology.
func NewReporter ¶
NewReporter creates a new Reporter that invokes procspy.Connections to generate a report.Report that contains every discovered (spied) connection on the host machine, at the granularity of host and port. That information is stored in the Endpoint topology. It optionally enriches that topology with process (PID) information.
func (*Reporter) Report ¶
Report implements Reporter.
type ReverseResolver ¶
type ReverseResolver struct {
Throttle <-chan time.Time // Made public for mocking
Resolver revResFunc
// contains filtered or unexported fields
}
ReverseResolver is a caching, reverse resolver.
func NewReverseResolver ¶
func NewReverseResolver() *ReverseResolver
NewReverseResolver starts a new reverse resolver that performs reverse resolutions and caches the result.
func (*ReverseResolver) Get ¶
func (r *ReverseResolver) Get(address string) (string, error)
Get the reverse resolution for an IP address if already in the cache, a gcache.NotFoundKeyError error otherwise. Note: it returns one of the possible names that can be obtained for that IP.
Source Files
¶
- conntrack.go
- nat.go
- reporter.go
- resolver.go