Documentation
¶
Index ¶
Constants ¶
View Source
const AF_INET = 2
View Source
const AF_INET6 = 10
Variables ¶
This section is empty.
Functions ¶
func GenerateInterface ¶ added in v0.22.0
func PcapsEnabled ¶
func PcapsEnabled(simple config.PcapsConfig) bool
PcapsEnabled checks if the simple config has any bool value set
Types ¶
type ContainerContext ¶ added in v0.22.0
type KubernetesContext ¶ added in v0.22.0
type PacketContext ¶ added in v0.22.0
type PacketContext struct {
Version string `json:"version"`
// Present for container, command and process captures
Container *ContainerContext `json:"container,omitempty"`
Kubernetes *KubernetesContext `json:"kubernetes,omitempty"`
HostName string `json:"hostName,omitempty"`
// Present for command and process captures
ProcessName string `json:"processName,omitempty"`
// Present for process captures
Process *ProcessContext `json:"process,omitempty"`
}
This struct represents the context of a packet capture. Packet captures can be per process, command, container or a single capture, which affects the context info relevant to it. The context contains information that is supposed to be constant for the entire capture, although this may not always be the case. For example, if a process changes its name, this won't be reflected in the capture's context information.
type Pcap ¶
type Pcap struct {
// contains filtered or unexported fields
}
Pcap is a representation of a pcap file
type PcapCache ¶
type PcapCache struct {
// contains filtered or unexported fields
}
PcapCache is an intermediate LRU cache in between Pcap and Pcaps
type PcapOption ¶ added in v0.11.1
type PcapOption uint32
const (
Filtered PcapOption = 0x1
)
func GetPcapOptions ¶ added in v0.11.1
func GetPcapOptions(c config.PcapsConfig) PcapOption
type PcapType ¶
type PcapType uint
const ( // // 1 (0001): process: 1 pcap file per process (default) // 2 (0010): container: 1 pcap file per container // 4 (0011): command: 1 pcap file per command // 8 (1000): single: 1 single pcap file for all // // or a combination: // // 3 (0011): process + container // 5 (0010): process + command // 6 (0110): container + command // 7 (0111): process + container + command // None PcapType = 0x0 Process PcapType = 0x1 Container PcapType = 0x2 Command PcapType = 0x4 Single PcapType = 0x8 )
type Pcaps ¶
type Pcaps struct {
// contains filtered or unexported fields
}
Pcaps holds all Pcap for different PcapTypes
type ProcessContext ¶ added in v0.22.0
type ProcessContext struct {
ThreadStartTime int `json:"threadStartTime"`
ProcessID int `json:"processId"`
CgroupID uint `json:"cgroupId"`
ThreadID int `json:"threadId"`
ParentProcessID int `json:"parentProcessId"`
HostProcessID int `json:"hostProcessId"`
HostThreadID int `json:"hostThreadId"`
HostParentProcessID int `json:"hostParentProcessId"`
UserID int `json:"userId"`
MountNS int `json:"mountNamespace"`
PIDNS int `json:"pidNamespace"`
Executable string `json:"executable"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.