derive

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	IPPROTO_TCP uint8 = 6
	IPPROTO_UDP uint8 = 17
)

Variables

View Source 
var NetSeqOps = [6]string{
	"tcp4_seq_ops",
	"tcp6_seq_ops",
	"udp_seq_ops",
	"udp6_seq_ops",
	"raw_seq_ops",
	"raw6_seq_ops",
}

Struct names for the interfaces HookedSeqOpsEventID checks for hooks The show,start,next and stop operation function pointers will be checked for each of those

View Source 
var NetSeqOpsFuncs = [4]string{
	"show",
	"start",
	"next",
	"stop",
}

Functions

This section is empty.

Types

type DeriveFunction added in v0.11.0 

type DeriveFunction func(trace.Event) ([]trace.Event, []error)

DeriveFunction is a function prototype for a function that receives an event as argument and may produce a new event if relevant. It returns a derived or empty event, depending on successful derivation, and an error if one occurred.

func ContainerCreate 

func ContainerCreate(containers *containers.Containers) DeriveFunction

ContainerCreate receives a containers as a closure argument to track it's containers. If it receives a cgroup_mkdir event, it can derive a container_create event from it.

func ContainerRemove 

func ContainerRemove(containers *containers.Containers) DeriveFunction

ContainerRemove receives a containers.Containers object as a closure argument to track it's containers. If it receives a cgroup_rmdir event, it can derive a container_remove event from it.

func DetectHookedSyscall 

func DetectHookedSyscall(kernelSymbols helpers.KernelSymbolTable) DeriveFunction

func HookedSeqOps 

func HookedSeqOps(kernelSymbols helpers.KernelSymbolTable) DeriveFunction

func NetPacketDNS added in v0.10.0 

func NetPacketDNS() DeriveFunction

func NetPacketDNSRequest added in v0.10.0 

func NetPacketDNSRequest() DeriveFunction

func NetPacketDNSResponse added in v0.10.0 

func NetPacketDNSResponse() DeriveFunction

func NetPacketHTTP added in v0.11.0 

func NetPacketHTTP() DeriveFunction

func NetPacketHTTPRequest added in v0.11.0 

func NetPacketHTTPRequest() DeriveFunction

func NetPacketHTTPResponse added in v0.11.0 

func NetPacketHTTPResponse() DeriveFunction

func NetPacketICMP added in v0.10.0 

func NetPacketICMP() DeriveFunction

func NetPacketICMPv6 added in v0.10.0 

func NetPacketICMPv6() DeriveFunction

func NetPacketIPv4 added in v0.10.0 

func NetPacketIPv4() DeriveFunction

func NetPacketIPv6 added in v0.10.0 

func NetPacketIPv6() DeriveFunction

func NetPacketTCP added in v0.10.0 

func NetPacketTCP() DeriveFunction

func NetPacketUDP added in v0.10.0 

func NetPacketUDP() DeriveFunction

func SymbolsCollision added in v0.12.0 

func SymbolsCollision(soLoader sharedobjs.DynamicSymbolsLoader, fScopes *filterscope.FilterScopes,
) DeriveFunction

func SymbolsLoaded added in v0.8.1 

func SymbolsLoaded(
	soLoader sharedobjs.DynamicSymbolsLoader,
	filterScopes *filterscope.FilterScopes,
) DeriveFunction

type SymbolsCollisionArgsGenerator added in v0.12.0 

type SymbolsCollisionArgsGenerator struct {
	// contains filtered or unexported fields
}

SymbolsCollisionArgsGenerator creates the shared object symbols collisions derived events. To do so, it uses multiple caches to accelerate performance and reduce chances for failure.

type Table added in v0.8.3 

type Table map[events.ID]map[events.ID]struct {
	DeriveFunction DeriveFunction
	Enabled        func() bool
}

Table defines a table between events and events they can be derived into corresponding to a deriveFunction The Enabled flag is used in order to skip derivation of unneeded events.

func (Table) DeriveEvent added in v0.11.0 

func (t Table) DeriveEvent(event trace.Event) ([]trace.Event, []error)

DeriveEvent takes a trace.Event and checks if it can derive additional events from it as defined by a derivationTable.

func (Table) Register added in v0.11.0 

func (t Table) Register(deriveFrom, deriveTo events.ID, deriveCondition func() bool, deriveLogic DeriveFunction) error

Register registers a new derivation handler

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.