Documentation ¶
Index ¶
- Constants
- func CopyFileByPath(src, dst string) error
- func CreateNetEvent(eventMeta bufferdecoder.NetEventMetadata, ctx procinfo.ProcessCtx, ...) trace.Event
- func GetCaptureEventsList(cfg *Config) map[events.ID]eventConfig
- func GetEssentialEventsList(cfg *Config) map[events.ID]eventConfig
- func MatchFilter(filters []string, argValStr string) bool
- func MergeErrors(cs ...<-chan error) <-chan error
- func ParseIface(operatorAndValues string, ifacesList *[]string) error
- type ArgFilter
- type ArgFilterVal
- type BoolFilter
- type CaptureConfig
- type Config
- type ContIDFilter
- type Filter
- type IfaceFilter
- type IntFilter
- type OutputConfig
- type ProcessTreeFilter
- type RequiredInitValues
- type RetFilter
- type StringFilter
- type Tracee
- type UintFilter
Constants ¶
const ( StructFopsPointer int = iota Iterate )
const ( LessNotSetUint uint64 = 0 GreaterNotSetUint uint64 = math.MaxUint64 LessNotSetInt int64 = math.MinInt64 GreaterNotSetInt int64 = math.MaxInt64 )
Set default inequality values val<0 and val>math.MaxUint64 should never be used by the user as they give an empty set
const ( IoctlFetchSyscalls int32 = 1 << iota IoctlHookedSeqOps )
Variables ¶
This section is empty.
Functions ¶
func CopyFileByPath ¶
CopyFileByPath copies a file from src to dst
func CreateNetEvent ¶
func CreateNetEvent(eventMeta bufferdecoder.NetEventMetadata, ctx procinfo.ProcessCtx, eventName string) trace.Event
CreateNetEvent creates and returns event 'eventName'
func GetCaptureEventsList ¶ added in v0.8.0
GetCaptureEventsList sets events used to capture data
func GetEssentialEventsList ¶ added in v0.8.0
GetEssentialEventsList sets the default events used by tracee
func MatchFilter ¶ added in v0.8.0
func MergeErrors ¶
MergeErrors merges multiple channels of errors. Based on https://blog.golang.org/pipelines.
func ParseIface ¶ added in v0.8.0
Types ¶
type ArgFilter ¶
type ArgFilter struct { Filters map[events.ID]map[string]ArgFilterVal // key to the first map is event id, and to the second map the argument name Enabled bool }
type ArgFilterVal ¶
type BoolFilter ¶
func (*BoolFilter) FilterOut ¶
func (filter *BoolFilter) FilterOut() bool
func (*BoolFilter) Parse ¶
func (filter *BoolFilter) Parse(value string) error
type CaptureConfig ¶
type Config ¶
type Config struct { Filter *Filter Capture *CaptureConfig Output *OutputConfig Cache queue.CacheConfig PerfBufferSize int BlobPerfBufferSize int Debug bool BTFObjPath string BPFObjPath string BPFObjBytes []byte KernelConfig *helpers.KernelConfig ChanEvents chan trace.Event ChanErrors chan error ProcessInfo bool OSInfo *helpers.OSInfo Sockets runtime.Sockets ContainersEnrich bool // contains filtered or unexported fields }
Config is a struct containing user defined configuration of tracee
type ContIDFilter ¶
func (*ContIDFilter) FilterOut ¶
func (filter *ContIDFilter) FilterOut() bool
func (*ContIDFilter) Parse ¶
func (filter *ContIDFilter) Parse(operatorAndValues string) error
func (*ContIDFilter) Set ¶
func (filter *ContIDFilter) Set(bpfModule *bpf.Module, conts *containers.Containers, filterMapName string) error
type Filter ¶
type Filter struct { EventsToTrace []events.ID UIDFilter *UintFilter PIDFilter *UintFilter NewPidFilter *BoolFilter MntNSFilter *UintFilter PidNSFilter *UintFilter UTSFilter *StringFilter CommFilter *StringFilter ContFilter *BoolFilter NewContFilter *BoolFilter ContIDFilter *ContIDFilter RetFilter *RetFilter ArgFilter *ArgFilter ProcessTreeFilter *ProcessTreeFilter Follow bool NetFilter *IfaceFilter }
type IfaceFilter ¶ added in v0.8.0
type IfaceFilter struct {
InterfacesToTrace []string
}
func (*IfaceFilter) Parse ¶ added in v0.8.0
func (filter *IfaceFilter) Parse(operatorAndValues string) error
type IntFilter ¶
type OutputConfig ¶
type ProcessTreeFilter ¶
type ProcessTreeFilter struct { PIDs map[uint32]bool // PIDs is a map where k=pid and v represents whether it and its descendents should be traced or not Enabled bool }
func (*ProcessTreeFilter) FilterOut ¶
func (filter *ProcessTreeFilter) FilterOut() bool
func (*ProcessTreeFilter) Parse ¶
func (filter *ProcessTreeFilter) Parse(operatorAndValues string) error
type RequiredInitValues ¶ added in v0.8.0
type RequiredInitValues struct {
// contains filtered or unexported fields
}
RequiredInitValues determines if to initialize values that might be needed by eBPF programs
type StringFilter ¶
func (*StringFilter) FilterOut ¶
func (filter *StringFilter) FilterOut() bool
func (*StringFilter) Parse ¶
func (filter *StringFilter) Parse(operatorAndValues string) error
type Tracee ¶
Tracee traces system calls and system events using eBPF
func (*Tracee) WaitForPipeline ¶
WaitForPipeline waits for results from all error channels.