process

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2023 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Overview

SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddCloneEvent 

func AddCloneEvent(event *tetragonAPI.MsgCloneEvent) error

AddCloneEvent adds a new process into the cache from a CloneEvent

func ArgsDecoder 

func ArgsDecoder(s string, flags uint32) (string, string)

func FreeCache 

func FreeCache()

func GetExecID 

func GetExecID(proc *tetragonAPI.MsgProcess) string

func GetExecIDFromKey 

func GetExecIDFromKey(key *tetragonAPI.MsgExecveKey) string

func GetParentProcessInternal 

func GetParentProcessInternal(pid uint32, ktime uint64) (*ProcessInternal, *ProcessInternal)

func GetPodInfo 

func GetPodInfo(cid, bin, args string, nspid uint32) (*tetragon.Pod, *hubblev1.Endpoint)

GetPodInfo() constructs and returns the Kubernetes Pod information associated with the Container ID and the PID inside this container.

func GetProcessEndpoint 

func GetProcessEndpoint(p *tetragon.Process) *hubblev1.Endpoint

func GetProcessID 

func GetProcessID(pid uint32, ktime uint64) string

func InitCache 

func InitCache(ctx context.Context, w watcher.K8sResourceWatcher, enableCilium bool, size int) error

Types

type Cache 

type Cache struct {
	// contains filtered or unexported fields
}

func NewCache 

func NewCache(
	processCacheSize int,
) (*Cache, error)

func (*Cache) Add 

func (pc *Cache) Add(process *ProcessInternal) bool

func (*Cache) Purge 

func (pc *Cache) Purge()

type ProcessInternal 

type ProcessInternal struct {
	// contains filtered or unexported fields
}

ProcessInternal is the internal representation of a process. nolint:revive // This is an acceptable case of "stuttering" since the name "Internal" wouldn't make much sense by itself.

func AddExecEvent 

func AddExecEvent(event *tetragonAPI.MsgExecveEventUnix) *ProcessInternal

AddExecEvent constructs a new ProcessInternal structure from an Execve event, adds it to the cache, and also returns it

func Get 

func Get(execId string) (*ProcessInternal, error)

func GetProcess 

func GetProcess(
	process tetragonAPI.MsgProcess,
	containerID string,
	parent tetragonAPI.MsgExecveKey,
	capabilities tetragonAPI.MsgCapabilities,
	namespaces tetragonAPI.MsgNamespaces,
) (*ProcessInternal, *hubblev1.Endpoint)

func (*ProcessInternal) AddPodInfo 

func (pi *ProcessInternal) AddPodInfo(pod *tetragon.Pod)

func (*ProcessInternal) AnnotateProcess 

func (pi *ProcessInternal) AnnotateProcess(cred, ns bool) error

func (*ProcessInternal) GetProcess 

func (pi *ProcessInternal) GetProcess() *tetragon.Process

func (*ProcessInternal) GetProcessCopy 

func (pi *ProcessInternal) GetProcessCopy() *tetragon.Process

func (*ProcessInternal) GetProcessInternalCopy 

func (pi *ProcessInternal) GetProcessInternalCopy() *ProcessInternal

func (*ProcessInternal) PutProcess 

func (pi *ProcessInternal) PutProcess()

func (*ProcessInternal) RefDec 

func (pi *ProcessInternal) RefDec()

func (*ProcessInternal) RefGet 

func (pi *ProcessInternal) RefGet() uint32

func (*ProcessInternal) RefInc 

func (pi *ProcessInternal) RefInc()

func (*ProcessInternal) UnsafeGetProcess 

func (pi *ProcessInternal) UnsafeGetProcess() *tetragon.Process

func (*ProcessInternal) UnsafeGetProcessCap 

func (pi *ProcessInternal) UnsafeGetProcessCap() *tetragon.Capabilities

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.