processapi

package

v1.1.1 Latest Latest Go to latest Published: Jun 11, 2024 License: Apache-2.0 Imports: 0 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/tetragon

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	// DOCKER_ID_LENGTH to match BPF side buffer size where we read the
	// cgroup of the task
	DOCKER_ID_LENGTH = 128

	// Length of the cgroup name as it is returned from BPF side
	CGROUP_NAME_LENGTH = 128

	// Length of the cgroup path as it is returned from BPF side
	CGROUP_PATH_LENGTH = 4096

	MSG_SIZEOF_MAXARG = 100
	MSG_SIZEOF_EXECVE = 56
	MSG_SIZEOF_CWD    = 256
	MSG_SIZEOF_ARGS   = 1024
	MSG_SIZEOF_BUFFER = MSG_SIZEOF_ARGS +
		MSG_SIZEOF_CWD +
		MSG_SIZEOF_EXECVE + MSG_SIZEOF_EXECVE +
		MSG_SIZEOF_MAXARG

	// MsgUnixSize of msg
	MsgUnixSize uint32 = 640

	/* Execve extra flags */
	ExecveSetuid = 0x01
	ExecveSetgid = 0x02
	/* Execve flags received from BPF */
	ExecveFileCaps   = 0x04 // This binary execution gained new capabilities through file capabilities execution
	ExecveSetuidRoot = 0x08 // This binary execution gained new capabilities through setuid root execution
	ExecveSetgidRoot = 0x10 // This binary execution gained new capabilities through setgid root execution

	// flags of MsgCommon
	MSG_COMMON_FLAG_RETURN            = 0x1
	MSG_COMMON_FLAG_KERNEL_STACKTRACE = 0x2
	MSG_COMMON_FLAG_USER_STACKTRACE   = 0x4

	BINARY_PATH_MAX_LEN = 256
)

View Source

const (
	// UnresolvedMountPoints    = 0x1 // (deprecated)
	UnresolvedPathComponents = 0x2
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Binary ¶ added in v1.1.0

type Binary struct {
	PathLength int64
	Path       [BINARY_PATH_MAX_LEN]byte
}

type KernelStats ¶ added in v1.0.1

type KernelStats struct {
	SentFailed [256]uint64 `align:"sent_failed"`
}

type MsgCapabilities ¶

type MsgCapabilities struct {
	Permitted   uint64
	Effective   uint64
	Inheritable uint64
}

type MsgCgroupData ¶ added in v0.8.4

type MsgCgroupData struct {
	State       int32                    `align:"state"`        // State of cgroup
	HierarchyId uint32                   `align:"hierarchy_id"` // Unique id for the hierarchy
	Level       uint32                   `align:"level"`        // The depth this cgroup is at
	Pad         uint32                   `align:"pad"`
	Name        [CGROUP_NAME_LENGTH]byte `align:"name"` // Cgroup kernfs_node name
}

MsgCgroupData is complementary cgroup data that is collected from BPF side on various cgroup events.

type MsgCgroupEvent ¶ added in v0.8.4

type MsgCgroupEvent struct {
	Common        MsgCommon                `align:"common"`
	Parent        MsgExecveKey             `align:"parent"`
	CgrpOp        uint32                   `align:"cgrp_op"` // Current cgroup operation
	PID           uint32                   `align:"pid"`
	NSPID         uint32                   `align:"nspid"`
	Flags         uint32                   `align:"flags"`
	Ktime         uint64                   `align:"ktime"`
	CgrpidTracker uint64                   `align:"cgrpid_tracker"` // The tracking cgroup ID
	Cgrpid        uint64                   `align:"cgrpid"`         // Current cgroup ID
	CgrpData      MsgCgroupData            `align:"cgrp_data"`      // Complementary cgroup data
	Path          [CGROUP_PATH_LENGTH]byte `align:"path"`           // Full path of the cgroup on fs
}

MsgCgroupEvent is the data that is sent from BPF side on cgroup events into ring buffer.

type MsgCloneEvent ¶

type MsgCloneEvent struct {
	Common MsgCommon
	Parent MsgExecveKey
	PID    uint32
	TID    uint32
	NSPID  uint32
	Flags  uint32
	Ktime  uint64
}

type MsgCommon ¶

type MsgCommon struct {
	Op uint8
	// Flags is used to:
	//  - distinguish between an entry and a return kprobe event
	//  - indicate if a stack trace id was passed in the event
	Flags  uint8
	Pad_v2 [2]uint8
	Size   uint32
	Ktime  uint64
}

API between Kernel BPF and Userspace tetragon Golang agent

type MsgExec ¶

type MsgExec struct {
	Size       uint32
	PID        uint32
	TID        uint32
	NSPID      uint32
	SecureExec uint32
	UID        uint32
	AUID       uint32
	Flags      uint32
	Nlink      uint32
	Pad        uint32
	Ino        uint64
	Ktime      uint64
}

type MsgExecveEvent ¶

type MsgExecveEvent struct {
	Common         MsgCommon
	Kube           MsgK8s
	Parent         MsgExecveKey
	ParentFlags    uint64
	Creds          MsgGenericCred
	Namespaces     MsgNamespaces
	CleanupProcess MsgExecveKey
}

type MsgExecveEventUnix ¶

type MsgExecveEventUnix struct {
	Msg     *MsgExecveEvent
	Kube    MsgK8sUnix
	Process MsgProcess
}

type MsgExecveKey ¶

type MsgExecveKey struct {
	Pid   uint32 `align:"pid"`
	Pad   uint32 `align:"pad"`
	Ktime uint64 `align:"ktime"`
}

type MsgExitEvent ¶

type MsgExitEvent struct {
	Common     MsgCommon    `align:"common"`
	ProcessKey MsgExecveKey `align:"current"`
	Info       MsgExitInfo  `align:"info"`
}

type MsgExitInfo ¶

type MsgExitInfo struct {
	Code uint32 `align:"code"`
	Tid  uint32 `align:"tid"`
}

type MsgGenericCred ¶ added in v1.1.0

type MsgGenericCred struct {
	Uid        uint32
	Gid        uint32
	Suid       uint32
	Sgid       uint32
	Euid       uint32
	Egid       uint32
	FSuid      uint32
	FSgid      uint32
	SecureBits uint32
	Pad        uint32
	Cap        MsgCapabilities
	UserNs     MsgUserNamespace
}

type MsgK8s ¶

type MsgK8s struct {
	NetNS  uint32
	Cid    uint32
	Cgrpid uint64
	Docker [DOCKER_ID_LENGTH]byte
}

type MsgK8sUnix ¶

type MsgK8sUnix struct {
	Docker string
}

type MsgNamespaces ¶

type MsgNamespaces struct {
	UtsInum       uint32
	IpcInum       uint32
	MntInum       uint32
	PidInum       uint32
	PidChildInum  uint32
	NetInum       uint32
	TimeInum      uint32
	TimeChildInum uint32
	CgroupInum    uint32
	UserInum      uint32
}

type MsgProcess ¶

type MsgProcess struct {
	Size       uint32
	PID        uint32
	TID        uint32
	NSPID      uint32
	SecureExec uint32
	UID        uint32
	AUID       uint32
	Flags      uint32
	Nlink      uint32
	Ino        uint64
	Ktime      uint64
	Filename   string
	Args       string
	User       MsgUserRecord
}

API between Userspace tetragon Golang agent and Unix domain socket listener

type MsgUserNamespace ¶ added in v0.11.0

type MsgUserNamespace struct {
	Level  int32
	Uid    uint32
	Gid    uint32
	NsInum uint32
}

type MsgUserRecord ¶ added in v1.1.1

type MsgUserRecord struct {
	Name string
}

Source Files ¶

View all Source files

processapi.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL