Documentation
¶
Index ¶
- Constants
- type EventConfig
- type KprobeArgs
- type MsgGenericKprobe
- type MsgGenericKprobeArg
- type MsgGenericKprobeArgBpfAttr
- type MsgGenericKprobeArgBpfMap
- type MsgGenericKprobeArgBytes
- type MsgGenericKprobeArgCapability
- type MsgGenericKprobeArgCred
- type MsgGenericKprobeArgFile
- type MsgGenericKprobeArgInt
- type MsgGenericKprobeArgPath
- type MsgGenericKprobeArgPerfEvent
- type MsgGenericKprobeArgSize
- type MsgGenericKprobeArgSkb
- type MsgGenericKprobeArgSock
- type MsgGenericKprobeArgString
- type MsgGenericKprobeArgUInt
- type MsgGenericKprobeArgUserNamespace
- type MsgGenericKprobeBpfAttr
- type MsgGenericKprobeBpfMap
- type MsgGenericKprobeCapability
- type MsgGenericKprobeCred
- type MsgGenericKprobePerfEvent
- type MsgGenericKprobeSkb
- type MsgGenericKprobeSock
- type MsgGenericKprobeTuple
- type MsgGenericKprobeUnix
- type MsgGenericKprobeUserNamespace
- type MsgGenericTracepoint
- type MsgGenericTracepointArg
- type MsgLoader
Constants ¶
View Source
const ( // 5 arguments + 1 return argument MaxArgsSupported = 6 ReturnArgIndex = MaxArgsSupported - 1 )
View Source
const ( ActionPost = 0 ActionFollowFd = 1 ActionSigKill = 2 ActionUnfollowFd = 3 ActionOverride = 4 ActionCopyFd = 5 ActionGetUrl = 6 ActionLookupDns = 7 ActionNoPost = 8 ActionSignal = 9 )
View Source
const ( BPF_OBJ_NAME_LEN = 16 KSYM_NAME_LEN = 128 )
View Source
const EventConfigMaxArgs = 5
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EventConfig ¶
type EventConfig struct {
FuncId uint32 `align:"func_id"`
Arg [EventConfigMaxArgs]int32 `align:"arg0"`
ArgM [EventConfigMaxArgs]uint32 `align:"arg0m"`
ArgTpCtxOff [EventConfigMaxArgs]uint32 `align:"t_arg0_ctx_off"`
Syscall uint32 `align:"syscall"`
ArgReturnCopy int32 `align:"argreturncopy"`
ArgReturn int32 `align:"argreturn"`
ArgReturnAction int32 `align:"argreturnaction"`
PolicyID uint32 `align:"policy_id"`
Flags uint32 `align:"flags"`
}
type KprobeArgs ¶
type MsgGenericKprobe ¶
type MsgGenericKprobe struct {
Common processapi.MsgCommon
ProcessKey processapi.MsgExecveKey
Namespaces processapi.MsgNamespaces
Capabilities processapi.MsgCapabilities
FuncId uint64
RetProbeId uint64
ActionId uint64
ActionArgId uint32
Tid uint32 // The recorded TID that triggered the event
}
type MsgGenericKprobeArg ¶
type MsgGenericKprobeArgBpfAttr ¶
type MsgGenericKprobeArgBpfAttr struct {
Index uint64
ProgType uint32
InsnCnt uint32
ProgName string
Label string
}
func (MsgGenericKprobeArgBpfAttr) GetIndex ¶
func (m MsgGenericKprobeArgBpfAttr) GetIndex() uint64
func (MsgGenericKprobeArgBpfAttr) IsReturnArg ¶
func (m MsgGenericKprobeArgBpfAttr) IsReturnArg() bool
type MsgGenericKprobeArgBpfMap ¶ added in v0.8.3
type MsgGenericKprobeArgBpfMap struct {
MapType uint32
Index uint64
KeySize uint32
ValueSize uint32
MaxEntries uint32
MapName string
Label string
}
func (MsgGenericKprobeArgBpfMap) GetIndex ¶ added in v0.8.3
func (m MsgGenericKprobeArgBpfMap) GetIndex() uint64
func (MsgGenericKprobeArgBpfMap) IsReturnArg ¶ added in v0.8.3
func (m MsgGenericKprobeArgBpfMap) IsReturnArg() bool
type MsgGenericKprobeArgBytes ¶
type MsgGenericKprobeArgBytes struct {
Index uint64
OrigSize uint64 // if len(Value) < OrigSize, then the result was truncated
Value []byte
Label string
}
func (MsgGenericKprobeArgBytes) GetIndex ¶
func (m MsgGenericKprobeArgBytes) GetIndex() uint64
func (MsgGenericKprobeArgBytes) IsReturnArg ¶
func (m MsgGenericKprobeArgBytes) IsReturnArg() bool
type MsgGenericKprobeArgCapability ¶ added in v0.8.3
func (MsgGenericKprobeArgCapability) GetIndex ¶ added in v0.8.3
func (m MsgGenericKprobeArgCapability) GetIndex() uint64
func (MsgGenericKprobeArgCapability) IsReturnArg ¶ added in v0.8.3
func (m MsgGenericKprobeArgCapability) IsReturnArg() bool
type MsgGenericKprobeArgCred ¶
type MsgGenericKprobeArgCred struct {
Index uint64
Permitted uint64
Effective uint64
Inheritable uint64
Label string
}
func (MsgGenericKprobeArgCred) GetIndex ¶
func (m MsgGenericKprobeArgCred) GetIndex() uint64
func (MsgGenericKprobeArgCred) IsReturnArg ¶
func (m MsgGenericKprobeArgCred) IsReturnArg() bool
type MsgGenericKprobeArgFile ¶
func (MsgGenericKprobeArgFile) GetIndex ¶
func (m MsgGenericKprobeArgFile) GetIndex() uint64
func (MsgGenericKprobeArgFile) IsReturnArg ¶
func (m MsgGenericKprobeArgFile) IsReturnArg() bool
type MsgGenericKprobeArgInt ¶
func (MsgGenericKprobeArgInt) GetIndex ¶
func (m MsgGenericKprobeArgInt) GetIndex() uint64
func (MsgGenericKprobeArgInt) IsReturnArg ¶
func (m MsgGenericKprobeArgInt) IsReturnArg() bool
type MsgGenericKprobeArgPath ¶
func (MsgGenericKprobeArgPath) GetIndex ¶
func (m MsgGenericKprobeArgPath) GetIndex() uint64
func (MsgGenericKprobeArgPath) IsReturnArg ¶
func (m MsgGenericKprobeArgPath) IsReturnArg() bool
type MsgGenericKprobeArgPerfEvent ¶
type MsgGenericKprobeArgPerfEvent struct {
Index uint64
KprobeFunc string
Type uint32
Config uint64
ProbeOffset uint64
Label string
}
func (MsgGenericKprobeArgPerfEvent) GetIndex ¶
func (m MsgGenericKprobeArgPerfEvent) GetIndex() uint64
func (MsgGenericKprobeArgPerfEvent) IsReturnArg ¶
func (m MsgGenericKprobeArgPerfEvent) IsReturnArg() bool
type MsgGenericKprobeArgSize ¶
func (MsgGenericKprobeArgSize) GetIndex ¶
func (m MsgGenericKprobeArgSize) GetIndex() uint64
func (MsgGenericKprobeArgSize) IsReturnArg ¶
func (m MsgGenericKprobeArgSize) IsReturnArg() bool
type MsgGenericKprobeArgSkb ¶
type MsgGenericKprobeArgSkb struct {
Index uint64
Hash uint32
Len uint32
Priority uint32
Mark uint32
Saddr string
Daddr string
Sport uint32
Dport uint32
Proto uint32
SecPathLen uint32
SecPathOLen uint32
Label string
}
func (MsgGenericKprobeArgSkb) GetIndex ¶
func (m MsgGenericKprobeArgSkb) GetIndex() uint64
func (MsgGenericKprobeArgSkb) IsReturnArg ¶
func (m MsgGenericKprobeArgSkb) IsReturnArg() bool
type MsgGenericKprobeArgSock ¶
type MsgGenericKprobeArgSock struct {
Index uint64
Family uint16
Type uint16
Protocol uint16
Mark uint32
Priority uint32
Saddr string
Daddr string
Sport uint32
Dport uint32
Sockaddr uint64
Label string
}
func (MsgGenericKprobeArgSock) GetIndex ¶
func (m MsgGenericKprobeArgSock) GetIndex() uint64
func (MsgGenericKprobeArgSock) IsReturnArg ¶
func (m MsgGenericKprobeArgSock) IsReturnArg() bool
type MsgGenericKprobeArgString ¶
func (MsgGenericKprobeArgString) GetIndex ¶
func (m MsgGenericKprobeArgString) GetIndex() uint64
func (MsgGenericKprobeArgString) IsReturnArg ¶
func (m MsgGenericKprobeArgString) IsReturnArg() bool
type MsgGenericKprobeArgUInt ¶ added in v0.8.3
func (MsgGenericKprobeArgUInt) GetIndex ¶ added in v0.8.3
func (m MsgGenericKprobeArgUInt) GetIndex() uint64
func (MsgGenericKprobeArgUInt) IsReturnArg ¶ added in v0.8.3
func (m MsgGenericKprobeArgUInt) IsReturnArg() bool
type MsgGenericKprobeArgUserNamespace ¶ added in v0.8.3
type MsgGenericKprobeArgUserNamespace struct {
Index uint64
Level int32
Owner uint32
Group uint32
NsInum uint32
Label string
}
func (MsgGenericKprobeArgUserNamespace) GetIndex ¶ added in v0.8.3
func (m MsgGenericKprobeArgUserNamespace) GetIndex() uint64
func (MsgGenericKprobeArgUserNamespace) IsReturnArg ¶ added in v0.8.3
func (m MsgGenericKprobeArgUserNamespace) IsReturnArg() bool
type MsgGenericKprobeBpfAttr ¶
type MsgGenericKprobeBpfAttr struct {
ProgType uint32
InsnCnt uint32
ProgName [BPF_OBJ_NAME_LEN]byte
}
type MsgGenericKprobeBpfMap ¶ added in v0.8.3
type MsgGenericKprobeCapability ¶ added in v0.8.3
type MsgGenericKprobeCred ¶
type MsgGenericKprobePerfEvent ¶
type MsgGenericKprobePerfEvent struct {
KprobeFunc [KSYM_NAME_LEN]byte
Type uint32
Config uint64
ProbeOffset uint64
}
type MsgGenericKprobeSkb ¶
type MsgGenericKprobeSock ¶
type MsgGenericKprobeTuple ¶ added in v0.10.0
type MsgGenericKprobeUnix ¶
type MsgGenericKprobeUnix struct {
Common processapi.MsgCommon
ProcessKey processapi.MsgExecveKey
Namespaces processapi.MsgNamespaces
Capabilities processapi.MsgCapabilities
Id uint64
Action uint64
FuncName string
Args []MsgGenericKprobeArg
}
type MsgGenericKprobeUserNamespace ¶ added in v0.8.3
type MsgGenericTracepoint ¶
type MsgGenericTracepoint struct {
Common processapi.MsgCommon
ProcessKey processapi.MsgExecveKey
Namespaces processapi.MsgNamespaces
Capabilities processapi.MsgCapabilities
FuncId int64
RetProbeId uint64
ActionId uint64
ActionArgId uint32
Tid uint32 // The recorded TID that triggered the event
}
type MsgGenericTracepointArg ¶
type MsgGenericTracepointArg interface{}
type MsgLoader ¶ added in v0.9.0
type MsgLoader struct {
Common processapi.MsgCommon
ProcessKey processapi.MsgExecveKey
Pid uint32
BuildIdSize uint32
PathSize uint32
BuildId [20]byte
Path [4096]byte
}
Source Files
Click to show internal directories.
Click to hide internal directories.