derive

package
v0.0.0-...-ef8be33 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	IPPROTO_TCP uint8 = 6
	IPPROTO_UDP uint8 = 17
)

Variables

View Source 
var NetSeqOps = [6]string{
	"tcp4_seq_ops",
	"tcp6_seq_ops",
	"udp_seq_ops",
	"udp6_seq_ops",
	"raw_seq_ops",
	"raw6_seq_ops",
}

Struct names for the interfaces HookedSeqOpsEventID checks for hooks The show,start,next and stop operation function pointers will be checked for each of those

View Source 
var NetSeqOpsFuncs = [4]string{
	"show",
	"start",
	"next",
	"stop",
}

Functions

func InitHookedSyscall 

func InitHookedSyscall() error

InitHookedSyscall initialize lru

Types

type DeriveFunction 

type DeriveFunction func(trace.Event) ([]trace.Event, []error)

DeriveFunction is a function prototype for a function that receives an event as argument and may produce a new event if relevant. It returns a derived or empty event, depending on successful derivation, and an error if one occurred.

func DetectHookedSyscall 

func DetectHookedSyscall(kernelSymbols *environment.KernelSymbolTable) DeriveFunction

func HookedSeqOps 

func HookedSeqOps(kernelSymbols *environment.KernelSymbolTable) DeriveFunction

func NetFlowTCPBegin 

func NetFlowTCPBegin(cache *dnscache.DNSCache) DeriveFunction

func NetFlowTCPEnd 

func NetFlowTCPEnd(cache *dnscache.DNSCache) DeriveFunction

func NetPacketDNS 

func NetPacketDNS() DeriveFunction

func NetPacketDNSRequest 

func NetPacketDNSRequest() DeriveFunction

func NetPacketDNSResponse 

func NetPacketDNSResponse() DeriveFunction

func NetPacketHTTP 

func NetPacketHTTP() DeriveFunction

func NetPacketHTTPRequest 

func NetPacketHTTPRequest() DeriveFunction

func NetPacketHTTPResponse 

func NetPacketHTTPResponse() DeriveFunction

func NetPacketICMP 

func NetPacketICMP() DeriveFunction

func NetPacketICMPv6 

func NetPacketICMPv6() DeriveFunction

func NetPacketIPv4 

func NetPacketIPv4() DeriveFunction

func NetPacketIPv6 

func NetPacketIPv6() DeriveFunction

func NetPacketTCP 

func NetPacketTCP() DeriveFunction

func NetPacketUDP 

func NetPacketUDP() DeriveFunction

func NetTCPConnect 

func NetTCPConnect(cache *dnscache.DNSCache) DeriveFunction

type ExecFailedGenerator 

type ExecFailedGenerator struct {
	// contains filtered or unexported fields
}

ExecFailedGenerator is the object which implement the ProcessExecuteFailed event derivation

func InitProcessExecuteFailedGenerator 

func InitProcessExecuteFailedGenerator() (*ExecFailedGenerator, error)

InitProcessExecuteFailedGenerator initialize a new generator for the ProcessExecuteFailed event.

func (*ExecFailedGenerator) ProcessExecuteFailed 

func (gen *ExecFailedGenerator) ProcessExecuteFailed() DeriveFunction

ProcessExecuteFailed return the DeriveFunction for the "process_execute_failed" event.

type Table 

type Table map[events.ID]map[events.ID]struct {
	DeriveFunction DeriveFunction
	Enabled        func() bool
}

Table defines a table between events and events they can be derived into corresponding to a deriveFunction The Enabled flag is used in order to skip derivation of unneeded events.

func (Table) DeriveEvent 

func (t Table) DeriveEvent(event trace.Event, origArgs []trace.Argument) ([]trace.Event, []error)

DeriveEvent takes a trace.Event and checks if it can derive additional events from it as defined by a derivationTable.

func (Table) Register 

func (t Table) Register(deriveFrom, deriveTo events.ID, deriveCondition func() bool, deriveLogic DeriveFunction) error

Register registers a new derivation handler

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.