processapi

package
v0.8.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2022 License: Apache-2.0 Imports: 0 Imported by: 0

Documentation

Overview

SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon

Index

Constants

View Source
const (
	// DOCKER_ID_LENGTH to match BPF side buffer size where we read the
	// cgroup of the task
	DOCKER_ID_LENGTH = 128

	MSG_SIZEOF_MAXARG = 100
	MSG_SIZEOF_EXECVE = 32
	MSG_SIZEOF_CWD    = 256
	MSG_SIZEOF_ARGS   = 1024
	MSG_SIZEOF_BUFFER = MSG_SIZEOF_ARGS +
		MSG_SIZEOF_CWD +
		MSG_SIZEOF_EXECVE + MSG_SIZEOF_EXECVE +
		MSG_SIZEOF_MAXARG

	// MsgUnixSize of msg
	MsgUnixSize uint32 = 640
)
View Source
const (
	// UnresolvedMountPoints    = 0x1 // (deprecated)
	UnresolvedPathComponents = 0x2
)

Variables

This section is empty.

Functions

This section is empty.

Types

type MsgCapabilities

type MsgCapabilities struct {
	Permitted   uint64
	Effective   uint64
	Inheritable uint64
}

type MsgCloneEvent

type MsgCloneEvent struct {
	Common MsgCommon
	Parent MsgExecveKey
	PID    uint32
	NSPID  uint32
	Flags  uint32
	Ktime  uint64
}

type MsgCommon

type MsgCommon struct {
	Op uint8
	// Flags is used to:
	//  - distinguish between an entry and a return kprobe event
	Flags  uint8
	Pad_v2 [2]uint8
	Size   uint32
	Ktime  uint64
}

API between Kernel BPF and Userspace tetragon Golang agent

type MsgExec

type MsgExec struct {
	Size  uint32
	PID   uint32
	NSPID uint32
	UID   uint32
	AUID  uint32
	Flags uint32
	Ktime uint64
}

type MsgExecveEvent

type MsgExecveEvent struct {
	Common       MsgCommon
	Kube         MsgK8s
	Parent       MsgExecveKey
	ParentFlags  uint64
	Capabilities MsgCapabilities
	Namespaces   MsgNamespaces
}

type MsgExecveEventUnix

type MsgExecveEventUnix struct {
	Common       MsgCommon
	Kube         MsgK8sUnix
	Parent       MsgExecveKey
	ParentFlags  uint64
	Capabilities MsgCapabilities
	Namespaces   MsgNamespaces
	Process      MsgProcess
}

type MsgExecveKey

type MsgExecveKey struct {
	Pid   uint32 `align:"pid"`
	Pad   uint32 `align:"pad"`
	Ktime uint64 `align:"ktime"`
}

type MsgExitEvent

type MsgExitEvent struct {
	Common     MsgCommon    `align:"common"`
	ProcessKey MsgExecveKey `align:"current"`
	Info       MsgExitInfo  `align:"info"`
}

type MsgExitInfo

type MsgExitInfo struct {
	Code uint32 `align:"code"`
	Pad1 uint32 `align:"pad"`
}

type MsgK8s

type MsgK8s struct {
	NetNS  uint32
	Cid    uint32
	Cgrpid uint64
	Docker [DOCKER_ID_LENGTH]byte
}

type MsgK8sUnix

type MsgK8sUnix struct {
	NetNS  uint32
	Cid    uint32
	Cgrpid uint64
	Docker string
}

type MsgNamespaces

type MsgNamespaces struct {
	UtsInum       uint32
	IpcInum       uint32
	MntInum       uint32
	PidInum       uint32
	PidChildInum  uint32
	NetInum       uint32
	TimeInum      uint32
	TimeChildInum uint32
	CgroupInum    uint32
	UserInum      uint32
}

type MsgProcess

type MsgProcess struct {
	Size     uint32
	PID      uint32
	NSPID    uint32
	UID      uint32
	AUID     uint32
	Flags    uint32
	Ktime    uint64
	Filename string
	Args     string
}

API between Userspace tetragon Golang agent and Unix domain socket listener

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL