github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/monitor/extractors/ssh.go

github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/monitor/extractors/ssh.go (about)

     1  package extractors
     2  
     3  import (
     4  	"fmt"
     5  	"strconv"
     6  	"strings"
     7  
     8  	"go.aporeto.io/trireme-lib/common"
     9  	"go.aporeto.io/trireme-lib/policy"
    10  	"go.aporeto.io/trireme-lib/utils/cgnetcls"
    11  )
    12  
    13  // SSHMetadataExtractor is a metadata extractor for ssh.
    14  func SSHMetadataExtractor(event *common.EventInfo) (*policy.PURuntime, error) {
    15  
    16  	runtimeTags := policy.NewTagStore()
    17  
    18  	for _, tag := range event.Tags {
    19  		parts := strings.SplitN(tag, "=", 2)
    20  		if len(parts) != 2 {
    21  			return nil, fmt.Errorf("invalid tag: %s", tag)
    22  		}
    23  
    24  		// This means we send something that is for internal purposes only
    25  		// We add it as it is.
    26  		if strings.HasPrefix(tag, "$") {
    27  			runtimeTags.AppendKeyValue(parts[0], parts[1])
    28  			continue
    29  		}
    30  
    31  		runtimeTags.AppendKeyValue("@user:ssh:"+parts[0], parts[1])
    32  	}
    33  
    34  	options := &policy.OptionsType{
    35  		CgroupName: event.PUID,
    36  		CgroupMark: strconv.FormatUint(cgnetcls.MarkVal(), 10),
    37  	}
    38  
    39  	runtimeIps := policy.ExtendedMap{"bridge": "0.0.0.0/0"}
    40  
    41  	return policy.NewPURuntime(event.Name, int(event.PID), "", runtimeTags, runtimeIps, event.PUType, options), nil
    42  }