Documentation
¶
Index ¶
- Constants
- func Init() (bpfprogs.BpfProg, error)
- type ExecSnoopBpf
- func (e *ExecSnoopBpf) Attach() error
- func (e *ExecSnoopBpf) Description() string
- func (e *ExecSnoopBpf) Destroy()
- func (e *ExecSnoopBpf) GetArgs() []string
- func (e *ExecSnoopBpf) GetOutputBuf() *ringbuf.Reader
- func (e *ExecSnoopBpf) GetOutputBufPath() string
- func (e *ExecSnoopBpf) Load() error
- func (e *ExecSnoopBpf) Name() string
- func (e *ExecSnoopBpf) SetArgs(args []string)
- func (e *ExecSnoopBpf) SetPinPath(pinPath string)
Constants ¶
View Source
const ( ExecSnoopEventMStorage = "bpflock_execsnoop_storage" ExecSnoopArgsMap = "bpflock_execsnoop_args" ExecSnoopProfile = 1 ExecSnoopTraceTarget = 2 ExecSnoopDebug = 5 )
View Source
const ( /* The following are how we should trace: key is ExecSnoopTraceTarget */ ExecSnoopTraceByFilter = iota + 1 ExecSnoopTraceAll )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ExecSnoopBpf ¶
type ExecSnoopBpf struct {
// contains filtered or unexported fields
}
func (*ExecSnoopBpf) Attach ¶
func (e *ExecSnoopBpf) Attach() error
func (*ExecSnoopBpf) Description ¶
func (e *ExecSnoopBpf) Description() string
func (*ExecSnoopBpf) Destroy ¶
func (e *ExecSnoopBpf) Destroy()
Destroy cleans up everything related to execsnoop and remove ring buffer
func (*ExecSnoopBpf) GetArgs ¶
func (e *ExecSnoopBpf) GetArgs() []string
func (*ExecSnoopBpf) GetOutputBuf ¶
func (e *ExecSnoopBpf) GetOutputBuf() *ringbuf.Reader
func (*ExecSnoopBpf) GetOutputBufPath ¶
func (e *ExecSnoopBpf) GetOutputBufPath() string
func (*ExecSnoopBpf) Load ¶
func (e *ExecSnoopBpf) Load() error
func (*ExecSnoopBpf) Name ¶
func (e *ExecSnoopBpf) Name() string
func (*ExecSnoopBpf) SetArgs ¶
func (e *ExecSnoopBpf) SetArgs(args []string)
func (*ExecSnoopBpf) SetPinPath ¶
func (e *ExecSnoopBpf) SetPinPath(pinPath string)
Source Files
Click to show internal directories.
Click to hide internal directories.