Documentation
¶
Overview ¶
Copyright © 2020 GUILLAUME FOURNIER
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2020 GUILLAUME FOURNIER ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2020 GUILLAUME FOURNIER ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright © 2020 GUILLAUME FOURNIER ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- type ContainerEvent
- type DNSHeader
- type DNSKey
- type DNSQueryEvent
- type DNSQueryRaw
- type DNSQuerySpec
- type DNSResponseEvent
- type DNSResponseRaw
- type DNSResponseSpec
- type Device
- type DeviceEvent
- type DeviceEventRaw
- type DeviceNetnsUpdate
- type DeviceNetnsUpdateRaw
- type EventBase
- func (eb *EventBase) GetEventMonitorName() MonitorName
- func (eb *EventBase) GetEventType() EventType
- func (eb *EventBase) GetNamespaceCacheData() *NamespaceCacheEntry
- func (eb *EventBase) GetProcessCacheData() *ProcessCacheEntry
- func (eb *EventBase) GetTimestamp() time.Time
- func (eb *EventBase) SetNamespaceCacheData(nce *NamespaceCacheEntry)
- func (eb *EventBase) SetProcessCacheData(pce *ProcessCacheEntry)
- type EventType
- type ExecEvent
- type ExecRaw
- type Flow
- type FlowRaw
- type ForkEvent
- type ForkRaw
- type Metadata
- type Monitor
- type MonitorName
- type NSPInterface
- type NamespaceCacheEntry
- type NetworkAlertEvent
- type NetworkAlertRaw
- type ProbeEvent
- type ProcessCacheEntry
- type ProcessEventType
- type Processor
- type ProcessorName
- type SecurityProfileCreatedEvent
- type SecurityProfileDeletedEvent
- type SecurityProfileUpdatedEvent
Constants ¶
const ( // DeviceRegistration - Network device registration flag DeviceRegistration = iota // DeviceUnregistration - Network device unregistration flag DeviceUnregistration // DeviceFree - Network device structure free flag DeviceFree )
Variables ¶
var MultiprocessingThreshold = 100 * time.Millisecond
MultiprocessingThreshold - Multiprocessing threshold
Functions ¶
This section is empty.
Types ¶
type ContainerEvent ¶
type ContainerEvent struct {
EventBase
InitPid uint32 `json:"init_pid"`
Pidns uint64 `json:"pidns"`
Cgroup uint64 `json:"cgroup"`
Mntns uint64 `json:"mntns"`
Netns uint64 `json:"netns"`
Userns uint64 `json:"userns"`
Image string `json:"image"`
K8sLabelImage string `json:"k8s_label_image"`
Tag string `json:"tag"`
ContainerName string `json:"container_name"`
ContainerID string `json:"container_id"`
Digest string `json:"digest"`
Privileged bool `json:"privileged"`
CapAdd strslice.StrSlice `json:"cap_add"`
AppArmorProfile string `json:"apparmor_profile"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
PortBindings nat.PortMap `json:"port_bindings"`
SecurityOpt []string `json:"security_opt"`
CommandPath string `json:"command_path"`
CommandArgs []string `json:"command_args"`
OverlayFsMergedPath string `json:"overlayfs_merged_path"`
Resources container.Resources `json:"resources"`
NetworkSettings *types.NetworkSettings `json:"network_settings"`
MountPoints []types.MountPoint `json:"mount_points"`
Labels map[string]string `json:"labels"`
}
ContainerEvent - Container event
func (ContainerEvent) GetLogEntry ¶
func (ce ContainerEvent) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (ContainerEvent) GetMessage ¶
func (ce ContainerEvent) GetMessage() string
GetMessage - Returns a message for this event
func (ContainerEvent) GetNetns ¶
func (ce ContainerEvent) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (ContainerEvent) GetPid ¶
func (ce ContainerEvent) GetPid() uint32
GetPid - Returns the pid of the event
func (ContainerEvent) String ¶
func (ce ContainerEvent) String() string
type DNSHeader ¶
type DNSHeader struct {
QueryID uint16 `json:"query_id"`
Flags uint16 `json:"flags"`
QDCount uint16 `json:"qdcount"`
ANCount uint16 `json:"ancount"`
NSCount uint16 `json:"nscount"`
ARCount uint16 `json:"arcount"`
}
DNSHeader - DNS header structure from the kernel
type DNSKey ¶
type DNSKey struct {
NameRaw [kernel.DNSMaxLength]byte `json:"-"`
Cookie uint32 `json:"-"`
TrafficType uint8 `json:"-"`
Layer uint8 `json:"-"`
Padding uint16 `json:"-"`
}
DNSKey - DNS key structure from the kernel
type DNSQueryEvent ¶
type DNSQueryEvent struct {
EventBase
*DNSQueryRaw
DestMACAddr string `json:"dest_mac_addr"`
SourceMACAddr string `json:"source_mac_addr"`
SourceIP string `json:"source_ip"`
DestIP string `json:"dest_ip"`
Domain string `json:"domain"`
}
DNSQueryEvent - DNS query event
func (*DNSQueryEvent) GetLogEntry ¶
func (dqe *DNSQueryEvent) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (*DNSQueryEvent) GetMessage ¶
func (dqe *DNSQueryEvent) GetMessage() string
GetMessage - Returns a message for this event
func (*DNSQueryEvent) GetNetns ¶
func (dqe *DNSQueryEvent) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (*DNSQueryEvent) GetPid ¶
func (dqe *DNSQueryEvent) GetPid() uint32
GetPid - Returns the pid of the event
type DNSQueryRaw ¶
type DNSQueryRaw struct {
NetworkAlertRaw
DNSHeader DNSHeader `json:"dns_header"`
DNSQuerySpec DNSQuerySpec `json:"dns_query"`
}
DNSQueryRaw - DNS query structure from the kernel
type DNSQuerySpec ¶
type DNSQuerySpec struct {
DNSKey
Qtype kernel.DNSRecordType `json:"qtype"`
QClass uint16 `json:"qclass"`
}
DNSQuerySpec - DNS query spec structure from the kernel
type DNSResponseEvent ¶
type DNSResponseEvent struct {
EventBase
*DNSResponseRaw
DestMACAddr string `json:"dest_mac_addr"`
SourceMACAddr string `json:"source_mac_addr"`
SourceIP string `json:"source_ip"`
DestIP string `json:"dest_ip"`
Domain string `json:"domain"`
ResolvedIP string `json:"resolved_ip"`
QueryTimestamp time.Time `json:"query_timestamp"`
ResponseTime time.Duration `json:"response_time"`
}
DNSResponseEvent - DNS query event
func (*DNSResponseEvent) GetLogEntry ¶
func (dre *DNSResponseEvent) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (*DNSResponseEvent) GetMessage ¶
func (dre *DNSResponseEvent) GetMessage() string
GetMessage - Returns a message for this event
func (*DNSResponseEvent) GetNetns ¶
func (dre *DNSResponseEvent) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (*DNSResponseEvent) GetPid ¶
func (dre *DNSResponseEvent) GetPid() uint32
GetPid - Returns the pid of the event
type DNSResponseRaw ¶
type DNSResponseRaw struct {
QueryTimestampRaw uint64 `json:"-"`
NetworkAlertRaw
DNSHeader DNSHeader `json:"dns_header"`
Padding uint32 `json:"-"`
DNSResponseSpec DNSResponseSpec `json:"dns_response"`
}
DNSResponseRaw - DNS response structure from the kernel
type DNSResponseSpec ¶
type DNSResponseSpec struct {
DNSKey
IPRaw [2]uint64 `json:"-"`
TTL uint32 `json:"ttl"`
Type kernel.DNSRecordType `json:"type"`
Class uint16 `json:"class"`
RDLength uint16 `json:"rdlength"`
Padding [6]byte `json:"-"`
}
DNSResponseSpec - DNS response spec structure from the kernel
type Device ¶
type Device struct {
DeviceFlag int32 `json:"device_flag"`
Ifindex int32 `json:"ifindex"`
Group int32 `json:"group"`
PeerIfindex int32 `json:"peer_ifindex"`
Netns uint64 `json:"netns"`
NameRaw [16]byte `json:"-"`
}
Device - Device event data
type DeviceEvent ¶
type DeviceEvent struct {
EventBase
*DeviceEventRaw
DeviceName string `json:"device_name"`
PeerName string `json:"peer_name"`
}
DeviceEvent - Device event
func (*DeviceEvent) GetLogEntry ¶
func (nde *DeviceEvent) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (*DeviceEvent) GetMessage ¶
func (nde *DeviceEvent) GetMessage() string
GetMessage - Returns a message for this event
func (*DeviceEvent) GetNetns ¶
func (nde *DeviceEvent) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (*DeviceEvent) GetPid ¶
func (nde *DeviceEvent) GetPid() uint32
GetPid - Returns the pid of the event
type DeviceEventRaw ¶
type DeviceEventRaw struct {
EventFlag uint64 `json:"event_flag"`
Metadata Metadata `json:"metadata"`
Device Device `json:"device"`
Peer Device `json:"peer"`
}
DeviceEventRaw - Device event raw
type DeviceNetnsUpdate ¶
type DeviceNetnsUpdate struct {
EventBase
*DeviceNetnsUpdateRaw
DeviceName string `json:"device_name"`
}
DeviceNetnsUpdate - Device Netns event
func (*DeviceNetnsUpdate) GetLogEntry ¶
func (dnu *DeviceNetnsUpdate) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (*DeviceNetnsUpdate) GetMessage ¶
func (dnu *DeviceNetnsUpdate) GetMessage() string
GetMessage - Returns a message for this event
func (*DeviceNetnsUpdate) GetNetns ¶
func (dnu *DeviceNetnsUpdate) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (*DeviceNetnsUpdate) GetPid ¶
func (dnu *DeviceNetnsUpdate) GetPid() uint32
GetPid - Returns the pid of the event
type DeviceNetnsUpdateRaw ¶
type DeviceNetnsUpdateRaw struct {
Metadata Metadata `json:"metadata"`
Device Device `json:"device"`
NewNetns uint64 `json:"new_netns"`
}
DeviceNetnsUpdateRaw - Device Netns raw event
type EventBase ¶
type EventBase struct {
ProcessData *ProcessCacheEntry `json:"process_data,omitempty"`
NamespaceData *NamespaceCacheEntry `json:"namespace_data,omitempty"`
EventType EventType `json:"event_type"`
EventMonitorName MonitorName `json:"event_monitor_name"`
Timestamp time.Time `json:"timestamp"`
TTYName string `json:"tty_name"`
}
EventBase - Base struct for a probe event
func (*EventBase) GetEventMonitorName ¶
func (eb *EventBase) GetEventMonitorName() MonitorName
GetEventMonitorName - Returns the event monitor name
func (*EventBase) GetEventType ¶
GetEventType - Returns the event type
func (*EventBase) GetNamespaceCacheData ¶
func (eb *EventBase) GetNamespaceCacheData() *NamespaceCacheEntry
GetNamespaceCacheData - Returns the namespace cache data
func (*EventBase) GetProcessCacheData ¶
func (eb *EventBase) GetProcessCacheData() *ProcessCacheEntry
GetProcessCacheData - Returns the process cache data
func (*EventBase) GetTimestamp ¶
GetTimestamp - Returns the event timestamp
func (*EventBase) SetNamespaceCacheData ¶
func (eb *EventBase) SetNamespaceCacheData(nce *NamespaceCacheEntry)
SetNamespaceCacheData - Sets the namespace cache data
func (*EventBase) SetProcessCacheData ¶
func (eb *EventBase) SetProcessCacheData(pce *ProcessCacheEntry)
SetProcessCacheData - Sets the process cache data
type EventType ¶
type EventType string
EventType - Event type
var ( // UnknownEventType - Dummy event to handle errors UnknownEventType EventType = "Unknown" // AnyEventType - Dummy event to handle selection of all events AnyEventType EventType = "Any" // ContainerCreatedEventType - Event type for a container creation event ContainerCreatedEventType EventType = "ContainerCreated" // ContainerRunningEventType - Event type for a running container event ContainerRunningEventType EventType = "ContainerRunning" // ContainerExitedEventType - Event type for a container exit event ContainerExitedEventType EventType = "ContainerExit" // ContainerDestroyedEventType - Event type for a container destroy event ContainerDestroyedEventType EventType = "ContainerDestroyed" // ContainerExecEventType - Event type for a container exec event ContainerExecEventType EventType = "ContainerExec" // ContainerAttachEventType - Event type for a container attach event ContainerAttachEventType EventType = "ContainerAttach" // ContainerConnectEventType - Event type for a container connect event ContainerConnectEventType EventType = "ContainerConnect" // ContainerDisconnectEventType - Event type for a container disconnect event ContainerDisconnectEventType EventType = "ContainerDisconnect" // FlowType - Flow event type FlowType EventType = "Flow" // NewNetDeviceType - New NetDevice event type NewNetDeviceType EventType = "NewNetDevice" // DeviceNetnsUpdateType - Device netns update event type DeviceNetnsUpdateType EventType = "DeviceNetnsUpdate" // SecurityProfileCreatedType - SecurityProfile created event type SecurityProfileCreatedType EventType = "SecurityProfileCreated" // SecurityProfileUpdatedType - SecurityProfile updated event type SecurityProfileUpdatedType EventType = "SecurityProfileUpdated" // SecurityProfileDeletedType - SecurityProfile deleted event type SecurityProfileDeletedType EventType = "SecurityProfileDeleted" // NetworkAlertType - Network alert type NetworkAlertType EventType = "NetworkAlert" // DNSQueryType - DNS Query type DNSQueryType EventType = "DNSQuery" // DNSResponseType - DNS response type DNSResponseType EventType = "DNSResponse" // ForkEventType - Fork event type ForkEventType EventType = "Fork" // ExecEventType - Exec event type ExecEventType EventType = "Exec" // ExitEventType - Exec event type ExitEventType EventType = "Exit" )
type ExecEvent ¶
ExecEvent - Exec event
func (*ExecEvent) GetLogEntry ¶
GetLogEntry - Returns the event logrus fields
func (*ExecEvent) GetMessage ¶
GetMessage - Returns a message for this event
type ExecRaw ¶
type ExecRaw struct {
Metadata Metadata `json:"metadata"`
Type ProcessEventType `json:"-"`
Cookie uint32 `json:"-"`
PathRaw [kernel.PathMax]byte `json:"-"`
}
ExecRaw - Exec raw
func (*ExecRaw) ResolveEventType ¶
ResolveEventType - Returns the event type
type Flow ¶
Flow - Network flow
func (*Flow) GetLogEntry ¶
GetLogEntry - Returns the event logrus fields
func (*Flow) GetMessage ¶
GetMessage - Returns a message for this event
type FlowRaw ¶
type FlowRaw struct {
Metadata Metadata `json:"metadata"`
AddrRaw [2]uint64 `json:"-"`
Port uint16 `json:"port"`
Family uint16 `json:"family"`
}
FlowRaw - Network flow raw
type ForkEvent ¶
ForkEvent - Fork event
func (*ForkEvent) GetLogEntry ¶
GetLogEntry - Returns the event logrus fields
func (*ForkEvent) GetMessage ¶
GetMessage - Returns a message for this event
func (*ForkEvent) IsNewProcess ¶
IsNewProcess - Returns true if the clone call created a new process
type ForkRaw ¶
type ForkRaw struct {
Metadata Metadata `json:"metadata"`
CloneFlags uint64 `json:"clone_flags"`
StackStart uint64 `json:"stack_start"`
StackSize uint64 `json:"stack_size"`
ChildPid uint32 `json:"child_pid"`
}
ForkRaw - Fork raw
type Metadata ¶
type Metadata struct {
Pidns uint64 `json:"pidns"`
Netns uint64 `json:"netns"`
TimestampRaw uint64 `json:"-"`
TTYNameRaw [64]byte `json:"-"`
PID uint32 `json:"pid"`
TID uint32 `json:"tid"`
}
Metadata - Event metadata
type Monitor ¶
type Monitor interface {
Init(nsp NSPInterface) error
Start() error
Stop() error
GetName() MonitorName
}
Monitor - Defines the Monitor interface
type MonitorName ¶
type MonitorName string
MonitorName - Monitor Name
var ( // DockerMonitor - Docker monitor DockerMonitor MonitorName = "Docker" // CgroupMonitor - Cgroup monitor CgroupMonitor MonitorName = "Cgroup" // ConnectionMonitor - Connection monitor ConnectionMonitor MonitorName = "Connection" // ProcessMonitor - Process monitor ProcessMonitor MonitorName = "Process" // NetDeviceMonitor - NetDevice monitor NetDeviceMonitor MonitorName = "NetDevice" // NetworkAlertMonitor - Network alert monitor NetworkAlertMonitor MonitorName = "NetworkAlert" // SecurityProfileInformerMonitor - SecurityProfile informer monitor SecurityProfileInformerMonitor MonitorName = "SecurityProfileInformerMonitor" )
type NSPInterface ¶
type NSPInterface interface {
GetWaitGroup() *sync.WaitGroup
GetConfig() *config.NSPConfig
GetKubeConfig() *rest.Config
GetCollection() *ebpf.Collection
GetBootTime() time.Time
DispatchEvent(event ProbeEvent)
SetupDeviceMonitor(event *DeviceEvent) error
StopDeviceMonitor(event *DeviceEvent) error
}
NSPInterface - Exported interface used by the probes
type NamespaceCacheEntry ¶
type NamespaceCacheEntry struct {
sync.RWMutex
Name string `json:"name"`
ID string `json:"id"`
Base string `json:"base"`
Digest string `json:"digest"`
Pod string `json:"pod"`
Namespace string `json:"namespace"`
StartTime *time.Time `json:"start_time"`
ExitTime *time.Time `json:"-"`
}
NamespaceCacheEntry - Namespace cache entry
func (*NamespaceCacheEntry) IsInCache ¶
func (nce *NamespaceCacheEntry) IsInCache() bool
IsInCache - Checks if a namespace entry is in cache
type NetworkAlertEvent ¶
type NetworkAlertEvent struct {
EventBase
*NetworkAlertRaw
DestMACAddr string `json:"dest_mac_addr"`
SourceMACAddr string `json:"source_mac_addr"`
SourceIP string `json:"source_ip"`
DestIP string `json:"dest_ip"`
}
NetworkAlertEvent - Network alert event
func (*NetworkAlertEvent) GetLogEntry ¶
func (nae *NetworkAlertEvent) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (*NetworkAlertEvent) GetMessage ¶
func (nae *NetworkAlertEvent) GetMessage() string
GetMessage - Returns a message for this event
func (*NetworkAlertEvent) GetNetns ¶
func (nae *NetworkAlertEvent) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (*NetworkAlertEvent) GetPid ¶
func (nae *NetworkAlertEvent) GetPid() uint32
GetPid - Returns the pid of the event
type NetworkAlertRaw ¶
type NetworkAlertRaw struct {
Netns uint64 `json:"netns"`
TimestampRaw uint64 `json:"-"`
Ifindex uint32 `json:"ifindex"`
PID uint32 `json:"pid"`
ProfileID uint32 `json:"-"`
BinaryID uint32 `json:"-"`
Action kernel.SecurityProfileAction `json:"action"`
DataPath kernel.TrafficType `json:"data_path"`
Alert kernel.NetworkAlert `json:"alert,omitempty"`
InterfaceType kernel.InterfaceType `json:"interface_type"`
NatHeadKey uint32 `json:"-"`
// Ethernet (L2)
NProtocol kernel.NetworkProtocol `json:"network_protocol"`
DestMACAddrRaw [6]byte `json:"-"`
SourceMACAddrRaw [6]byte `json:"-"`
Padding1 [2]byte `json:"-"`
// IP (Network layer L3)
IPVersion uint8 `json:"ip_version"`
TProtocol kernel.TransportProtocol `json:"transport_protocol"`
TotLen uint16 `json:"tot_len"`
PacketID uint32 `json:"packet_id"`
FragmentOffset uint16 `json:"fragment_offset"`
Padding2 [6]byte `json:"-"`
SourceIPRaw [2]uint64 `json:"-"`
DestIPRaw [2]uint64 `json:"-"`
// Transport (L4)
Flags uint64 `json:"flags"`
SourcePort uint16 `json:"source_port"`
DestPort uint16 `json:"dest_port"`
Padding3 uint32 `json:"-"`
// Application (L7)
AProtocol kernel.ApplicationProtocol `json:"application_protocol"`
Padding4 uint16 `json:"-"`
Offset uint32 `json:"-"`
}
NetworkAlertRaw - Network alert raw
type ProbeEvent ¶
type ProbeEvent interface {
GetPid() uint32
GetNetns() uint64
GetLogEntry() *logrus.Entry
GetMessage() string
GetTimestamp() time.Time
GetEventType() EventType
GetEventMonitorName() MonitorName
SetProcessCacheData(entry *ProcessCacheEntry)
GetProcessCacheData() *ProcessCacheEntry
SetNamespaceCacheData(entry *NamespaceCacheEntry)
GetNamespaceCacheData() *NamespaceCacheEntry
}
ProbeEvent - Generic event structure
type ProcessCacheEntry ¶
type ProcessCacheEntry struct {
sync.RWMutex
BinaryPath string `json:"binary_path"`
Ppid uint32 `json:"ppid,omitempty"`
Parent *ProcessCacheEntry `json:"parent,omitempty"`
Pid uint32 `json:"pid,omitempty"`
TTYName string `json:"tty_name,omitempty"`
ExecveTime *time.Time `json:"execve_time,omitempty"`
ForkTime *time.Time `json:"fork_time,omitempty"`
ForkThresholdReached bool `json:"-"`
ExitTime *time.Time `json:"exit_time,omitempty"`
}
ProcessCacheEntry - Process cache entry
func (*ProcessCacheEntry) HasQuickExitTime ¶
func (pce *ProcessCacheEntry) HasQuickExitTime() bool
HasQuickExitTime - Checks if the exit time is below the fork threshold
func (*ProcessCacheEntry) IsExecveResolved ¶
func (pce *ProcessCacheEntry) IsExecveResolved(timestamp time.Time, updateState bool) bool
IsExecveResolved - Checks if the execve & fork times are consistent to declare that the process and profile that are set in the current cacheEntry are the real process data. In other words this functions guesses if the process crossed the threshold to be considered as a multiprocessed or if we should wait to make sure that no another is on its way.
func (*ProcessCacheEntry) IsInCache ¶
func (pce *ProcessCacheEntry) IsInCache() bool
IsInCache - Checks if the process is in cache
type ProcessEventType ¶
type ProcessEventType uint32
ProcessEventType - Process event type
const ( // Execve - Execve process event type Execve ProcessEventType = iota // Exit - Exit process event type Exit )
type Processor ¶
type Processor interface {
Start(nsp NSPInterface) error
Stop() error
GetEventChan() chan ProbeEvent
GetName() ProcessorName
}
Processor - Defines the Processor interface
type ProcessorName ¶
type ProcessorName string
ProcessorName - Processor Name
var ( // TracerProcessor - Console tracer processor TracerProcessor ProcessorName = "Tracer" // DogTracerProcessor - Datadog Tracer processor DogTracerProcessor ProcessorName = "DogTracer" // ProfilerProcessor - Profiler processor ProfilerProcessor ProcessorName = "Profiler" // ProfileLoaderProcessor - SecurityProfile processor ProfileLoaderProcessor ProcessorName = "ProfileLoader" )
type SecurityProfileCreatedEvent ¶
type SecurityProfileCreatedEvent struct {
EventBase
Profile *v1.SecurityProfile
}
SecurityProfileCreatedEvent - SecurityProfile Created event
func (SecurityProfileCreatedEvent) GetLogEntry ¶
func (spc SecurityProfileCreatedEvent) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (SecurityProfileCreatedEvent) GetMessage ¶
func (spc SecurityProfileCreatedEvent) GetMessage() string
GetMessage - Returns a message for this event
func (*SecurityProfileCreatedEvent) GetNetns ¶
func (spc *SecurityProfileCreatedEvent) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (*SecurityProfileCreatedEvent) GetPid ¶
func (spc *SecurityProfileCreatedEvent) GetPid() uint32
GetPid - Returns the pid of the event
type SecurityProfileDeletedEvent ¶
type SecurityProfileDeletedEvent struct {
EventBase
Profile *v1.SecurityProfile
}
SecurityProfileDeletedEvent - SecurityProfile Created event
func (SecurityProfileDeletedEvent) GetLogEntry ¶
func (spd SecurityProfileDeletedEvent) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (SecurityProfileDeletedEvent) GetMessage ¶
func (spd SecurityProfileDeletedEvent) GetMessage() string
GetMessage - Returns a message for this event
func (*SecurityProfileDeletedEvent) GetNetns ¶
func (spd *SecurityProfileDeletedEvent) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (*SecurityProfileDeletedEvent) GetPid ¶
func (spd *SecurityProfileDeletedEvent) GetPid() uint32
GetPid - Returns the pid of the event
type SecurityProfileUpdatedEvent ¶
type SecurityProfileUpdatedEvent struct {
EventBase
Old *v1.SecurityProfile
New *v1.SecurityProfile
}
SecurityProfileUpdatedEvent - SecurityProfile Created event
func (SecurityProfileUpdatedEvent) GetLogEntry ¶
func (spu SecurityProfileUpdatedEvent) GetLogEntry() *logrus.Entry
GetLogEntry - Returns the event logrus fields
func (SecurityProfileUpdatedEvent) GetMessage ¶
func (spu SecurityProfileUpdatedEvent) GetMessage() string
GetMessage - Returns a message for this event
func (*SecurityProfileUpdatedEvent) GetNetns ¶
func (spu *SecurityProfileUpdatedEvent) GetNetns() uint64
GetNetns - Returns the pidns of the event
func (*SecurityProfileUpdatedEvent) GetPid ¶
func (spu *SecurityProfileUpdatedEvent) GetPid() uint32
GetPid - Returns the pid of the event
Source Files
Directories