profile

package

v0.0.0-...-e70f483 Latest Latest Go to latest Published: May 21, 2026 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/DataDog/datadog-agent

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package profile holds profile related files

Package profile holds profile related files ¶

Package profile holds profile related files

Index ¶

Constants
Variables
func LoadProtoFromFile(filepath string) (*adprotov1.SecurityProfile, error)
type ActivityDumpHeader
type EventTypeState
type Opts
type Profile
- func New(opts ...Opts) *Profile
- func NewProfileFromActivityDumpMessage(msg *api.ActivityDumpMessage) (*Profile, map[config.StorageFormat][]config.StorageRequest, error)
type VersionContext

Constants ¶

View Source

const (
	// ProtobufVersion defines the protobuf version in use
	ProtobufVersion = "v1"
)

Variables ¶

View Source

var ActivityDumpGraphTemplate = `` /* 1328-byte string literal not displayed */

ActivityDumpGraphTemplate is the template used to generate graphs

Functions ¶

func LoadProtoFromFile ¶

func LoadProtoFromFile(filepath string) (*adprotov1.SecurityProfile, error)

LoadProtoFromFile loads proto profile from file

Types ¶

type ActivityDumpHeader ¶

type ActivityDumpHeader struct {
	// standard attributes used by the intake
	Host    string `json:"host,omitempty"`
	Service string `json:"service,omitempty"`
	Source  string `json:"ddsource,omitempty"`

	DDTags string `json:"ddtags,omitempty"`

	// Used to store the global list of DNS names contained in this dump
	// this is a hack used to provide this global list to the backend in the JSON header
	// instead of in the protobuf payload.
	DNSNames *utils.StringKeys `json:"dns_names"`
}

ActivityDumpHeader holds the header of an activity dump

type EventTypeState ¶

type EventTypeState struct {
	LastAnomalyNano uint64
	State           model.EventFilteringProfileState
}

EventTypeState defines an event type state

type Opts ¶

type Opts func(*Profile)

Opts defines the options to create a new profile

func WithDNSMatchMaxDepth ¶

func WithDNSMatchMaxDepth(dnsMatchMaxDepth int) Opts

WithDNSMatchMaxDepth sets the maximum depth used to compare domain names in the new profile

func WithDifferentiateArgs ¶

func WithDifferentiateArgs(differentiateArgs bool) Opts

WithDifferentiateArgs sets whether arguments should be used to differentiate processes in the new profile

func WithEventTypes ¶

func WithEventTypes(eventTypes []model.EventType) Opts

WithEventTypes sets the event types of a new profile

func WithPathsReducer ¶

func WithPathsReducer(pathsReducer *activity_tree.PathsReducer) Opts

WithPathsReducer sets the path reducer of a new profile

func WithWorkloadSelector ¶

func WithWorkloadSelector(selector cgroupModel.WorkloadSelector) Opts

WithWorkloadSelector sets the workload selector of a new profile

type Profile ¶

type Profile struct {
	// common to ActivityDump and SecurityProfile
	sync.Mutex
	ActivityTree *activity_tree.ActivityTree

	Header   ActivityDumpHeader
	Metadata mtdt.Metadata

	LoadedInKernel *atomic.Bool
	LoadedNano     *atomic.Uint64
	// Instances is the list of workload instances to witch the profile should apply
	InstancesLock sync.Mutex
	Instances     []*tags.Workload
	// contains filtered or unexported fields
}

Profile represents a security profile

func New ¶

func New(opts ...Opts) *Profile

New returns a new profile

func NewProfileFromActivityDumpMessage ¶

func NewProfileFromActivityDumpMessage(msg *api.ActivityDumpMessage) (*Profile, map[config.StorageFormat][]config.StorageRequest, error)

NewProfileFromActivityDumpMessage returns a new Profile from a ActivityDumpMessage.

func (*Profile) AddSnapshotAncestors ¶

func (p *Profile) AddSnapshotAncestors(ancestors []*model.ProcessCacheEntry, resolvers *resolvers.EBPFResolvers, callback func(*model.ProcessCacheEntry))

AddSnapshotAncestors adds the given process branch to the profile, calling the callback for each process cache entry which resulted in a new node insertion

func (*Profile) AddTags ¶

func (p *Profile) AddTags(tags []string)

AddTags adds tags to the profile

func (*Profile) AddVersionContext ¶

func (p *Profile) AddVersionContext(version string, ctx *VersionContext)

AddVersionContext adds a new version context to the profile

func (*Profile) ComputeInMemorySize ¶

func (p *Profile) ComputeInMemorySize() int64

ComputeInMemorySize returns the size of a dump in memory

func (*Profile) ComputeSyscallsList ¶

func (p *Profile) ComputeSyscallsList() []uint32

ComputeSyscallsList computes the top level list of syscalls

func (*Profile) Contains ¶

func (p *Profile) Contains(event *model.Event, insertMissingProcesses bool, imageTag string, generationType activity_tree.NodeGenerationType, resolvers *resolvers.EBPFResolvers) (bool, error)

Contains checks if the profile contains the given event

func (*Profile) Decode ¶

func (p *Profile) Decode(inputFile string) error

Decode decodes an activity dump from a file

func (*Profile) DecodeFromReader ¶

func (p *Profile) DecodeFromReader(reader io.Reader, format config.StorageFormat) error

DecodeFromReader decodes an activity dump from a reader with the provided format

func (*Profile) DecodeJSON ¶

func (p *Profile) DecodeJSON(reader io.Reader) error

DecodeJSON decodes JSON to an activity dump

func (*Profile) DecodeSecDumpProtobuf ¶

func (p *Profile) DecodeSecDumpProtobuf(reader io.Reader) error

DecodeSecDumpProtobuf decodes a SecDump binary representation

func (*Profile) DecodeSecurityProfileProtobuf ¶

func (p *Profile) DecodeSecurityProfileProtobuf(reader io.Reader) error

DecodeSecurityProfileProtobuf decodes a SecurityProfile binary representation

func (*Profile) Encode ¶

func (p *Profile) Encode(format config.StorageFormat) (*bytes.Buffer, error)

Encode encodes an activity dump in the provided format

func (*Profile) EncodeDOT ¶

func (p *Profile) EncodeDOT() (*bytes.Buffer, error)

EncodeDOT encodes an activity dump in the DOT format

func (*Profile) EncodeJSON ¶

func (p *Profile) EncodeJSON(indent string) (*bytes.Buffer, error)

EncodeJSON encodes an activity dump in the ProtoJSON format

func (*Profile) EncodeSecDumpProtobuf ¶

func (p *Profile) EncodeSecDumpProtobuf() (*bytes.Buffer, error)

EncodeSecDumpProtobuf encodes a Profile to its SecDump protobuf binary representation

func (*Profile) EncodeSecurityProfileProtobuf ¶

func (p *Profile) EncodeSecurityProfileProtobuf() (*bytes.Buffer, error)

EncodeSecurityProfileProtobuf encodes a Profile to its SecurityProfile protobuf binary representation

func (*Profile) FakeOverweight ¶

func (p *Profile) FakeOverweight()

FakeOverweight fakes an overweight profile

func (*Profile) GenerateSyscallsFilters ¶

func (p *Profile) GenerateSyscallsFilters() [64]byte

GenerateSyscallsFilters generates the syscall filters for the profile

func (*Profile) GetEventTypes ¶

func (p *Profile) GetEventTypes() []model.EventType

GetEventTypes returns the event types of the profile

func (*Profile) GetGlobalEventTypeState ¶

func (p *Profile) GetGlobalEventTypeState(et model.EventType) model.EventFilteringProfileState

GetGlobalEventTypeState returns the global state of a profile for a given event type: AutoLearning, StableEventType or UnstableEventType

func (*Profile) GetImageNameTag ¶

func (p *Profile) GetImageNameTag() (string, string)

GetImageNameTag returns the image name and tag for the profiled container

func (*Profile) GetProfileCookie ¶

func (p *Profile) GetProfileCookie() uint64

GetProfileCookie returns the profile cookie

func (*Profile) GetSelectorStr ¶

func (p *Profile) GetSelectorStr() string

GetSelectorStr returns the string representation of the profile selector

func (*Profile) GetTagValue ¶

func (p *Profile) GetTagValue(tagName string) string

GetTagValue returns the value of the given tag name

func (*Profile) GetTags ¶

func (p *Profile) GetTags() []string

GetTags returns a copy of the profile tags

func (*Profile) GetVersionContext ¶

func (p *Profile) GetVersionContext(imageTag string) (*VersionContext, bool)

GetVersionContext returns the context of the given version if any

func (*Profile) GetVersionContextIndex ¶

func (p *Profile) GetVersionContextIndex(index int) *VersionContext

GetVersionContextIndex returns the context of the given version if any

func (*Profile) GetVersions ¶

func (p *Profile) GetVersions() []string

GetVersions returns the number of versions stored in the profile (debug purpose only)

func (*Profile) GetWorkloadSelector ¶

func (p *Profile) GetWorkloadSelector() *cgroupModel.WorkloadSelector

GetWorkloadSelector returns the workload selector

func (*Profile) HasAlreadyBeenSent ¶

func (p *Profile) HasAlreadyBeenSent() bool

HasAlreadyBeenSent returns true if the profile has already been sent

func (*Profile) HasTag ¶

func (p *Profile) HasTag(tag string) bool

HasTag returns true if the profile has the given tag

func (*Profile) Insert ¶

func (p *Profile) Insert(event *model.Event, insertMissingProcesses bool, imageTag string, generationType activity_tree.NodeGenerationType, resolvers *resolvers.EBPFResolvers) (bool, error)

Insert inserts an event in the profile

func (*Profile) InsertAndGetSize ¶

func (p *Profile) InsertAndGetSize(event *model.Event, insertMissingProcesses bool, imageTag string, generationType activity_tree.NodeGenerationType, resolvers *resolvers.EBPFResolvers) (bool, int64, error)

InsertAndGetSize inserts an event in the profile and returns the new size of the profile if the event was inserted

func (*Profile) IsEmpty ¶

func (p *Profile) IsEmpty() bool

IsEmpty return true if the dump did not contain any nodes

func (*Profile) IsEventTypeValid ¶

func (p *Profile) IsEventTypeValid(evtType model.EventType) bool

IsEventTypeValid returns true if the event type is valid for the profile

func (*Profile) ListAllVersionStates ¶

func (p *Profile) ListAllVersionStates()

ListAllVersionStates prints the state of all versions of the profile

func (*Profile) LoadFromNewProfile ¶

func (p *Profile) LoadFromNewProfile(newProfile *Profile)

LoadFromNewProfile loads a new profile into the current profile

func (*Profile) MatchesSelector ¶

func (p *Profile) MatchesSelector(entry *model.ProcessCacheEntry) bool

MatchesSelector is used to control how an event should be added to a profile

func (*Profile) NewProcessNodeCallback ¶

func (p *Profile) NewProcessNodeCallback(_ *activity_tree.ProcessNode)

NewProcessNodeCallback is called when a new process node is created

func (*Profile) PrepareNewVersion ¶

func (p *Profile) PrepareNewVersion(newImageTag string, tags []string, maxImageTags int, nowTimestamp uint64) []string

PrepareNewVersion prepares a new version of the profile

func (*Profile) Reset ¶

func (p *Profile) Reset()

Reset empties all internal fields so that this profile can be used again in the future

func (*Profile) ScrubProcessArgsEnvs ¶

func (p *Profile) ScrubProcessArgsEnvs(resolver *process.EBPFResolver)

ScrubProcessArgsEnvs scrubs the process arguments and environment variables

func (*Profile) SendStats ¶

func (p *Profile) SendStats(statsdClient statsd.ClientInterface) error

SendStats sends stats for this profile's activity tree

func (*Profile) SetHasAlreadyBeenSent ¶

func (p *Profile) SetHasAlreadyBeenSent()

SetHasAlreadyBeenSent sets the hasAlreadyBeenSent flag to true

func (*Profile) SetTreeType ¶

func (p *Profile) SetTreeType(validator activity_tree.Owner, treeType string)

SetTreeType updates the type and owner of the ActivityTree of this profile

func (*Profile) SetVersionState ¶

func (p *Profile) SetVersionState(imageTag string, state model.EventFilteringProfileState, lastAnomalyNano uint64) error

SetVersionState force a state for a given version (debug purpose only)

func (*Profile) Snapshot ¶

func (p *Profile) Snapshot(newEvent func() *model.Event)

Snapshot collects procfs data for all the processes in the activity tree

func (*Profile) ToGraph ¶

func (p *Profile) ToGraph() utils.Graph

ToGraph convert the dump to a graph

func (*Profile) ToSecurityActivityDumpMessage ¶

func (p *Profile) ToSecurityActivityDumpMessage(timeout time.Duration, storageRequests map[config.StorageFormat][]config.StorageRequest) *api.ActivityDumpMessage

ToSecurityActivityDumpMessage returns a pointer to a SecurityActivityDumpMessage

func (*Profile) ToSecurityProfileMessage ¶

func (p *Profile) ToSecurityProfileMessage(timeResolver *ktime.Resolver) *api.SecurityProfileMessage

ToSecurityProfileMessage returns a SecurityProfileMessage filled with the content of the current Security Profile

type VersionContext ¶

type VersionContext struct {
	FirstSeenNano uint64
	LastSeenNano  uint64

	EventTypeState map[model.EventType]*EventTypeState

	// Syscalls is the syscalls profile
	Syscalls []uint32

	// Tags defines the tags used to compute this profile, for each present profile versions
	Tags []string
}

VersionContext holds the context of one version (defined by its image tag)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL