sensor

package
v0.16.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 24, 2020 License: Apache-2.0 Imports: 41 Imported by: 3

Documentation

Index

Constants

View Source 
const (

	/*
	 * cloning flags:
	 */
	CSIGNAL              = 0x000000ff /* signal mask to be sent at exit */
	CLONE_VM             = 0x00000100 /* set if VM shared between processes */
	CLONE_FS             = 0x00000200 /* set if fs info shared between processes */
	CLONE_FILES          = 0x00000400 /* set if open files shared between processes */
	CLONE_SIGHAND        = 0x00000800 /* set if signal handlers and blocked signals shared */
	CLONE_PTRACE         = 0x00002000 /* set if we want to let tracing continue on the child too */
	CLONE_VFORK          = 0x00004000 /* set if the parent wants the child to wake it up on mm_release */
	CLONE_PARENT         = 0x00008000 /* set if we want to have the same parent as the cloner */
	CLONE_THREAD         = 0x00010000 /* Same thread group? */
	CLONE_NEWNS          = 0x00020000 /* New mount namespace group */
	CLONE_SYSVSEM        = 0x00040000 /* share system V SEM_UNDO semantics */
	CLONE_SETTLS         = 0x00080000 /* create a new TLS for the child */
	CLONE_PARENT_SETTID  = 0x00100000 /* set the TID in the parent */
	CLONE_CHILD_CLEARTID = 0x00200000 /* clear the TID in the child */
	CLONE_DETACHED       = 0x00400000 /* Unused, ignored */
	CLONE_UNTRACED       = 0x00800000 /* set if the tracing process can't force CLONE_PTRACE on this clone */
	CLONE_CHILD_SETTID   = 0x01000000 /* set the TID in the child */
	CLONE_NEWCGROUP      = 0x02000000 /* New cgroup namespace */
	CLONE_NEWUTS         = 0x04000000 /* New utsname namespace */
	CLONE_NEWIPC         = 0x08000000 /* New ipc namespace */
	CLONE_NEWUSER        = 0x10000000 /* New user namespace */
	CLONE_NEWPID         = 0x20000000 /* New pid namespace */
	CLONE_NEWNET         = 0x40000000 /* New network namespace */
	CLONE_IO             = 0x80000000 /* Clone io context */
)

Variables

View Source 
var ChargenEventTypes = expression.FieldTypeMap{
	"index":      expression.ValueTypeUnsignedInt64,
	"characters": expression.ValueTypeString,
}

ChargenEventTypes defines the field types that can be used with filters on chargen telemetry events.

View Source 
var ContainerEventTypes = expression.FieldTypeMap{
	"name":             expression.ValueTypeString,
	"image_id":         expression.ValueTypeString,
	"image_name":       expression.ValueTypeString,
	"host_pid":         expression.ValueTypeSignedInt32,
	"exit_code":        expression.ValueTypeSignedInt32,
	"exit_status":      expression.ValueTypeUnsignedInt32,
	"exit_signal":      expression.ValueTypeUnsignedInt32,
	"exit_core_dumped": expression.ValueTypeBool,
}

ContainerEventTypes defines the field types that can be used with filters on container telemetry events.

View Source 
var ContainerStateNames = map[ContainerState]string{
	ContainerStateCreated:    "created",
	ContainerStateRestarting: "restarting",
	ContainerStateRunning:    "running",
	ContainerStateRemoving:   "removing",
	ContainerStatePaused:     "paused",
	ContainerStateExited:     "exited",
}

ContainerStateNames is a mapping of container states to printable names.

View Source 
var FileAttributeChangeEventTypes = expression.FieldTypeMap{
	"filename": expression.ValueTypeString,
}

FileAttributeChangeEventTypes defines the field types that can be used with filters on file rename telemetry events.

View Source 
var FileCloseForModifyEventTypes = expression.FieldTypeMap{
	"filename": expression.ValueTypeString,
}

FileCloseForModifyEventTypes defines the field types that can be used with filters on file close for modify telemetry events.

View Source 
var FileCreateEventTypes = expression.FieldTypeMap{
	"filename": expression.ValueTypeString,
	"mode":     expression.ValueTypeSignedInt32,
}

FileCreateEventTypes defines the field types that can be used with filters on file create telemetry events.

View Source 
var FileDeleteEventTypes = expression.FieldTypeMap{
	"filename": expression.ValueTypeString,
}

FileDeleteEventTypes defines the field types that can be used with filters on file delete telemetry events.

View Source 
var FileLinkEventTypes = expression.FieldTypeMap{
	"source_file": expression.ValueTypeString,
	"target_file": expression.ValueTypeString,
	"symlink":     expression.ValueTypeBool,
}

FileLinkEventTypes defines the field types that can be used with filters on the file link telemetry events.

View Source 
var FileModifyEventTypes = expression.FieldTypeMap{
	"filename": expression.ValueTypeString,
}

FileModifyEventTypes defines the field types that can be used with filters on file modify telemetry events.

View Source 
var FileOpenEventTypes = expression.FieldTypeMap{
	"filename": expression.ValueTypeString,
	"flags":    expression.ValueTypeSignedInt32,
	"mode":     expression.ValueTypeSignedInt32,
}

FileOpenEventTypes defines the field types that can be used with filters on file open telemetry events.

View Source 
var FileOpenForModifyEventTypes = expression.FieldTypeMap{
	"filename": expression.ValueTypeString,
}

FileOpenForModifyEventTypes defines the field types that can be used with filters on file open for modify telemetry events.

View Source 
var FileRenameEventTypes = expression.FieldTypeMap{
	"oldname": expression.ValueTypeString,
	"newname": expression.ValueTypeString,
}

FileRenameEventTypes defines the field types that can be used with filters on file rename telemetry events.

View Source 
var NetworkAttemptEventTypes = expression.FieldTypeMap{
	"fd": expression.ValueTypeUnsignedInt64,
}

NetworkAttemptEventTypes defines the field types that can be used with filters on network attempt telemetry events that do not have more specific fields of their own.

View Source 
var NetworkAttemptWithAddressEventTypes = expression.FieldTypeMap{
	"fd":             expression.ValueTypeUnsignedInt64,
	"sa_family":      expression.ValueTypeUnsignedInt16,
	"sin_port":       expression.ValueTypeUnsignedInt16,
	"sin_addr":       expression.ValueTypeUnsignedInt32,
	"sun_path":       expression.ValueTypeString,
	"sin6_port":      expression.ValueTypeUnsignedInt16,
	"sin6_addr_high": expression.ValueTypeUnsignedInt64,
	"sin6_addr_low":  expression.ValueTypeUnsignedInt64,
}

NetworkAttemptWithAddressEventTypes defines the field types that can be used with filters on network attempt telemetry events that include address information but do not have more specific fields of their own.

View Source 
var NetworkListenAttemptEventTypes = expression.FieldTypeMap{
	"fd":      expression.ValueTypeUnsignedInt64,
	"backlog": expression.ValueTypeUnsignedInt64,
}

NetworkListenAttemptEventTypes defines the field types that can be used with filters on network listen attempt telemetry events.

View Source 
var NetworkResultEventTypes = expression.FieldTypeMap{
	"ret": expression.ValueTypeSignedInt64,
}

NetworkResultEventTypes defines the field types that can be used with filters on network result telemetry events.

View Source 
var ProcessExecEventTypes = expression.FieldTypeMap{
	"filename": expression.ValueTypeString,
	"cwd":      expression.ValueTypeString,
}

ProcessExecEventTypes defines the field types that can be used with filters on process exec telemetry events.

View Source 
var ProcessExitEventTypes = expression.FieldTypeMap{
	"code":             expression.ValueTypeSignedInt32,
	"exit_status":      expression.ValueTypeUnsignedInt32,
	"exit_signal":      expression.ValueTypeUnsignedInt32,
	"exit_core_dumped": expression.ValueTypeBool,
}

ProcessExitEventTypes defines the field types that can be used with filters on process exit telemetry events.

View Source 
var ProcessForkEventTypes = expression.FieldTypeMap{
	"fork_child_pid":   expression.ValueTypeSignedInt32,
	"fork_child_id":    expression.ValueTypeString,
	"fork_clone_flags": expression.ValueTypeUnsignedInt64,
	"fork_stack_start": expression.ValueTypeUnsignedInt64,
	"cwd":              expression.ValueTypeString,
}

ProcessForkEventTypes defines the field types that can be used with filters on process fork telemetry events.

View Source 
var ProcessUpdateEventTypes = expression.FieldTypeMap{
	"cwd": expression.ValueTypeString,
}

ProcessUpdateEventTypes defines the field types that can be used with filters on process update telemetry events.

View Source 
var SyscallEnterEventTypes = expression.FieldTypeMap{
	"id":   expression.ValueTypeSignedInt64,
	"arg0": expression.ValueTypeUnsignedInt64,
	"arg1": expression.ValueTypeUnsignedInt64,
	"arg2": expression.ValueTypeUnsignedInt64,
	"arg3": expression.ValueTypeUnsignedInt64,
	"arg4": expression.ValueTypeUnsignedInt64,
	"arg5": expression.ValueTypeUnsignedInt64,
}

SyscallEnterEventTypes defines the field types that can be used with filters on syscall enter telemetry events.

View Source 
var SyscallExitEventTypes = expression.FieldTypeMap{
	"id":  expression.ValueTypeSignedInt64,
	"ret": expression.ValueTypeSignedInt64,
}

SyscallExitEventTypes defines the field types that can be used with filters on syscall exit telemetry events.

View Source 
var TickerEventTypes = expression.FieldTypeMap{
	"seconds":     expression.ValueTypeSignedInt64,
	"nanoseconds": expression.ValueTypeSignedInt64,
}

TickerEventTypes defines the field types that can be used with filters on ticker telemetry events.

Functions

func Main 

func Main()

Main is the main entrypoint for the sensor

func NewTelemetryEvent 

func NewTelemetryEvent(e TelemetryEventData) *telemetryAPI.TelemetryEvent

NewTelemetryEvent creates a filled TelemetryEvent from a TelemetryEventData

Types

type ChargenTelemetryEvent 

type ChargenTelemetryEvent struct {
	TelemetryEventData

	Index      uint64
	Characters string
}

ChargenTelemetryEvent is a telemetry event generated by the chargen event source.

func (ChargenTelemetryEvent) CommonTelemetryEventData 

func (e ChargenTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ContainerCache 

type ContainerCache struct {
	sync.Mutex

	// These are external event IDs registered with the sensor's event
	// monitor instance. The cache will enqueue these events as appropriate
	// as the cache is updated.
	ContainerCreatedEventID   uint64
	ContainerRunningEventID   uint64
	ContainerExitedEventID    uint64
	ContainerDestroyedEventID uint64
	ContainerUpdatedEventID   uint64

	// EventGroupID is the EventMonitor event group ID to use for container
	// related events that will generate container meta events
	EventGroupID int32
	// contains filtered or unexported fields
}

ContainerCache is a cache of container information

func NewContainerCache 

func NewContainerCache(sensor *Sensor) *ContainerCache

NewContainerCache creates a new container cache.

func (*ContainerCache) DeleteContainer 

func (cc *ContainerCache) DeleteContainer(
	containerID string,
	runtime ContainerRuntime,
	sampleID perf.SampleID,
)

DeleteContainer removes a container from the cache.

func (*ContainerCache) LookupContainer 

func (cc *ContainerCache) LookupContainer(containerID string, create bool) *ContainerInfo

LookupContainer searches the cache for a container by ID and returns any information found, optionally creating a cache entry if there is one does not already exist.

type ContainerCreatedTelemetryEvent 

type ContainerCreatedTelemetryEvent struct {
	TelemetryEventData
}

ContainerCreatedTelemetryEvent is a telemetry event generated by the container event source when a container is created.

func (ContainerCreatedTelemetryEvent) CommonTelemetryEventData 

func (e ContainerCreatedTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ContainerDestroyedTelemetryEvent 

type ContainerDestroyedTelemetryEvent struct {
	TelemetryEventData
}

ContainerDestroyedTelemetryEvent is a telemetry event generated by the container event source when a container is destroyed.

func (ContainerDestroyedTelemetryEvent) CommonTelemetryEventData 

func (e ContainerDestroyedTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ContainerExitedTelemetryEvent 

type ContainerExitedTelemetryEvent struct {
	TelemetryEventData
}

ContainerExitedTelemetryEvent is a telemetry event generated by the container event source when a container has exited.

func (ContainerExitedTelemetryEvent) CommonTelemetryEventData 

func (e ContainerExitedTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ContainerFilter 

type ContainerFilter struct {
	// contains filtered or unexported fields
}

ContainerFilter is a filter that is used to filter telemetry events based on container ID, container name, image ID, or image name.

func NewContainerFilter 

func NewContainerFilter() *ContainerFilter

NewContainerFilter creates a new container filter

func (*ContainerFilter) AddContainerID 

func (c *ContainerFilter) AddContainerID(cid string)

AddContainerID adds a container ID to a container filter.

func (*ContainerFilter) AddContainerName 

func (c *ContainerFilter) AddContainerName(cname string)

AddContainerName adds a container name to a container filter.

func (*ContainerFilter) AddImageID 

func (c *ContainerFilter) AddImageID(iid string)

AddImageID adds an image ID to a container filter.

func (*ContainerFilter) AddImageName 

func (c *ContainerFilter) AddImageName(iname string) error

AddImageName adds and image name to a container filter.

func (*ContainerFilter) Len 

func (c *ContainerFilter) Len() int

Len returns the number of filters that are active within a ContainerFilter.

func (*ContainerFilter) Match 

func (c *ContainerFilter) Match(info ContainerInfo) bool

Match evaluates a container filter for a ContainerInfo struct and determines whether it matches the criteria set forth by the filter.

type ContainerInfo 

type ContainerInfo struct {
	ID        string
	Name      string
	ImageID   string
	ImageName string

	Pid      int
	ExitCode int

	Runtime ContainerRuntime
	State   ContainerState

	JSONConfig string
	OCIConfig  string
}

ContainerInfo records interesting information known about a container.

func (*ContainerInfo) Update 

func (info *ContainerInfo) Update(
	cache *ContainerCache,
	runtime ContainerRuntime,
	sampleID perf.SampleID,
	data map[string]interface{},
)

Update updates the data cached for a container with new information. Some new information may trigger telemetry events to fire.

type ContainerRunningTelemetryEvent 

type ContainerRunningTelemetryEvent struct {
	TelemetryEventData
}

ContainerRunningTelemetryEvent is a telemetry event generated by the container event source when a container starts running.

func (ContainerRunningTelemetryEvent) CommonTelemetryEventData 

func (e ContainerRunningTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ContainerRuntime 

type ContainerRuntime uint

ContainerRuntime represents the runtime used to manager a container 

const (
	// ContainerRuntimeUnknown means the container runtime managing the
	// container is unknown. Information about the container comes from
	// runc, the kernel, or other generic sources.
	ContainerRuntimeUnknown ContainerRuntime = iota

	// ContainerRuntimeDocker means the container is managed by Docker.
	ContainerRuntimeDocker
)

type ContainerState 

type ContainerState uint

ContainerState represents the state of a container (created, running, etc.) 

const (
	// ContainerStateUnknown indicates that the container is in an unknown
	// state.
	ContainerStateUnknown ContainerState = iota

	// ContainerStateCreated indicates the container exists, but is not
	// running.
	ContainerStateCreated

	// ContainerStatePaused indicates the container is paused.
	ContainerStatePaused

	// ContainerStateRunning indicates the container is running.
	ContainerStateRunning

	// ContainerStateRestarting indicates the container is in the process
	// of restarting.
	ContainerStateRestarting

	// ContainerStateExited indicates the container has exited.
	ContainerStateExited

	// ContainerStateRemoving indicates the container is being removed.
	ContainerStateRemoving
)

type ContainerUpdatedTelemetryEvent 

type ContainerUpdatedTelemetryEvent struct {
	TelemetryEventData
}

ContainerUpdatedTelemetryEvent is a telemetry event generated by the container event source when container information has been updated.ContainerUpdatedTelemetryEvent}

func (ContainerUpdatedTelemetryEvent) CommonTelemetryEventData 

func (e ContainerUpdatedTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type Cred 

type Cred struct {
	// UID is the real UID
	UID uint32
	// GID is the real GID
	GID uint32
	// EUID is the effective UID
	EUID uint32
	// EGID is the effective GID
	EGID uint32
	// SUID is the saved UID
	SUID uint32
	// SGID is the saved GID
	SGID uint32
	// FSUID is the UID for filesystem operations
	FSUID uint32
	// FSGID is the GID for filesystem operations
	FSGID uint32
}

Cred contains task credential information

type EventSinkDispatchFn 

type EventSinkDispatchFn func(event TelemetryEvent)

EventSinkDispatchFn is a function that is called to deliver a telemetry event for a subscription. This function may be called with a nil event, which indicates that new status information is available.

type FileAttributeChangeTelemetryEvent 

type FileAttributeChangeTelemetryEvent struct {
	TelemetryEventData

	Filename string
}

FileAttributeChangeTelemetryEvent is a telemetry event generated by the file attribute change event source.

func (FileAttributeChangeTelemetryEvent) CommonTelemetryEventData 

func (e FileAttributeChangeTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file modify telemetry event.

type FileCloseForModifyTelemetryEvent 

type FileCloseForModifyTelemetryEvent struct {
	TelemetryEventData

	Filename string
}

FileCloseForModifyTelemetryEvent is a telemetry event generated by the file event source.

func (FileCloseForModifyTelemetryEvent) CommonTelemetryEventData 

func (e FileCloseForModifyTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file modify telemetry event.

type FileCreateTelemetryEvent 

type FileCreateTelemetryEvent struct {
	TelemetryEventData

	Filename string
	Mode     int32
}

FileCreateTelemetryEvent is a telemetry event generated by the file event source.

func (FileCreateTelemetryEvent) CommonTelemetryEventData 

func (e FileCreateTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file create telemetry event.

type FileDeleteTelemetryEvent 

type FileDeleteTelemetryEvent struct {
	TelemetryEventData

	Filename string
}

FileDeleteTelemetryEvent is a telemetry event generated by the file event source.

func (FileDeleteTelemetryEvent) CommonTelemetryEventData 

func (e FileDeleteTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file delete telemetry event.

type FileLinkTelemetryEvent 

type FileLinkTelemetryEvent struct {
	TelemetryEventData

	SourceFile string
	TargetFile string
	Symlink    bool
}

FileLinkTelemetryEvent is a telemetry event generated by the file event source.

func (FileLinkTelemetryEvent) CommonTelemetryEventData 

func (e FileLinkTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file link telemetry event.

type FileModifyTelemetryEvent 

type FileModifyTelemetryEvent struct {
	TelemetryEventData

	Filename string
}

FileModifyTelemetryEvent is a telemetry event generated by the file event source.

func (FileModifyTelemetryEvent) CommonTelemetryEventData 

func (e FileModifyTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file modify telemetry event.

type FileMonitor 

type FileMonitor struct {
	sync.Mutex
	// contains filtered or unexported fields
}

FileMonitor is a sensor service that monitors file activity on the host system, generating telemetry events for subscribers as requested.

func NewFileMonitor 

func NewFileMonitor(sensor *Sensor) *FileMonitor

NewFileMonitor creates a new file monitor.

type FileOpenForModifyTelemetryEvent 

type FileOpenForModifyTelemetryEvent struct {
	TelemetryEventData

	Filename string
}

FileOpenForModifyTelemetryEvent is a telemetry event generated by the file event source.

func (FileOpenForModifyTelemetryEvent) CommonTelemetryEventData 

func (e FileOpenForModifyTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file modify telemetry event.

type FileOpenTelemetryEvent 

type FileOpenTelemetryEvent struct {
	TelemetryEventData

	Filename string
	Flags    int32
	Mode     int32
}

FileOpenTelemetryEvent is a telemetry event generated by the file event source.

func (FileOpenTelemetryEvent) CommonTelemetryEventData 

func (e FileOpenTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file open telemetry event.

type FileRenameTelemetryEvent 

type FileRenameTelemetryEvent struct {
	TelemetryEventData

	Oldname string
	Newname string
}

FileRenameTelemetryEvent is a telemetry event generated by the file event source.

func (FileRenameTelemetryEvent) CommonTelemetryEventData 

func (e FileRenameTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a file rename telemetry event.

type KernelFunctionCallTelemetryEvent 

type KernelFunctionCallTelemetryEvent struct {
	TelemetryEventData

	Arguments expression.FieldValueMap
}

KernelFunctionCallTelemetryEvent is a telemetry event generated by the kernel function call event source.

func (KernelFunctionCallTelemetryEvent) CommonTelemetryEventData 

func (e KernelFunctionCallTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a kernel function call telemetry event.

type LostRecordTelemetryEvent 

type LostRecordTelemetryEvent struct {
	TelemetryEventData

	Lost uint64
	Type LostRecordType
}

LostRecordTelemetryEvent is a telemetry event generated by lost records

func (LostRecordTelemetryEvent) CommonTelemetryEventData 

func (e LostRecordTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a lost record telemetry event.

func (*LostRecordTelemetryEvent) InitWithSampleID 

func (e *LostRecordTelemetryEvent) InitWithSampleID(
	sensor *Sensor,
	sampleID perf.SampleID,
	count uint64,
)

InitWithSampleID initializes a LostRecordTelemetryEvent for dispatch.

type LostRecordType 

type LostRecordType int

LostRecordType represents the type of a lost record. 

const (
	// LostRecordTypeUnknown is a lost record of unknown type.
	LostRecordTypeUnknown LostRecordType = iota

	// LostRecordTypeSubscription is a lost record from a subscription.
	// It may include kprobes, uprobes, network events, syscalls, etc. but
	// it does not include meta events like process, container, or file
	// monitoring events. This type is only ever sent to a specific
	// subscription that has lost a kernel generated event.
	LostRecordTypeSubscription

	// LostRecordTypeProcess is a lost record relating to process meta
	// events. This type is broadcast to all subscriptions, regardless of
	// whether they've explicitly subscribed to process events or not,
	// because it affects everything.
	LostRecordTypeProcess

	// LostRecordTypeContainer is a lost record relating to container meta
	// events. This type is broadcast to all subscriptions, regardless of
	// whether they've explicitly subscribed to process events or not,
	// because it affects everything.
	LostRecordTypeContainer

	// LostRecordTypeFileCreate is a lost record relating to file create
	// events. It is only sent to subscriptions that are subscribed to file
	// create events.
	LostRecordTypeFileCreate

	// LostRecordTypeFileDelete is a lost record relating to file delete
	// events. It is only sent to subscriptions that are subscribed to file
	// delete events.
	LostRecordTypeFileDelete

	// LostRecordTypeFileLink is a lost record relating to file link events.
	// It is only sent to subscriptions that are subscribed to file link
	// events.
	LostRecordTypeFileLink

	// LostRecordTypeFileSymlink is a lost record relating to file symlink
	// events. It is only sent to subscriptions that are subscribed to file
	// link events.
	LostRecordTypeFileSymlink

	// LostRecordTypeFileOpenModify is a lost record relating to file open
	// modify events. It is only sent to subscriptions that are subscribed
	// to file open modify events.
	LostRecordTypeFileOpenModify

	// LostRecordTypeFileCloseModify is a lost record relating to file close
	// modify events. It is only sent to subscriptions that are subscribed
	// to file close modify events.
	LostRecordTypeFileCloseModify

	// LostRecordTypeFileModify is a lost record relating to file modify
	// events. It is only sent to subscriptions that are subscribed to file
	// modify events.
	LostRecordTypeFileModify

	// LostRecordTypeFileRename is a lost record relating to file rename
	// events. It is only sent to subscriptions that are subscribed to file
	// rename events.
	LostRecordTypeFileRename

	// LostRecordTypeFileAttributeChange is a lost record relating to file
	// attribute change events. It is only sent to subscriptions that are
	// subscribed to file attribute change events.
	LostRecordTypeFileAttributeChange
)

type MetricsCounters 

type MetricsCounters struct {
	// Number of events created during the sample period
	Events uint64

	// Number of subscriptions
	Subscriptions uint64

	// Number of samples dropped by the kernel
	KernelSamplesLost uint64
}

MetricsCounters is used for tracking metrics information in the sensor

type NetworkAcceptAttemptTelemetryEvent 

type NetworkAcceptAttemptTelemetryEvent struct {
	TelemetryEventData
	NetworkAttemptTelemetryEventData
}

NetworkAcceptAttemptTelemetryEvent is a telemetry event generated by the network accept attempt event source.

func (NetworkAcceptAttemptTelemetryEvent) CommonTelemetryEventData 

func (e NetworkAcceptAttemptTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkAcceptResultTelemetryEvent 

type NetworkAcceptResultTelemetryEvent struct {
	TelemetryEventData
	NetworkResultTelemetryEventData
}

NetworkAcceptResultTelemetryEvent is a telemetry event generated by the network accept result event source.

func (NetworkAcceptResultTelemetryEvent) CommonTelemetryEventData 

func (e NetworkAcceptResultTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkAddressTelemetryEventData 

type NetworkAddressTelemetryEventData struct {
	Family          uint16
	UnixPath        string
	IPv4Address     uint32
	IPv4Port        uint16
	IPv6AddressHigh uint64
	IPv6AddressLow  uint64
	IPv6Port        uint16
}

NetworkAddressTelemetryEventData is the data common to all network attempt telemetry events that have addresses.

type NetworkAttemptTelemetryEventData 

type NetworkAttemptTelemetryEventData struct {
	FD uint64
}

NetworkAttemptTelemetryEventData is the data common to all network attempt telemetry events.

type NetworkBindAttemptTelemetryEvent 

type NetworkBindAttemptTelemetryEvent struct {
	TelemetryEventData
	NetworkAttemptTelemetryEventData
	NetworkAddressTelemetryEventData
}

NetworkBindAttemptTelemetryEvent is a telemetry event generated by the network bind attempt event source.

func (NetworkBindAttemptTelemetryEvent) CommonTelemetryEventData 

func (e NetworkBindAttemptTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkBindResultTelemetryEvent 

type NetworkBindResultTelemetryEvent struct {
	TelemetryEventData
	NetworkResultTelemetryEventData
}

NetworkBindResultTelemetryEvent is a telemetry event generated by the network bind result event source.

func (NetworkBindResultTelemetryEvent) CommonTelemetryEventData 

func (e NetworkBindResultTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkConnectAttemptTelemetryEvent 

type NetworkConnectAttemptTelemetryEvent struct {
	TelemetryEventData
	NetworkAttemptTelemetryEventData
	NetworkAddressTelemetryEventData
}

NetworkConnectAttemptTelemetryEvent is a telemetry event generated by the network connect attempt event source.

func (NetworkConnectAttemptTelemetryEvent) CommonTelemetryEventData 

func (e NetworkConnectAttemptTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkConnectResultTelemetryEvent 

type NetworkConnectResultTelemetryEvent struct {
	TelemetryEventData
	NetworkResultTelemetryEventData
}

NetworkConnectResultTelemetryEvent is a telemetry event generated by the network connect result event source.

func (NetworkConnectResultTelemetryEvent) CommonTelemetryEventData 

func (e NetworkConnectResultTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkListenAttemptTelemetryEvent 

type NetworkListenAttemptTelemetryEvent struct {
	TelemetryEventData
	NetworkAttemptTelemetryEventData

	Backlog uint64
}

NetworkListenAttemptTelemetryEvent is a telemetry event generated by the network listen attempt event source.

func (NetworkListenAttemptTelemetryEvent) CommonTelemetryEventData 

func (e NetworkListenAttemptTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkListenResultTelemetryEvent 

type NetworkListenResultTelemetryEvent struct {
	TelemetryEventData
	NetworkResultTelemetryEventData
}

NetworkListenResultTelemetryEvent is a telemetry event generated by the network listen result event source.

func (NetworkListenResultTelemetryEvent) CommonTelemetryEventData 

func (e NetworkListenResultTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkRecvfromAttemptTelemetryEvent 

type NetworkRecvfromAttemptTelemetryEvent struct {
	TelemetryEventData
	NetworkAttemptTelemetryEventData
}

NetworkRecvfromAttemptTelemetryEvent is a telemetry event generated by the network recvfrom attempt event source.

func (NetworkRecvfromAttemptTelemetryEvent) CommonTelemetryEventData 

func (e NetworkRecvfromAttemptTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkRecvfromResultTelemetryEvent 

type NetworkRecvfromResultTelemetryEvent struct {
	TelemetryEventData
	NetworkResultTelemetryEventData
}

NetworkRecvfromResultTelemetryEvent is a telemetry event generated by the network recvfrom result event source.

func (NetworkRecvfromResultTelemetryEvent) CommonTelemetryEventData 

func (e NetworkRecvfromResultTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkResultTelemetryEventData 

type NetworkResultTelemetryEventData struct {
	Return int64
}

NetworkResultTelemetryEventData is the data common to all network result telemetry events.

type NetworkSendtoAttemptTelemetryEvent 

type NetworkSendtoAttemptTelemetryEvent struct {
	TelemetryEventData
	NetworkAttemptTelemetryEventData
	NetworkAddressTelemetryEventData
}

NetworkSendtoAttemptTelemetryEvent is a telemetry event generated by the network sendto attempt event source.

func (NetworkSendtoAttemptTelemetryEvent) CommonTelemetryEventData 

func (e NetworkSendtoAttemptTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NetworkSendtoResultTelemetryEvent 

type NetworkSendtoResultTelemetryEvent struct {
	TelemetryEventData
	NetworkResultTelemetryEventData
}

NetworkSendtoResultTelemetryEvent is a telemetry event generated by the network sendto result event source.

func (NetworkSendtoResultTelemetryEvent) CommonTelemetryEventData 

func (e NetworkSendtoResultTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type NewSensorOption 

type NewSensorOption func(*newSensorOptions)

NewSensorOption is used to implement optional arguments for NewSensor. It must be exported, but it is not typically used directly.

func WithCgroupName 

func WithCgroupName(cgroupName string) NewSensorOption

WithCgroupName configures a cgroup name to be monitored.

func WithCleanupFunc 

func WithCleanupFunc(cleanupFunc func()) NewSensorOption

WithCleanupFunc is used to register a cleanup function that will be called when the sensor is stopped. Multiple cleanup functions may be registered, and will be called in the reverse order in which the were registered.

func WithDockerContainerDir 

func WithDockerContainerDir(dockerContainerDir string) NewSensorOption

WithDockerContainerDir is used to set the directory to monitor for Docker container activity.

func WithEventSourceController 

func WithEventSourceController(controller perf.EventSourceController) NewSensorOption

WithEventSourceController is used to set the perf.EventSourceController to use. This is not used by the sensor itself, but passed through when a new EventMonitor is created.

func WithOciContainerDir 

func WithOciContainerDir(ociContainerDir string) NewSensorOption

WithOciContainerDir is used to set the directory to monitor for OCI container activity.

func WithPerfEventDir 

func WithPerfEventDir(perfEventDir string) NewSensorOption

WithPerfEventDir is used to set an optional directory to use for monitoring groups. This should only be necessary if the perf_event cgroup is not mounted in the usual location.

func WithProcFileSystem 

func WithProcFileSystem(procFS proc.FileSystem) NewSensorOption

WithProcFileSystem is used to set the proc.FileSystem to use. The system default will be used if one is not specified.

func WithRingBufferNumPages 

func WithRingBufferNumPages(ringBufferNumPages int) NewSensorOption

WithRingBufferNumPages sets the number of memory pages to use for event monitoring ring buffers.

func WithRuntimeDir 

func WithRuntimeDir(runtimeDir string) NewSensorOption

WithRuntimeDir is used to set the runtime state directory to use for the sensor.

func WithSensorID 

func WithSensorID(id string) NewSensorOption

WithSensorID is used to define a specific sensor ID.

func WithSupportDir 

func WithSupportDir(supportDir string) NewSensorOption

WithSupportDir is used to set the support directory to use for the sensor. The support directory contains files that the sensor uses for various operations (e.g., kernel struct offset table)

func WithTracingDir 

func WithTracingDir(tracingDir string) NewSensorOption

WithTracingDir is used to set an alternate mountpoint to use for managing tracepoints, kprobes, and uprobes.

type PerformanceTelemetryEvent 

type PerformanceTelemetryEvent struct {
	TelemetryEventData

	TotalTimeEnabled uint64
	TotalTimeRunning uint64
	Counters         []perf.CounterEventValue
}

PerformanceTelemetryEvent is a telemetry event generated by the performance event source.

func (PerformanceTelemetryEvent) CommonTelemetryEventData 

func (e PerformanceTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ProcessExecTelemetryEvent 

type ProcessExecTelemetryEvent struct {
	TelemetryEventData

	Filename    string
	CommandLine []string
	CWD         string
}

ProcessExecTelemetryEvent is a telemetry event generated by the process exec event source.

func (ProcessExecTelemetryEvent) CommonTelemetryEventData 

func (e ProcessExecTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ProcessExitTelemetryEvent 

type ProcessExitTelemetryEvent struct {
	TelemetryEventData

	ExitCode       int32
	ExitStatus     uint32
	ExitSignal     uint32
	ExitCoreDumped bool
}

ProcessExitTelemetryEvent is a telemetry event generated by the process exit event source.

func (ProcessExitTelemetryEvent) CommonTelemetryEventData 

func (e ProcessExitTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ProcessForkTelemetryEvent 

type ProcessForkTelemetryEvent struct {
	TelemetryEventData

	ChildPID       int32
	ChildProcessID string
	CloneFlags     uint64
	StackStart     uint64
	CWD            string
}

ProcessForkTelemetryEvent is a telemetry event generated by the process fork event source.

func (ProcessForkTelemetryEvent) CommonTelemetryEventData 

func (e ProcessForkTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type ProcessInfoCache 

type ProcessInfoCache struct {

	// These are external event IDs registered with the sensor's event
	// monitor instance. The cache will enqueue these events as appropriate
	// as the cache is updated.
	ProcessExecEventID   uint64
	ProcessForkEventID   uint64
	ProcessExitEventID   uint64
	ProcessUpdateEventID uint64

	// EventGroupID is the EventMonitor event group id to use for
	// registering all process related events.
	EventGroupID int32
	// contains filtered or unexported fields
}

ProcessInfoCache is an object that caches process information. It is maintained automatically via an existing sensor object.

func NewProcessInfoCache 

func NewProcessInfoCache(sensor *Sensor) *ProcessInfoCache

NewProcessInfoCache creates a new process information cache object. An existing sensor object is required in order for the process info cache to able to install its probes to monitor the system to maintain the cache.

func (*ProcessInfoCache) LookupTask 

func (pc *ProcessInfoCache) LookupTask(pid int) *Task

LookupTask finds the task information for the given PID.

func (*ProcessInfoCache) LookupTaskAndLeader 

func (pc *ProcessInfoCache) LookupTaskAndLeader(pid int) (*Task, *Task)

LookupTaskAndLeader finds the task information for both a given PID and the thread group leader.

func (*ProcessInfoCache) LookupTaskContainerInfo 

func (pc *ProcessInfoCache) LookupTaskContainerInfo(t *Task) *ContainerInfo

LookupTaskContainerInfo returns the container info for a task, possibly consulting the sensor's container cache and updating the task cached information.

func (*ProcessInfoCache) Start 

func (pc *ProcessInfoCache) Start()

Start enables the process cache by scanning the /proc filesystem to learn about existing processes and enable monitoring once that is done.

type ProcessUpdateTelemetryEvent 

type ProcessUpdateTelemetryEvent struct {
	TelemetryEventData

	CWD string
}

ProcessUpdateTelemetryEvent is a telemetry event generated by the process update event source.

func (ProcessUpdateTelemetryEvent) CommonTelemetryEventData 

func (e ProcessUpdateTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type Sensor 

type Sensor struct {
	// Unique Id for this sensor. Sensor Ids are ephemeral.
	ID string

	// Metrics counters for this sensor
	Metrics MetricsCounters

	// A reference to the host proc filesystem in use.
	ProcFS proc.FileSystem

	// Per-sensor caches and monitors
	ProcessCache   *ProcessInfoCache
	ContainerCache *ContainerCache
	FileMonitor    *FileMonitor

	// A reference to the event source controller in use.
	EventSourceController perf.EventSourceController
	// contains filtered or unexported fields
}

Sensor represents the state of a sensor instance.

func NewSensor 

func NewSensor(options ...NewSensorOption) (*Sensor, error)

NewSensor creates a new Sensor instance.

func (*Sensor) ActualKernelSymbol 

func (s *Sensor) ActualKernelSymbol(symbol string) (string, error)

ActualKernelSymbol returns the actual kernel symbol to use. For some symbols, the linker does some rewriting and system calls have different prefixes in Linux 4.17+ kernels.

func (*Sensor) DispatchEvent 

func (s *Sensor) DispatchEvent(
	eventid uint64,
	event TelemetryEvent,
	valueGetter expression.FieldValueGetter,
)

DispatchEvent dispatches a telemetry event to all subscribers that are listening for it.

func (*Sensor) DispatchEventToAllSubscriptions 

func (s *Sensor) DispatchEventToAllSubscriptions(event TelemetryEvent)

DispatchEventToAllSubscriptions dispatches a telemetry event to all subscriptions regardless of whether they are listening for the event or not. It is effectively a broadcast that cannot be ignored.

func (*Sensor) FindSupportFile 

func (s *Sensor) FindSupportFile(exeFileName, name string, mode uint32) string

FindSupportFile looks for a supporting file by name and returns the path to it. The current working directory is checked first, followed by the path from which the calling executable launched, followed by Sensor.supportDir.

func (*Sensor) IsKernelSymbolAvailable 

func (s *Sensor) IsKernelSymbolAvailable(symbol string) bool

IsKernelSymbolAvailable checks to see if the specified kprobe symbol is available for use in the running kernel.

func (*Sensor) Monitor 

func (s *Sensor) Monitor() *perf.EventMonitor

Monitor returns a reference to the sensor's EventMonitor instance.

func (*Sensor) NewSubscription 

func (s *Sensor) NewSubscription() *Subscription

NewSubscription creates a new telemetry subscription

func (*Sensor) RegisterKprobe 

func (s *Sensor) RegisterKprobe(
	address string,
	onReturn bool,
	output string,
	handlerFn perf.TraceEventHandlerFn,
	groupid int32,
	options ...perf.RegisterEventOption,
) (uint64, error)

RegisterKprobe registers a kprobe with the sensor's EventMonitor instance, but before doing so, ensures that the kernel symbol is available and potentially transforms it to account for new kernel changes.

func (*Sensor) Start 

func (s *Sensor) Start() error

Start starts a sensor instance running.

func (*Sensor) Stop 

func (s *Sensor) Stop()

Stop stops a running sensor instance.

type StructField 

type StructField struct {
	Offset int `json:"offset"`
	Size   int `json:"size"`
}

StructField represents the offset and size of a kernel struct field. If the field offset information is not known, both size and offset will be 0.

type Subscription 

type Subscription struct {
	// contains filtered or unexported fields
}

Subscription contains all of the information about a client subscription for telemetry events to be delivered by the sensor.

func (*Subscription) Close 

func (s *Subscription) Close()

Close disables a running subscription.

func (*Subscription) DispatchEvent 

func (s *Subscription) DispatchEvent(
	eventID uint64,
	event TelemetryEvent,
	valueGetter expression.FieldValueGetter,
)

DispatchEvent dispatches a telemetry event to the subscription.

func (*Subscription) GetStatuses 

func (s *Subscription) GetStatuses() []string

GetStatuses returns any status information that has been logged since the last call to GetStatuses. This function clears the status log.

func (*Subscription) ProcessTelemetryServiceSubscription 

func (s *Subscription) ProcessTelemetryServiceSubscription(sub *telemetryAPI.Subscription)

ProcessTelemetryServiceSubscription processes a Subscription message from the telemetry service API.

func (*Subscription) RegisterChargenEventFilter 

func (s *Subscription) RegisterChargenEventFilter(
	length uint64,
	filter *expression.Expression,
)

RegisterChargenEventFilter registers a character generation event filter with a subscription.

func (*Subscription) RegisterContainerCreatedEventFilter 

func (s *Subscription) RegisterContainerCreatedEventFilter(expr *expression.Expression)

RegisterContainerCreatedEventFilter registers a container created event filter with a subscription.

func (*Subscription) RegisterContainerDestroyedEventFilter 

func (s *Subscription) RegisterContainerDestroyedEventFilter(expr *expression.Expression)

RegisterContainerDestroyedEventFilter registers a container destroyed event filter with a subscription.

func (*Subscription) RegisterContainerExitedEventFilter 

func (s *Subscription) RegisterContainerExitedEventFilter(expr *expression.Expression)

RegisterContainerExitedEventFilter registers a container exited event filter with a subscription.

func (*Subscription) RegisterContainerRunningEventFilter 

func (s *Subscription) RegisterContainerRunningEventFilter(expr *expression.Expression)

RegisterContainerRunningEventFilter registers a container running event filter with a subscription.

func (*Subscription) RegisterContainerUpdatedEventFilter 

func (s *Subscription) RegisterContainerUpdatedEventFilter(expr *expression.Expression)

RegisterContainerUpdatedEventFilter registers a container updated event filter with a subscription.

func (*Subscription) RegisterFileAttributeChangeEventFilter 

func (s *Subscription) RegisterFileAttributeChangeEventFilter(filter *expression.Expression)

RegisterFileAttributeChangeEventFilter registers a file attribute change event filter with a subscription.

func (*Subscription) RegisterFileCloseForModifyEventFilter 

func (s *Subscription) RegisterFileCloseForModifyEventFilter(filter *expression.Expression)

RegisterFileCloseForModifyEventFilter registers a file open for modify event filter with a subscription.

func (*Subscription) RegisterFileCreateEventFilter 

func (s *Subscription) RegisterFileCreateEventFilter(filter *expression.Expression)

RegisterFileCreateEventFilter registers a file create event filter with a subscription.

func (*Subscription) RegisterFileDeleteEventFilter 

func (s *Subscription) RegisterFileDeleteEventFilter(filter *expression.Expression)

RegisterFileDeleteEventFilter registers a file delete event filter with a subscription.

func (*Subscription) RegisterFileLinkEventFilter 

func (s *Subscription) RegisterFileLinkEventFilter(filter *expression.Expression)

RegisterFileLinkEventFilter registers both a file link and file symlink event filter with a subscription.

func (*Subscription) RegisterFileModifyEventFilter 

func (s *Subscription) RegisterFileModifyEventFilter(filter *expression.Expression)

RegisterFileModifyEventFilter registers a file modify event filter with a subscription.

func (*Subscription) RegisterFileOpenEventFilter 

func (s *Subscription) RegisterFileOpenEventFilter(filter *expression.Expression)

RegisterFileOpenEventFilter registers a file open event filter with a subscription.

func (*Subscription) RegisterFileOpenForModifyEventFilter 

func (s *Subscription) RegisterFileOpenForModifyEventFilter(filter *expression.Expression)

RegisterFileOpenForModifyEventFilter registers a file open for modify event filter with a subscription.

func (*Subscription) RegisterFileRenameEventFilter 

func (s *Subscription) RegisterFileRenameEventFilter(filter *expression.Expression)

RegisterFileRenameEventFilter registers a filer rename event filter with a subscription.

func (*Subscription) RegisterKernelFunctionCallEventFilter 

func (s *Subscription) RegisterKernelFunctionCallEventFilter(
	symbol string,
	onReturn bool,
	arguments map[string]string,
	filter *expression.Expression,
)

RegisterKernelFunctionCallEventFilter registers a kernel function call event filter with a subscription.

func (*Subscription) RegisterNetworkAcceptAttemptEventFilter 

func (s *Subscription) RegisterNetworkAcceptAttemptEventFilter(expr *expression.Expression)

RegisterNetworkAcceptAttemptEventFilter registers a network accept attempt event filter with a subscription.

func (*Subscription) RegisterNetworkAcceptResultEventFilter 

func (s *Subscription) RegisterNetworkAcceptResultEventFilter(expr *expression.Expression)

RegisterNetworkAcceptResultEventFilter registers a network accept result event filter with a subscription.

func (*Subscription) RegisterNetworkBindAttemptEventFilter 

func (s *Subscription) RegisterNetworkBindAttemptEventFilter(expr *expression.Expression)

RegisterNetworkBindAttemptEventFilter registers a network bind attempt event filter with a subscription.

func (*Subscription) RegisterNetworkBindResultEventFilter 

func (s *Subscription) RegisterNetworkBindResultEventFilter(expr *expression.Expression)

RegisterNetworkBindResultEventFilter registers a network bind result event filter with a subscription.

func (*Subscription) RegisterNetworkConnectAttemptEventFilter 

func (s *Subscription) RegisterNetworkConnectAttemptEventFilter(expr *expression.Expression)

RegisterNetworkConnectAttemptEventFilter registers a network connect attempt event filter with a subscription.

func (*Subscription) RegisterNetworkConnectResultEventFilter 

func (s *Subscription) RegisterNetworkConnectResultEventFilter(expr *expression.Expression)

RegisterNetworkConnectResultEventFilter registers a network connect result event filter with a subscription.

func (*Subscription) RegisterNetworkListenAttemptEventFilter 

func (s *Subscription) RegisterNetworkListenAttemptEventFilter(expr *expression.Expression)

RegisterNetworkListenAttemptEventFilter registers a network listen attempt event filter with a subscription.

func (*Subscription) RegisterNetworkListenResultEventFilter 

func (s *Subscription) RegisterNetworkListenResultEventFilter(expr *expression.Expression)

RegisterNetworkListenResultEventFilter registers a network listen result event filter with a subscription.

func (*Subscription) RegisterNetworkRecvfromAttemptEventFilter 

func (s *Subscription) RegisterNetworkRecvfromAttemptEventFilter(expr *expression.Expression)

RegisterNetworkRecvfromAttemptEventFilter registers a network recvfrom attempt event filter with a subscription.

func (*Subscription) RegisterNetworkRecvfromResultEventFilter 

func (s *Subscription) RegisterNetworkRecvfromResultEventFilter(expr *expression.Expression)

RegisterNetworkRecvfromResultEventFilter registers a network recvfrom result event filter with a subscription.

func (*Subscription) RegisterNetworkSendtoAttemptEventFilter 

func (s *Subscription) RegisterNetworkSendtoAttemptEventFilter(expr *expression.Expression)

RegisterNetworkSendtoAttemptEventFilter registers a network sendto attempt event filter with a subscription.

func (*Subscription) RegisterNetworkSendtoResultEventFilter 

func (s *Subscription) RegisterNetworkSendtoResultEventFilter(expr *expression.Expression)

RegisterNetworkSendtoResultEventFilter registers a network sendto result event filter with a subscription.

func (*Subscription) RegisterPerformanceEventFilter 

func (s *Subscription) RegisterPerformanceEventFilter(
	attr perf.EventAttr,
	counters []perf.CounterEventGroupMember,
)

RegisterPerformanceEventFilter registers a performance event filter with a subscription.

func (*Subscription) RegisterProcessExecEventFilter 

func (s *Subscription) RegisterProcessExecEventFilter(expr *expression.Expression)

RegisterProcessExecEventFilter registers a process exec event filter with a subscription.

func (*Subscription) RegisterProcessExitEventFilter 

func (s *Subscription) RegisterProcessExitEventFilter(expr *expression.Expression)

RegisterProcessExitEventFilter registers a process exit event filter with a subscription.

func (*Subscription) RegisterProcessForkEventFilter 

func (s *Subscription) RegisterProcessForkEventFilter(expr *expression.Expression)

RegisterProcessForkEventFilter registers a process fork event filter with a subscription.

func (*Subscription) RegisterProcessUpdateEventFilter 

func (s *Subscription) RegisterProcessUpdateEventFilter(expr *expression.Expression)

RegisterProcessUpdateEventFilter registers a process update event filter with a subscription.

func (*Subscription) RegisterSyscallEnterEventFilter 

func (s *Subscription) RegisterSyscallEnterEventFilter(
	filter *expression.Expression,
)

RegisterSyscallEnterEventFilter registers a syscall enter event filter with a subscription.

func (*Subscription) RegisterSyscallExitEventFilter 

func (s *Subscription) RegisterSyscallExitEventFilter(
	filter *expression.Expression,
)

RegisterSyscallExitEventFilter registers a syscall exit event filter with a subscription.

func (*Subscription) RegisterTickerEventFilter 

func (s *Subscription) RegisterTickerEventFilter(
	interval int64,
	filter *expression.Expression,
)

RegisterTickerEventFilter registers a ticker event filter with a subscription.

func (*Subscription) RegisterUserFunctionCallEventFilter 

func (s *Subscription) RegisterUserFunctionCallEventFilter(
	executable string,
	symbol string,
	onReturn bool,
	arguments map[string]string,
	filter *expression.Expression,
)

RegisterUserFunctionCallEventFilter registers a user function call event filter with a subscription.

func (*Subscription) Run 

func (s *Subscription) Run(
	ctx context.Context,
	dispatchFn EventSinkDispatchFn,
) ([]string, error)

Run enables and runs a telemetry event subscription. Canceling the specified context will cancel the subscription. For each event matching the subscription, the specified dispatch function will be called.

func (*Subscription) SetContainerFilter 

func (s *Subscription) SetContainerFilter(f *ContainerFilter)

SetContainerFilter sets a container filter to be used for a subscription.

func (*Subscription) TranslateSubscriptionStatuses 

func (s *Subscription) TranslateSubscriptionStatuses(
	statuses []string,
) []*status.Status

TranslateSubscriptionStatuses translates status information from a subscription for delivery to a telemetry client.

func (*Subscription) TranslateTelemetryEvent 

func (s *Subscription) TranslateTelemetryEvent(ev TelemetryEvent) *telemetryAPI.TelemetryEvent

TranslateTelemetryEvent translates a sensor telemetry event into a telemetry service TelemetryEvent.

type SyscallEnterTelemetryEvent 

type SyscallEnterTelemetryEvent struct {
	TelemetryEventData

	ID        int64
	Arguments [6]uint64
}

SyscallEnterTelemetryEvent is a telemetry event generated by the syscall enter event source.

func (SyscallEnterTelemetryEvent) CommonTelemetryEventData 

func (e SyscallEnterTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type SyscallExitTelemetryEvent 

type SyscallExitTelemetryEvent struct {
	TelemetryEventData

	ID     int64
	Return int64
}

SyscallExitTelemetryEvent is a telemetry event generated by the syscall exit event source.

func (SyscallExitTelemetryEvent) CommonTelemetryEventData 

func (e SyscallExitTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type Task 

type Task struct {
	// PID is the kernel's internal process identifier, which is equivalent
	// to the TID in userspace.
	PID int

	// TGID is the kernel's internal thread group identifier, which is
	// equivalent to the PID in userspace. All threads within a process
	// have differing PIDs, but all share the same TGID. The thread group
	// leader process's PID will be the same as its TGID.
	TGID int

	// Command is the kernel's comm field, which is initialized to the
	// first 15 characters of the basename of the executable being run.
	// It is also set via pthread_setname_np(3) and prctl(2) PR_SET_NAME.
	// It is always NULL-terminated and no longer than 16 bytes (including
	// NUL byte).
	Command string

	// CommandLine is the command-line used when the process was exec'd via
	// execve(). It is composed of the first 6 elements of argv. It may
	// not be complete if argv contained more than 6 elements.
	CommandLine []string

	// Creds are the credentials (uid, gid) for the task. This is kept
	// up-to-date by recording changes observed via a kprobe on
	// commit_creds().
	Creds *Cred

	// ContainerID is the ID of the container to which the task belongs,
	// if any.
	ContainerID string

	// ContainerInfo is a pointer to the cached container information for
	// the container to which the task belongs, if any.
	ContainerInfo *ContainerInfo

	// StartTime is the time at which a task started.
	StartTime int64

	// ExitTime is the time at which a task exited.
	ExitTime int64

	// ProcessID is a unique ID for the task.
	ProcessID string

	// CWD is the current working directory for the task. Tasks within a
	// process can each have their own independent CWD.
	CWD string
	// contains filtered or unexported fields
}

Task represents a schedulable task. All Linux tasks are uniquely identified at a given time by their PID, but those PIDs may be reused after hitting the maximum PID value.

func (*Task) IsSensor 

func (t *Task) IsSensor() bool

IsSensor returns true if the task belongs to the sensor process.

func (*Task) Leader 

func (t *Task) Leader() *Task

Leader returns a reference to a task's leader task.

func (*Task) Parent 

func (t *Task) Parent() *Task

Parent returns a reference to a task's parent task.

type TelemetryEvent 

type TelemetryEvent interface {
	CommonTelemetryEventData() TelemetryEventData
}

TelemetryEvent is an interface defining an event generated by the sensor in response to activity on the system that matches a subscriptions's event filter.

type TelemetryEventData 

type TelemetryEventData struct {
	EventID        string
	SensorID       string
	MonotimeNanos  int64
	SequenceNumber uint64

	ProcessID      string
	PID            int
	TGID           int
	CPU            uint32
	HasCredentials bool
	Credentials    Cred

	Container ContainerInfo
}

TelemetryEventData is an event generated by the sensor in response to activity on the system that matches a subscription's event filter. It contains all relevant information.

func (*TelemetryEventData) Init 

func (e *TelemetryEventData) Init(sensor *Sensor)

Init initializes a telemetry event with common sensor-specific fields correctly populated.

func (*TelemetryEventData) InitWithSample 

func (e *TelemetryEventData) InitWithSample(
	sensor *Sensor,
	sample *perf.Sample,
) bool

InitWithSample initializes a telemetry event using perf_event sample information. If the sample should be suppressed for some reason, the return will be false.

func (*TelemetryEventData) InitWithSampleID 

func (e *TelemetryEventData) InitWithSampleID(
	sensor *Sensor,
	sampleID perf.SampleID,
) bool

InitWithSampleID initializes a telemetry event using perf_event sample information. If the sample should be suppressed for some reason, the return will be false.

type TelemetryService 

type TelemetryService struct {
	// contains filtered or unexported fields
}

TelemetryService is a service that can be used with the ServiceManager to process telemetry subscription requests and stream the resulting telemetry events.

func NewTelemetryService 

func NewTelemetryService(
	sensor *Sensor,
	address string,
	options ...TelemetryServiceOption,
) *TelemetryService

NewTelemetryService creates a new TelemetryService instance that can be used with a ServiceManager instance.

func (*TelemetryService) Name 

func (ts *TelemetryService) Name() string

Name returns the human-readable name of the TelemetryService.

func (*TelemetryService) Serve 

func (ts *TelemetryService) Serve() error

Serve is the main entrypoint for the TelemetryService. It is normally called by the ServiceManager. It will service requests indefinitely from the calling Goroutine.

func (*TelemetryService) Stop 

func (ts *TelemetryService) Stop()

Stop will stop a running TelemetryService.

type TelemetryServiceGetEventsRequestFunc 

type TelemetryServiceGetEventsRequestFunc func(
	request *telemetryAPI.GetEventsRequest,
)

TelemetryServiceGetEventsRequestFunc is a function called when a new subscription is requested.

type TelemetryServiceGetEventsResponseFunc 

type TelemetryServiceGetEventsResponseFunc func(
	response *telemetryAPI.GetEventsResponse,
	err error,
)

TelemetryServiceGetEventsResponseFunc is a function called when a new subscscription is processed. The response will be included or an error if there was an error processing the subscription.

type TelemetryServiceOption 

type TelemetryServiceOption func(*telemetryServiceOptions)

TelemetryServiceOption is used to implement optional arguments for NewTelemetryService. It must be exported, but it is not typically used directly.

func WithGetEventsRequestFunc 

func WithGetEventsRequestFunc(f TelemetryServiceGetEventsRequestFunc) TelemetryServiceOption

WithGetEventsRequestFunc specifies a function to be called when a telemetry service GetEvents request has been received. It is called with the request.

func WithGetEventsResponseFunc 

func WithGetEventsResponseFunc(f TelemetryServiceGetEventsResponseFunc) TelemetryServiceOption

WithGetEventsResponseFunc sepecifies a function to be called when a telemtry service GetEvents request has been processed. It is called with either the response or an error.

func WithStartFunc 

func WithStartFunc(f TelemetryServiceStartFunc) TelemetryServiceOption

WithStartFunc specifies a function to be called when a telemetry service is started.

func WithStopFunc 

func WithStopFunc(f TelemetryServiceStopFunc) TelemetryServiceOption

WithStopFunc specifies a function to be called when a telemetry service is stopped.

type TelemetryServiceStartFunc 

type TelemetryServiceStartFunc func()

TelemetryServiceStartFunc is a function called when the sensor service is started.

type TelemetryServiceStopFunc 

type TelemetryServiceStopFunc func()

TelemetryServiceStopFunc is a function called when the sensor service is stopped.

type TickerTelemetryEvent 

type TickerTelemetryEvent struct {
	TelemetryEventData

	Seconds     int64
	Nanoseconds int64
}

TickerTelemetryEvent is a telemetry event generated by the ticker event source.

func (TickerTelemetryEvent) CommonTelemetryEventData 

func (e TickerTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemtry event data common to all telemetry events for a chargen telemetry event.

type UserFunctionCallTelemetryEvent 

type UserFunctionCallTelemetryEvent struct {
	TelemetryEventData

	Arguments expression.FieldValueMap
}

UserFunctionCallTelemetryEvent is a telemetry event generated by the user function call event source.

func (UserFunctionCallTelemetryEvent) CommonTelemetryEventData 

func (e UserFunctionCallTelemetryEvent) CommonTelemetryEventData() TelemetryEventData

CommonTelemetryEventData returns the telemetry event data common to all telemetry events for a user function call telemetry event.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.