capsule8_api_v0

package
v0.0.0-...-39b0932 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2023 License: Apache-2.0 Imports: 7 Imported by: 8

Documentation

Overview

Package capsule8_api_v0 is a generated protocol buffer package.

It is generated from these files:

capsule8/api/v0/types.proto
capsule8/api/v0/event.proto
capsule8/api/v0/telemetry_service.proto
capsule8/api/v0/subscription.proto
capsule8/api/v0/expression.proto

It has these top-level messages:

IPv4Address
IPv4AddressAndPort
IPv6Address
IPv6AddressAndPort
NetworkAddress
Event
ChargenEvent
TickerEvent
ContainerEvent
ProcessEvent
SyscallEvent
FileEvent
Process
KernelFunctionCallEvent
NetworkEvent
GetEventsRequest
GetEventsResponse
TelemetryEvent
Subscription
ContainerFilter
EventFilter
SyscallEventFilter
ProcessEventFilter
FileEventFilter
KernelFunctionCallFilter
NetworkEventFilter
ContainerEventFilter
ChargenEventFilter
TickerEventFilter
Modifier
ThrottleModifier
LimitModifier
Value
BinaryOp
Expression

Index

Constants

This section is empty.

Variables

View Source
var ContainerEventType_name = map[int32]string{
	0: "CONTAINER_EVENT_TYPE_UNKNOWN",
	1: "CONTAINER_EVENT_TYPE_CREATED",
	2: "CONTAINER_EVENT_TYPE_RUNNING",
	3: "CONTAINER_EVENT_TYPE_EXITED",
	4: "CONTAINER_EVENT_TYPE_DESTROYED",
}
View Source
var ContainerEventType_value = map[string]int32{
	"CONTAINER_EVENT_TYPE_UNKNOWN":   0,
	"CONTAINER_EVENT_TYPE_CREATED":   1,
	"CONTAINER_EVENT_TYPE_RUNNING":   2,
	"CONTAINER_EVENT_TYPE_EXITED":    3,
	"CONTAINER_EVENT_TYPE_DESTROYED": 4,
}
View Source
var ContainerEventView_name = map[int32]string{
	0: "BASIC",
	1: "FULL",
}
View Source
var ContainerEventView_value = map[string]int32{
	"BASIC": 0,
	"FULL":  1,
}
View Source
var Expression_ExpressionType_name = map[int32]string{
	0:  "EXPRESSIONTYPE_UNSPECIFIED",
	1:  "IDENTIFIER",
	2:  "VALUE",
	10: "LOGICAL_AND",
	11: "LOGICAL_OR",
	20: "EQ",
	21: "NE",
	22: "LT",
	23: "LE",
	24: "GT",
	25: "GE",
	26: "LIKE",
	27: "IS_NULL",
	28: "IS_NOT_NULL",
	30: "BITWISE_AND",
}
View Source
var Expression_ExpressionType_value = map[string]int32{
	"EXPRESSIONTYPE_UNSPECIFIED": 0,
	"IDENTIFIER":                 1,
	"VALUE":                      2,
	"LOGICAL_AND":                10,
	"LOGICAL_OR":                 11,
	"EQ":                         20,
	"NE":                         21,
	"LT":                         22,
	"LE":                         23,
	"GT":                         24,
	"GE":                         25,
	"LIKE":                       26,
	"IS_NULL":                    27,
	"IS_NOT_NULL":                28,
	"BITWISE_AND":                30,
}
View Source
var FileEventType_name = map[int32]string{
	0: "FILE_EVENT_TYPE_UNKNOWN",
	1: "FILE_EVENT_TYPE_OPEN",
}
View Source
var FileEventType_value = map[string]int32{
	"FILE_EVENT_TYPE_UNKNOWN": 0,
	"FILE_EVENT_TYPE_OPEN":    1,
}
View Source
var KernelFunctionCallEventType_name = map[int32]string{
	0: "KERNEL_FUNCTION_CALL_EVENT_TYPE_UNKNOWN",
	1: "KERNEL_FUNCTION_CALL_EVENT_TYPE_ENTER",
	2: "KERNEL_FUNCTION_CALL_EVENT_TYPE_EXIT",
}
View Source
var KernelFunctionCallEventType_value = map[string]int32{
	"KERNEL_FUNCTION_CALL_EVENT_TYPE_UNKNOWN": 0,
	"KERNEL_FUNCTION_CALL_EVENT_TYPE_ENTER":   1,
	"KERNEL_FUNCTION_CALL_EVENT_TYPE_EXIT":    2,
}
View Source
var KernelFunctionCallEvent_FieldType_name = map[int32]string{
	0:  "UNKNOWN",
	1:  "BYTES",
	2:  "STRING",
	3:  "SINT8",
	4:  "SINT16",
	5:  "SINT32",
	6:  "SINT64",
	7:  "UINT8",
	8:  "UINT16",
	9:  "UINT32",
	10: "UINT64",
}
View Source
var KernelFunctionCallEvent_FieldType_value = map[string]int32{
	"UNKNOWN": 0,
	"BYTES":   1,
	"STRING":  2,
	"SINT8":   3,
	"SINT16":  4,
	"SINT32":  5,
	"SINT64":  6,
	"UINT8":   7,
	"UINT16":  8,
	"UINT32":  9,
	"UINT64":  10,
}
View Source
var NetworkAddressFamily_name = map[int32]string{
	0: "NETWORK_ADDRESS_FAMILY_UNKNOWN",
	1: "NETWORK_ADDRESS_FAMILY_INET",
	2: "NETWORK_ADDRESS_FAMILY_INET6",
	3: "NETWORK_ADDRESS_FAMILY_LOCAL",
}
View Source
var NetworkAddressFamily_value = map[string]int32{
	"NETWORK_ADDRESS_FAMILY_UNKNOWN": 0,
	"NETWORK_ADDRESS_FAMILY_INET":    1,
	"NETWORK_ADDRESS_FAMILY_INET6":   2,
	"NETWORK_ADDRESS_FAMILY_LOCAL":   3,
}
View Source
var NetworkEventType_name = map[int32]string{
	0:  "NETWORK_EVENT_TYPE_UNKNOWN",
	1:  "NETWORK_EVENT_TYPE_CONNECT_ATTEMPT",
	2:  "NETWORK_EVENT_TYPE_CONNECT_RESULT",
	3:  "NETWORK_EVENT_TYPE_BIND_ATTEMPT",
	4:  "NETWORK_EVENT_TYPE_BIND_RESULT",
	5:  "NETWORK_EVENT_TYPE_LISTEN_ATTEMPT",
	6:  "NETWORK_EVENT_TYPE_LISTEN_RESULT",
	7:  "NETWORK_EVENT_TYPE_ACCEPT_ATTEMPT",
	8:  "NETWORK_EVENT_TYPE_ACCEPT_RESULT",
	9:  "NETWORK_EVENT_TYPE_SENDTO_ATTEMPT",
	10: "NETWORK_EVENT_TYPE_SENDTO_RESULT",
	11: "NETWORK_EVENT_TYPE_RECVFROM_ATTEMPT",
	12: "NETWORK_EVENT_TYPE_RECVFROM_RESULT",
}
View Source
var NetworkEventType_value = map[string]int32{
	"NETWORK_EVENT_TYPE_UNKNOWN":          0,
	"NETWORK_EVENT_TYPE_CONNECT_ATTEMPT":  1,
	"NETWORK_EVENT_TYPE_CONNECT_RESULT":   2,
	"NETWORK_EVENT_TYPE_BIND_ATTEMPT":     3,
	"NETWORK_EVENT_TYPE_BIND_RESULT":      4,
	"NETWORK_EVENT_TYPE_LISTEN_ATTEMPT":   5,
	"NETWORK_EVENT_TYPE_LISTEN_RESULT":    6,
	"NETWORK_EVENT_TYPE_ACCEPT_ATTEMPT":   7,
	"NETWORK_EVENT_TYPE_ACCEPT_RESULT":    8,
	"NETWORK_EVENT_TYPE_SENDTO_ATTEMPT":   9,
	"NETWORK_EVENT_TYPE_SENDTO_RESULT":    10,
	"NETWORK_EVENT_TYPE_RECVFROM_ATTEMPT": 11,
	"NETWORK_EVENT_TYPE_RECVFROM_RESULT":  12,
}
View Source
var ProcessEventType_name = map[int32]string{
	0: "PROCESS_EVENT_TYPE_UNKNOWN",
	1: "PROCESS_EVENT_TYPE_FORK",
	2: "PROCESS_EVENT_TYPE_EXEC",
	3: "PROCESS_EVENT_TYPE_EXIT",
}
View Source
var ProcessEventType_value = map[string]int32{
	"PROCESS_EVENT_TYPE_UNKNOWN": 0,
	"PROCESS_EVENT_TYPE_FORK":    1,
	"PROCESS_EVENT_TYPE_EXEC":    2,
	"PROCESS_EVENT_TYPE_EXIT":    3,
}
View Source
var SyscallEventType_name = map[int32]string{
	0: "SYSCALL_EVENT_TYPE_UNKNOWN",
	1: "SYSCALL_EVENT_TYPE_ENTER",
	2: "SYSCALL_EVENT_TYPE_EXIT",
}
View Source
var SyscallEventType_value = map[string]int32{
	"SYSCALL_EVENT_TYPE_UNKNOWN": 0,
	"SYSCALL_EVENT_TYPE_ENTER":   1,
	"SYSCALL_EVENT_TYPE_EXIT":    2,
}
View Source
var ThrottleModifier_IntervalType_name = map[int32]string{
	0: "MILLISECOND",
	1: "SECOND",
	2: "MINUTE",
	3: "HOUR",
}
View Source
var ThrottleModifier_IntervalType_value = map[string]int32{
	"MILLISECOND": 0,
	"SECOND":      1,
	"MINUTE":      2,
	"HOUR":        3,
}
View Source
var ValueType_name = map[int32]string{
	0:  "VALUETYPE_UNSPECIFIED",
	1:  "STRING",
	2:  "SINT8",
	3:  "SINT16",
	4:  "SINT32",
	5:  "SINT64",
	6:  "UINT8",
	7:  "UINT16",
	8:  "UINT32",
	9:  "UINT64",
	10: "BOOL",
	11: "DOUBLE",
	12: "TIMESTAMP",
}
View Source
var ValueType_value = map[string]int32{
	"VALUETYPE_UNSPECIFIED": 0,
	"STRING":                1,
	"SINT8":                 2,
	"SINT16":                3,
	"SINT32":                4,
	"SINT64":                5,
	"UINT8":                 6,
	"UINT16":                7,
	"UINT32":                8,
	"UINT64":                9,
	"BOOL":                  10,
	"DOUBLE":                11,
	"TIMESTAMP":             12,
}

Functions

func RegisterTelemetryServiceServer

func RegisterTelemetryServiceServer(s *grpc.Server, srv TelemetryServiceServer)

Types

type BinaryOp

type BinaryOp struct {
	Lhs *Expression `protobuf:"bytes,1,opt,name=lhs" json:"lhs,omitempty"`
	Rhs *Expression `protobuf:"bytes,2,opt,name=rhs" json:"rhs,omitempty"`
}

func (*BinaryOp) Descriptor

func (*BinaryOp) Descriptor() ([]byte, []int)

func (*BinaryOp) GetLhs

func (m *BinaryOp) GetLhs() *Expression

func (*BinaryOp) GetRhs

func (m *BinaryOp) GetRhs() *Expression

func (*BinaryOp) ProtoMessage

func (*BinaryOp) ProtoMessage()

func (*BinaryOp) Reset

func (m *BinaryOp) Reset()

func (*BinaryOp) String

func (m *BinaryOp) String() string

type ChargenEvent

type ChargenEvent struct {
	// Index of the first character in this Event in relation to all of
	// the characters that have been generated in this stream.
	Index uint64 `protobuf:"varint,1,opt,name=index" json:"index,omitempty"`
	// The next one or more characters in the autogenerated stream
	Characters string `protobuf:"bytes,2,opt,name=characters" json:"characters,omitempty"`
}

func (*ChargenEvent) Descriptor

func (*ChargenEvent) Descriptor() ([]byte, []int)

func (*ChargenEvent) GetCharacters

func (m *ChargenEvent) GetCharacters() string

func (*ChargenEvent) GetIndex

func (m *ChargenEvent) GetIndex() uint64

func (*ChargenEvent) ProtoMessage

func (*ChargenEvent) ProtoMessage()

func (*ChargenEvent) Reset

func (m *ChargenEvent) Reset()

func (*ChargenEvent) String

func (m *ChargenEvent) String() string

type ChargenEventFilter

type ChargenEventFilter struct {
	// Required; the length of character sequence strings to generate
	Length uint64 `protobuf:"varint,1,opt,name=length" json:"length,omitempty"`
}

The ChargenEventFilter configures a character stream generator and includes events from it in the Subscription.

func (*ChargenEventFilter) Descriptor

func (*ChargenEventFilter) Descriptor() ([]byte, []int)

func (*ChargenEventFilter) GetLength

func (m *ChargenEventFilter) GetLength() uint64

func (*ChargenEventFilter) ProtoMessage

func (*ChargenEventFilter) ProtoMessage()

func (*ChargenEventFilter) Reset

func (m *ChargenEventFilter) Reset()

func (*ChargenEventFilter) String

func (m *ChargenEventFilter) String() string

type ContainerEvent

type ContainerEvent struct {
	Type ContainerEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.ContainerEventType" json:"type,omitempty"`
	Name string             `protobuf:"bytes,2,opt,name=name" json:"name,omitempty"`
	// Unique identifier of the container image
	ImageId string `protobuf:"bytes,10,opt,name=image_id,json=imageId" json:"image_id,omitempty"`
	//
	// Name of the container image (i.e. "busybox" or
	// "gcr.io/google_containers/nginx-ingress-controller")
	//
	ImageName string `protobuf:"bytes,11,opt,name=image_name,json=imageName" json:"image_name,omitempty"`
	// Host process identifier of the container's init process.
	HostPid int32 `protobuf:"zigzag32,20,opt,name=host_pid,json=hostPid" json:"host_pid,omitempty"`
	// Optional, only included on CONTAINER_EVENT_TYPE_EXIT events
	ExitCode int32 `protobuf:"zigzag32,30,opt,name=exit_code,json=exitCode" json:"exit_code,omitempty"`
	// The exit status will typically one of the values defined in
	// stdlib.h like EXIT_SUCCESS, EXIT_FAILURE, or EXIT_USAGE.
	ExitStatus uint32 `protobuf:"varint,31,opt,name=exit_status,json=exitStatus" json:"exit_status,omitempty"`
	// If non-zero, this is the signal number that the process
	// was terminated with.
	ExitSignal uint32 `protobuf:"varint,32,opt,name=exit_signal,json=exitSignal" json:"exit_signal,omitempty"`
	// If true, indicates that the process dumped a core when
	// it terminated.
	ExitCoreDumped bool `protobuf:"varint,33,opt,name=exit_core_dumped,json=exitCoreDumped" json:"exit_core_dumped,omitempty"`
	// Docker container configuration file
	DockerConfigJson string `protobuf:"bytes,100,opt,name=docker_config_json,json=dockerConfigJson" json:"docker_config_json,omitempty"`
	// OCI container configuration file
	OciConfigJson string `protobuf:"bytes,101,opt,name=oci_config_json,json=ociConfigJson" json:"oci_config_json,omitempty"`
}

ContainerEvent describes a Docker container or Rkt App lifecycle event

func (*ContainerEvent) Descriptor

func (*ContainerEvent) Descriptor() ([]byte, []int)

func (*ContainerEvent) GetDockerConfigJson

func (m *ContainerEvent) GetDockerConfigJson() string

func (*ContainerEvent) GetExitCode

func (m *ContainerEvent) GetExitCode() int32

func (*ContainerEvent) GetExitCoreDumped

func (m *ContainerEvent) GetExitCoreDumped() bool

func (*ContainerEvent) GetExitSignal

func (m *ContainerEvent) GetExitSignal() uint32

func (*ContainerEvent) GetExitStatus

func (m *ContainerEvent) GetExitStatus() uint32

func (*ContainerEvent) GetHostPid

func (m *ContainerEvent) GetHostPid() int32

func (*ContainerEvent) GetImageId

func (m *ContainerEvent) GetImageId() string

func (*ContainerEvent) GetImageName

func (m *ContainerEvent) GetImageName() string

func (*ContainerEvent) GetName

func (m *ContainerEvent) GetName() string

func (*ContainerEvent) GetOciConfigJson

func (m *ContainerEvent) GetOciConfigJson() string

func (*ContainerEvent) GetType

func (m *ContainerEvent) GetType() ContainerEventType

func (*ContainerEvent) ProtoMessage

func (*ContainerEvent) ProtoMessage()

func (*ContainerEvent) Reset

func (m *ContainerEvent) Reset()

func (*ContainerEvent) String

func (m *ContainerEvent) String() string

type ContainerEventFilter

type ContainerEventFilter struct {
	// Required, specify the particular type of event type to match
	Type ContainerEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.ContainerEventType" json:"type,omitempty"`
	// Optional, specifies how much detail to include in container events
	View ContainerEventView `protobuf:"varint,2,opt,name=view,enum=capsule8.api.v0.ContainerEventView" json:"view,omitempty"`
	// Optional; a filter to apply to events. Only events for which the
	// evaluation of the filter expression is true will be returned.
	FilterExpression *Expression `protobuf:"bytes,100,opt,name=filter_expression,json=filterExpression" json:"filter_expression,omitempty"`
}

The ContainerEventFilter specifies which container lifecycle events to include in the Subscription. In order to restrict them to specific containers, use the ContainerFilter.

func (*ContainerEventFilter) Descriptor

func (*ContainerEventFilter) Descriptor() ([]byte, []int)

func (*ContainerEventFilter) GetFilterExpression

func (m *ContainerEventFilter) GetFilterExpression() *Expression

func (*ContainerEventFilter) GetType

func (*ContainerEventFilter) GetView

func (*ContainerEventFilter) ProtoMessage

func (*ContainerEventFilter) ProtoMessage()

func (*ContainerEventFilter) Reset

func (m *ContainerEventFilter) Reset()

func (*ContainerEventFilter) String

func (m *ContainerEventFilter) String() string

type ContainerEventType

type ContainerEventType int32
const (
	ContainerEventType_CONTAINER_EVENT_TYPE_UNKNOWN   ContainerEventType = 0
	ContainerEventType_CONTAINER_EVENT_TYPE_CREATED   ContainerEventType = 1
	ContainerEventType_CONTAINER_EVENT_TYPE_RUNNING   ContainerEventType = 2
	ContainerEventType_CONTAINER_EVENT_TYPE_EXITED    ContainerEventType = 3
	ContainerEventType_CONTAINER_EVENT_TYPE_DESTROYED ContainerEventType = 4
)

func (ContainerEventType) EnumDescriptor

func (ContainerEventType) EnumDescriptor() ([]byte, []int)

func (ContainerEventType) String

func (x ContainerEventType) String() string

type ContainerEventView

type ContainerEventView int32

The ContainerEventView specifies the level of detail to include for ContainerEvents.

const (
	// Default view of a ContainerEvent includes just basic information
	ContainerEventView_BASIC ContainerEventView = 0
	// Full view of a ContainerEvent includes raw Docker and OCI config JSON
	// payloads
	ContainerEventView_FULL ContainerEventView = 1
)

func (ContainerEventView) EnumDescriptor

func (ContainerEventView) EnumDescriptor() ([]byte, []int)

func (ContainerEventView) String

func (x ContainerEventView) String() string

type ContainerFilter

type ContainerFilter struct {
	// Zero or more container IDs (e.g.
	// 254dd98a7bf1581560ddace9f98b7933bfb3c2f5fc0504ec1b8dcc9614bc7062)
	Ids []string `protobuf:"bytes,1,rep,name=ids" json:"ids,omitempty"`
	// Zero or more container names (e.g. /ecstatic_darwin)
	Names []string `protobuf:"bytes,2,rep,name=names" json:"names,omitempty"`
	// Zero or more container image IDs (e.g.
	// d462265d362c919b7dd37f8ba80caa822d13704695f47c8fc42a1c2266ecd164)
	ImageIds []string `protobuf:"bytes,3,rep,name=image_ids,json=imageIds" json:"image_ids,omitempty"`
	// Container image name (shell-style globs are supported). May be of the
	// form "busybox", "foo/bar" or
	// "sha256:d462265d362c919b7dd37f8ba80caa822d13704695f47c8fc42a1c2266ecd164"
	ImageNames []string `protobuf:"bytes,4,rep,name=image_names,json=imageNames" json:"image_names,omitempty"`
}

The ContainerFilter restricts events in the Subscription to the running containers indicated. All of the fields in this message are effectively "ORed" together to create the list of containers to monitor for the subscription.

func (*ContainerFilter) Descriptor

func (*ContainerFilter) Descriptor() ([]byte, []int)

func (*ContainerFilter) GetIds

func (m *ContainerFilter) GetIds() []string

func (*ContainerFilter) GetImageIds

func (m *ContainerFilter) GetImageIds() []string

func (*ContainerFilter) GetImageNames

func (m *ContainerFilter) GetImageNames() []string

func (*ContainerFilter) GetNames

func (m *ContainerFilter) GetNames() []string

func (*ContainerFilter) ProtoMessage

func (*ContainerFilter) ProtoMessage()

func (*ContainerFilter) Reset

func (m *ContainerFilter) Reset()

func (*ContainerFilter) String

func (m *ContainerFilter) String() string

type Event

type Event struct {
	// Unique identifier for the event
	Id string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
	// Unique process identifier associated with the event to differentiate
	// reused values of the pid below.
	ProcessId string `protobuf:"bytes,2,opt,name=process_id,json=processId" json:"process_id,omitempty"`
	// Unix pid of the process associated with the event
	ProcessPid int32 `protobuf:"varint,3,opt,name=process_pid,json=processPid" json:"process_pid,omitempty"`
	// Container identifier associated with the event
	ContainerId string `protobuf:"bytes,4,opt,name=container_id,json=containerId" json:"container_id,omitempty"`
	// Sensor identifier of the sensor instance that observed the event
	SensorId string `protobuf:"bytes,5,opt,name=sensor_id,json=sensorId" json:"sensor_id,omitempty"`
	// Sequence number from some unspecified starting point unique
	// to the Sensor. Provides a strict linear ordering of events with
	// the same sensor_id where no two events can have the same sequence
	// number. If it is present, it must be greater than zero. A zero
	// value indicates that there is no sequence number associated with
	// the event.
	SensorSequenceNumber uint64 `protobuf:"varint,6,opt,name=sensor_sequence_number,json=sensorSequenceNumber" json:"sensor_sequence_number,omitempty"`
	// Monotonic nanosecond timestamp from some unspecified starting
	// point unique to the Sensor. Can only be used to calculate time
	// intervals between events with the same sensor_id.
	SensorMonotimeNanos int64 `protobuf:"varint,7,opt,name=sensor_monotime_nanos,json=sensorMonotimeNanos" json:"sensor_monotime_nanos,omitempty"`
	// Process Lineage contains one process context for each process in the
	// hierarchy, starting with the current process, up to the root of the
	// process namespace.
	ProcessLineage []*Process `protobuf:"bytes,8,rep,name=process_lineage,json=processLineage" json:"process_lineage,omitempty"`
	// Name of container associated with the event
	ContainerName string `protobuf:"bytes,30,opt,name=container_name,json=containerName" json:"container_name,omitempty"`
	// Unique identifier of the container image
	ImageId string `protobuf:"bytes,31,opt,name=image_id,json=imageId" json:"image_id,omitempty"`
	//
	// Name of the container image (i.e. "busybox" or
	// "gcr.io/google_containers/nginx-ingress-controller")
	//
	ImageName string `protobuf:"bytes,32,opt,name=image_name,json=imageName" json:"image_name,omitempty"`
	// Types that are valid to be assigned to Event:
	//	*Event_Syscall
	//	*Event_Process
	//	*Event_File
	//	*Event_KernelCall
	//	*Event_Network
	//	*Event_Container
	//	*Event_Chargen
	//	*Event_Ticker
	Event isEvent_Event `protobuf_oneof:"event"`
	// CPU on which the event occurred
	Cpu int32 `protobuf:"varint,201,opt,name=cpu" json:"cpu,omitempty"`
}

An event observed by the Sensor.

func (*Event) Descriptor

func (*Event) Descriptor() ([]byte, []int)

func (*Event) GetChargen

func (m *Event) GetChargen() *ChargenEvent

func (*Event) GetContainer

func (m *Event) GetContainer() *ContainerEvent

func (*Event) GetContainerId

func (m *Event) GetContainerId() string

func (*Event) GetContainerName

func (m *Event) GetContainerName() string

func (*Event) GetCpu

func (m *Event) GetCpu() int32

func (*Event) GetEvent

func (m *Event) GetEvent() isEvent_Event

func (*Event) GetFile

func (m *Event) GetFile() *FileEvent

func (*Event) GetId

func (m *Event) GetId() string

func (*Event) GetImageId

func (m *Event) GetImageId() string

func (*Event) GetImageName

func (m *Event) GetImageName() string

func (*Event) GetKernelCall

func (m *Event) GetKernelCall() *KernelFunctionCallEvent

func (*Event) GetNetwork

func (m *Event) GetNetwork() *NetworkEvent

func (*Event) GetProcess

func (m *Event) GetProcess() *ProcessEvent

func (*Event) GetProcessId

func (m *Event) GetProcessId() string

func (*Event) GetProcessLineage

func (m *Event) GetProcessLineage() []*Process

func (*Event) GetProcessPid

func (m *Event) GetProcessPid() int32

func (*Event) GetSensorId

func (m *Event) GetSensorId() string

func (*Event) GetSensorMonotimeNanos

func (m *Event) GetSensorMonotimeNanos() int64

func (*Event) GetSensorSequenceNumber

func (m *Event) GetSensorSequenceNumber() uint64

func (*Event) GetSyscall

func (m *Event) GetSyscall() *SyscallEvent

func (*Event) GetTicker

func (m *Event) GetTicker() *TickerEvent

func (*Event) ProtoMessage

func (*Event) ProtoMessage()

func (*Event) Reset

func (m *Event) Reset()

func (*Event) String

func (m *Event) String() string

func (*Event) XXX_OneofFuncs

func (*Event) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type EventFilter

type EventFilter struct {
	// Zero or more filters specifying which system calls to include
	SyscallEvents []*SyscallEventFilter `protobuf:"bytes,1,rep,name=syscall_events,json=syscallEvents" json:"syscall_events,omitempty"`
	// Zero or more filters specifying which process events to include
	ProcessEvents []*ProcessEventFilter `protobuf:"bytes,2,rep,name=process_events,json=processEvents" json:"process_events,omitempty"`
	// Zero or more filters specifying which file events to include
	FileEvents []*FileEventFilter `protobuf:"bytes,3,rep,name=file_events,json=fileEvents" json:"file_events,omitempty"`
	// Zero or more kernel functional calls to include
	KernelEvents []*KernelFunctionCallFilter `protobuf:"bytes,4,rep,name=kernel_events,json=kernelEvents" json:"kernel_events,omitempty"`
	// Zero or more network events to include
	NetworkEvents []*NetworkEventFilter `protobuf:"bytes,5,rep,name=network_events,json=networkEvents" json:"network_events,omitempty"`
	// Zero or more container events to include
	ContainerEvents []*ContainerEventFilter `protobuf:"bytes,10,rep,name=container_events,json=containerEvents" json:"container_events,omitempty"`
	// Zero or more character generators to configure and return events from
	// (for debugging)
	ChargenEvents []*ChargenEventFilter `protobuf:"bytes,100,rep,name=chargen_events,json=chargenEvents" json:"chargen_events,omitempty"`
	// Zero or more ticker generators to configure and return events from
	// (for debugging)
	TickerEvents []*TickerEventFilter `protobuf:"bytes,101,rep,name=ticker_events,json=tickerEvents" json:"ticker_events,omitempty"`
}

The EventFilter specifies events to include. All of the specified fields are effectively "ORed" together to create the list of events included in the Subscription.

func (*EventFilter) Descriptor

func (*EventFilter) Descriptor() ([]byte, []int)

func (*EventFilter) GetChargenEvents

func (m *EventFilter) GetChargenEvents() []*ChargenEventFilter

func (*EventFilter) GetContainerEvents

func (m *EventFilter) GetContainerEvents() []*ContainerEventFilter

func (*EventFilter) GetFileEvents

func (m *EventFilter) GetFileEvents() []*FileEventFilter

func (*EventFilter) GetKernelEvents

func (m *EventFilter) GetKernelEvents() []*KernelFunctionCallFilter

func (*EventFilter) GetNetworkEvents

func (m *EventFilter) GetNetworkEvents() []*NetworkEventFilter

func (*EventFilter) GetProcessEvents

func (m *EventFilter) GetProcessEvents() []*ProcessEventFilter

func (*EventFilter) GetSyscallEvents

func (m *EventFilter) GetSyscallEvents() []*SyscallEventFilter

func (*EventFilter) GetTickerEvents

func (m *EventFilter) GetTickerEvents() []*TickerEventFilter

func (*EventFilter) ProtoMessage

func (*EventFilter) ProtoMessage()

func (*EventFilter) Reset

func (m *EventFilter) Reset()

func (*EventFilter) String

func (m *EventFilter) String() string

type Event_Chargen

type Event_Chargen struct {
	Chargen *ChargenEvent `protobuf:"bytes,100,opt,name=chargen,oneof"`
}

type Event_Container

type Event_Container struct {
	Container *ContainerEvent `protobuf:"bytes,20,opt,name=container,oneof"`
}

type Event_File

type Event_File struct {
	File *FileEvent `protobuf:"bytes,12,opt,name=file,oneof"`
}

type Event_KernelCall

type Event_KernelCall struct {
	KernelCall *KernelFunctionCallEvent `protobuf:"bytes,13,opt,name=kernel_call,json=kernelCall,oneof"`
}

type Event_Network

type Event_Network struct {
	Network *NetworkEvent `protobuf:"bytes,14,opt,name=network,oneof"`
}

type Event_Process

type Event_Process struct {
	Process *ProcessEvent `protobuf:"bytes,11,opt,name=process,oneof"`
}

type Event_Syscall

type Event_Syscall struct {
	Syscall *SyscallEvent `protobuf:"bytes,10,opt,name=syscall,oneof"`
}

type Event_Ticker

type Event_Ticker struct {
	Ticker *TickerEvent `protobuf:"bytes,101,opt,name=ticker,oneof"`
}

type Expression

type Expression struct {
	Type Expression_ExpressionType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.Expression_ExpressionType" json:"type,omitempty"`
	// Types that are valid to be assigned to Expr:
	//	*Expression_Identifier
	//	*Expression_Value
	//	*Expression_BinaryOp
	//	*Expression_UnaryOp
	Expr isExpression_Expr `protobuf_oneof:"expr"`
}

func (*Expression) Descriptor

func (*Expression) Descriptor() ([]byte, []int)

func (*Expression) GetBinaryOp

func (m *Expression) GetBinaryOp() *BinaryOp

func (*Expression) GetExpr

func (m *Expression) GetExpr() isExpression_Expr

func (*Expression) GetIdentifier

func (m *Expression) GetIdentifier() string

func (*Expression) GetType

func (*Expression) GetUnaryOp

func (m *Expression) GetUnaryOp() *Expression

func (*Expression) GetValue

func (m *Expression) GetValue() *Value

func (*Expression) ProtoMessage

func (*Expression) ProtoMessage()

func (*Expression) Reset

func (m *Expression) Reset()

func (*Expression) String

func (m *Expression) String() string

func (*Expression) XXX_OneofFuncs

func (*Expression) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type Expression_BinaryOp

type Expression_BinaryOp struct {
	BinaryOp *BinaryOp `protobuf:"bytes,12,opt,name=binary_op,json=binaryOp,oneof"`
}

type Expression_ExpressionType

type Expression_ExpressionType int32
const (
	Expression_EXPRESSIONTYPE_UNSPECIFIED Expression_ExpressionType = 0
	Expression_IDENTIFIER                 Expression_ExpressionType = 1
	Expression_VALUE                      Expression_ExpressionType = 2
	Expression_LOGICAL_AND                Expression_ExpressionType = 10
	Expression_LOGICAL_OR                 Expression_ExpressionType = 11
	Expression_EQ                         Expression_ExpressionType = 20
	Expression_NE                         Expression_ExpressionType = 21
	Expression_LT                         Expression_ExpressionType = 22
	Expression_LE                         Expression_ExpressionType = 23
	Expression_GT                         Expression_ExpressionType = 24
	Expression_GE                         Expression_ExpressionType = 25
	Expression_LIKE                       Expression_ExpressionType = 26
	Expression_IS_NULL                    Expression_ExpressionType = 27
	Expression_IS_NOT_NULL                Expression_ExpressionType = 28
	Expression_BITWISE_AND                Expression_ExpressionType = 30
)

func (Expression_ExpressionType) EnumDescriptor

func (Expression_ExpressionType) EnumDescriptor() ([]byte, []int)

func (Expression_ExpressionType) String

func (x Expression_ExpressionType) String() string

type Expression_Identifier

type Expression_Identifier struct {
	Identifier string `protobuf:"bytes,10,opt,name=identifier,oneof"`
}

type Expression_UnaryOp

type Expression_UnaryOp struct {
	UnaryOp *Expression `protobuf:"bytes,13,opt,name=unary_op,json=unaryOp,oneof"`
}

type Expression_Value

type Expression_Value struct {
	Value *Value `protobuf:"bytes,11,opt,name=value,oneof"`
}

type FileEvent

type FileEvent struct {
	// The type of event described by this FileEvent message
	Type FileEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.FileEventType" json:"type,omitempty"`
	// Present when the event is a file open event. This is the filename of
	// the file being opened.
	Filename string `protobuf:"bytes,10,opt,name=filename" json:"filename,omitempty"`
	// Present when the event is a file open event. This is the set of
	// flags with which the file was opened (e.g., O_RDONLY, O_NONBLOCK,
	// etc.).
	OpenFlags int32 `protobuf:"zigzag32,11,opt,name=open_flags,json=openFlags" json:"open_flags,omitempty"`
	// Present when the event is a file open event. This is the set of file
	// permissions used in a creat(2) system call.
	OpenMode int32 `protobuf:"zigzag32,12,opt,name=open_mode,json=openMode" json:"open_mode,omitempty"`
}

FileEvent describes an event that occurred related to file operations occurring as detected by the Sensor.

func (*FileEvent) Descriptor

func (*FileEvent) Descriptor() ([]byte, []int)

func (*FileEvent) GetFilename

func (m *FileEvent) GetFilename() string

func (*FileEvent) GetOpenFlags

func (m *FileEvent) GetOpenFlags() int32

func (*FileEvent) GetOpenMode

func (m *FileEvent) GetOpenMode() int32

func (*FileEvent) GetType

func (m *FileEvent) GetType() FileEventType

func (*FileEvent) ProtoMessage

func (*FileEvent) ProtoMessage()

func (*FileEvent) Reset

func (m *FileEvent) Reset()

func (*FileEvent) String

func (m *FileEvent) String() string

type FileEventFilter

type FileEventFilter struct {
	// Required; the file event type to match
	Type             FileEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.FileEventType" json:"type,omitempty"`
	FilterExpression *Expression   `protobuf:"bytes,100,opt,name=filter_expression,json=filterExpression" json:"filter_expression,omitempty"`
	// Optional; require exact match on the filename being acted upon
	Filename *google_protobuf1.StringValue `protobuf:"bytes,10,opt,name=filename" json:"filename,omitempty"`
	// Optional; require pattern match on the filename being acted upon
	FilenamePattern *google_protobuf1.StringValue `protobuf:"bytes,11,opt,name=filename_pattern,json=filenamePattern" json:"filename_pattern,omitempty"`
	// Optional; for file open events, require a match of the bits set
	// for the open(2) flags argument
	OpenFlagsMask *google_protobuf1.Int32Value `protobuf:"bytes,12,opt,name=open_flags_mask,json=openFlagsMask" json:"open_flags_mask,omitempty"`
	// Optional; for file open events, require a match of the bits set
	// for the open(2) or creat(2) mode argument
	CreateModeMask *google_protobuf1.Int32Value `protobuf:"bytes,13,opt,name=create_mode_mask,json=createModeMask" json:"create_mode_mask,omitempty"`
}

The FileEventFilter specifies which file events to include in the Subscription. The specified fields are effectively "ANDed" to specify a matching event.

func (*FileEventFilter) Descriptor

func (*FileEventFilter) Descriptor() ([]byte, []int)

func (*FileEventFilter) GetCreateModeMask

func (m *FileEventFilter) GetCreateModeMask() *google_protobuf1.Int32Value

func (*FileEventFilter) GetFilename

func (m *FileEventFilter) GetFilename() *google_protobuf1.StringValue

func (*FileEventFilter) GetFilenamePattern

func (m *FileEventFilter) GetFilenamePattern() *google_protobuf1.StringValue

func (*FileEventFilter) GetFilterExpression

func (m *FileEventFilter) GetFilterExpression() *Expression

func (*FileEventFilter) GetOpenFlagsMask

func (m *FileEventFilter) GetOpenFlagsMask() *google_protobuf1.Int32Value

func (*FileEventFilter) GetType

func (m *FileEventFilter) GetType() FileEventType

func (*FileEventFilter) ProtoMessage

func (*FileEventFilter) ProtoMessage()

func (*FileEventFilter) Reset

func (m *FileEventFilter) Reset()

func (*FileEventFilter) String

func (m *FileEventFilter) String() string

type FileEventType

type FileEventType int32

Possible FileEvent types

const (
	// The type of event is unknown
	FileEventType_FILE_EVENT_TYPE_UNKNOWN FileEventType = 0
	// The event is a file open event
	FileEventType_FILE_EVENT_TYPE_OPEN FileEventType = 1
)

func (FileEventType) EnumDescriptor

func (FileEventType) EnumDescriptor() ([]byte, []int)

func (FileEventType) String

func (x FileEventType) String() string

type GetEventsRequest

type GetEventsRequest struct {
	// The Subscription message defines which events should be
	// returned in the stream.
	Subscription *Subscription `protobuf:"bytes,1,opt,name=subscription" json:"subscription,omitempty"`
}

A request message to initiate the streaming of telemetry events

func (*GetEventsRequest) Descriptor

func (*GetEventsRequest) Descriptor() ([]byte, []int)

func (*GetEventsRequest) GetSubscription

func (m *GetEventsRequest) GetSubscription() *Subscription

func (*GetEventsRequest) ProtoMessage

func (*GetEventsRequest) ProtoMessage()

func (*GetEventsRequest) Reset

func (m *GetEventsRequest) Reset()

func (*GetEventsRequest) String

func (m *GetEventsRequest) String() string

type GetEventsResponse

type GetEventsResponse struct {
	// Can publish one or more message(s) at a time
	Events []*TelemetryEvent `protobuf:"bytes,1,rep,name=events" json:"events,omitempty"`
}

A response message containing telemetry events

func (*GetEventsResponse) Descriptor

func (*GetEventsResponse) Descriptor() ([]byte, []int)

func (*GetEventsResponse) GetEvents

func (m *GetEventsResponse) GetEvents() []*TelemetryEvent

func (*GetEventsResponse) ProtoMessage

func (*GetEventsResponse) ProtoMessage()

func (*GetEventsResponse) Reset

func (m *GetEventsResponse) Reset()

func (*GetEventsResponse) String

func (m *GetEventsResponse) String() string

type IPv4Address

type IPv4Address struct {
	// The IPv4 address is network byte order (big endian)
	Address uint32 `protobuf:"fixed32,1,opt,name=address" json:"address,omitempty"`
}

An IPv4 address

func (*IPv4Address) Descriptor

func (*IPv4Address) Descriptor() ([]byte, []int)

func (*IPv4Address) GetAddress

func (m *IPv4Address) GetAddress() uint32

func (*IPv4Address) ProtoMessage

func (*IPv4Address) ProtoMessage()

func (*IPv4Address) Reset

func (m *IPv4Address) Reset()

func (*IPv4Address) String

func (m *IPv4Address) String() string

type IPv4AddressAndPort

type IPv4AddressAndPort struct {
	// The IPv4 address
	Address *IPv4Address `protobuf:"bytes,1,opt,name=address" json:"address,omitempty"`
	// The port
	Port uint32 `protobuf:"varint,2,opt,name=port" json:"port,omitempty"`
}

An IPv4 address and port

func (*IPv4AddressAndPort) Descriptor

func (*IPv4AddressAndPort) Descriptor() ([]byte, []int)

func (*IPv4AddressAndPort) GetAddress

func (m *IPv4AddressAndPort) GetAddress() *IPv4Address

func (*IPv4AddressAndPort) GetPort

func (m *IPv4AddressAndPort) GetPort() uint32

func (*IPv4AddressAndPort) ProtoMessage

func (*IPv4AddressAndPort) ProtoMessage()

func (*IPv4AddressAndPort) Reset

func (m *IPv4AddressAndPort) Reset()

func (*IPv4AddressAndPort) String

func (m *IPv4AddressAndPort) String() string

type IPv6Address

type IPv6Address struct {
	// The high-order bytes of the IPv6 address
	High uint64 `protobuf:"fixed64,1,opt,name=high" json:"high,omitempty"`
	// The low-order bytes of the IPv6 address
	Low uint64 `protobuf:"fixed64,2,opt,name=low" json:"low,omitempty"`
}

An IPv6 address

func (*IPv6Address) Descriptor

func (*IPv6Address) Descriptor() ([]byte, []int)

func (*IPv6Address) GetHigh

func (m *IPv6Address) GetHigh() uint64

func (*IPv6Address) GetLow

func (m *IPv6Address) GetLow() uint64

func (*IPv6Address) ProtoMessage

func (*IPv6Address) ProtoMessage()

func (*IPv6Address) Reset

func (m *IPv6Address) Reset()

func (*IPv6Address) String

func (m *IPv6Address) String() string

type IPv6AddressAndPort

type IPv6AddressAndPort struct {
	// The IPv6 address
	Address *IPv6Address `protobuf:"bytes,1,opt,name=address" json:"address,omitempty"`
	// The port
	Port uint32 `protobuf:"varint,2,opt,name=port" json:"port,omitempty"`
}

An IPv6 address and port

func (*IPv6AddressAndPort) Descriptor

func (*IPv6AddressAndPort) Descriptor() ([]byte, []int)

func (*IPv6AddressAndPort) GetAddress

func (m *IPv6AddressAndPort) GetAddress() *IPv6Address

func (*IPv6AddressAndPort) GetPort

func (m *IPv6AddressAndPort) GetPort() uint32

func (*IPv6AddressAndPort) ProtoMessage

func (*IPv6AddressAndPort) ProtoMessage()

func (*IPv6AddressAndPort) Reset

func (m *IPv6AddressAndPort) Reset()

func (*IPv6AddressAndPort) String

func (m *IPv6AddressAndPort) String() string

type KernelFunctionCallEvent

type KernelFunctionCallEvent struct {
	// Label repeated w/ a `mapEntry` option set to `true`.
	// This is a map of argument names and values. The keys are strings
	// that are the names of the arguments, and the values are the actual
	// values for each field.
	Arguments map[string]*KernelFunctionCallEvent_FieldValue `` /* 138-byte string literal not displayed */
}

KernelFunctionCallEvent describes an event that occurred related to kernel functions being entered or exited.

func (*KernelFunctionCallEvent) Descriptor

func (*KernelFunctionCallEvent) Descriptor() ([]byte, []int)

func (*KernelFunctionCallEvent) GetArguments

func (*KernelFunctionCallEvent) ProtoMessage

func (*KernelFunctionCallEvent) ProtoMessage()

func (*KernelFunctionCallEvent) Reset

func (m *KernelFunctionCallEvent) Reset()

func (*KernelFunctionCallEvent) String

func (m *KernelFunctionCallEvent) String() string

type KernelFunctionCallEventType

type KernelFunctionCallEventType int32

Possible KernelFunctionCallEvent types

const (
	// The type of event is unknown
	KernelFunctionCallEventType_KERNEL_FUNCTION_CALL_EVENT_TYPE_UNKNOWN KernelFunctionCallEventType = 0
	// The event is a kernel function being entered.
	KernelFunctionCallEventType_KERNEL_FUNCTION_CALL_EVENT_TYPE_ENTER KernelFunctionCallEventType = 1
	// The event is a kernel function being exited.
	KernelFunctionCallEventType_KERNEL_FUNCTION_CALL_EVENT_TYPE_EXIT KernelFunctionCallEventType = 2
)

func (KernelFunctionCallEventType) EnumDescriptor

func (KernelFunctionCallEventType) EnumDescriptor() ([]byte, []int)

func (KernelFunctionCallEventType) String

type KernelFunctionCallEvent_FieldType

type KernelFunctionCallEvent_FieldType int32

Possible field types

const (
	// The field type is unknown
	KernelFunctionCallEvent_UNKNOWN KernelFunctionCallEvent_FieldType = 0
	// The field type is an array of bytes
	KernelFunctionCallEvent_BYTES KernelFunctionCallEvent_FieldType = 1
	// The field type is a string
	KernelFunctionCallEvent_STRING KernelFunctionCallEvent_FieldType = 2
	// The field type is a signed 8-bit integer
	KernelFunctionCallEvent_SINT8 KernelFunctionCallEvent_FieldType = 3
	// The field type is a signed 16-bit integer
	KernelFunctionCallEvent_SINT16 KernelFunctionCallEvent_FieldType = 4
	// The field type is a signed 32-bit integer
	KernelFunctionCallEvent_SINT32 KernelFunctionCallEvent_FieldType = 5
	// The field type is a signed 64-bit integer
	KernelFunctionCallEvent_SINT64 KernelFunctionCallEvent_FieldType = 6
	// The field type is an unsigned 8-bit integer
	KernelFunctionCallEvent_UINT8 KernelFunctionCallEvent_FieldType = 7
	// The field type is an unsigned 16-bit integer
	KernelFunctionCallEvent_UINT16 KernelFunctionCallEvent_FieldType = 8
	// The field type is an unsigned 32-bit integer
	KernelFunctionCallEvent_UINT32 KernelFunctionCallEvent_FieldType = 9
	// The field type is an unsigned 64-bit integer
	KernelFunctionCallEvent_UINT64 KernelFunctionCallEvent_FieldType = 10
)

func (KernelFunctionCallEvent_FieldType) EnumDescriptor

func (KernelFunctionCallEvent_FieldType) EnumDescriptor() ([]byte, []int)

func (KernelFunctionCallEvent_FieldType) String

type KernelFunctionCallEvent_FieldValue

type KernelFunctionCallEvent_FieldValue struct {
	// The type represented by this field value.
	FieldType KernelFunctionCallEvent_FieldType `` /* 137-byte string literal not displayed */
	// Types that are valid to be assigned to Value:
	//	*KernelFunctionCallEvent_FieldValue_BytesValue
	//	*KernelFunctionCallEvent_FieldValue_StringValue
	//	*KernelFunctionCallEvent_FieldValue_SignedValue
	//	*KernelFunctionCallEvent_FieldValue_UnsignedValue
	Value isKernelFunctionCallEvent_FieldValue_Value `protobuf_oneof:"value"`
}

The representation of a field value, which is composed of type information and the value itself.

func (*KernelFunctionCallEvent_FieldValue) Descriptor

func (*KernelFunctionCallEvent_FieldValue) Descriptor() ([]byte, []int)

func (*KernelFunctionCallEvent_FieldValue) GetBytesValue

func (m *KernelFunctionCallEvent_FieldValue) GetBytesValue() []byte

func (*KernelFunctionCallEvent_FieldValue) GetFieldType

func (*KernelFunctionCallEvent_FieldValue) GetSignedValue

func (m *KernelFunctionCallEvent_FieldValue) GetSignedValue() int64

func (*KernelFunctionCallEvent_FieldValue) GetStringValue

func (m *KernelFunctionCallEvent_FieldValue) GetStringValue() string

func (*KernelFunctionCallEvent_FieldValue) GetUnsignedValue

func (m *KernelFunctionCallEvent_FieldValue) GetUnsignedValue() uint64

func (*KernelFunctionCallEvent_FieldValue) GetValue

func (m *KernelFunctionCallEvent_FieldValue) GetValue() isKernelFunctionCallEvent_FieldValue_Value

func (*KernelFunctionCallEvent_FieldValue) ProtoMessage

func (*KernelFunctionCallEvent_FieldValue) ProtoMessage()

func (*KernelFunctionCallEvent_FieldValue) Reset

func (*KernelFunctionCallEvent_FieldValue) String

func (*KernelFunctionCallEvent_FieldValue) XXX_OneofFuncs

func (*KernelFunctionCallEvent_FieldValue) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type KernelFunctionCallEvent_FieldValue_BytesValue

type KernelFunctionCallEvent_FieldValue_BytesValue struct {
	BytesValue []byte `protobuf:"bytes,2,opt,name=bytes_value,json=bytesValue,proto3,oneof"`
}

type KernelFunctionCallEvent_FieldValue_SignedValue

type KernelFunctionCallEvent_FieldValue_SignedValue struct {
	SignedValue int64 `protobuf:"zigzag64,4,opt,name=signed_value,json=signedValue,oneof"`
}

type KernelFunctionCallEvent_FieldValue_StringValue

type KernelFunctionCallEvent_FieldValue_StringValue struct {
	StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,oneof"`
}

type KernelFunctionCallEvent_FieldValue_UnsignedValue

type KernelFunctionCallEvent_FieldValue_UnsignedValue struct {
	UnsignedValue uint64 `protobuf:"varint,5,opt,name=unsigned_value,json=unsignedValue,oneof"`
}

type KernelFunctionCallFilter

type KernelFunctionCallFilter struct {
	// Required; the kernel function call event type to match
	Type KernelFunctionCallEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.KernelFunctionCallEventType" json:"type,omitempty"`
	// Required; the kernel symbol to match on
	Symbol string `protobuf:"bytes,10,opt,name=symbol" json:"symbol,omitempty"`
	// Optional; the field names and data to be returned by the kernel
	// when the event triggers. Note that this is a map. The keys are the
	// names to assign to the returned fields, and the values are a string
	// describing the data to return, usually an expression involving the
	// register containing the desired data and a suffix indicating the
	// type of the data (e.g., "s32", "string", "u64", etc.). This map is
	// used to construct the "fetchargs" passed to the kernel when creating
	// the kernel probe.
	Arguments map[string]string `` /* 139-byte string literal not displayed */
	// Optional; a filter to apply to kernel probe.
	FilterExpression *Expression `protobuf:"bytes,100,opt,name=filter_expression,json=filterExpression" json:"filter_expression,omitempty"`
}

The KernelFunctionCallFilter specifies which kernel function call events to include in the Subscription. The arguments map defines values that will be fetched at each call and returned along with the event. In order to minimize event volume, a filter may be included that filters the kernel function calls based on the observed values of the specified arguments at the time of the kernel function call.

func (*KernelFunctionCallFilter) Descriptor

func (*KernelFunctionCallFilter) Descriptor() ([]byte, []int)

func (*KernelFunctionCallFilter) GetArguments

func (m *KernelFunctionCallFilter) GetArguments() map[string]string

func (*KernelFunctionCallFilter) GetFilterExpression

func (m *KernelFunctionCallFilter) GetFilterExpression() *Expression

func (*KernelFunctionCallFilter) GetSymbol

func (m *KernelFunctionCallFilter) GetSymbol() string

func (*KernelFunctionCallFilter) GetType

func (*KernelFunctionCallFilter) ProtoMessage

func (*KernelFunctionCallFilter) ProtoMessage()

func (*KernelFunctionCallFilter) Reset

func (m *KernelFunctionCallFilter) Reset()

func (*KernelFunctionCallFilter) String

func (m *KernelFunctionCallFilter) String() string

type LimitModifier

type LimitModifier struct {
	// Limit the number of events
	Limit int64 `protobuf:"varint,1,opt,name=limit" json:"limit,omitempty"`
}

The LimitModifier cancels the subscription on each Sensor after the specified number of events. The entire Subscription may return more events that this depending on how many active Sensors there are.

func (*LimitModifier) Descriptor

func (*LimitModifier) Descriptor() ([]byte, []int)

func (*LimitModifier) GetLimit

func (m *LimitModifier) GetLimit() int64

func (*LimitModifier) ProtoMessage

func (*LimitModifier) ProtoMessage()

func (*LimitModifier) Reset

func (m *LimitModifier) Reset()

func (*LimitModifier) String

func (m *LimitModifier) String() string

type Modifier

type Modifier struct {
	Throttle *ThrottleModifier `protobuf:"bytes,1,opt,name=throttle" json:"throttle,omitempty"`
	Limit    *LimitModifier    `protobuf:"bytes,2,opt,name=limit" json:"limit,omitempty"`
}

Modifier specifies which stream modifiers to apply if any. For a given stream, a modifier can apply a throttle or limit etc. Modifiers can be used together.

func (*Modifier) Descriptor

func (*Modifier) Descriptor() ([]byte, []int)

func (*Modifier) GetLimit

func (m *Modifier) GetLimit() *LimitModifier

func (*Modifier) GetThrottle

func (m *Modifier) GetThrottle() *ThrottleModifier

func (*Modifier) ProtoMessage

func (*Modifier) ProtoMessage()

func (*Modifier) Reset

func (m *Modifier) Reset()

func (*Modifier) String

func (m *Modifier) String() string

type NetworkAddress

type NetworkAddress struct {
	// The address family that specifies which address format is in use
	Family NetworkAddressFamily `protobuf:"varint,1,opt,name=family,enum=capsule8.api.v0.NetworkAddressFamily" json:"family,omitempty"`
	// Types that are valid to be assigned to Address:
	//	*NetworkAddress_Ipv4Address
	//	*NetworkAddress_Ipv6Address
	//	*NetworkAddress_LocalAddress
	Address isNetworkAddress_Address `protobuf_oneof:"address"`
}

A network address

func (*NetworkAddress) Descriptor

func (*NetworkAddress) Descriptor() ([]byte, []int)

func (*NetworkAddress) GetAddress

func (m *NetworkAddress) GetAddress() isNetworkAddress_Address

func (*NetworkAddress) GetFamily

func (m *NetworkAddress) GetFamily() NetworkAddressFamily

func (*NetworkAddress) GetIpv4Address

func (m *NetworkAddress) GetIpv4Address() *IPv4AddressAndPort

func (*NetworkAddress) GetIpv6Address

func (m *NetworkAddress) GetIpv6Address() *IPv6AddressAndPort

func (*NetworkAddress) GetLocalAddress

func (m *NetworkAddress) GetLocalAddress() string

func (*NetworkAddress) ProtoMessage

func (*NetworkAddress) ProtoMessage()

func (*NetworkAddress) Reset

func (m *NetworkAddress) Reset()

func (*NetworkAddress) String

func (m *NetworkAddress) String() string

func (*NetworkAddress) XXX_OneofFuncs

func (*NetworkAddress) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type NetworkAddressFamily

type NetworkAddressFamily int32

Supported network address families

const (
	// The network address family is unknown
	NetworkAddressFamily_NETWORK_ADDRESS_FAMILY_UNKNOWN NetworkAddressFamily = 0
	// AF_INET; IPv4 address formats
	NetworkAddressFamily_NETWORK_ADDRESS_FAMILY_INET NetworkAddressFamily = 1
	// AF_INET6; IPv6 address formats
	NetworkAddressFamily_NETWORK_ADDRESS_FAMILY_INET6 NetworkAddressFamily = 2
	// AF_LOCAL / AF_UNIX; local filesystem address formats
	NetworkAddressFamily_NETWORK_ADDRESS_FAMILY_LOCAL NetworkAddressFamily = 3
)

func (NetworkAddressFamily) EnumDescriptor

func (NetworkAddressFamily) EnumDescriptor() ([]byte, []int)

func (NetworkAddressFamily) String

func (x NetworkAddressFamily) String() string

type NetworkAddress_Ipv4Address

type NetworkAddress_Ipv4Address struct {
	Ipv4Address *IPv4AddressAndPort `protobuf:"bytes,10,opt,name=ipv4_address,json=ipv4Address,oneof"`
}

type NetworkAddress_Ipv6Address

type NetworkAddress_Ipv6Address struct {
	Ipv6Address *IPv6AddressAndPort `protobuf:"bytes,20,opt,name=ipv6_address,json=ipv6Address,oneof"`
}

type NetworkAddress_LocalAddress

type NetworkAddress_LocalAddress struct {
	LocalAddress string `protobuf:"bytes,30,opt,name=local_address,json=localAddress,oneof"`
}

type NetworkEvent

type NetworkEvent struct {
	// The type of event described by this NetworkEvent message.
	Type NetworkEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.NetworkEventType" json:"type,omitempty"`
	// Present when the event describes a network event that is an attempt
	// to perform a network related action. This is the socket descriptor
	// used to perform the action.
	Sockfd uint64 `protobuf:"varint,10,opt,name=sockfd" json:"sockfd,omitempty"`
	// Present when the event describes a network event that is an attempt
	// to perform a network related action that includes an address. This
	// is that address.
	Address *NetworkAddress `protobuf:"bytes,11,opt,name=address" json:"address,omitempty"`
	// Present when the event describes a network event that is the result
	// of an attempted network related action. This is the return code from
	// the system call.
	Result int64 `protobuf:"zigzag64,12,opt,name=result" json:"result,omitempty"`
	// Present only when the event describes a listen attempt. This is the
	// value of the backlog argument passed to listen(2).
	Backlog uint64 `protobuf:"varint,13,opt,name=backlog" json:"backlog,omitempty"`
}

NetworkEvent describes an event that occurred related to network activity occurring as detected by the Sensor.

func (*NetworkEvent) Descriptor

func (*NetworkEvent) Descriptor() ([]byte, []int)

func (*NetworkEvent) GetAddress

func (m *NetworkEvent) GetAddress() *NetworkAddress

func (*NetworkEvent) GetBacklog

func (m *NetworkEvent) GetBacklog() uint64

func (*NetworkEvent) GetResult

func (m *NetworkEvent) GetResult() int64

func (*NetworkEvent) GetSockfd

func (m *NetworkEvent) GetSockfd() uint64

func (*NetworkEvent) GetType

func (m *NetworkEvent) GetType() NetworkEventType

func (*NetworkEvent) ProtoMessage

func (*NetworkEvent) ProtoMessage()

func (*NetworkEvent) Reset

func (m *NetworkEvent) Reset()

func (*NetworkEvent) String

func (m *NetworkEvent) String() string

type NetworkEventFilter

type NetworkEventFilter struct {
	// Required; the network event type to match
	Type NetworkEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.NetworkEventType" json:"type,omitempty"`
	// Optional; a filter to apply to events. Only events for which the
	// evaluation of the filter expression is true will be returned.
	FilterExpression *Expression `protobuf:"bytes,100,opt,name=filter_expression,json=filterExpression" json:"filter_expression,omitempty"`
}

The NetworkEventFilter specifies which network events to include in the Subscription. The included filter can be used to specify precisely which network events should be included.

func (*NetworkEventFilter) Descriptor

func (*NetworkEventFilter) Descriptor() ([]byte, []int)

func (*NetworkEventFilter) GetFilterExpression

func (m *NetworkEventFilter) GetFilterExpression() *Expression

func (*NetworkEventFilter) GetType

func (m *NetworkEventFilter) GetType() NetworkEventType

func (*NetworkEventFilter) ProtoMessage

func (*NetworkEventFilter) ProtoMessage()

func (*NetworkEventFilter) Reset

func (m *NetworkEventFilter) Reset()

func (*NetworkEventFilter) String

func (m *NetworkEventFilter) String() string

type NetworkEventType

type NetworkEventType int32

Possible network event types

const (
	// The type of event is unknown
	NetworkEventType_NETWORK_EVENT_TYPE_UNKNOWN NetworkEventType = 0
	// The event is an attempt to connect to an address
	NetworkEventType_NETWORK_EVENT_TYPE_CONNECT_ATTEMPT NetworkEventType = 1
	// The event is the result of an attempt to connect to an address
	NetworkEventType_NETWORK_EVENT_TYPE_CONNECT_RESULT NetworkEventType = 2
	// The event is an attempt to bind to a local address
	NetworkEventType_NETWORK_EVENT_TYPE_BIND_ATTEMPT NetworkEventType = 3
	// The event is the result of an attempt to bind to a local address
	NetworkEventType_NETWORK_EVENT_TYPE_BIND_RESULT NetworkEventType = 4
	// The event is an attempt to listen for connections
	NetworkEventType_NETWORK_EVENT_TYPE_LISTEN_ATTEMPT NetworkEventType = 5
	// The event is the result of an attempt to listen for connections
	NetworkEventType_NETWORK_EVENT_TYPE_LISTEN_RESULT NetworkEventType = 6
	// The event is an attempt to accept an incoming connection
	NetworkEventType_NETWORK_EVENT_TYPE_ACCEPT_ATTEMPT NetworkEventType = 7
	// The event is the result of an attempt to accept an incoming
	// connection
	NetworkEventType_NETWORK_EVENT_TYPE_ACCEPT_RESULT NetworkEventType = 8
	// The event is an attempt to send data to a specific address
	NetworkEventType_NETWORK_EVENT_TYPE_SENDTO_ATTEMPT NetworkEventType = 9
	// The event is the result of an attempt to send data to a specific
	// address
	NetworkEventType_NETWORK_EVENT_TYPE_SENDTO_RESULT NetworkEventType = 10
	// The event is an attempt to receive data from a specific address
	NetworkEventType_NETWORK_EVENT_TYPE_RECVFROM_ATTEMPT NetworkEventType = 11
	// The event is the result of an attempt to receive data from a
	// specific address
	NetworkEventType_NETWORK_EVENT_TYPE_RECVFROM_RESULT NetworkEventType = 12
)

func (NetworkEventType) EnumDescriptor

func (NetworkEventType) EnumDescriptor() ([]byte, []int)

func (NetworkEventType) String

func (x NetworkEventType) String() string

type Process

type Process struct {
	Pid     int32  `protobuf:"zigzag32,1,opt,name=pid" json:"pid,omitempty"`
	Command string `protobuf:"bytes,2,opt,name=command" json:"command,omitempty"`
}

func (*Process) Descriptor

func (*Process) Descriptor() ([]byte, []int)

func (*Process) GetCommand

func (m *Process) GetCommand() string

func (*Process) GetPid

func (m *Process) GetPid() int32

func (*Process) ProtoMessage

func (*Process) ProtoMessage()

func (*Process) Reset

func (m *Process) Reset()

func (*Process) String

func (m *Process) String() string

type ProcessEvent

type ProcessEvent struct {
	// The type of event described by this ProcessEvent message
	Type ProcessEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.ProcessEventType" json:"type,omitempty"`
	// Present when the event is a fork event. This is the PID of the
	// new child process.
	ForkChildPid int32 `protobuf:"zigzag32,10,opt,name=fork_child_pid,json=forkChildPid" json:"fork_child_pid,omitempty"`
	// Present when the event is a fork event. This is the Sensor's process
	// ID of the new child process.
	ForkChildId string `protobuf:"bytes,11,opt,name=fork_child_id,json=forkChildId" json:"fork_child_id,omitempty"`
	// Present when the event is an exec event. This is the filename of the
	// executable that was executed.
	ExecFilename string `protobuf:"bytes,20,opt,name=exec_filename,json=execFilename" json:"exec_filename,omitempty"`
	// Present when the event is an exec event. Repeated for each argument
	// passed to the executable on the command-line.
	ExecCommandLine []string `protobuf:"bytes,21,rep,name=exec_command_line,json=execCommandLine" json:"exec_command_line,omitempty"`
	// Present when the event is an exit event. This is the exit code that
	// the process exited with.
	ExitCode int32 `protobuf:"zigzag32,30,opt,name=exit_code,json=exitCode" json:"exit_code,omitempty"`
	// Present when the event is an exit event. This will typically be one9
	// of the values defined in stdlib.h like EXIT_SUCCESS, EXIT_FAILURE,
	// or EXIT_USAGE.
	ExitStatus uint32 `protobuf:"varint,31,opt,name=exit_status,json=exitStatus" json:"exit_status,omitempty"`
	// Present when the event is an exit event. If non-zero, this is the
	// signal number that the process was terminated with.
	ExitSignal uint32 `protobuf:"varint,32,opt,name=exit_signal,json=exitSignal" json:"exit_signal,omitempty"`
	// Present when the event is an exit event. If true, indicates that the
	// process dumped a core when it terminated.
	ExitCoreDumped bool `protobuf:"varint,33,opt,name=exit_core_dumped,json=exitCoreDumped" json:"exit_core_dumped,omitempty"`
}

ProcessEvent describes an event that occurred related to processes starting and exiting as detected by the Sensor.

func (*ProcessEvent) Descriptor

func (*ProcessEvent) Descriptor() ([]byte, []int)

func (*ProcessEvent) GetExecCommandLine

func (m *ProcessEvent) GetExecCommandLine() []string

func (*ProcessEvent) GetExecFilename

func (m *ProcessEvent) GetExecFilename() string

func (*ProcessEvent) GetExitCode

func (m *ProcessEvent) GetExitCode() int32

func (*ProcessEvent) GetExitCoreDumped

func (m *ProcessEvent) GetExitCoreDumped() bool

func (*ProcessEvent) GetExitSignal

func (m *ProcessEvent) GetExitSignal() uint32

func (*ProcessEvent) GetExitStatus

func (m *ProcessEvent) GetExitStatus() uint32

func (*ProcessEvent) GetForkChildId

func (m *ProcessEvent) GetForkChildId() string

func (*ProcessEvent) GetForkChildPid

func (m *ProcessEvent) GetForkChildPid() int32

func (*ProcessEvent) GetType

func (m *ProcessEvent) GetType() ProcessEventType

func (*ProcessEvent) ProtoMessage

func (*ProcessEvent) ProtoMessage()

func (*ProcessEvent) Reset

func (m *ProcessEvent) Reset()

func (*ProcessEvent) String

func (m *ProcessEvent) String() string

type ProcessEventFilter

type ProcessEventFilter struct {
	// Required; the process event type to match
	Type             ProcessEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.ProcessEventType" json:"type,omitempty"`
	FilterExpression *Expression      `protobuf:"bytes,100,opt,name=filter_expression,json=filterExpression" json:"filter_expression,omitempty"`
	// Optional; require exact match on the filename passed to execve(2)
	ExecFilename *google_protobuf1.StringValue `protobuf:"bytes,12,opt,name=exec_filename,json=execFilename" json:"exec_filename,omitempty"`
	// Optional; require pattern match on the filename passed to execve(2)
	ExecFilenamePattern *google_protobuf1.StringValue `protobuf:"bytes,13,opt,name=exec_filename_pattern,json=execFilenamePattern" json:"exec_filename_pattern,omitempty"`
	// Optional; require exact match on exit code
	ExitCode *google_protobuf1.Int32Value `protobuf:"bytes,14,opt,name=exit_code,json=exitCode" json:"exit_code,omitempty"`
}

The ProcessEventFilter specifies which process events to include in the Subscription. The specified fields are effectively "ANDed" to specify a matching event.

func (*ProcessEventFilter) Descriptor

func (*ProcessEventFilter) Descriptor() ([]byte, []int)

func (*ProcessEventFilter) GetExecFilename

func (m *ProcessEventFilter) GetExecFilename() *google_protobuf1.StringValue

func (*ProcessEventFilter) GetExecFilenamePattern

func (m *ProcessEventFilter) GetExecFilenamePattern() *google_protobuf1.StringValue

func (*ProcessEventFilter) GetExitCode

func (*ProcessEventFilter) GetFilterExpression

func (m *ProcessEventFilter) GetFilterExpression() *Expression

func (*ProcessEventFilter) GetType

func (m *ProcessEventFilter) GetType() ProcessEventType

func (*ProcessEventFilter) ProtoMessage

func (*ProcessEventFilter) ProtoMessage()

func (*ProcessEventFilter) Reset

func (m *ProcessEventFilter) Reset()

func (*ProcessEventFilter) String

func (m *ProcessEventFilter) String() string

type ProcessEventType

type ProcessEventType int32

Possible ProcessEvent types

const (
	// The type of event is unknown
	ProcessEventType_PROCESS_EVENT_TYPE_UNKNOWN ProcessEventType = 0
	// The event is a process fork event
	ProcessEventType_PROCESS_EVENT_TYPE_FORK ProcessEventType = 1
	// The event is a process exec event
	ProcessEventType_PROCESS_EVENT_TYPE_EXEC ProcessEventType = 2
	// The event is a process exit event
	ProcessEventType_PROCESS_EVENT_TYPE_EXIT ProcessEventType = 3
)

func (ProcessEventType) EnumDescriptor

func (ProcessEventType) EnumDescriptor() ([]byte, []int)

func (ProcessEventType) String

func (x ProcessEventType) String() string

type Subscription

type Subscription struct {
	// Return events matching one or more of the specified event
	// filters. If no event filters are specified, then no events
	// will be returned.
	EventFilter *EventFilter `protobuf:"bytes,1,opt,name=event_filter,json=eventFilter" json:"event_filter,omitempty"`
	// If not empty, then only return events from containers matched
	// by one or more of the specified container filters.
	ContainerFilter *ContainerFilter `protobuf:"bytes,2,opt,name=container_filter,json=containerFilter" json:"container_filter,omitempty"`
	// If not empty, then only return events that occurred after
	// the specified relative duration subtracted from the current
	// time (recorder time). If the resulting time is in the past, then the
	// subscription will search for historic events before streaming
	// live ones.
	SinceDuration *google_protobuf1.Int64Value `protobuf:"bytes,10,opt,name=since_duration,json=sinceDuration" json:"since_duration,omitempty"`
	// If not empty, then only return events that occurred before
	// the specified relative duration added to `since_duration`.
	// If `since_duration` is not supplied, return events from now and until
	// the specified relative duration is hit.
	ForDuration *google_protobuf1.Int64Value `protobuf:"bytes,11,opt,name=for_duration,json=forDuration" json:"for_duration,omitempty"`
	// If not empty, apply the specified modifier to the subscription.
	Modifier *Modifier `protobuf:"bytes,20,opt,name=modifier" json:"modifier,omitempty"`
}

The Subscription message identifies a subscriber's interest in telemetry events.

func (*Subscription) Descriptor

func (*Subscription) Descriptor() ([]byte, []int)

func (*Subscription) GetContainerFilter

func (m *Subscription) GetContainerFilter() *ContainerFilter

func (*Subscription) GetEventFilter

func (m *Subscription) GetEventFilter() *EventFilter

func (*Subscription) GetForDuration

func (m *Subscription) GetForDuration() *google_protobuf1.Int64Value

func (*Subscription) GetModifier

func (m *Subscription) GetModifier() *Modifier

func (*Subscription) GetSinceDuration

func (m *Subscription) GetSinceDuration() *google_protobuf1.Int64Value

func (*Subscription) ProtoMessage

func (*Subscription) ProtoMessage()

func (*Subscription) Reset

func (m *Subscription) Reset()

func (*Subscription) String

func (m *Subscription) String() string

type SyscallEvent

type SyscallEvent struct {
	// The type of event described by this SyscallEvent message
	Type SyscallEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.SyscallEventType" json:"type,omitempty"`
	// The syscall number for either enter or exit events.
	Id int64 `protobuf:"varint,2,opt,name=id" json:"id,omitempty"`
	// Present when the event is an enter event. This is the first
	// argument passed to the system call.
	Arg0 uint64 `protobuf:"varint,10,opt,name=arg0" json:"arg0,omitempty"`
	// Present when the event is an enter event. This is the second
	// argument passed to the system call.
	Arg1 uint64 `protobuf:"varint,11,opt,name=arg1" json:"arg1,omitempty"`
	// Present when the event is an enter event. This is the third
	// argument passed to the system call.
	Arg2 uint64 `protobuf:"varint,12,opt,name=arg2" json:"arg2,omitempty"`
	// Present when the event is an enter event. This is the fourth
	// argument passed to the system call.
	Arg3 uint64 `protobuf:"varint,13,opt,name=arg3" json:"arg3,omitempty"`
	// Present when the event is an enter event. This is the fifth
	// argument passed to the system call.
	Arg4 uint64 `protobuf:"varint,14,opt,name=arg4" json:"arg4,omitempty"`
	// Present when the event is an enter event. This is the sixth
	// argument passed to the system call.
	Arg5 uint64 `protobuf:"varint,15,opt,name=arg5" json:"arg5,omitempty"`
	// Present when the event is an exit event. This is the value that was
	// returned from the system call.
	Ret int64 `protobuf:"varint,20,opt,name=ret" json:"ret,omitempty"`
}

SyscallEvent describes an event that occurred related to system calls being made or returning as detected by the Sensor.

func (*SyscallEvent) Descriptor

func (*SyscallEvent) Descriptor() ([]byte, []int)

func (*SyscallEvent) GetArg0

func (m *SyscallEvent) GetArg0() uint64

func (*SyscallEvent) GetArg1

func (m *SyscallEvent) GetArg1() uint64

func (*SyscallEvent) GetArg2

func (m *SyscallEvent) GetArg2() uint64

func (*SyscallEvent) GetArg3

func (m *SyscallEvent) GetArg3() uint64

func (*SyscallEvent) GetArg4

func (m *SyscallEvent) GetArg4() uint64

func (*SyscallEvent) GetArg5

func (m *SyscallEvent) GetArg5() uint64

func (*SyscallEvent) GetId

func (m *SyscallEvent) GetId() int64

func (*SyscallEvent) GetRet

func (m *SyscallEvent) GetRet() int64

func (*SyscallEvent) GetType

func (m *SyscallEvent) GetType() SyscallEventType

func (*SyscallEvent) ProtoMessage

func (*SyscallEvent) ProtoMessage()

func (*SyscallEvent) Reset

func (m *SyscallEvent) Reset()

func (*SyscallEvent) String

func (m *SyscallEvent) String() string

type SyscallEventFilter

type SyscallEventFilter struct {
	// Required; type of system call event (entry or exit)
	Type             SyscallEventType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.SyscallEventType" json:"type,omitempty"`
	FilterExpression *Expression      `protobuf:"bytes,100,opt,name=filter_expression,json=filterExpression" json:"filter_expression,omitempty"`
	// Required; system call number from
	// arch/x86/entry/syscalls/syscall_64.tbl
	Id *google_protobuf1.Int64Value `protobuf:"bytes,2,opt,name=id" json:"id,omitempty"`
	// Optional; return value of the system call (if type indicates exit).
	Ret *google_protobuf1.Int64Value `protobuf:"bytes,20,opt,name=ret" json:"ret,omitempty"`
}

The SyscallEventFilter specifies which system call events to include in the Subscription. The specified fields are effectively "ANDed" to specify a matching event.

func (*SyscallEventFilter) Descriptor

func (*SyscallEventFilter) Descriptor() ([]byte, []int)

func (*SyscallEventFilter) GetFilterExpression

func (m *SyscallEventFilter) GetFilterExpression() *Expression

func (*SyscallEventFilter) GetId

func (*SyscallEventFilter) GetRet

func (*SyscallEventFilter) GetType

func (m *SyscallEventFilter) GetType() SyscallEventType

func (*SyscallEventFilter) ProtoMessage

func (*SyscallEventFilter) ProtoMessage()

func (*SyscallEventFilter) Reset

func (m *SyscallEventFilter) Reset()

func (*SyscallEventFilter) String

func (m *SyscallEventFilter) String() string

type SyscallEventType

type SyscallEventType int32

Possible SyscallEvent types

const (
	// The type of event is unknown
	SyscallEventType_SYSCALL_EVENT_TYPE_UNKNOWN SyscallEventType = 0
	// The event is a syscall enter event
	SyscallEventType_SYSCALL_EVENT_TYPE_ENTER SyscallEventType = 1
	// The event is a syscall exit event
	SyscallEventType_SYSCALL_EVENT_TYPE_EXIT SyscallEventType = 2
)

func (SyscallEventType) EnumDescriptor

func (SyscallEventType) EnumDescriptor() ([]byte, []int)

func (SyscallEventType) String

func (x SyscallEventType) String() string

type TelemetryEvent

type TelemetryEvent struct {
	// The time that the event was received by the backplane (in micros
	// since Unix epoch)
	PublishTimeMicros int64 `protobuf:"varint,1,opt,name=publish_time_micros,json=publishTimeMicros" json:"publish_time_micros,omitempty"`
	// The actual event observed by the Sensor. For historical
	// event subscriptions, this event may be sent from the
	// Recorder.
	Event *Event `protobuf:"bytes,2,opt,name=event" json:"event,omitempty"`
	// An opaque ack for the event. If present, this ack must be sent to
	// the PubsubService's Acknowledge method or else the TelemetryService
	// will re-transmit the event.
	Ack []byte `protobuf:"bytes,3,opt,name=ack,proto3" json:"ack,omitempty"`
}

A telemetry event received from a Sensor or Recorder.

func (*TelemetryEvent) Descriptor

func (*TelemetryEvent) Descriptor() ([]byte, []int)

func (*TelemetryEvent) GetAck

func (m *TelemetryEvent) GetAck() []byte

func (*TelemetryEvent) GetEvent

func (m *TelemetryEvent) GetEvent() *Event

func (*TelemetryEvent) GetPublishTimeMicros

func (m *TelemetryEvent) GetPublishTimeMicros() int64

func (*TelemetryEvent) ProtoMessage

func (*TelemetryEvent) ProtoMessage()

func (*TelemetryEvent) Reset

func (m *TelemetryEvent) Reset()

func (*TelemetryEvent) String

func (m *TelemetryEvent) String() string

type TelemetryServiceClient

type TelemetryServiceClient interface {
	// Opens a new stream of telemetry events
	GetEvents(ctx context.Context, in *GetEventsRequest, opts ...grpc.CallOption) (TelemetryService_GetEventsClient, error)
}

func NewTelemetryServiceClient

func NewTelemetryServiceClient(cc *grpc.ClientConn) TelemetryServiceClient

type TelemetryServiceServer

type TelemetryServiceServer interface {
	// Opens a new stream of telemetry events
	GetEvents(*GetEventsRequest, TelemetryService_GetEventsServer) error
}

type TelemetryService_GetEventsClient

type TelemetryService_GetEventsClient interface {
	Recv() (*GetEventsResponse, error)
	grpc.ClientStream
}

type TelemetryService_GetEventsServer

type TelemetryService_GetEventsServer interface {
	Send(*GetEventsResponse) error
	grpc.ServerStream
}

type ThrottleModifier

type ThrottleModifier struct {
	// Required; the interval to use
	Interval int64 `protobuf:"varint,1,opt,name=interval" json:"interval,omitempty"`
	// Required; the intreval type (milliseconds, seconds, etc.)
	IntervalType ThrottleModifier_IntervalType `` /* 142-byte string literal not displayed */
}

The ThrottleModifier modulates events sent by the Sensor to one per time interval specified.

func (*ThrottleModifier) Descriptor

func (*ThrottleModifier) Descriptor() ([]byte, []int)

func (*ThrottleModifier) GetInterval

func (m *ThrottleModifier) GetInterval() int64

func (*ThrottleModifier) GetIntervalType

func (m *ThrottleModifier) GetIntervalType() ThrottleModifier_IntervalType

func (*ThrottleModifier) ProtoMessage

func (*ThrottleModifier) ProtoMessage()

func (*ThrottleModifier) Reset

func (m *ThrottleModifier) Reset()

func (*ThrottleModifier) String

func (m *ThrottleModifier) String() string

type ThrottleModifier_IntervalType

type ThrottleModifier_IntervalType int32

Possible interval types

const (
	// milliseconds
	ThrottleModifier_MILLISECOND ThrottleModifier_IntervalType = 0
	// seconds
	ThrottleModifier_SECOND ThrottleModifier_IntervalType = 1
	// minutes
	ThrottleModifier_MINUTE ThrottleModifier_IntervalType = 2
	// hours
	ThrottleModifier_HOUR ThrottleModifier_IntervalType = 3
)

func (ThrottleModifier_IntervalType) EnumDescriptor

func (ThrottleModifier_IntervalType) EnumDescriptor() ([]byte, []int)

func (ThrottleModifier_IntervalType) String

type TickerEvent

type TickerEvent struct {
	// The number of seconds elapsed since January 1, 1970 UTC.
	//
	// https://golang.org/pkg/time/#Time.Unix
	Seconds int64 `protobuf:"varint,1,opt,name=seconds" json:"seconds,omitempty"`
	// The number of nanoseconds elapsed since January 1, 1970 UTC
	//
	// https://golang.org/pkg/time/#Time.UnixNano
	Nanoseconds int64 `protobuf:"varint,2,opt,name=nanoseconds" json:"nanoseconds,omitempty"`
}

func (*TickerEvent) Descriptor

func (*TickerEvent) Descriptor() ([]byte, []int)

func (*TickerEvent) GetNanoseconds

func (m *TickerEvent) GetNanoseconds() int64

func (*TickerEvent) GetSeconds

func (m *TickerEvent) GetSeconds() int64

func (*TickerEvent) ProtoMessage

func (*TickerEvent) ProtoMessage()

func (*TickerEvent) Reset

func (m *TickerEvent) Reset()

func (*TickerEvent) String

func (m *TickerEvent) String() string

type TickerEventFilter

type TickerEventFilter struct {
	// Required; the interval at which ticker events are generated
	Interval int64 `protobuf:"varint,1,opt,name=interval" json:"interval,omitempty"`
}

The TickerEventFilter configures a ticker stream generator and includes events from it in the Subscription.

func (*TickerEventFilter) Descriptor

func (*TickerEventFilter) Descriptor() ([]byte, []int)

func (*TickerEventFilter) GetInterval

func (m *TickerEventFilter) GetInterval() int64

func (*TickerEventFilter) ProtoMessage

func (*TickerEventFilter) ProtoMessage()

func (*TickerEventFilter) Reset

func (m *TickerEventFilter) Reset()

func (*TickerEventFilter) String

func (m *TickerEventFilter) String() string

type Value

type Value struct {
	Type ValueType `protobuf:"varint,1,opt,name=type,enum=capsule8.api.v0.ValueType" json:"type,omitempty"`
	// Types that are valid to be assigned to Value:
	//	*Value_SignedValue
	//	*Value_UnsignedValue
	//	*Value_StringValue
	//	*Value_BoolValue
	//	*Value_DoubleValue
	//	*Value_TimestampValue
	Value isValue_Value `protobuf_oneof:"value"`
}

func (*Value) Descriptor

func (*Value) Descriptor() ([]byte, []int)

func (*Value) GetBoolValue

func (m *Value) GetBoolValue() bool

func (*Value) GetDoubleValue

func (m *Value) GetDoubleValue() float64

func (*Value) GetSignedValue

func (m *Value) GetSignedValue() int64

func (*Value) GetStringValue

func (m *Value) GetStringValue() string

func (*Value) GetTimestampValue

func (m *Value) GetTimestampValue() *google_protobuf.Timestamp

func (*Value) GetType

func (m *Value) GetType() ValueType

func (*Value) GetUnsignedValue

func (m *Value) GetUnsignedValue() uint64

func (*Value) GetValue

func (m *Value) GetValue() isValue_Value

func (*Value) ProtoMessage

func (*Value) ProtoMessage()

func (*Value) Reset

func (m *Value) Reset()

func (*Value) String

func (m *Value) String() string

func (*Value) XXX_OneofFuncs

func (*Value) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

XXX_OneofFuncs is for the internal use of the proto package.

type ValueType

type ValueType int32
const (
	ValueType_VALUETYPE_UNSPECIFIED ValueType = 0
	ValueType_STRING                ValueType = 1
	ValueType_SINT8                 ValueType = 2
	ValueType_SINT16                ValueType = 3
	ValueType_SINT32                ValueType = 4
	ValueType_SINT64                ValueType = 5
	ValueType_UINT8                 ValueType = 6
	ValueType_UINT16                ValueType = 7
	ValueType_UINT32                ValueType = 8
	ValueType_UINT64                ValueType = 9
	ValueType_BOOL                  ValueType = 10
	ValueType_DOUBLE                ValueType = 11
	ValueType_TIMESTAMP             ValueType = 12
)

func (ValueType) EnumDescriptor

func (ValueType) EnumDescriptor() ([]byte, []int)

func (ValueType) String

func (x ValueType) String() string

type Value_BoolValue

type Value_BoolValue struct {
	BoolValue bool `protobuf:"varint,13,opt,name=bool_value,json=boolValue,oneof"`
}

type Value_DoubleValue

type Value_DoubleValue struct {
	DoubleValue float64 `protobuf:"fixed64,14,opt,name=double_value,json=doubleValue,oneof"`
}

type Value_SignedValue

type Value_SignedValue struct {
	SignedValue int64 `protobuf:"zigzag64,10,opt,name=signed_value,json=signedValue,oneof"`
}

type Value_StringValue

type Value_StringValue struct {
	StringValue string `protobuf:"bytes,12,opt,name=string_value,json=stringValue,oneof"`
}

type Value_TimestampValue

type Value_TimestampValue struct {
	TimestampValue *google_protobuf.Timestamp `protobuf:"bytes,15,opt,name=timestamp_value,json=timestampValue,oneof"`
}

type Value_UnsignedValue

type Value_UnsignedValue struct {
	UnsignedValue uint64 `protobuf:"varint,11,opt,name=unsigned_value,json=unsignedValue,oneof"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL