ebpfless

package
v0.0.0-...-a768f24 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2024 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package ebpfless holds msgpack messages

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CapsetSyscallMsg 

type CapsetSyscallMsg struct {
	Effective uint64
	Permitted uint64
}

CapsetSyscallMsg defines a capset message

type ChdirSyscallMsg 

type ChdirSyscallMsg struct {
	Dir FileSyscallMsg
}

ChdirSyscallMsg defines a chdir message

type ChmodSyscallMsg 

type ChmodSyscallMsg struct {
	File FileSyscallMsg
	Mode uint32
}

ChmodSyscallMsg defines a chmod/fchmod/fchmodat/fchmodat2 message

type ChownSyscallMsg 

type ChownSyscallMsg struct {
	File  FileSyscallMsg
	UID   int32
	User  string
	GID   int32
	Group string
}

ChownSyscallMsg defines a chown/fchown/lchown/fchownat/fchownat2 message

type ContainerContext 

type ContainerContext struct {
	ID             string
	Name           string
	ImageShortName string
	ImageTag       string
	CreatedAt      uint64
}

ContainerContext defines a container context

type Credentials 

type Credentials struct {
	UID    uint32
	User   string
	EUID   uint32
	EUser  string
	GID    uint32
	Group  string
	EGID   uint32
	EGroup string
}

Credentials defines process credentials

type DupSyscallFakeMsg 

type DupSyscallFakeMsg struct {
	OldFd int32
}

DupSyscallFakeMsg defines a dup message

type ExecSyscallMsg 

type ExecSyscallMsg struct {
	File          FileSyscallMsg
	Args          []string
	ArgsTruncated bool
	Envs          []string
	EnvsTruncated bool
	TTY           string
	Credentials   *Credentials
	PPID          uint32
	FromProcFS    bool
}

ExecSyscallMsg defines an exec message

type ExitSyscallMsg 

type ExitSyscallMsg struct {
	Code  uint32
	Cause model.ExitCause
}

ExitSyscallMsg defines an exit message

type FcntlSyscallMsg 

type FcntlSyscallMsg struct {
	Fd  uint32
	Cmd uint32
}

FcntlSyscallMsg defines a fcntl message

type FileSyscallMsg 

type FileSyscallMsg struct {
	Filename    string
	CTime       uint64
	MTime       uint64
	Mode        uint32
	Inode       uint64
	Credentials *Credentials
}

FileSyscallMsg defines a file message

type ForkSyscallMsg 

type ForkSyscallMsg struct {
	PPID uint32
}

ForkSyscallMsg defines a fork message

type HelloMsg 

type HelloMsg struct {
	NSID             uint64
	ContainerContext *ContainerContext
	EntrypointArgs   []string
	Mode             Mode
}

HelloMsg defines a hello message

type LinkSyscallMsg 

type LinkSyscallMsg struct {
	Type   LinkType
	Target FileSyscallMsg
	Link   FileSyscallMsg
}

LinkSyscallMsg defines a link/linkat/symlink/symlinkat message

type LinkType 

type LinkType uint8

LinkType to handle the different link types 

const (
	// LinkTypeSymbolic defines a symbolic link type
	LinkTypeSymbolic LinkType = iota
	// LinkTypeHardlink defines an hard link type
	LinkTypeHardlink
)

type LoadModuleSyscallMsg 

type LoadModuleSyscallMsg struct {
	File             FileSyscallMsg
	LoadedFromMemory bool
	Name             string
	Args             string
}

LoadModuleSyscallMsg defines a init_module/finit_module message

type Message 

type Message struct {
	Type    MessageType
	Hello   *HelloMsg   `json:",omitempty"`
	Syscall *SyscallMsg `json:",omitempty"`
}

Message defines a message

func (*Message) Reset 

func (m *Message) Reset()

Reset resets a message

func (Message) String 

func (m Message) String() string

String returns string representation

type MessageType 

type MessageType int32

MessageType defines the type of a message 

const (
	// MessageTypeUnknown unknown type
	MessageTypeUnknown MessageType = iota
	// MessageTypeHello hello type
	MessageTypeHello
	// MessageTypeSyscall syscall type
	MessageTypeSyscall
	// MessageTypeGoodbye event type
	MessageTypeGoodbye
)

type MkdirSyscallMsg 

type MkdirSyscallMsg struct {
	Dir  FileSyscallMsg
	Mode uint32
}

MkdirSyscallMsg defines a mkdir/mkdirat message

type Mode 

type Mode string

Mode defines ptrace mode 

const (
	// UnknownMode unknown mode
	UnknownMode Mode = "unknown"
	// WrappedMode ptrace wrapping the binary
	WrappedMode Mode = "wrapped"
	// AttachedMode ptrace attached to a pid
	AttachedMode = "attached"
)

type MountSyscallMsg 

type MountSyscallMsg struct {
	Source string
	Target string
	FSType string
}

MountSyscallMsg defines a mount message

type OpenSyscallMsg 

type OpenSyscallMsg struct {
	FileSyscallMsg
	Flags uint32
}

OpenSyscallMsg defines an open message

type PipeSyscallFakeMsg 

type PipeSyscallFakeMsg struct {
	FdsPtr uint64
}

PipeSyscallFakeMsg defines a pipe message

type RenameSyscallMsg 

type RenameSyscallMsg struct {
	OldFile FileSyscallMsg
	NewFile FileSyscallMsg
}

RenameSyscallMsg defines a rename/renameat/renameat2 message

type RmdirSyscallMsg 

type RmdirSyscallMsg struct {
	File FileSyscallMsg
}

RmdirSyscallMsg defines a rmdir message

type SetFSGIDSyscallMsg 

type SetFSGIDSyscallMsg struct {
	FSGID   int32
	FSGroup string
}

SetFSGIDSyscallMsg defines a setfsgid message

type SetFSUIDSyscallMsg 

type SetFSUIDSyscallMsg struct {
	FSUID  int32
	FSUser string
}

SetFSUIDSyscallMsg defines a setfsuid message

type SetGIDSyscallMsg 

type SetGIDSyscallMsg struct {
	GID    int32
	Group  string
	EGID   int32
	EGroup string
}

SetGIDSyscallMsg defines a setregid message

type SetUIDSyscallMsg 

type SetUIDSyscallMsg struct {
	UID   int32
	User  string
	EUID  int32
	EUser string
}

SetUIDSyscallMsg defines a setreuid message

type SpanContext 

type SpanContext struct {
	SpanID  uint64
	TraceID mathutil.Int128
}

SpanContext stores a span context (if any)

type SyscallMsg 

type SyscallMsg struct {
	Type         SyscallType
	PID          uint32
	SpanContext  *SpanContext `json:",omitempty"`
	Timestamp    uint64
	Retval       int64
	ContainerID  string
	Exec         *ExecSyscallMsg         `json:",omitempty"`
	Open         *OpenSyscallMsg         `json:",omitempty"`
	Fork         *ForkSyscallMsg         `json:",omitempty"`
	Exit         *ExitSyscallMsg         `json:",omitempty"`
	Fcntl        *FcntlSyscallMsg        `json:",omitempty"`
	SetUID       *SetUIDSyscallMsg       `json:",omitempty"`
	SetGID       *SetGIDSyscallMsg       `json:",omitempty"`
	SetFSUID     *SetFSUIDSyscallMsg     `json:",omitempty"`
	SetFSGID     *SetFSGIDSyscallMsg     `json:",omitempty"`
	Capset       *CapsetSyscallMsg       `json:",omitempty"`
	Unlink       *UnlinkSyscallMsg       `json:",omitempty"`
	Rmdir        *RmdirSyscallMsg        `json:",omitempty"`
	Rename       *RenameSyscallMsg       `json:",omitempty"`
	Mkdir        *MkdirSyscallMsg        `json:",omitempty"`
	Utimes       *UtimesSyscallMsg       `json:",omitempty"`
	Link         *LinkSyscallMsg         `json:",omitempty"`
	Chmod        *ChmodSyscallMsg        `json:",omitempty"`
	Chown        *ChownSyscallMsg        `json:",omitempty"`
	LoadModule   *LoadModuleSyscallMsg   `json:",omitempty"`
	UnloadModule *UnloadModuleSyscallMsg `json:",omitempty"`
	Chdir        *ChdirSyscallMsg        `json:",omitempty"`
	Mount        *MountSyscallMsg        `json:",omitempty"`
	Umount       *UmountSyscallMsg       `json:",omitempty"`

	// internals
	Dup  *DupSyscallFakeMsg  `json:",omitempty"`
	Pipe *PipeSyscallFakeMsg `json:",omitempty"`
}

SyscallMsg defines a syscall message

func (SyscallMsg) String 

func (s SyscallMsg) String() string

String returns string representation

type SyscallType 

type SyscallType int32

SyscallType defines the type of a syscall message 

const (
	// SyscallTypeUnknown unknown type
	SyscallTypeUnknown SyscallType = iota
	// SyscallTypeExec exec type
	SyscallTypeExec
	// SyscallTypeFork fork type
	SyscallTypeFork
	// SyscallTypeOpen open type
	SyscallTypeOpen
	// SyscallTypeExit exit type
	SyscallTypeExit
	// SyscallTypeSetUID setuid/setreuid type
	SyscallTypeSetUID
	// SyscallTypeSetGID setgid/setregid type
	SyscallTypeSetGID
	// SyscallTypeSetFSUID setfsuid type
	SyscallTypeSetFSUID
	// SyscallTypeSetFSGID setfsgid type
	SyscallTypeSetFSGID
	// SyscallTypeCapset capset type
	SyscallTypeCapset
	// SyscallTypeUnlink unlink/unlinkat type
	SyscallTypeUnlink
	// SyscallTypeRmdir rmdir type
	SyscallTypeRmdir
	// SyscallTypeRename rename/renameat/renameat2 type
	SyscallTypeRename
	// SyscallTypeMkdir mkdir/mkdirat type
	SyscallTypeMkdir
	// SyscallTypeUtimes utime/utimes/utimensat/futimesat type
	SyscallTypeUtimes
	// SyscallTypeLink link/linkat/symlink/symlinkat type
	SyscallTypeLink
	// SyscallTypeChmod chmod/fchmod/fchmodat/fchmodat2 type
	SyscallTypeChmod
	// SyscallTypeChown chown/fchown/lchown/fchownat/fchownat2 type
	SyscallTypeChown
	// SyscallTypeLoadModule init_module/finit_module type
	SyscallTypeLoadModule
	// SyscallTypeUnloadModule delete_module type
	SyscallTypeUnloadModule
	// SyscallTypeChdir chdir/fchdir type
	SyscallTypeChdir
	// SyscallTypeMount mount type
	SyscallTypeMount
	// SyscallTypeUmount umount/umount2 type
	SyscallTypeUmount
)

type UmountSyscallMsg 

type UmountSyscallMsg struct {
	Path string
}

UmountSyscallMsg defines a mount message

type UnlinkSyscallMsg 

type UnlinkSyscallMsg struct {
	File FileSyscallMsg
}

UnlinkSyscallMsg defines a unlink message

type UnloadModuleSyscallMsg 

type UnloadModuleSyscallMsg struct {
	Name string
}

UnloadModuleSyscallMsg defines a delete_module message

type UtimesSyscallMsg 

type UtimesSyscallMsg struct {
	File  FileSyscallMsg
	ATime uint64 // in nanoseconds
	MTime uint64 // in nanoseconds
}

UtimesSyscallMsg defines a utime/utimes/utimensat/futimesat message

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.