github.com/tigera/api@v0.0.0-20240320170621-278e89a8c5fb/pkg/apis/projectcalico/v3/packetcapture.go (about) 1 // Copyright (c) 2020-2021 Tigera, Inc. All rights reserved. 2 3 package v3 4 5 import ( 6 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 7 8 "github.com/tigera/api/pkg/lib/numorstring" 9 ) 10 11 const ( 12 KindPacketCapture = "PacketCapture" 13 KindPacketCaptureList = "PacketCaptureList" 14 ) 15 16 // PacketCaptureState represents the state of the PacketCapture 17 type PacketCaptureState string 18 19 const ( 20 // PacketCaptureStateCapturing represents the active state of a PacketCapture of capturing traffic 21 PacketCaptureStateCapturing PacketCaptureState = "Capturing" 22 // PacketCaptureStateFinished represents the inactive state of a PacketCapture of not capturing traffic 23 PacketCaptureStateFinished = "Finished" 24 // PacketCaptureStateScheduled represents the inactive state of a PacketCapture of being 25 // scheduled, but not capturing traffic 26 PacketCaptureStateScheduled = "Scheduled" 27 // PacketCaptureStateError represents the error state of a PacketCapture 28 PacketCaptureStateError = "Error" 29 // PacketCaptureStateWaitingForTraffic represents the active state of a PacketCapture of capturing from a live 30 // interface, but waiting for traffic on that interface 31 PacketCaptureStateWaitingForTraffic = "WaitingForTraffic" 32 ) 33 34 // +genclient 35 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 36 37 // PacketCapture contains the configuration for any packet capture. 38 type PacketCapture struct { 39 metav1.TypeMeta `json:",inline"` 40 // Standard object's metadata. 41 metav1.ObjectMeta `json:"metadata,omitempty"` 42 // Specification of the PacketCapture. 43 Spec PacketCaptureSpec `json:"spec,omitempty"` 44 // Status of the PacketCapture 45 Status PacketCaptureStatus `json:"status,omitempty"` 46 } 47 48 // PacketCaptureSpec contains the values of the packet capture. 49 type PacketCaptureSpec struct { 50 // The selector is an expression used to pick out the endpoints that the policy should 51 // be applied to. The selector will only match endpoints in the same namespace as the 52 // PacketCapture resource. 53 // 54 // Selector expressions follow this syntax: 55 // 56 // label == "string_literal" -> comparison, e.g. my_label == "foo bar" 57 // label != "string_literal" -> not equal; also matches if label is not present 58 // label in { "a", "b", "c", ... } -> true if the value of label X is one of "a", "b", "c" 59 // label not in { "a", "b", "c", ... } -> true if the value of label X is not one of "a", "b", "c" 60 // has(label_name) -> True if that label is present 61 // ! expr -> negation of expr 62 // expr && expr -> Short-circuit and 63 // expr || expr -> Short-circuit or 64 // ( expr ) -> parens for grouping 65 // all() -> matches all endpoints. 66 // an empty selector will default to all 67 // 68 // Label names are allowed to contain alphanumerics, -, _ and /. String literals are more permissive 69 // but they do not support escape characters. 70 // 71 // Examples (with made-up labels): 72 // 73 // type == "webserver" && deployment == "prod" 74 // type in {"frontend", "backend"} 75 // deployment != "dev" 76 // ! has(label_name) 77 // +kubebuilder:default:="all()" 78 Selector string `json:"selector,omitempty" validate:"selector"` 79 80 // The ordered set of filters applied to traffic captured from an interface. Each rule contains a set of 81 // packet match criteria. 82 Filters []PacketCaptureRule `json:"filters,omitempty" validate:"omitempty,dive"` 83 84 // Defines the start time from which this PacketCapture will capture packets. 85 // If omitted or the value is in the past, the capture will start immediately. 86 // If the value is changed to a future time, capture will stop immediately and restart at that time 87 // +optional 88 // +kubebuilder:validation:Format="date-time" 89 StartTime *metav1.Time `json:"startTime,omitempty" validate:"omitempty"` 90 91 // Defines the end time at which this PacketCapture will stop capturing packets. 92 // If omitted the capture will continue indefinitely. 93 // If the value is changed to the past, capture will stop immediately. 94 // +optional 95 //+kubebuilder:validation:Format="date-time" 96 EndTime *metav1.Time `json:"endTime,omitempty" validate:"omitempty"` 97 } 98 99 // A PacketCaptureRule encapsulates a set of match criteria for traffic captured from an interface. 100 type PacketCaptureRule struct { 101 // Protocol is an optional field that defines a filter for all traffic for 102 // a specific IP protocol. 103 // 104 // Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite" 105 // or an integer in the range 1-255. 106 Protocol *numorstring.Protocol `json:"protocol,omitempty" validate:"omitempty"` 107 108 // Ports is an optional field that defines a filter for all traffic that has a 109 // source or destination port that matches one of these ranges/values. This value is a 110 // list of integers or strings that represent ranges of ports. 111 Ports []numorstring.Port `json:"ports,omitempty" validate:"omitempty,dive"` 112 } 113 114 // PacketCaptureStatus describes the files that have been captured, for a given PacketCapture, on each node 115 // that generates packet capture files 116 type PacketCaptureStatus struct { 117 Files []PacketCaptureFile `json:"files,omitempty"` 118 } 119 120 // PacketCaptureFile describes files generated by a PacketCapture. It describes the location of the packet capture files 121 // that is identified via a node, its directory and the file names generated. 122 type PacketCaptureFile struct { 123 // Node identifies with a physical node from the cluster via its hostname 124 Node string `json:"node,omitempty" validate:"omitempty"` 125 126 // Directory represents the path inside the calico-node container for the the generated files 127 Directory string `json:"directory,omitempty" validate:"omitempty"` 128 129 // FileNames represents the name of the generated file for a PacketCapture ordered alphanumerically. 130 // The active packet capture file will be identified using the following schema: 131 // "{workload endpoint name}_{host network interface}.pcap" . 132 // Rotated capture files name will contain an index matching the rotation timestamp. 133 FileNames []string `json:"fileNames,omitempty" validate:"omitempty,dive"` 134 135 // Determines whether a PacketCapture is capturing traffic from any interface 136 // attached to the current node 137 138 // +kubebuilder:validation:Enum=Capturing;Finished;Scheduled;Error;WaitingForTraffic 139 State *PacketCaptureState `json:"state,omitempty" validate:"omitempty"` 140 } 141 142 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 143 144 // PacketCaptureList contains a list of PacketCapture resources. 145 type PacketCaptureList struct { 146 metav1.TypeMeta `json:",inline"` 147 metav1.ListMeta `json:"metadata"` 148 Items []PacketCapture `json:"items"` 149 } 150 151 // NewPacketCapture creates a new (zeroed) PacketCapture struct with the TypeMetadata initialised to the current 152 // version. 153 func NewPacketCapture() *PacketCapture { 154 return &PacketCapture{ 155 TypeMeta: metav1.TypeMeta{ 156 Kind: KindPacketCapture, 157 APIVersion: GroupVersionCurrent, 158 }, 159 } 160 } 161 162 // NewPacketCaptureList creates a new (zeroed) PacketCaptureList struct with the TypeMetadata initialised to the current 163 // version. 164 func NewPacketCaptureList() *PacketCaptureList { 165 return &PacketCaptureList{ 166 TypeMeta: metav1.TypeMeta{ 167 Kind: KindPacketCaptureList, 168 APIVersion: GroupVersionCurrent, 169 }, 170 } 171 }