derive

package
v0.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var NetSeqOps = [6]string{
	"tcp4_seq_ops",
	"tcp6_seq_ops",
	"udp_seq_ops",
	"udp6_seq_ops",
	"raw_seq_ops",
	"raw6_seq_ops",
}

Struct names for the interfaces HookedSeqOpsEventID checks for hooks The show,start,next and stop operation function pointers will be checked for each of those

View Source 
var NetSeqOpsFuncs = [4]string{
	"show",
	"start",
	"next",
	"stop",
}

Functions

func ContainerCreate 

func ContainerCreate(containers *containers.Containers) deriveFunction

ContainerCreate receives a containers as a closure argument to track it's containers. If it receives a cgroup_mkdir event, it can derive a container_create event from it.

func ContainerRemove 

func ContainerRemove(containers *containers.Containers) deriveFunction

ContainerRemove receives a containers.Containers object as a closure argument to track it's containers. If it receives a cgroup_rmdir event, it can derive a container_remove event from it.

func DeriveEvent added in v0.8.3 

func DeriveEvent(event trace.Event, derivationTable Table) ([]trace.Event, []error)

DeriveEvent takes a trace.Event and checks if it can derive additional events from it as defined by a derivationTable.

func DetectHookedSyscall 

func DetectHookedSyscall(kernelSymbols *helpers.KernelSymbolTable) deriveFunction

func HookedSeqOps 

func HookedSeqOps(kernelSymbols *helpers.KernelSymbolTable) deriveFunction

func NetPacket 

func NetPacket() deriveFunction

NetPacket derives net_packet from net events with 'metadata' arg

func SymbolsLoaded added in v0.8.1 

func SymbolsLoaded(soLoader sharedobjs.DynamicSymbolsLoader, watchedSymbols []string, whitelistedLibsPrefixes []string, isDebug bool) deriveFunction

Types

type Table added in v0.8.3 

type Table map[events.ID]map[events.ID]struct {
	DeriveFunction deriveFunction
	Enabled        bool
}

Table defines a table between events and events they can be derived into corresponding to a deriveFunction The Enabled flag is used in order to skip derivation of unneeded events.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.