Documentation ¶
Overview ¶
Package ebpfless holds msgpack messages
Index ¶
- type CapsetSyscallMsg
- type ChdirSyscallMsg
- type ChmodSyscallMsg
- type ChownSyscallMsg
- type ContainerContext
- type Credentials
- type DupSyscallFakeMsg
- type ExecSyscallMsg
- type ExitSyscallMsg
- type FcntlSyscallMsg
- type FileSyscallMsg
- type ForkSyscallMsg
- type HelloMsg
- type LinkSyscallMsg
- type LinkType
- type LoadModuleSyscallMsg
- type Message
- type MessageType
- type MkdirSyscallMsg
- type Mode
- type MountSyscallMsg
- type OpenSyscallMsg
- type PipeSyscallFakeMsg
- type RenameSyscallMsg
- type RmdirSyscallMsg
- type SetFSGIDSyscallMsg
- type SetFSUIDSyscallMsg
- type SetGIDSyscallMsg
- type SetUIDSyscallMsg
- type SpanContext
- type SyscallMsg
- type SyscallType
- type UmountSyscallMsg
- type UnlinkSyscallMsg
- type UnloadModuleSyscallMsg
- type UtimesSyscallMsg
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CapsetSyscallMsg ¶
CapsetSyscallMsg defines a capset message
type ChdirSyscallMsg ¶
type ChdirSyscallMsg struct {
Dir FileSyscallMsg
}
ChdirSyscallMsg defines a chdir message
type ChmodSyscallMsg ¶
type ChmodSyscallMsg struct { File FileSyscallMsg Mode uint32 }
ChmodSyscallMsg defines a chmod/fchmod/fchmodat/fchmodat2 message
type ChownSyscallMsg ¶
type ChownSyscallMsg struct { File FileSyscallMsg UID int32 User string GID int32 Group string }
ChownSyscallMsg defines a chown/fchown/lchown/fchownat/fchownat2 message
type ContainerContext ¶
ContainerContext defines a container context
type Credentials ¶
type Credentials struct { UID uint32 User string EUID uint32 EUser string GID uint32 Group string EGID uint32 EGroup string }
Credentials defines process credentials
type DupSyscallFakeMsg ¶
type DupSyscallFakeMsg struct {
OldFd int32
}
DupSyscallFakeMsg defines a dup message
type ExecSyscallMsg ¶
type ExecSyscallMsg struct { File FileSyscallMsg Args []string ArgsTruncated bool Envs []string EnvsTruncated bool TTY string Credentials *Credentials PPID uint32 FromProcFS bool }
ExecSyscallMsg defines an exec message
type ExitSyscallMsg ¶
ExitSyscallMsg defines an exit message
type FcntlSyscallMsg ¶
FcntlSyscallMsg defines a fcntl message
type FileSyscallMsg ¶
type FileSyscallMsg struct { Filename string CTime uint64 MTime uint64 Mode uint32 Inode uint64 Credentials *Credentials }
FileSyscallMsg defines a file message
type ForkSyscallMsg ¶
type ForkSyscallMsg struct {
PPID uint32
}
ForkSyscallMsg defines a fork message
type HelloMsg ¶
type HelloMsg struct { NSID uint64 ContainerContext *ContainerContext EntrypointArgs []string Mode Mode }
HelloMsg defines a hello message
type LinkSyscallMsg ¶
type LinkSyscallMsg struct { Type LinkType Target FileSyscallMsg Link FileSyscallMsg }
LinkSyscallMsg defines a link/linkat/symlink/symlinkat message
type LoadModuleSyscallMsg ¶
type LoadModuleSyscallMsg struct { File FileSyscallMsg LoadedFromMemory bool Name string Args string }
LoadModuleSyscallMsg defines a init_module/finit_module message
type Message ¶
type Message struct { Type MessageType Hello *HelloMsg `json:",omitempty"` Syscall *SyscallMsg `json:",omitempty"` }
Message defines a message
type MessageType ¶
type MessageType int32
MessageType defines the type of a message
const ( // MessageTypeUnknown unknown type MessageTypeUnknown MessageType = iota // MessageTypeHello hello type MessageTypeHello // MessageTypeSyscall syscall type MessageTypeSyscall // MessageTypeGoodbye event type MessageTypeGoodbye )
type MkdirSyscallMsg ¶
type MkdirSyscallMsg struct { Dir FileSyscallMsg Mode uint32 }
MkdirSyscallMsg defines a mkdir/mkdirat message
type MountSyscallMsg ¶
MountSyscallMsg defines a mount message
type OpenSyscallMsg ¶
type OpenSyscallMsg struct { FileSyscallMsg Flags uint32 }
OpenSyscallMsg defines an open message
type PipeSyscallFakeMsg ¶
type PipeSyscallFakeMsg struct {
FdsPtr uint64
}
PipeSyscallFakeMsg defines a pipe message
type RenameSyscallMsg ¶
type RenameSyscallMsg struct { OldFile FileSyscallMsg NewFile FileSyscallMsg }
RenameSyscallMsg defines a rename/renameat/renameat2 message
type RmdirSyscallMsg ¶
type RmdirSyscallMsg struct {
File FileSyscallMsg
}
RmdirSyscallMsg defines a rmdir message
type SetFSGIDSyscallMsg ¶
SetFSGIDSyscallMsg defines a setfsgid message
type SetFSUIDSyscallMsg ¶
SetFSUIDSyscallMsg defines a setfsuid message
type SetGIDSyscallMsg ¶
SetGIDSyscallMsg defines a setregid message
type SetUIDSyscallMsg ¶
SetUIDSyscallMsg defines a setreuid message
type SpanContext ¶
SpanContext stores a span context (if any)
type SyscallMsg ¶
type SyscallMsg struct { Type SyscallType PID uint32 SpanContext *SpanContext `json:",omitempty"` Timestamp uint64 Retval int64 ContainerID string Exec *ExecSyscallMsg `json:",omitempty"` Open *OpenSyscallMsg `json:",omitempty"` Fork *ForkSyscallMsg `json:",omitempty"` Exit *ExitSyscallMsg `json:",omitempty"` Fcntl *FcntlSyscallMsg `json:",omitempty"` SetUID *SetUIDSyscallMsg `json:",omitempty"` SetGID *SetGIDSyscallMsg `json:",omitempty"` SetFSUID *SetFSUIDSyscallMsg `json:",omitempty"` SetFSGID *SetFSGIDSyscallMsg `json:",omitempty"` Capset *CapsetSyscallMsg `json:",omitempty"` Unlink *UnlinkSyscallMsg `json:",omitempty"` Rmdir *RmdirSyscallMsg `json:",omitempty"` Rename *RenameSyscallMsg `json:",omitempty"` Mkdir *MkdirSyscallMsg `json:",omitempty"` Utimes *UtimesSyscallMsg `json:",omitempty"` Link *LinkSyscallMsg `json:",omitempty"` Chmod *ChmodSyscallMsg `json:",omitempty"` Chown *ChownSyscallMsg `json:",omitempty"` LoadModule *LoadModuleSyscallMsg `json:",omitempty"` UnloadModule *UnloadModuleSyscallMsg `json:",omitempty"` Chdir *ChdirSyscallMsg `json:",omitempty"` Mount *MountSyscallMsg `json:",omitempty"` Umount *UmountSyscallMsg `json:",omitempty"` // internals Dup *DupSyscallFakeMsg `json:",omitempty"` Pipe *PipeSyscallFakeMsg `json:",omitempty"` }
SyscallMsg defines a syscall message
type SyscallType ¶
type SyscallType int32
SyscallType defines the type of a syscall message
const ( // SyscallTypeUnknown unknown type SyscallTypeUnknown SyscallType = iota // SyscallTypeExec exec type SyscallTypeExec // SyscallTypeFork fork type SyscallTypeFork // SyscallTypeOpen open type SyscallTypeOpen // SyscallTypeExit exit type SyscallTypeExit // SyscallTypeSetUID setuid/setreuid type SyscallTypeSetUID // SyscallTypeSetGID setgid/setregid type SyscallTypeSetGID // SyscallTypeSetFSUID setfsuid type SyscallTypeSetFSUID // SyscallTypeSetFSGID setfsgid type SyscallTypeSetFSGID // SyscallTypeCapset capset type SyscallTypeCapset // SyscallTypeUnlink unlink/unlinkat type SyscallTypeUnlink // SyscallTypeRmdir rmdir type SyscallTypeRmdir // SyscallTypeRename rename/renameat/renameat2 type SyscallTypeRename // SyscallTypeMkdir mkdir/mkdirat type SyscallTypeMkdir // SyscallTypeUtimes utime/utimes/utimensat/futimesat type SyscallTypeUtimes // SyscallTypeLink link/linkat/symlink/symlinkat type SyscallTypeLink // SyscallTypeChmod chmod/fchmod/fchmodat/fchmodat2 type SyscallTypeChmod // SyscallTypeChown chown/fchown/lchown/fchownat/fchownat2 type SyscallTypeChown // SyscallTypeLoadModule init_module/finit_module type SyscallTypeLoadModule // SyscallTypeUnloadModule delete_module type SyscallTypeUnloadModule // SyscallTypeChdir chdir/fchdir type SyscallTypeChdir // SyscallTypeMount mount type SyscallTypeMount // SyscallTypeUmount umount/umount2 type SyscallTypeUmount )
type UmountSyscallMsg ¶
type UmountSyscallMsg struct {
Path string
}
UmountSyscallMsg defines a mount message
type UnlinkSyscallMsg ¶
type UnlinkSyscallMsg struct {
File FileSyscallMsg
}
UnlinkSyscallMsg defines a unlink message
type UnloadModuleSyscallMsg ¶
type UnloadModuleSyscallMsg struct {
Name string
}
UnloadModuleSyscallMsg defines a delete_module message
type UtimesSyscallMsg ¶
type UtimesSyscallMsg struct { File FileSyscallMsg ATime uint64 // in nanoseconds MTime uint64 // in nanoseconds }
UtimesSyscallMsg defines a utime/utimes/utimensat/futimesat message