Documentation
¶
Index ¶
- func DropReasonsCommand() []string
- func RunInNode(config Config, nodeName, debugPodNamespace string) error
- func RunInPod(config Config, podNamespace, podName string) error
- func RunTrace(ctx context.Context, config TraceConfig, nodeName, debugPodNamespace string) error
- func TraceCapabilities() []string
- type Config
- type ScriptGenerator
- type TraceConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DropReasonsCommand ¶ added in v1.1.0
func DropReasonsCommand() []string
DropReasonsCommand returns the command to fetch SKB drop reason enum from kernel. The enum values are kernel-version specific and must be read at runtime. This reads from the tracepoint format file which contains the enum definition.
func RunInNode ¶
RunInNode starts an interactive shell on a node by creating a HostNetwork pod and attaching to it.
func RunInPod ¶
RunInPod starts an interactive shell in a pod by creating and attaching to an ephemeral container.
func RunTrace ¶ added in v1.1.0
func RunTrace(ctx context.Context, config TraceConfig, nodeName, debugPodNamespace string) error
RunTrace starts a network trace on a node. It creates a privileged pod on the target node, runs bpftrace, and streams output.
func TraceCapabilities ¶ added in v1.1.0
func TraceCapabilities() []string
TraceCapabilities returns the required Linux capabilities for bpftrace. These are set automatically and not user-configurable.
Types ¶
type Config ¶
type Config struct {
RestConfig *rest.Config
RetinaShellImage string
HostPID bool
Capabilities []string
Timeout time.Duration
// Host filesystem access applies only to nodes, not pods.
MountHostFilesystem bool
AllowHostFilesystemWrite bool
AppArmorUnconfined bool
SeccompUnconfined bool
}
Config is the configuration for starting a shell in a node or pod.
type ScriptGenerator ¶ added in v1.1.0
type ScriptGenerator struct {
// contains filtered or unexported fields
}
ScriptGenerator generates bpftrace scripts for network tracing. SECURITY: All IP addresses are converted to hex representation to prevent injection.
func NewScriptGenerator ¶ added in v1.1.0
func NewScriptGenerator(config TraceConfig) *ScriptGenerator
NewScriptGenerator creates a new script generator with the given config.
func (*ScriptGenerator) Generate ¶ added in v1.1.0
func (g *ScriptGenerator) Generate() string
Generate creates the complete bpftrace script.
type TraceConfig ¶ added in v1.1.0
type TraceConfig struct {
// Kubernetes configuration
RestConfig *rest.Config
RetinaShellImage string
// Filter configuration (validated, typed values only)
FilterIPs []net.IP // Validated IP addresses to filter
FilterCIDRs []*net.IPNet // Validated CIDRs to filter
// Output configuration
OutputJSON bool // true for JSON output, false for table
// Event selection - which probes to enable
EnableDrops bool // Enable packet drop tracing (kfree_skb)
EnableRST bool // Enable TCP RST tracing (tcp_send_reset/tcp_receive_reset)
EnableErrors bool // Enable socket error tracing (inet_sk_error_report)
EnableRetransmits bool // Enable TCP retransmit tracing (tcp_retransmit_skb)
EnableNfqueueDrops bool // Enable NFQUEUE drop tracing (fexit:vmlinux:__nf_queue)
// Timing configuration
TraceDuration time.Duration // How long to trace (0 = until Ctrl-C)
Timeout time.Duration // Pod startup timeout
}
TraceConfig holds the validated configuration for network tracing. All fields are typed values - no raw user strings for security.
Source Files