event

Documentation

Index

• type Packet
  • func FromPacket(ci gopacket.CaptureInfo, data []byte) (*Packet, error)
  • func ParsePacketEvent(devices map[int]dev.Device, event bpf.BpfPacketEventT) (*Packet, error)
  • func (p Packet) Egress() bool
  • func (p Packet) Ingress() bool
• type ProcessExec
  • func FromPacketOptions(opts pcapgo.NgPacketOptions) ProcessExec
  • func ParseProcessExecEvent(event bpf.BpfExecEventT) (*ProcessExec, error)
  • func (p ProcessExec) ArgsStr() string
  • func (p ProcessExec) FilenameStr() string
  • func (p ProcessExec) MatchComm(name string) bool

Types

type Packet

type Packet struct {
	Time      time.Time
	Type      packetType
	Device    dev.Device
	Pid       int
	Truncated bool
	Len       int

	Data []byte
}

func FromPacket

func FromPacket(ci gopacket.CaptureInfo, data []byte) (*Packet, error)

func ParsePacketEvent

func ParsePacketEvent(devices map[int]dev.Device, event bpf.BpfPacketEventT) (*Packet, error)

func (Packet) Egress

func (p Packet) Egress() bool

func (Packet) Ingress

func (p Packet) Ingress() bool

type ProcessExec

type ProcessExec struct {
	Pid int

	Filename          string
	FilenameTruncated bool

	Args          []string
	ArgsTruncated bool
}

func FromPacketOptions

func FromPacketOptions(opts pcapgo.NgPacketOptions) ProcessExec

func ParseProcessExecEvent

func ParseProcessExecEvent(event bpf.BpfExecEventT) (*ProcessExec, error)

func (ProcessExec) ArgsStr

func (p ProcessExec) ArgsStr() string

func (ProcessExec) FilenameStr

func (p ProcessExec) FilenameStr() string

func (ProcessExec) MatchComm

func (p ProcessExec) MatchComm(name string) bool