exec

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 5, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ParentRefCnt  = 0
	ProcessRefCnt = 1
)
View Source 
const (
	CacheTimerMs = 100
)

Variables

View Source 
var (
	AllEvents []*tetragon.GetEventsResponse
	BasePid   uint32 = 46987
)

Functions

func CheckCloneEvents added in v0.8.3 

func CheckCloneEvents(t *testing.T, events []*tetragon.GetEventsResponse, currentPid uint32, clonePid uint32)

func CheckExecEvents added in v0.8.3 

func CheckExecEvents(t *testing.T, events []*tetragon.GetEventsResponse, parentPid uint32, currentPid uint32)

func CheckPodEvents added in v0.8.3 

func CheckPodEvents(t *testing.T, events []*tetragon.GetEventsResponse)

func CheckProcessEqual added in v0.8.3 

func CheckProcessEqual(t *testing.T, p1, p2 *tetragon.Process)

func CreateCloneEvents added in v0.8.3 

func CreateCloneEvents[CLONE notify.Message, EXIT notify.Message](Pid uint32, Ktime uint64, ParentPid uint32, ParentKtime uint64) (*CLONE, *EXIT)

func CreateEvents added in v0.8.3 

func CreateEvents[EXEC notify.Message, EXIT notify.Message](Pid uint32, Ktime uint64, ParentPid uint32, ParentKtime uint64, Docker string) (*EXEC, *EXEC, *EXEC, *EXIT)

func GetEvents added in v0.8.3 

func GetEvents(t *testing.T, events []*tetragon.GetEventsResponse) (*tetragon.ProcessExec, *tetragon.ProcessExit)

func GetProcessExec 

func GetProcessExec(event *MsgExecveEventUnix, useCache bool) *tetragon.ProcessExec

GetProcessExec returns Exec protobuf message for a given process, including the ancestor list.

func GetProcessExit 

func GetProcessExit(event *MsgExitEventUnix) *tetragon.ProcessExit

GetProcessExit returns Exit protobuf message for a given process.

func GetProcessRefcntFromCache added in v0.8.3 

func GetProcessRefcntFromCache(t *testing.T, Pid uint32, Ktime uint64) uint32

func GrpcDelayedExecK8sOutOfOrder added in v0.8.3 

func GrpcDelayedExecK8sOutOfOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

In this case, we get an exit and an exex event (out-of-order). We get the appopriate pod info after the exit event.

func GrpcExecCloneInOrder added in v0.8.3 

func GrpcExecCloneInOrder[EXEC notify.Message, CLONE notify.Message, EXIT notify.Message](t *testing.T)

func GrpcExecCloneOutOfOrder added in v0.8.3 

func GrpcExecCloneOutOfOrder[EXEC notify.Message, CLONE notify.Message, EXIT notify.Message](t *testing.T)

func GrpcExecInOrder added in v0.8.3 

func GrpcExecInOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

func GrpcExecMisingParent added in v0.8.3 

func GrpcExecMisingParent[EXEC notify.Message, EXIT notify.Message](t *testing.T)

func GrpcExecOutOfOrder added in v0.8.3 

func GrpcExecOutOfOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

func GrpcExecParentOutOfOrder added in v0.8.3 

func GrpcExecParentOutOfOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

func GrpcExecPodInfoDelayedInOrder added in v0.8.3 

func GrpcExecPodInfoDelayedInOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

In this case, we get an exec and an exit event (in-order). During both events we also miss pod info. We get pod info after at least one cache GC round.

func GrpcExecPodInfoDelayedOutOfOrder added in v0.8.3 

func GrpcExecPodInfoDelayedOutOfOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

In this case, we get an exit and an exec event (out-of-order). During the exit event we also miss pod info. We get pod info after at least one cache GC round. In this case exit event should go through the eventcache (missed pod and process info). Once we get the exec info we still have to keep the exit event in the eventcache.

func GrpcExecPodInfoInOrder added in v0.8.3 

func GrpcExecPodInfoInOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

In this case, we get an exec and an exit event (in-order) but we miss Pod info. Both of these go through the eventcache to get the pod info. At the end both should have correct pod info and the exit event should also have full process info.

func GrpcExecPodInfoInOrderAfter added in v0.8.3 

func GrpcExecPodInfoInOrderAfter[EXEC notify.Message, EXIT notify.Message](t *testing.T)

In this case, we get an exec and an exit event (in-order). During the exec event we miss pod info. We get pod info before getting the exit event. In this case exec event should go through the eventcache (missed pod info) and exit event should also go through the cache as the procCache has not been updated yet. At the end both should have correct pod info and the exit event should also have full process info.

func GrpcExecPodInfoOutOfOrder added in v0.8.3 

func GrpcExecPodInfoOutOfOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

In this case, we get an exit and an exec event (out-of-order) and we also miss Pod info. Both of these go through the eventcache to get the pod info and process info. At the end both should have correct pod info and the exit event should also have full process info.

func GrpcExecPodInfoOutOfOrderAfter added in v0.8.3 

func GrpcExecPodInfoOutOfOrderAfter[EXEC notify.Message, EXIT notify.Message](t *testing.T)

In this case, we get an exit and an exec event (out-of-order). During the exit event we also miss pod info. We get pod info before getting the exec event. In this case exit event should go through the eventcache (missed pod and process info) and exec event should not go through the cache as we have everything. At the end both should have correct pod info and the exit event should also have full process info.

func GrpcMissingExec added in v0.8.3 

func GrpcMissingExec[EXEC notify.Message, EXIT notify.Message](t *testing.T)

func GrpcParentInOrder added in v0.8.3 

func GrpcParentInOrder[EXEC notify.Message, EXIT notify.Message](t *testing.T)

func InitEnv added in v0.8.3 

func InitEnv[EXEC notify.Message, EXIT notify.Message](t *testing.T, cancelWg *sync.WaitGroup, watcher watcher.K8sResourceWatcher) context.CancelFunc

Types

type DummyNotifier added in v0.8.3 

type DummyNotifier[EXEC notify.Message, EXIT notify.Message] struct {
	// contains filtered or unexported fields
}

func (DummyNotifier[EXEC, EXIT]) AddListener added in v0.8.3 

func (n DummyNotifier[EXEC, EXIT]) AddListener(_ server.Listener)

func (DummyNotifier[EXEC, EXIT]) NotifyListener added in v0.8.3 

func (n DummyNotifier[EXEC, EXIT]) NotifyListener(original interface{}, processed *tetragon.GetEventsResponse)

func (DummyNotifier[EXEC, EXIT]) RemoveListener added in v0.8.3 

func (n DummyNotifier[EXEC, EXIT]) RemoveListener(_ server.Listener)

type MsgCgroupEventUnix added in v0.8.4 

type MsgCgroupEventUnix struct {
	processapi.MsgCgroupEvent
}

func (*MsgCgroupEventUnix) Cast added in v0.8.4 

func (msg *MsgCgroupEventUnix) Cast(o interface{}) notify.Message

func (*MsgCgroupEventUnix) HandleMessage added in v0.8.4 

func (msg *MsgCgroupEventUnix) HandleMessage() *tetragon.GetEventsResponse

func (*MsgCgroupEventUnix) Notify added in v0.8.4 

func (msg *MsgCgroupEventUnix) Notify() bool

func (*MsgCgroupEventUnix) Retry added in v0.8.4 

func (msg *MsgCgroupEventUnix) Retry(_ *process.ProcessInternal, _ notify.Event) error

func (*MsgCgroupEventUnix) RetryInternal added in v0.8.4 

func (msg *MsgCgroupEventUnix) RetryInternal(_ notify.Event, _ uint64) (*process.ProcessInternal, error)

type MsgCloneEventUnix 

type MsgCloneEventUnix struct {
	processapi.MsgCloneEvent
}

func (*MsgCloneEventUnix) Cast added in v0.8.3 

func (msg *MsgCloneEventUnix) Cast(o interface{}) notify.Message

func (*MsgCloneEventUnix) HandleMessage 

func (msg *MsgCloneEventUnix) HandleMessage() *tetragon.GetEventsResponse

func (*MsgCloneEventUnix) Notify 

func (msg *MsgCloneEventUnix) Notify() bool

func (*MsgCloneEventUnix) Retry 

func (msg *MsgCloneEventUnix) Retry(_ *process.ProcessInternal, _ notify.Event) error

func (*MsgCloneEventUnix) RetryInternal 

func (msg *MsgCloneEventUnix) RetryInternal(_ notify.Event, _ uint64) (*process.ProcessInternal, error)

type MsgExecveEventUnix 

type MsgExecveEventUnix struct {
	Unix *processapi.MsgExecveEventUnix
}

func (*MsgExecveEventUnix) Cast added in v0.8.3 

func (msg *MsgExecveEventUnix) Cast(o interface{}) notify.Message

func (*MsgExecveEventUnix) HandleMessage 

func (msg *MsgExecveEventUnix) HandleMessage() *tetragon.GetEventsResponse

func (*MsgExecveEventUnix) Notify 

func (msg *MsgExecveEventUnix) Notify() bool

func (*MsgExecveEventUnix) Retry 

func (msg *MsgExecveEventUnix) Retry(internal *process.ProcessInternal, ev notify.Event) error

func (*MsgExecveEventUnix) RetryInternal 

func (msg *MsgExecveEventUnix) RetryInternal(_ notify.Event, _ uint64) (*process.ProcessInternal, error)

type MsgExitEventUnix 

type MsgExitEventUnix struct {
	tetragonAPI.MsgExitEvent
	RefCntDone [2]bool
}

func (*MsgExitEventUnix) Cast added in v0.8.3 

func (msg *MsgExitEventUnix) Cast(o interface{}) notify.Message

func (*MsgExitEventUnix) HandleMessage 

func (msg *MsgExitEventUnix) HandleMessage() *tetragon.GetEventsResponse

func (*MsgExitEventUnix) Notify 

func (msg *MsgExitEventUnix) Notify() bool

func (*MsgExitEventUnix) Retry 

func (msg *MsgExitEventUnix) Retry(internal *process.ProcessInternal, ev notify.Event) error

func (*MsgExitEventUnix) RetryInternal 

func (msg *MsgExitEventUnix) RetryInternal(ev notify.Event, timestamp uint64) (*process.ProcessInternal, error)

type MsgKThreadInitUnix added in v1.1.0 

type MsgKThreadInitUnix struct {
	Unix *processapi.MsgExecveEventUnix
}

This is used only when we add kernel threads during /proc scanning. We use the same interface with all the other events to make the handling of them easier.

func (*MsgKThreadInitUnix) Cast added in v1.1.0 

func (msg *MsgKThreadInitUnix) Cast(_ interface{}) notify.Message

func (*MsgKThreadInitUnix) HandleMessage added in v1.1.0 

func (msg *MsgKThreadInitUnix) HandleMessage() *tetragon.GetEventsResponse

func (*MsgKThreadInitUnix) Notify added in v1.1.0 

func (msg *MsgKThreadInitUnix) Notify() bool

func (*MsgKThreadInitUnix) Retry added in v1.1.0 

func (msg *MsgKThreadInitUnix) Retry(_ *process.ProcessInternal, _ notify.Event) error

func (*MsgKThreadInitUnix) RetryInternal added in v1.1.0 

func (msg *MsgKThreadInitUnix) RetryInternal(_ notify.Event, _ uint64) (*process.ProcessInternal, error)

type MsgProcessCleanupEventUnix added in v0.8.3 

type MsgProcessCleanupEventUnix struct {
	PID        uint32
	Ktime      uint64
	RefCntDone [2]bool
}

func (*MsgProcessCleanupEventUnix) Cast added in v0.8.3 

func (msg *MsgProcessCleanupEventUnix) Cast(_ interface{}) notify.Message

func (*MsgProcessCleanupEventUnix) HandleMessage added in v0.8.3 

func (msg *MsgProcessCleanupEventUnix) HandleMessage() *tetragon.GetEventsResponse

func (*MsgProcessCleanupEventUnix) Notify added in v0.8.3 

func (msg *MsgProcessCleanupEventUnix) Notify() bool

func (*MsgProcessCleanupEventUnix) Retry added in v0.8.3 

func (msg *MsgProcessCleanupEventUnix) Retry(_ *process.ProcessInternal, _ notify.Event) error

func (*MsgProcessCleanupEventUnix) RetryInternal added in v0.8.3 

func (msg *MsgProcessCleanupEventUnix) RetryInternal(_ notify.Event, timestamp uint64) (*process.ProcessInternal, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.