Documentation
¶
Overview ¶
SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
Index ¶
- Constants
- type MsgCapabilities
- type MsgCgroupData
- type MsgCgroupEvent
- type MsgCloneEvent
- type MsgCommon
- type MsgExec
- type MsgExecveEvent
- type MsgExecveEventUnix
- type MsgExecveKey
- type MsgExitEvent
- type MsgExitInfo
- type MsgGenericCredMinimal
- type MsgK8s
- type MsgK8sUnix
- type MsgNamespaces
- type MsgProcess
- type MsgUserNamespace
Constants ¶
View Source
const ( // DOCKER_ID_LENGTH to match BPF side buffer size where we read the // cgroup of the task DOCKER_ID_LENGTH = 128 // Length of the cgroup name as it is returned from BPF side CGROUP_NAME_LENGTH = 128 // Length of the cgroup path as it is returned from BPF side CGROUP_PATH_LENGTH = 4096 MSG_SIZEOF_MAXARG = 100 MSG_SIZEOF_EXECVE = 40 MSG_SIZEOF_CWD = 256 MSG_SIZEOF_ARGS = 1024 MSG_SIZEOF_BUFFER = MSG_SIZEOF_ARGS + MSG_SIZEOF_CWD + MSG_SIZEOF_EXECVE + MSG_SIZEOF_EXECVE + MSG_SIZEOF_MAXARG // MsgUnixSize of msg MsgUnixSize uint32 = 640 /* Execve extra flags */ ExecveSetuid = 0x01 ExecveSetgid = 0x02 // flags of MsgCommon MSG_COMMON_FLAG_RETURN = 0x1 MSG_COMMON_FLAG_STACKTRACE = 0x2 )
View Source
const (
// UnresolvedMountPoints = 0x1 // (deprecated)
UnresolvedPathComponents = 0x2
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MsgCapabilities ¶
type MsgCgroupData ¶ added in v0.8.4
type MsgCgroupData struct {
State int32 `align:"state"` // State of cgroup
HierarchyId uint32 `align:"hierarchy_id"` // Unique id for the hierarchy
Level uint32 `align:"level"` // The depth this cgroup is at
Pad uint32 `align:"pad"`
Name [CGROUP_NAME_LENGTH]byte `align:"name"` // Cgroup kernfs_node name
}
MsgCgroupData is complementary cgroup data that is collected from BPF side on various cgroup events.
type MsgCgroupEvent ¶ added in v0.8.4
type MsgCgroupEvent struct {
Common MsgCommon `align:"common"`
Parent MsgExecveKey `align:"parent"`
CgrpOp uint32 `align:"cgrp_op"` // Current cgroup operation
PID uint32 `align:"pid"`
NSPID uint32 `align:"nspid"`
Flags uint32 `align:"flags"`
Ktime uint64 `align:"ktime"`
CgrpidTracker uint64 `align:"cgrpid_tracker"` // The tracking cgroup ID
Cgrpid uint64 `align:"cgrpid"` // Current cgroup ID
CgrpData MsgCgroupData `align:"cgrp_data"` // Complementary cgroup data
Path [CGROUP_PATH_LENGTH]byte `align:"path"` // Full path of the cgroup on fs
}
MsgCgroupEvent is the data that is sent from BPF side on cgroup events into ring buffer.
type MsgCloneEvent ¶
type MsgCommon ¶
type MsgCommon struct {
Op uint8
// Flags is used to:
// - distinguish between an entry and a return kprobe event
// - indicate if a stack trace id was passed in the event
Flags uint8
Pad_v2 [2]uint8
Size uint32
Ktime uint64
}
API between Kernel BPF and Userspace tetragon Golang agent
type MsgExecveEvent ¶
type MsgExecveEvent struct {
Common MsgCommon
Kube MsgK8s
Parent MsgExecveKey
ParentFlags uint64
Capabilities MsgCapabilities
Creds MsgGenericCredMinimal
Namespaces MsgNamespaces
CleanupProcess MsgExecveKey
}
type MsgExecveEventUnix ¶
type MsgExecveEventUnix struct {
Common MsgCommon
Kube MsgK8sUnix
Parent MsgExecveKey
ParentFlags uint64
Capabilities MsgCapabilities
Creds MsgGenericCredMinimal
Namespaces MsgNamespaces
CleanupProcess MsgExecveKey
Process MsgProcess
}
type MsgExecveKey ¶
type MsgExitEvent ¶
type MsgExitEvent struct {
Common MsgCommon `align:"common"`
ProcessKey MsgExecveKey `align:"current"`
Info MsgExitInfo `align:"info"`
}
type MsgExitInfo ¶
type MsgGenericCredMinimal ¶ added in v1.0.0
type MsgK8s ¶
type MsgK8s struct {
NetNS uint32
Cid uint32
Cgrpid uint64
Docker [DOCKER_ID_LENGTH]byte
}
type MsgNamespaces ¶
Source Files
Click to show internal directories.
Click to hide internal directories.