github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/collector/interfaces.go (about) 1 package collector 2 3 import ( 4 "fmt" 5 "time" 6 7 "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/packettracing" 8 "go.aporeto.io/enforcerd/trireme-lib/policy" 9 "go.aporeto.io/gaia" 10 ) 11 12 // Flow event description 13 const ( 14 // FlowReject indicates that a flow was rejected 15 FlowReject = "reject" 16 // FlowAccept logs that a flow is accepted 17 FlowAccept = "accept" 18 // MissingToken indicates that the token was missing 19 MissingToken = "missingtoken" 20 // InvalidToken indicates that the token was invalid 21 InvalidToken = "token" 22 // InvalidFormat indicates that the packet metadata were not correct 23 InvalidFormat = "format" 24 // InvalidHeader indicates that the TCP header was not there. 25 InvalidHeader = "header" 26 // InvalidPayload indicates that the TCP payload was not there or bad. 27 InvalidPayload = "payload" 28 // InvalidContext indicates that there was no context in the metadata 29 InvalidContext = "context" 30 // InvalidConnection indicates that there was no connection found 31 InvalidConnection = "connection" 32 // InvalidState indicates that a packet was received without proper state information 33 InvalidState = "state" 34 // InvalidNonse indicates that the nonse check failed 35 InvalidNonse = "nonse" 36 // PolicyDrop indicates that the flow is rejected because of the policy decision 37 PolicyDrop = "policy" 38 // APIPolicyDrop indicates that the request was dropped because of failed API validation. 39 APIPolicyDrop = "api" 40 // UnableToDial indicates that the proxy cannot dial out the connection 41 UnableToDial = "dial" 42 // CompressedTagMismatch indicates that the compressed tag version is dissimilar 43 CompressedTagMismatch = "compressedtagmismatch" 44 // EncryptionMismatch indicates that the policy encryption varies between client and server enforcer 45 EncryptionMismatch = "encryptionmismatch" 46 // DatapathVersionMismatch indicates that the datapath version is dissimilar 47 DatapathVersionMismatch = "datapathversionmismatch" 48 // PacketDrop indicate a single packet drop 49 PacketDrop = "packetdrop" 50 ) 51 52 // Container event description 53 const ( 54 // ContainerStart indicates a container start event 55 ContainerStart = "start" 56 // ContainerStop indicates a container stop event 57 ContainerStop = "stop" 58 // ContainerCreate indicates a container create event 59 ContainerCreate = "create" 60 // ContainerDelete indicates a container delete event 61 ContainerDelete = "delete" 62 // ContainerUpdate indicates a container policy update event 63 ContainerUpdate = "update" 64 // ContainerFailed indicates an event that a container was stopped because of policy issues 65 ContainerFailed = "forcestop" 66 // ContainerIgnored indicates that the container will be ignored by Trireme 67 ContainerIgnored = "ignore" 68 // ContainerDeleteUnknown indicates that policy for an unknown container was deleted 69 ContainerDeleteUnknown = "unknowncontainer" 70 ) 71 72 const ( 73 // PolicyValid Normal flow accept 74 PolicyValid = "V" 75 // DefaultEndPoint provides a string for unknown container sources 76 DefaultEndPoint = "default" 77 // SomeClaimsSource provides a string for some claims flow source. 78 SomeClaimsSource = "some-claims" 79 ) 80 81 // EventCollector is the interface for collecting events. 82 type EventCollector interface { 83 84 // CollectFlowEvent collect a flow event. 85 CollectFlowEvent(record *FlowRecord) 86 87 // CollectContainerEvent collects a container events 88 CollectContainerEvent(record *ContainerRecord) 89 90 // CollectUserEvent collects a user event 91 CollectUserEvent(record *UserRecord) 92 93 // CollectTraceEvent collects a set of trace messages generated with Iptables trace command 94 CollectTraceEvent(records []string) 95 96 // CollectPacketEvent collects packet event from nfqdatapath 97 CollectPacketEvent(report *PacketReport) 98 99 // CollectCounterEvent collects the counters from 100 CollectCounterEvent(counterReport *CounterReport) 101 102 // CollectDNSRequests collects the dns requests 103 CollectDNSRequests(request *DNSRequestReport) 104 105 // CollectPingEvent collects the ping events 106 CollectPingEvent(report *PingReport) 107 108 // CollectConnectionExceptionReport collects the connection exception report 109 CollectConnectionExceptionReport(report *ConnectionExceptionReport) 110 } 111 112 // EndPointType is the type of an endpoint (PU or an external IP address ) 113 type EndPointType byte 114 115 const ( 116 // EndPointTypeExternalIP indicates that the endpoint is an external IP address 117 EndPointTypeExternalIP EndPointType = iota 118 // EndPointTypePU indicates that the endpoint is a PU. 119 EndPointTypePU 120 // EndPointTypeClaims indicates that the endpoint is of type claims. 121 EndPointTypeClaims 122 ) 123 124 func (e *EndPointType) String() string { 125 126 switch *e { 127 case EndPointTypeExternalIP: 128 return "ext" 129 case EndPointTypePU: 130 return "pu" 131 case EndPointTypeClaims: 132 return "claims" 133 } 134 135 return "pu" // backward compatibility (CS: 04/24/2018) 136 } 137 138 // EndPoint is a structure that holds all the endpoint information 139 type EndPoint struct { 140 ID string 141 IP string 142 URI string 143 HTTPMethod string 144 UserID string 145 Type EndPointType 146 Port uint16 147 } 148 149 // FlowRecord describes a flow record for statistis 150 type FlowRecord struct { 151 ContextID string 152 Namespace string 153 Source EndPoint 154 Destination EndPoint 155 Tags []string 156 DropReason string 157 PolicyID string 158 ObservedPolicyID string 159 ServiceType policy.ServiceType 160 ServiceID string 161 Count int 162 Action policy.ActionType 163 ObservedAction policy.ActionType 164 ObservedActionType policy.ObserveActionType 165 L4Protocol uint8 166 SourceController string 167 DestinationController string 168 RuleName string 169 } 170 171 func (f *FlowRecord) String() string { 172 return fmt.Sprintf("<flowrecord contextID:%s namespace:%s count:%d sourceID:%s destinationID:%s sourceIP: %s destinationIP:%s destinationPort:%d action:%s mode:%s>", 173 f.ContextID, 174 f.Namespace, 175 f.Count, 176 f.Source.ID, 177 f.Destination.ID, 178 f.Source.IP, 179 f.Destination.IP, 180 f.Destination.Port, 181 f.Action.String(), 182 f.DropReason, 183 ) 184 } 185 186 // ContainerRecord is a statistics record for a container 187 type ContainerRecord struct { 188 ContextID string 189 IPAddress policy.ExtendedMap 190 Tags *policy.TagStore 191 Event string 192 } 193 194 // UserRecord reports a new user access. These will be reported 195 // periodically. 196 type UserRecord struct { 197 ID string 198 Namespace string 199 Claims []string 200 } 201 202 // PacketReport is the struct which is used to report packets captured in datapath 203 type PacketReport struct { 204 TCPFlags int 205 Claims []string 206 DestinationIP string 207 DestinationPort int 208 DropReason string 209 Encrypt bool 210 Event packettracing.PacketEvent 211 Length int 212 Mark int 213 Namespace string 214 PacketID int 215 Protocol int 216 PUID string 217 SourceIP string 218 SourcePort int 219 TriremePacket bool 220 Timestamp int64 221 Payload []byte 222 } 223 224 // DNSRequestReport object is used to report dns requests being made by PU's 225 type DNSRequestReport struct { 226 ContextID string 227 Namespace string 228 Source *EndPoint 229 Destination *EndPoint 230 NameLookup string 231 Error string 232 Count int 233 Ts time.Time 234 IPs []string 235 } 236 237 // Counters represent a single entry with name and current val 238 type Counters uint32 239 240 // CounterReport is called from the PU which reports Counters from the datapath 241 type CounterReport struct { 242 Namespace string 243 PUID string 244 Timestamp int64 245 Counters []Counters 246 } 247 248 // PingReport represents a single ping report from datapath. 249 type PingReport struct { 250 PingID string 251 IterationID int 252 Type gaia.PingProbeTypeValue 253 PUID string 254 Namespace string 255 FourTuple string 256 RTT string 257 Protocol int 258 ServiceType string 259 PayloadSize int 260 PayloadSizeType gaia.PingProbePayloadSizeTypeValue 261 PolicyID string 262 PolicyAction policy.ActionType 263 AgentVersion string 264 ApplicationListening bool 265 SeqNum uint32 266 TargetTCPNetworks bool 267 ExcludedNetworks bool 268 Error string 269 Claims []string 270 ClaimsType gaia.PingProbeClaimsTypeValue 271 ACLPolicyID string 272 ACLPolicyAction policy.ActionType 273 PeerCertIssuer string 274 PeerCertSubject string 275 PeerCertExpiry time.Time 276 IsServer bool 277 ServiceID string 278 279 // Remote pu fields. 280 RemoteController string 281 RemotePUID string 282 RemoteEndpointType EndPointType 283 RemoteNamespace string 284 RemoteNamespaceType gaia.PingProbeRemoteNamespaceTypeValue 285 } 286 287 // IPTablesTrace is a bundle of iptables trace records 288 type IPTablesTrace struct { 289 Namespace string 290 Timestamp int64 291 Records []*IPTablesTraceRecord 292 } 293 294 // IPTablesTraceRecord is the info parsed out from a trace event message 295 type IPTablesTraceRecord struct { 296 TTL int 297 Chain string 298 DestinationIP string 299 DestinationInterface string 300 DestinationPort int 301 Length int 302 PacketID int 303 Protocol int 304 RuleID int 305 SourceIP string 306 SourceInterface string 307 SourcePort int 308 TableName string 309 } 310 311 // ConnectionExceptionReport represents a single connection exception report from datapath. 312 type ConnectionExceptionReport struct { 313 Timestamp time.Time 314 PUID string 315 Namespace string 316 Protocol int 317 SourceIP string 318 DestinationIP string 319 DestinationPort uint16 320 State string 321 Reason string 322 Value uint32 323 }