Documentation
¶
Index ¶
- Constants
- type EventConfig
- type KprobeArgs
- type MsgGenericCapEffective
- type MsgGenericCapInheritable
- type MsgGenericCapPermitted
- type MsgGenericKernelCapType
- type MsgGenericKprobe
- type MsgGenericKprobeArg
- type MsgGenericKprobeArgBpfAttr
- type MsgGenericKprobeArgBpfMap
- type MsgGenericKprobeArgBytes
- type MsgGenericKprobeArgCapEffective
- type MsgGenericKprobeArgCapInheritable
- type MsgGenericKprobeArgCapPermitted
- type MsgGenericKprobeArgCapability
- type MsgGenericKprobeArgCred
- type MsgGenericKprobeArgFile
- type MsgGenericKprobeArgInt
- type MsgGenericKprobeArgKernelCapType
- type MsgGenericKprobeArgKernelModule
- type MsgGenericKprobeArgLinuxBinprm
- type MsgGenericKprobeArgLoadModule
- type MsgGenericKprobeArgLong
- type MsgGenericKprobeArgNetDev
- type MsgGenericKprobeArgPath
- type MsgGenericKprobeArgPerfEvent
- type MsgGenericKprobeArgSize
- type MsgGenericKprobeArgSkb
- type MsgGenericKprobeArgSock
- type MsgGenericKprobeArgString
- type MsgGenericKprobeArgUInt
- type MsgGenericKprobeArgUserNamespace
- type MsgGenericKprobeBpfAttr
- type MsgGenericKprobeBpfMap
- type MsgGenericKprobeCapability
- type MsgGenericKprobeLinuxBinprm
- type MsgGenericKprobeNetDev
- type MsgGenericKprobePerfEvent
- type MsgGenericKprobeSkb
- type MsgGenericKprobeSock
- type MsgGenericKprobeTuple
- type MsgGenericKprobeUnix
- type MsgGenericLoadModule
- type MsgGenericTracepoint
- type MsgGenericTracepointArg
- type MsgGenericUserNamespace
- type MsgLoader
Constants ¶
View Source
const ( // 5 arguments + 1 return argument MaxArgsSupported = 6 ReturnArgIndex = MaxArgsSupported - 1 )
View Source
const ( ActionPost = 0 ActionFollowFd = 1 ActionSigKill = 2 ActionUnfollowFd = 3 ActionOverride = 4 ActionCopyFd = 5 ActionGetUrl = 6 ActionLookupDns = 7 ActionNoPost = 8 ActionSignal = 9 ActionTrackSock = 10 ActionUntrackSock = 11 ActionNotifyKiller = 12 )
View Source
const ( BPF_OBJ_NAME_LEN = 16 KSYM_NAME_LEN = 128 MODULE_NAME_LEN = 64 NETDEV_NAME_LEN = 16 )
View Source
const EventConfigMaxArgs = 5
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EventConfig ¶
type EventConfig struct {
FuncId uint32 `align:"func_id"`
Arg [EventConfigMaxArgs]int32 `align:"arg0"`
ArgM [EventConfigMaxArgs]uint32 `align:"arg0m"`
ArgTpCtxOff [EventConfigMaxArgs]uint32 `align:"t_arg0_ctx_off"`
Syscall uint32 `align:"syscall"`
ArgReturnCopy int32 `align:"argreturncopy"`
ArgReturn int32 `align:"argreturn"`
ArgReturnAction int32 `align:"argreturnaction"`
PolicyID uint32 `align:"policy_id"`
Flags uint32 `align:"flags"`
}
type KprobeArgs ¶
type MsgGenericCapEffective ¶ added in v1.1.0
type MsgGenericCapEffective struct {
Caps uint64
}
type MsgGenericCapInheritable ¶ added in v1.1.0
type MsgGenericCapInheritable struct {
Caps uint64
}
type MsgGenericCapPermitted ¶ added in v1.1.0
type MsgGenericCapPermitted struct {
Caps uint64
}
type MsgGenericKernelCapType ¶ added in v1.1.0
type MsgGenericKernelCapType struct {
Caps uint64
}
type MsgGenericKprobe ¶
type MsgGenericKprobe struct {
Common processapi.MsgCommon
ProcessKey processapi.MsgExecveKey
Namespaces processapi.MsgNamespaces
Capabilities processapi.MsgCapabilities
FuncId uint64
RetProbeId uint64
ActionId uint64
ActionArgId uint32
Tid uint32 // The recorded TID that triggered the event
KernelStackID int64
UserStackID int64
}
type MsgGenericKprobeArg ¶
type MsgGenericKprobeArgBpfAttr ¶
type MsgGenericKprobeArgBpfAttr struct {
Index uint64
ProgType uint32
InsnCnt uint32
ProgName string
Label string
}
func (MsgGenericKprobeArgBpfAttr) GetIndex ¶
func (m MsgGenericKprobeArgBpfAttr) GetIndex() uint64
func (MsgGenericKprobeArgBpfAttr) IsReturnArg ¶
func (m MsgGenericKprobeArgBpfAttr) IsReturnArg() bool
type MsgGenericKprobeArgBpfMap ¶ added in v0.8.3
type MsgGenericKprobeArgBpfMap struct {
MapType uint32
Index uint64
KeySize uint32
ValueSize uint32
MaxEntries uint32
MapName string
Label string
}
func (MsgGenericKprobeArgBpfMap) GetIndex ¶ added in v0.8.3
func (m MsgGenericKprobeArgBpfMap) GetIndex() uint64
func (MsgGenericKprobeArgBpfMap) IsReturnArg ¶ added in v0.8.3
func (m MsgGenericKprobeArgBpfMap) IsReturnArg() bool
type MsgGenericKprobeArgBytes ¶
type MsgGenericKprobeArgBytes struct {
Index uint64
OrigSize uint64 // if len(Value) < OrigSize, then the result was truncated
Value []byte
Label string
}
func (MsgGenericKprobeArgBytes) GetIndex ¶
func (m MsgGenericKprobeArgBytes) GetIndex() uint64
func (MsgGenericKprobeArgBytes) IsReturnArg ¶
func (m MsgGenericKprobeArgBytes) IsReturnArg() bool
type MsgGenericKprobeArgCapEffective ¶ added in v1.1.0
func (MsgGenericKprobeArgCapEffective) GetIndex ¶ added in v1.1.0
func (m MsgGenericKprobeArgCapEffective) GetIndex() uint64
func (MsgGenericKprobeArgCapEffective) IsReturnArg ¶ added in v1.1.0
func (m MsgGenericKprobeArgCapEffective) IsReturnArg() bool
type MsgGenericKprobeArgCapInheritable ¶ added in v1.1.0
func (MsgGenericKprobeArgCapInheritable) GetIndex ¶ added in v1.1.0
func (m MsgGenericKprobeArgCapInheritable) GetIndex() uint64
func (MsgGenericKprobeArgCapInheritable) IsReturnArg ¶ added in v1.1.0
func (m MsgGenericKprobeArgCapInheritable) IsReturnArg() bool
type MsgGenericKprobeArgCapPermitted ¶ added in v1.1.0
func (MsgGenericKprobeArgCapPermitted) GetIndex ¶ added in v1.1.0
func (m MsgGenericKprobeArgCapPermitted) GetIndex() uint64
func (MsgGenericKprobeArgCapPermitted) IsReturnArg ¶ added in v1.1.0
func (m MsgGenericKprobeArgCapPermitted) IsReturnArg() bool
type MsgGenericKprobeArgCapability ¶ added in v0.8.3
func (MsgGenericKprobeArgCapability) GetIndex ¶ added in v0.8.3
func (m MsgGenericKprobeArgCapability) GetIndex() uint64
func (MsgGenericKprobeArgCapability) IsReturnArg ¶ added in v0.8.3
func (m MsgGenericKprobeArgCapability) IsReturnArg() bool
type MsgGenericKprobeArgCred ¶
type MsgGenericKprobeArgCred struct {
Index uint64
Uid uint32
Gid uint32
Suid uint32
Sgid uint32
Euid uint32
Egid uint32
FSuid uint32
FSgid uint32
SecureBits uint32
Pad uint32
Cap processapi.MsgCapabilities
UserNs processapi.MsgUserNamespace
Label string
}
func (MsgGenericKprobeArgCred) GetIndex ¶
func (m MsgGenericKprobeArgCred) GetIndex() uint64
func (MsgGenericKprobeArgCred) IsReturnArg ¶
func (m MsgGenericKprobeArgCred) IsReturnArg() bool
type MsgGenericKprobeArgFile ¶
type MsgGenericKprobeArgFile struct {
Index uint64
Value string
Flags uint32
Permission uint16
Label string
}
func (MsgGenericKprobeArgFile) GetIndex ¶
func (m MsgGenericKprobeArgFile) GetIndex() uint64
func (MsgGenericKprobeArgFile) IsReturnArg ¶
func (m MsgGenericKprobeArgFile) IsReturnArg() bool
type MsgGenericKprobeArgInt ¶
func (MsgGenericKprobeArgInt) GetIndex ¶
func (m MsgGenericKprobeArgInt) GetIndex() uint64
func (MsgGenericKprobeArgInt) IsReturnArg ¶
func (m MsgGenericKprobeArgInt) IsReturnArg() bool
type MsgGenericKprobeArgKernelCapType ¶ added in v1.1.0
func (MsgGenericKprobeArgKernelCapType) GetIndex ¶ added in v1.1.0
func (m MsgGenericKprobeArgKernelCapType) GetIndex() uint64
func (MsgGenericKprobeArgKernelCapType) IsReturnArg ¶ added in v1.1.0
func (m MsgGenericKprobeArgKernelCapType) IsReturnArg() bool
type MsgGenericKprobeArgKernelModule ¶ added in v1.0.0
func (MsgGenericKprobeArgKernelModule) GetIndex ¶ added in v1.0.0
func (m MsgGenericKprobeArgKernelModule) GetIndex() uint64
func (MsgGenericKprobeArgKernelModule) IsReturnArg ¶ added in v1.0.0
func (m MsgGenericKprobeArgKernelModule) IsReturnArg() bool
type MsgGenericKprobeArgLinuxBinprm ¶ added in v1.1.0
type MsgGenericKprobeArgLinuxBinprm struct {
Index uint64
Value string
Flags uint32
Permission uint16
Label string
}
func (MsgGenericKprobeArgLinuxBinprm) GetIndex ¶ added in v1.1.0
func (m MsgGenericKprobeArgLinuxBinprm) GetIndex() uint64
func (MsgGenericKprobeArgLinuxBinprm) IsReturnArg ¶ added in v1.1.0
func (m MsgGenericKprobeArgLinuxBinprm) IsReturnArg() bool
type MsgGenericKprobeArgLoadModule ¶ added in v1.0.0
type MsgGenericKprobeArgLoadModule struct {
Index uint64
SigOk uint32
Taints uint64
Name string
Label string
}
func (MsgGenericKprobeArgLoadModule) GetIndex ¶ added in v1.0.0
func (m MsgGenericKprobeArgLoadModule) GetIndex() uint64
func (MsgGenericKprobeArgLoadModule) IsReturnArg ¶ added in v1.0.0
func (m MsgGenericKprobeArgLoadModule) IsReturnArg() bool
type MsgGenericKprobeArgLong ¶ added in v1.1.0
func (MsgGenericKprobeArgLong) GetIndex ¶ added in v1.1.0
func (m MsgGenericKprobeArgLong) GetIndex() uint64
func (MsgGenericKprobeArgLong) IsReturnArg ¶ added in v1.1.0
func (m MsgGenericKprobeArgLong) IsReturnArg() bool
type MsgGenericKprobeArgNetDev ¶ added in v1.1.0
func (MsgGenericKprobeArgNetDev) GetIndex ¶ added in v1.1.0
func (m MsgGenericKprobeArgNetDev) GetIndex() uint64
func (MsgGenericKprobeArgNetDev) IsReturnArg ¶ added in v1.1.0
func (m MsgGenericKprobeArgNetDev) IsReturnArg() bool
type MsgGenericKprobeArgPath ¶
type MsgGenericKprobeArgPath struct {
Index uint64
Value string
Flags uint32
Permission uint16
Label string
}
func (MsgGenericKprobeArgPath) GetIndex ¶
func (m MsgGenericKprobeArgPath) GetIndex() uint64
func (MsgGenericKprobeArgPath) IsReturnArg ¶
func (m MsgGenericKprobeArgPath) IsReturnArg() bool
type MsgGenericKprobeArgPerfEvent ¶
type MsgGenericKprobeArgPerfEvent struct {
Index uint64
KprobeFunc string
Type uint32
Config uint64
ProbeOffset uint64
Label string
}
func (MsgGenericKprobeArgPerfEvent) GetIndex ¶
func (m MsgGenericKprobeArgPerfEvent) GetIndex() uint64
func (MsgGenericKprobeArgPerfEvent) IsReturnArg ¶
func (m MsgGenericKprobeArgPerfEvent) IsReturnArg() bool
type MsgGenericKprobeArgSize ¶
func (MsgGenericKprobeArgSize) GetIndex ¶
func (m MsgGenericKprobeArgSize) GetIndex() uint64
func (MsgGenericKprobeArgSize) IsReturnArg ¶
func (m MsgGenericKprobeArgSize) IsReturnArg() bool
type MsgGenericKprobeArgSkb ¶
type MsgGenericKprobeArgSkb struct {
Index uint64
Family uint16
Hash uint32
Len uint32
Priority uint32
Mark uint32
Saddr string
Daddr string
Sport uint32
Dport uint32
Proto uint32
SecPathLen uint32
SecPathOLen uint32
Label string
}
func (MsgGenericKprobeArgSkb) GetIndex ¶
func (m MsgGenericKprobeArgSkb) GetIndex() uint64
func (MsgGenericKprobeArgSkb) IsReturnArg ¶
func (m MsgGenericKprobeArgSkb) IsReturnArg() bool
type MsgGenericKprobeArgSock ¶
type MsgGenericKprobeArgSock struct {
Index uint64
Family uint16
Type uint16
Protocol uint16
Mark uint32
Priority uint32
Saddr string
Daddr string
Sport uint32
Dport uint32
Sockaddr uint64
Label string
State uint8
}
func (MsgGenericKprobeArgSock) GetIndex ¶
func (m MsgGenericKprobeArgSock) GetIndex() uint64
func (MsgGenericKprobeArgSock) IsReturnArg ¶
func (m MsgGenericKprobeArgSock) IsReturnArg() bool
type MsgGenericKprobeArgString ¶
func (MsgGenericKprobeArgString) GetIndex ¶
func (m MsgGenericKprobeArgString) GetIndex() uint64
func (MsgGenericKprobeArgString) IsReturnArg ¶
func (m MsgGenericKprobeArgString) IsReturnArg() bool
type MsgGenericKprobeArgUInt ¶ added in v0.8.3
func (MsgGenericKprobeArgUInt) GetIndex ¶ added in v0.8.3
func (m MsgGenericKprobeArgUInt) GetIndex() uint64
func (MsgGenericKprobeArgUInt) IsReturnArg ¶ added in v0.8.3
func (m MsgGenericKprobeArgUInt) IsReturnArg() bool
type MsgGenericKprobeArgUserNamespace ¶ added in v0.8.3
type MsgGenericKprobeArgUserNamespace struct {
Index uint64
Level int32
Uid uint32
Gid uint32
NsInum uint32
Label string
}
func (MsgGenericKprobeArgUserNamespace) GetIndex ¶ added in v0.8.3
func (m MsgGenericKprobeArgUserNamespace) GetIndex() uint64
func (MsgGenericKprobeArgUserNamespace) IsReturnArg ¶ added in v0.8.3
func (m MsgGenericKprobeArgUserNamespace) IsReturnArg() bool
type MsgGenericKprobeBpfAttr ¶
type MsgGenericKprobeBpfAttr struct {
ProgType uint32
InsnCnt uint32
ProgName [BPF_OBJ_NAME_LEN]byte
}
type MsgGenericKprobeBpfMap ¶ added in v0.8.3
type MsgGenericKprobeCapability ¶ added in v0.8.3
type MsgGenericKprobeLinuxBinprm ¶ added in v1.1.0
type MsgGenericKprobeLinuxBinprm struct {
Value string
}
type MsgGenericKprobeNetDev ¶ added in v1.1.0
type MsgGenericKprobePerfEvent ¶
type MsgGenericKprobePerfEvent struct {
KprobeFunc [KSYM_NAME_LEN]byte
Type uint32
Config uint64
ProbeOffset uint64
}
type MsgGenericKprobeSkb ¶
type MsgGenericKprobeSock ¶
type MsgGenericKprobeTuple ¶ added in v0.10.0
type MsgGenericKprobeUnix ¶
type MsgGenericKprobeUnix struct {
Common processapi.MsgCommon
ProcessKey processapi.MsgExecveKey
Namespaces processapi.MsgNamespaces
Capabilities processapi.MsgCapabilities
Id uint64
Action uint64
FuncName string
Args []MsgGenericKprobeArg
}
type MsgGenericLoadModule ¶ added in v1.0.0
type MsgGenericLoadModule struct {
SigOk uint32
Pad uint32
Taints uint64
Name [MODULE_NAME_LEN]byte
}
type MsgGenericTracepoint ¶
type MsgGenericTracepoint struct {
Common processapi.MsgCommon
ProcessKey processapi.MsgExecveKey
Namespaces processapi.MsgNamespaces
Capabilities processapi.MsgCapabilities
FuncId int64
RetProbeId uint64
ActionId uint64
ActionArgId uint32
Tid uint32 // The recorded TID that triggered the event
KernelStackID int64
UserStackID int64
}
type MsgGenericTracepointArg ¶
type MsgGenericTracepointArg interface{}
type MsgGenericUserNamespace ¶ added in v0.11.0
type MsgLoader ¶ added in v0.9.0
type MsgLoader struct {
Common processapi.MsgCommon
ProcessKey processapi.MsgExecveKey
Pid uint32
BuildIdSize uint32
PathSize uint32
BuildId [20]byte
Path [4096]byte
}
Source Files
Click to show internal directories.
Click to hide internal directories.