filter

package

v0.1.3 Latest Latest Go to latest Published: Jan 29, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/criticalstack/swoll

Links

Open Source Insights

Documentation ¶

Index ¶

type Filter
- func NewFilter(m *elf.Module) (*Filter, error)
type Rule
- func NewRule(t Type, ns, k uint32) *Rule
type Type
type Value

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Filter ¶

type Filter struct {
	// contains filtered or unexported fields
}

Filter contains all maps and elf modules to read and write filter information to the kernel probe.

func NewFilter ¶

func NewFilter(m *elf.Module) (*Filter, error)

NewFilter initializes the underlying gobpf structures for filling in rule data into the kernel bpf probe.

func (*Filter) AddMetrics ¶ added in v0.1.3

func (f *Filter) AddMetrics(ns int) error

func (*Filter) AddPid ¶

func (f *Filter) AddPid(pid, ns int) error

AddPid will whitelist a specific PID in the filter table.

func (*Filter) AddPidNs ¶

func (f *Filter) AddPidNs(pidns, ns int) error

AddPidNs will whitelist a PID namespace in the filter table.

func (*Filter) AddSampledSyscall ¶

func (f *Filter) AddSampledSyscall(nr interface{}, ns int, rate uint64) error

func (*Filter) AddSyscall ¶

func (f *Filter) AddSyscall(nr interface{}, ns int) error

AddSyscall adds a syscall (either "sys_xxx" or (int)nr) to the filter table.

func (*Filter) ApplyDefaults ¶

func (f *Filter) ApplyDefaults() error

func (*Filter) ApplySyscallDefaults ¶

func (f *Filter) ApplySyscallDefaults(ns int) error

func (*Filter) DelPid ¶

func (f *Filter) DelPid(pid, ns int) error

DelPid will remove a whitelisted PID from the filter table.

func (*Filter) DelPidNs ¶

func (f *Filter) DelPidNs(pidns, ns int) error

DelPidNs will remove a whitelisted PID namespace from the filter table.

func (*Filter) FilterSelf ¶

func (f *Filter) FilterSelf() error

func (Filter) InitFilter ¶

func (f Filter) InitFilter(m *elf.Module) error

InitFilter works like NewFilter, but directly on an Filter instance. good if you want to embed *Filter somewhere else.

func (*Filter) RemoveMetrics ¶ added in v0.1.3

func (f *Filter) RemoveMetrics(ns int) error

func (*Filter) RemoveSyscall ¶

func (f *Filter) RemoveSyscall(nr interface{}, ns int) error

RemoveSyscall removes a syscall (either "sys_xxx" or (int)nr) from the filter table.

type Rule ¶

type Rule struct {
	Type Type

	Namespace uint32
	Key       uint32
	// contains filtered or unexported fields
}

Rule represents a rule which can be sent to the kernel probe in the rawest form

func NewRule ¶

func NewRule(t Type, ns, k uint32) *Rule

NewRule creates a rule structure to be placed into the kernel filter set.

type Type ¶

type Type uint16

const (
	ModeWhitelist       Type = 1 << 0
	ModeBlacklist       Type = 1 << 1
	ModeGlobalWhitelist Type = 1 << 2
	ModeGlobalBlacklist Type = 1 << 3
	TypeMetrics         Type = 1 << 12
	TypeSyscall         Type = 1 << 13
	TypePid             Type = 1 << 14
	TypePidns           Type = 1 << 15
)

These values should only be modified if changes are made to the filtering logic in the kernel bpf.

type Value ¶

type Value struct {
	SampleRate  uint64
	SampleCount uint64
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL