processapi

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 22, 2025 License: Apache-2.0 Imports: 0 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DOCKER_ID_LENGTH to match BPF side buffer size where we read the
	// cgroup of the task
	DOCKER_ID_LENGTH = 128

	// Length of the cgroup name as it is returned from BPF side
	CGROUP_NAME_LENGTH = 128

	// Length of the cgroup path as it is returned from BPF side
	CGROUP_PATH_LENGTH = 4096

	MSG_SIZEOF_MAXARG = 100
	MSG_SIZEOF_EXECVE = 56
	MSG_SIZEOF_CWD    = 4096
	MSG_SIZEOF_ARGS   = 1024
	MSG_SIZEOF_BUFFER = MSG_SIZEOF_ARGS +
		MSG_SIZEOF_CWD +
		MSG_SIZEOF_EXECVE + MSG_SIZEOF_EXECVE +
		MSG_SIZEOF_MAXARG

	// MsgUnixSize of msg
	MsgUnixSize uint32 = 640

	/* Execve extra flags */
	ExecveSetuid = 0x01
	ExecveSetgid = 0x02
	/* Execve flags received from BPF */
	ExecveFileCaps   = 0x04 // This binary execution gained new capabilities through file capabilities execution
	ExecveSetuidRoot = 0x08 // This binary execution gained new capabilities through setuid root execution
	ExecveSetgidRoot = 0x10 // This binary execution gained new capabilities through setgid root execution

	// flags of MsgCommon
	MSG_COMMON_FLAG_RETURN            = 0x1
	MSG_COMMON_FLAG_KERNEL_STACKTRACE = 0x2
	MSG_COMMON_FLAG_USER_STACKTRACE   = 0x4
	MSG_COMMON_FLAG_IMA_HASH          = 0x8
	MSG_COMMON_FLAG_PROCESS_NOT_FOUND = 0x10
	MSG_COMMON_FLAG_ACTION_FAILED     = 0x20

	BINARY_PATH_MAX_LEN = 256
	MAX_ARG_LENGTH      = 256

	STRING_POSTFIX_MAX_LENGTH = 128
)
View Source 
const (
	SentFailedUnknown = iota
	SentFailedEnoent
	SentFailedE2big
	SentFailedEbusy
	SentFailedEinval
	SentFailedEnospc
	SentFailedEagain
	SentFailedMax
)
View Source 
const (
	UPROBE_REGS_MAX = 18
)
View Source 
const (
	// UnresolvedMountPoints    = 0x1 // (deprecated)
	UnresolvedPathComponents = 0x2
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Binary added in v1.1.0 

type Binary struct {
	PathLength int32
	Reversed   uint32
	Path       [BINARY_PATH_MAX_LEN]byte
	End        [STRING_POSTFIX_MAX_LENGTH]byte
	EndR       [STRING_POSTFIX_MAX_LENGTH]byte
	Args       [MAX_ARG_LENGTH]byte
	MBSet      uint64
	MBGen      uint64
}

type CgroupRateKey added in v1.2.0 

type CgroupRateKey struct {
	Id uint64
}

type CgroupRateOptions added in v1.2.0 

type CgroupRateOptions struct {
	Events   uint64
	Interval uint64
}

type CgroupRateValue added in v1.2.0 

type CgroupRateValue struct {
	Curr      uint64
	Prev      uint64
	Time      uint64
	Rate      uint64
	Throttled uint64
}

type KernelStats added in v1.0.1 

type KernelStats struct {
	SentFailed [256][SentFailedMax]uint64 `align:"sent_failed"`
}

type MsgCapabilities 

type MsgCapabilities struct {
	Permitted   uint64
	Effective   uint64
	Inheritable uint64
}

type MsgCgroupData added in v0.8.4 

type MsgCgroupData struct {
	State       int32                    `align:"state"`        // State of cgroup
	HierarchyId uint32                   `align:"hierarchy_id"` // Unique id for the hierarchy
	Level       uint32                   `align:"level"`        // The depth this cgroup is at
	Pad         uint32                   `align:"pad"`
	Name        [CGROUP_NAME_LENGTH]byte `align:"name"` // Cgroup kernfs_node name
}

MsgCgroupData is complementary cgroup data that is collected from BPF side on various cgroup events.

type MsgCgroupEvent added in v0.8.4 

type MsgCgroupEvent struct {
	Common        MsgCommon                `align:"common"`
	Parent        MsgExecveKey             `align:"parent"`
	CgrpOp        uint32                   `align:"cgrp_op"` // Current cgroup operation
	PID           uint32                   `align:"pid"`
	NSPID         uint32                   `align:"nspid"`
	Flags         uint32                   `align:"flags"`
	Ktime         uint64                   `align:"ktime"`
	CgrpidTracker uint64                   `align:"cgrpid_tracker"` // The tracking cgroup ID
	Cgrpid        uint64                   `align:"cgrpid"`         // Current cgroup ID
	CgrpData      MsgCgroupData            `align:"cgrp_data"`      // Complementary cgroup data
	Path          [CGROUP_PATH_LENGTH]byte `align:"path"`           // Full path of the cgroup on fs
}

MsgCgroupEvent is the data that is sent from BPF side on cgroup events into ring buffer.

type MsgCloneEvent 

type MsgCloneEvent struct {
	Common MsgCommon
	Parent MsgExecveKey
	PID    uint32
	TID    uint32
	NSPID  uint32
	Flags  uint32
	Ktime  uint64
}

type MsgCommon 

type MsgCommon struct {
	Op uint8
	// Flags is used to:
	//  - distinguish between an entry and a return kprobe event
	//  - indicate if a stack trace id was passed in the event
	Flags uint8
	PadV2 [2]uint8
	Size  uint32
	Ktime uint64
}

API between Kernel BPF and Userspace tetragon Golang agent

type MsgExec 

type MsgExec struct {
	Size       uint32
	PID        uint32
	TID        uint32
	NSPID      uint32
	SecureExec uint32
	UID        uint32
	AUID       uint32
	Flags      uint32
	Nlink      uint32
	Pad        uint32
	Ino        uint64
	Ktime      uint64
}

type MsgExecveEvent 

type MsgExecveEvent struct {
	Common         MsgCommon
	Kube           MsgK8s
	Parent         MsgExecveKey
	ParentFlags    uint64
	Creds          MsgGenericCred
	Namespaces     MsgNamespaces
	CleanupProcess MsgExecveKey
}

type MsgExecveEventUnix 

type MsgExecveEventUnix struct {
	Msg     *MsgExecveEvent
	Kube    MsgK8sUnix
	Process MsgProcess
}

type MsgExecveKey 

type MsgExecveKey struct {
	Pid   uint32 `align:"pid"`
	Pad   uint32 `align:"pad"`
	Ktime uint64 `align:"ktime"`
}

type MsgExitEvent 

type MsgExitEvent struct {
	Common     MsgCommon    `align:"common"`
	ProcessKey MsgExecveKey `align:"current"`
	Info       MsgExitInfo  `align:"info"`
}

type MsgExitInfo 

type MsgExitInfo struct {
	Code uint32 `align:"code"`
	Tid  uint32 `align:"tid"`
}

type MsgGenericCred added in v1.1.0 

type MsgGenericCred struct {
	Uid        uint32
	Gid        uint32
	Suid       uint32
	Sgid       uint32
	Euid       uint32
	Egid       uint32
	FSuid      uint32
	FSgid      uint32
	SecureBits uint32
	Pad        uint32
	Cap        MsgCapabilities
	UserNs     MsgUserNamespace
}

type MsgK8s 

type MsgK8s struct {
	Cgrpid        uint64
	CgrpTrackerID uint64
	Docker        [DOCKER_ID_LENGTH]byte
}

type MsgK8sUnix 

type MsgK8sUnix struct {
	Docker        string
	Cgrpid        uint64
	CgrpTrackerID uint64
}

type MsgNamespaces 

type MsgNamespaces struct {
	UtsInum       uint32
	IpcInum       uint32
	MntInum       uint32
	PidInum       uint32
	PidChildInum  uint32
	NetInum       uint32
	TimeInum      uint32
	TimeChildInum uint32
	CgroupInum    uint32
	UserInum      uint32
}

type MsgProcess 

type MsgProcess struct {
	Size       uint32
	PID        uint32
	TID        uint32
	NSPID      uint32
	SecureExec uint32
	UID        uint32
	AUID       uint32
	Flags      uint32
	Nlink      uint32
	Ino        uint64
	Ktime      uint64
	Filename   string
	Args       string
	User       MsgUserRecord
}

API between Userspace tetragon Golang agent and Unix domain socket listener

type MsgThrottleEvent added in v1.2.0 

type MsgThrottleEvent struct {
	Common MsgCommon
	Kube   MsgK8s
}

type MsgUserNamespace added in v0.11.0 

type MsgUserNamespace struct {
	Level  int32
	Uid    uint32
	Gid    uint32
	NsInum uint32
}

type MsgUserRecord added in v1.1.1 

type MsgUserRecord struct {
	Name string
}

type RegAssignment added in v1.6.0 

type RegAssignment struct {
	Type uint8
	Pad1 uint8
	Src  uint16
	Dst  uint16
	Pad2 uint16
	Off  uint64
}

type UprobeRegs added in v1.6.0 

type UprobeRegs struct {
	Ass [UPROBE_REGS_MAX]RegAssignment
	Cnt uint32
	Pad uint32
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.