utils

package
v0.3.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2025 License: Apache-2.0 Imports: 36 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	ErrKernelVersion = "incompatible kernel version"
	ErrMacOS         = "no vdso address found in auxv"
)
View Source 
const (
	HostPktType                  = "HOST"
	OutgoingPktType              = "OUTGOING"
	Request         HTTPDataType = 2
	Response        HTTPDataType = 3
)
View Source 
const (
	// standard exit codes
	ExitCodeSuccess = iota
	ExitCodeError   = 1

	// custom exit codes
	ExitCodeRuncNotFound       = 100
	ExitCodeIncompatibleKernel = 101
	ExitCodeMacOS              = 102
)
View Source 
const (
	// Access modes (handled separately)
	O_RDONLY  = 0
	O_WRONLY  = 1
	O_RDWR    = 2
	O_ACCMODE = 3

	// Bit flags
	O_CREAT     = 0o100
	O_EXCL      = 0o200
	O_NOCTTY    = 0o400
	O_TRUNC     = 0o1000
	O_APPEND    = 0o2000
	O_NONBLOCK  = 0o4000
	O_DSYNC     = 0o10000
	O_FASYNC    = 0o20000
	O_DIRECT    = 0o40000
	O_LARGEFILE = 0o100000
	O_DIRECTORY = 0o200000
	O_NOFOLLOW  = 0o400000
	O_NOATIME   = 0o1000000
	O_CLOEXEC   = 0o2000000
)

Standard Linux file open flags from <fcntl.h>

Variables

View Source 
var CelFields = map[string]*celtypes.FieldType{
	"args": {
		Type:  celtypes.ListType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetArgs(), nil
		}),
	},
	"attrSize": {
		Type:  celtypes.UintType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetAttrSize(), nil
		}),
	},
	"capName": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetCapability(), nil
		}),
	},
	"cmd": {
		Type:  celtypes.UintType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetCmd(), nil
		}),
	},
	"comm": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetComm(), nil
		}),
	},
	"containerId": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetContainerID(), nil
		}),
	},
	"containerName": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetContainer(), nil
		}),
	},
	"cwd": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetCwd(), nil
		}),
	},
	"dstAddr": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetDstEndpoint().Addr, nil
		}),
	},
	"dstIp": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetDstIP(), nil
		}),
	},
	"dstPort": {
		Type:  celtypes.IntType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return int(x.Raw.GetDstPort()), nil
		}),
	},
	"exepath": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetExePath(), nil
		}),
	},
	"flags": {
		Type:  celtypes.ListType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetFlags(), nil
		}),
	},
	"flagsRaw": {
		Type:  celtypes.IntType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return int(x.Raw.GetFlagsRaw()), nil
		}),
	},
	"module": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetModule(), nil
		}),
	},
	"name": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetDNSName(), nil
		}),
	},
	"namespace": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetNamespace(), nil
		}),
	},
	"newPath": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetNewPath(), nil
		}),
	},
	"oldPath": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetOldPath(), nil
		}),
	},
	"opcode": {
		Type:  celtypes.IntType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetOpcode(), nil
		}),
	},
	"path": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetPath(), nil
		}),
	},
	"pcomm": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetPcomm(), nil
		}),
	},
	"pid": {
		Type:  celtypes.UintType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetPID(), nil
		}),
	},
	"pktType": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetPktType(), nil
		}),
	},
	"podName": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetPod(), nil
		}),
	},
	"ppid": {
		Type:  celtypes.UintType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetPpid(), nil
		}),
	},
	"proto": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetProto(), nil
		}),
	},
	"pupperlayer": {
		Type:  celtypes.BoolType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetPupperLayer(), nil
		}),
	},
	"srcPort": {
		Type:  celtypes.IntType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return int(x.Raw.GetSrcPort()), nil
		}),
	},
	"syscallName": {
		Type:  celtypes.StringType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetSyscall(), nil
		}),
	},
	"upperlayer": {
		Type:  celtypes.BoolType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetUpperLayer(), nil
		}),
	},
	"uid": {
		Type:  celtypes.UintType,
		IsSet: isSet,
		GetFrom: ref.FieldGetter(func(target any) (any, error) {
			x := target.(*xcel.Object[CelEvent])
			if x.Raw == nil {
				return nil, fmt.Errorf("celval: object is nil")
			}
			return x.Raw.GetUid(), nil
		}),
	},
}

Functions

func AddJitter added in v0.2.134 

func AddJitter(duration time.Duration, maxJitterPercentage int) time.Duration

AddJitter adds jitter percent to the duration

func CalculateFileHashes added in v0.2.122 

func CalculateFileHashes(path string) (sha1Hash string, md5Hash string, err error)

CalculateFileHashes calculates both SHA1 and MD5 hashes of the given file.

func CalculateProcessTreeDepth added in v0.2.354 

func CalculateProcessTreeDepth(process *apitypes.Process) int

CalculateProcessTreeDepth calculates the maximum depth of a process tree. The depth is the maximum number of levels from the root process to any leaf process. A single process (no children) has a depth of 1.

func CalculateSHA256FileExecHash 

func CalculateSHA256FileExecHash(path string, args []string) string

func CalculateSHA256FileOpenHash added in v0.2.246 

func CalculateSHA256FileOpenHash(path string) string

func CopyProcess added in v0.2.405 

func CopyProcess(src *apitypes.Process) *apitypes.Process

CopyProcess creates a deep copy of a process node (without children) Children map is initialized empty so the caller can rebuild the tree structure

func CreateK8sContainerID 

func CreateK8sContainerID(namespaceName string, podName string, containerId string) string

func CreateK8sPodID 

func CreateK8sPodID(namespaceName string, podName string) string

func CreateProcessTree 

func CreateProcessTree(process *apitypes.Process, shimPid uint32) (apitypes.Process, error)

Creates a process tree from a process. The process tree will be built from scanning the /proc filesystem.

func CurrentDir 

func CurrentDir() string

func EnrichProcess added in v0.2.405 

func EnrichProcess(target *apitypes.Process, source *apitypes.Process)

EnrichProcess updates target with non-empty fields from source This is used when merging process information from multiple alerts Only overwrites fields that are empty in target but present in source

func EscapeJSONPointerElement 

func EscapeJSONPointerElement(s string) string

EscapeJSONPointerElement escapes a JSON pointer element See https://www.rfc-editor.org/rfc/rfc6901#section-3

func FlattenChainToList added in v0.2.405 

func FlattenChainToList(root *apitypes.Process) []*apitypes.Process

FlattenChainToList converts a chain-structured process tree into an ordered list (root-first) A chain is a single path from container init to the offending process This is optimized for the common case where each alert provides one linear path

func FuncName added in v0.2.325 

func FuncName(i interface{}) string

func GetCmdlineByPid 

func GetCmdlineByPid(pid int) (*string, error)

func GetCommFromPid 

func GetCommFromPid(pid uint32) (string, error)

func GetContainerStatuses 

func GetContainerStatuses(podStatus v1.PodStatus) []v1.ContainerStatus

func GetExecArgsFromEvent 

func GetExecArgsFromEvent(event ExecEvent) []string

Get exec args from the given event.

func GetExecPathFromEvent 

func GetExecPathFromEvent(event ExecEvent) string

Get the path of the executable from the given event.

func GetFileSize 

func GetFileSize(path string) (int64, error)

Get the size of the given file.

func GetHostFilePathFromEvent 

func GetHostFilePathFromEvent(event EnrichEvent, containerPid uint32) (string, error)

Get the path of the file on the node.

func GetPathFromPid 

func GetPathFromPid(pid uint32) (string, error)

func GetPooledDataItem added in v0.3.3 

func GetPooledDataItem(eventType EventType) datasource.Data

func GetProcessEnv 

func GetProcessEnv(pid int) (map[string]string, error)

func GetProcessFromProcessTree 

func GetProcessFromProcessTree(process *apitypes.Process, pid uint32) *apitypes.Process

func GetProcessStat 

func GetProcessStat(pid int) (*procfs.ProcStat, error)

func IsSensitivePath added in v0.2.246 

func IsSensitivePath(fullPath string, paths []string) bool

func Jitter added in v0.2.332 

func Jitter(duration *time.Duration, maxJitterPercentage float64)

Jitter returns a random duration

func MapContainerStatuses added in v0.2.263 

func MapContainerStatuses(statuses []v1.ContainerStatus) map[string]v1.ContainerStatus

func MergeCloudServices added in v0.2.405 

func MergeCloudServices(existing []string, new []string) []string

MergeCloudServices merges two slices of cloud services and deduplicates them

func MergePolicies added in v0.2.178 

func MergePolicies(primary, secondary v1beta1.RulePolicy) v1beta1.RulePolicy

func RandomDuration added in v0.2.141 

func RandomDuration(max int, duration time.Duration) time.Duration

RandomDuration returns a duration between 1/2 max and max

func TrimRuntimePrefix 

func TrimRuntimePrefix(id string) string

TrimRuntimePrefix removes the runtime prefix from a container ID.

Types

type BpfEvent added in v0.3.3 

type BpfEvent interface {
	EnrichEvent
	GetExePath() string
	GetCmd() uint32
	GetAttrSize() uint32
	GetUpperLayer() bool
}

type CapabilitiesEvent added in v0.3.3 

type CapabilitiesEvent interface {
	EnrichEvent
	GetCapability() string
	GetSyscall() string
}

type CelEvent added in v0.3.3 

type CelEvent interface {
	CapabilitiesEvent
	DNSEvent
	ExecEvent
	IOUring
	LinkEvent
	NetworkEvent
	OpenEvent
	SshEvent
	SyscallEvent
	KmodEvent
	UnshareEvent
	BpfEvent
}

type CelEventImpl added in v0.3.3 

type CelEventImpl struct {
	CelEvent
}

type DNSEvent added in v0.3.3 

type DNSEvent interface {
	EnrichEvent
	GetAddresses() []string
	GetCwd() string
	GetDNSName() string
	GetDstIP() string
	GetDstPort() uint16
	GetExePath() string
	GetNumAnswers() int
	GetProto() string
	GetQr() DNSPktType
	GetSrcIP() string
	GetSrcPort() uint16
}

type DNSPktType added in v0.3.3 

type DNSPktType string
const (
	DNSPktTypeQuery    DNSPktType = "Q"
	DNSPktTypeResponse DNSPktType = "R"
)

type DatasourceEvent added in v0.3.3 

type DatasourceEvent struct {
	Data            datasource.Data
	Datasource      datasource.DataSource
	Direction       consts.NetworkDirection
	EventType       EventType
	FullPathTracing bool
	Internal        bool
	Request         *http.Request
	Response        *http.Response
	Syscall         string
	// contains filtered or unexported fields
}

func (*DatasourceEvent) GetAddresses added in v0.3.3 

func (e *DatasourceEvent) GetAddresses() []string

func (*DatasourceEvent) GetArgs added in v0.3.3 

func (e *DatasourceEvent) GetArgs() []string

func (*DatasourceEvent) GetAttrSize added in v0.3.3 

func (e *DatasourceEvent) GetAttrSize() uint32

func (*DatasourceEvent) GetBuf added in v0.3.3 

func (e *DatasourceEvent) GetBuf() []byte

func (*DatasourceEvent) GetCapability added in v0.3.3 

func (e *DatasourceEvent) GetCapability() string

func (*DatasourceEvent) GetCmd added in v0.3.3 

func (e *DatasourceEvent) GetCmd() uint32

func (*DatasourceEvent) GetComm added in v0.3.3 

func (e *DatasourceEvent) GetComm() string

func (*DatasourceEvent) GetContainer added in v0.3.3 

func (e *DatasourceEvent) GetContainer() string

func (*DatasourceEvent) GetContainerID added in v0.3.3 

func (e *DatasourceEvent) GetContainerID() string

func (*DatasourceEvent) GetContainerImage added in v0.3.3 

func (e *DatasourceEvent) GetContainerImage() string

func (*DatasourceEvent) GetContainerImageDigest added in v0.3.3 

func (e *DatasourceEvent) GetContainerImageDigest() string

func (*DatasourceEvent) GetCwd added in v0.3.3 

func (e *DatasourceEvent) GetCwd() string

func (*DatasourceEvent) GetDNSName added in v0.3.3 

func (e *DatasourceEvent) GetDNSName() string

func (*DatasourceEvent) GetDirection added in v0.3.3 

func (e *DatasourceEvent) GetDirection() consts.NetworkDirection

func (*DatasourceEvent) GetDstEndpoint added in v0.3.3 

func (e *DatasourceEvent) GetDstEndpoint() types.L4Endpoint

func (*DatasourceEvent) GetDstIP added in v0.3.3 

func (e *DatasourceEvent) GetDstIP() string

func (*DatasourceEvent) GetDstPort added in v0.3.3 

func (e *DatasourceEvent) GetDstPort() uint16

func (*DatasourceEvent) GetError added in v0.3.3 

func (e *DatasourceEvent) GetError() int64

func (*DatasourceEvent) GetEventType added in v0.3.3 

func (e *DatasourceEvent) GetEventType() EventType

func (*DatasourceEvent) GetExePath added in v0.3.3 

func (e *DatasourceEvent) GetExePath() string

func (*DatasourceEvent) GetExitCode added in v0.3.3 

func (e *DatasourceEvent) GetExitCode() uint32

func (*DatasourceEvent) GetExtra added in v0.3.3 

func (e *DatasourceEvent) GetExtra() interface{}

func (*DatasourceEvent) GetFlags added in v0.3.3 

func (e *DatasourceEvent) GetFlags() []string

func (*DatasourceEvent) GetFlagsRaw added in v0.3.3 

func (e *DatasourceEvent) GetFlagsRaw() uint32

func (*DatasourceEvent) GetFullPath added in v0.3.3 

func (e *DatasourceEvent) GetFullPath() string

func (*DatasourceEvent) GetGid added in v0.3.3 

func (e *DatasourceEvent) GetGid() *uint32

func (*DatasourceEvent) GetHostNetwork added in v0.3.3 

func (e *DatasourceEvent) GetHostNetwork() bool

func (*DatasourceEvent) GetIdentifier added in v0.3.3 

func (e *DatasourceEvent) GetIdentifier() string

func (*DatasourceEvent) GetInternal added in v0.3.3 

func (e *DatasourceEvent) GetInternal() bool

func (*DatasourceEvent) GetModule added in v0.3.3 

func (e *DatasourceEvent) GetModule() string

func (*DatasourceEvent) GetMountNsID added in v0.3.3 

func (e *DatasourceEvent) GetMountNsID() uint64

func (*DatasourceEvent) GetNamespace added in v0.3.3 

func (e *DatasourceEvent) GetNamespace() string

func (*DatasourceEvent) GetNewPath added in v0.3.3 

func (e *DatasourceEvent) GetNewPath() string

func (*DatasourceEvent) GetNumAnswers added in v0.3.3 

func (e *DatasourceEvent) GetNumAnswers() int

func (*DatasourceEvent) GetOldPath added in v0.3.3 

func (e *DatasourceEvent) GetOldPath() string

func (*DatasourceEvent) GetOpcode added in v0.3.3 

func (e *DatasourceEvent) GetOpcode() int

func (*DatasourceEvent) GetOtherIp added in v0.3.3 

func (e *DatasourceEvent) GetOtherIp() string

func (*DatasourceEvent) GetPID added in v0.3.3 

func (e *DatasourceEvent) GetPID() uint32

func (*DatasourceEvent) GetPID64 added in v0.3.3 

func (e *DatasourceEvent) GetPID64() uint64

GetPID64 is a special implementation for stack trace events.

func (*DatasourceEvent) GetPath added in v0.3.3 

func (e *DatasourceEvent) GetPath() string

func (*DatasourceEvent) GetPcomm added in v0.3.3 

func (e *DatasourceEvent) GetPcomm() string

func (*DatasourceEvent) GetPktType added in v0.3.3 

func (e *DatasourceEvent) GetPktType() string

func (*DatasourceEvent) GetPod added in v0.3.3 

func (e *DatasourceEvent) GetPod() string

func (*DatasourceEvent) GetPodHostIP added in v0.3.3 

func (e *DatasourceEvent) GetPodHostIP() string

func (*DatasourceEvent) GetPodLabels added in v0.3.3 

func (e *DatasourceEvent) GetPodLabels() map[string]string

func (*DatasourceEvent) GetPpid added in v0.3.3 

func (e *DatasourceEvent) GetPpid() uint32

func (*DatasourceEvent) GetProto added in v0.3.3 

func (e *DatasourceEvent) GetProto() string

func (*DatasourceEvent) GetPupperLayer added in v0.3.3 

func (e *DatasourceEvent) GetPupperLayer() bool

func (*DatasourceEvent) GetQr added in v0.3.3 

func (e *DatasourceEvent) GetQr() DNSPktType

func (*DatasourceEvent) GetRequest added in v0.3.3 

func (e *DatasourceEvent) GetRequest() *http.Request

func (*DatasourceEvent) GetResponse added in v0.3.3 

func (e *DatasourceEvent) GetResponse() *http.Response

func (*DatasourceEvent) GetSignal added in v0.3.3 

func (e *DatasourceEvent) GetSignal() uint32

func (*DatasourceEvent) GetSockFd added in v0.3.3 

func (e *DatasourceEvent) GetSockFd() uint32

func (*DatasourceEvent) GetSocketInode added in v0.3.3 

func (e *DatasourceEvent) GetSocketInode() uint64

func (*DatasourceEvent) GetSrcIP added in v0.3.3 

func (e *DatasourceEvent) GetSrcIP() string

func (*DatasourceEvent) GetSrcPort added in v0.3.3 

func (e *DatasourceEvent) GetSrcPort() uint16

func (*DatasourceEvent) GetSyscall added in v0.3.3 

func (e *DatasourceEvent) GetSyscall() string

func (*DatasourceEvent) GetSyscalls added in v0.3.3 

func (e *DatasourceEvent) GetSyscalls() []byte

func (*DatasourceEvent) GetTimestamp added in v0.3.3 

func (e *DatasourceEvent) GetTimestamp() types.Time

func (*DatasourceEvent) GetType added in v0.3.3 

func (e *DatasourceEvent) GetType() HTTPDataType

func (*DatasourceEvent) GetUid added in v0.3.3 

func (e *DatasourceEvent) GetUid() *uint32

func (*DatasourceEvent) GetUpperLayer added in v0.3.3 

func (e *DatasourceEvent) GetUpperLayer() bool

func (*DatasourceEvent) HasDroppedEvents added in v0.3.3 

func (e *DatasourceEvent) HasDroppedEvents() bool

func (*DatasourceEvent) IsDir added in v0.3.3 

func (e *DatasourceEvent) IsDir() bool

func (*DatasourceEvent) MakeHttpEvent added in v0.3.3 

func (e *DatasourceEvent) MakeHttpEvent(request *http.Request, direction consts.NetworkDirection) HttpEvent

func (*DatasourceEvent) Release added in v0.3.3 

func (e *DatasourceEvent) Release()

func (*DatasourceEvent) SetExtra added in v0.3.3 

func (e *DatasourceEvent) SetExtra(extra interface{})

func (*DatasourceEvent) SetResponse added in v0.3.3 

func (e *DatasourceEvent) SetResponse(response *http.Response)

type EnrichEvent added in v0.2.197 

type EnrichEvent interface {
	K8sEvent
	GetComm() string
	GetContainer() string
	GetContainerImage() string
	GetContainerImageDigest() string
	GetError() int64
	GetExtra() interface{}
	GetGid() *uint32
	GetHostNetwork() bool
	GetMountNsID() uint64
	GetPcomm() string
	GetPID() uint32
	GetPID64() uint64
	GetPodLabels() map[string]string
	GetPpid() uint32
	GetUid() *uint32
	SetExtra(extra interface{})
}

type EventType 

type EventType string
const (
	AllEventType          EventType = "all"
	BpfEventType          EventType = "bpf"
	CapabilitiesEventType EventType = "capabilities"
	DnsEventType          EventType = "dns"
	ExecveEventType       EventType = "exec"
	ExitEventType         EventType = "exit"
	ForkEventType         EventType = "fork"
	HTTPEventType         EventType = "http"
	HardlinkEventType     EventType = "hardlink"
	IoUringEventType      EventType = "iouring"
	KmodEventType         EventType = "kmod"
	NetworkEventType      EventType = "network"
	OpenEventType         EventType = "open"
	ProcfsEventType       EventType = "procfs"
	PtraceEventType       EventType = "ptrace"
	RandomXEventType      EventType = "randomx"
	SSHEventType          EventType = "ssh"
	SymlinkEventType      EventType = "symlink"
	SyscallEventType      EventType = "syscall"
	UnshareEventType      EventType = "unshare"
)

type ExecEvent added in v0.3.3 

type ExecEvent interface {
	EnrichEvent
	GetArgs() []string
	GetCwd() string
	GetExePath() string
	GetPupperLayer() bool
	GetUpperLayer() bool
}

type ExitEvent added in v0.3.3 

type ExitEvent interface {
	EnrichEvent
	GetExitCode() uint32
	GetSignal() uint32
}

type ForkEvent added in v0.3.3 

type ForkEvent interface {
	EnrichEvent
	GetExePath() string
}

type HTTPDataType added in v0.3.3 

type HTTPDataType int

type HttpEvent added in v0.3.3 

type HttpEvent interface {
	HttpRawEvent
	GetDirection() consts.NetworkDirection
	GetInternal() bool
	GetOtherIp() string
	GetRequest() *http.Request
	GetResponse() *http.Response
	SetResponse(response *http.Response)
}

type HttpRawEvent added in v0.3.3 

type HttpRawEvent interface {
	EnrichEvent
	GetBuf() []byte
	GetDstIP() string
	GetDstPort() uint16
	GetSockFd() uint32
	GetSocketInode() uint64
	GetSrcIP() string
	GetSrcPort() uint16
	GetSyscall() string
	GetType() HTTPDataType
	MakeHttpEvent(request *http.Request, direction consts.NetworkDirection) HttpEvent
}

type IOUring added in v0.3.3 

type IOUring interface {
	EnrichEvent
	GetFlags() []string
	GetIdentifier() string
	GetOpcode() int
}

type K8sEvent added in v0.2.145 

type K8sEvent interface {
	GetContainerID() string
	GetEventType() EventType
	GetNamespace() string
	GetPod() string
	GetTimestamp() types.Time
	HasDroppedEvents() bool
	Release()
}

type KmodEvent added in v0.3.3 

type KmodEvent interface {
	EnrichEvent
	GetModule() string
	GetExePath() string
	GetSyscall() string
	GetUpperLayer() bool
}

type LinkEvent added in v0.3.3 

type LinkEvent interface {
	EnrichEvent
	GetExePath() string
	GetNewPath() string
	GetOldPath() string
	GetUpperLayer() bool
}

type NetworkEvent added in v0.3.3 

type NetworkEvent interface {
	EnrichEvent
	GetDstEndpoint() types.L4Endpoint
	GetDstPort() uint16
	GetPktType() string
	GetPodHostIP() string
	GetProto() string
}

type OpenEvent added in v0.3.3 

type OpenEvent interface {
	EnrichEvent
	GetFlags() []string
	GetFlagsRaw() uint32
	GetFullPath() string
	GetPath() string
	IsDir() bool
}

type PatchOperation 

type PatchOperation struct {
	Op    string      `json:"op"`
	Path  string      `json:"path"`
	Value interface{} `json:"value"`
}

type PtraceEvent added in v0.3.3 

type PtraceEvent interface {
	EnrichEvent
	GetExePath() string
}

type SshEvent added in v0.3.3 

type SshEvent interface {
	EnrichEvent
	GetDstIP() string
	GetDstPort() uint16
	GetSrcIP() string
	GetSrcPort() uint16
}

type StructEvent added in v0.3.3 

type StructEvent struct {
	Addresses            []string                `json:"addresses,omitempty" yaml:"addresses,omitempty"`
	Args                 []string                `json:"args,omitempty" yaml:"args,omitempty"`
	AttrSize             uint32                  `json:"attrSize,omitempty" yaml:"attrSize,omitempty"`
	Buf                  []byte                  `json:"buf,omitempty" yaml:"buf,omitempty"`
	CapName              string                  `json:"capName,omitempty" yaml:"capName,omitempty"`
	Cmd                  uint32                  `json:"cmd,omitempty" yaml:"cmd,omitempty"`
	Comm                 string                  `json:"comm,omitempty" yaml:"comm,omitempty"`
	Container            string                  `json:"container,omitempty" yaml:"container,omitempty"`
	ContainerID          string                  `json:"containerId,omitempty" yaml:"containerId,omitempty"`
	ContainerImage       string                  `json:"containerImage,omitempty" yaml:"containerImage,omitempty"`
	ContainerImageDigest string                  `json:"containerImageDigest,omitempty" yaml:"containerImageDigest,omitempty"`
	Cwd                  string                  `json:"cwd,omitempty" yaml:"cwd,omitempty"`
	DNSName              string                  `json:"dnsName,omitempty" yaml:"dnsName,omitempty"`
	Dir                  bool                    `json:"dir,omitempty" yaml:"dir,omitempty"`
	Direction            consts.NetworkDirection `json:"direction,omitempty" yaml:"direction,omitempty"`
	DstEndpoint          types.L3Endpoint        `json:"dstEndpoint,omitempty" yaml:"dstEndpoint,omitempty"`
	DstIP                string                  `json:"dstIP,omitempty" yaml:"dstIP,omitempty"`
	DstPort              uint16                  `json:"dstPort,omitempty" yaml:"dstPort,omitempty"`
	Error                int64                   `json:"error,omitempty" yaml:"error,omitempty"`
	EventType            EventType               `json:"eventType,omitempty" yaml:"eventType,omitempty"`
	ExePath              string                  `json:"exePath,omitempty" yaml:"exePath,omitempty"`
	ExitCode             uint32                  `json:"exitCode,omitempty" yaml:"exitCode,omitempty"`
	Extra                interface{}             `json:"extra,omitempty" yaml:"extra,omitempty"`
	Flags                []string                `json:"flags,omitempty" yaml:"flags,omitempty"`
	FlagsRaw             uint32                  `json:"flagsRaw,omitempty" yaml:"flagsRaw,omitempty"`
	FullPath             string                  `json:"fullPath,omitempty" yaml:"fullPath,omitempty"`
	FullPathTracing      bool                    `json:"fullPathTracing,omitempty" yaml:"fullPathTracing,omitempty"`
	Gid                  uint32                  `json:"gid,omitempty" yaml:"gid,omitempty"`
	HostNetwork          bool                    `json:"hostNetwork,omitempty" yaml:"hostNetwork,omitempty"`
	ID                   string                  `json:"id,omitempty" yaml:"id,omitempty"`
	Identifier           string                  `json:"identifier,omitempty" yaml:"identifier,omitempty"`
	Internal             bool                    `json:"internal,omitempty" yaml:"internal,omitempty"`
	Module               string                  `json:"module,omitempty" yaml:"module,omitempty"`
	MountNsID            uint64                  `json:"mountNsID,omitempty" yaml:"mountNsID,omitempty"`
	Namespace            string                  `json:"namespace,omitempty" yaml:"namespace,omitempty"`
	NewPath              string                  `json:"newPath,omitempty" yaml:"newPath,omitempty"`
	NumAnswers           int                     `json:"numAnswers,omitempty" yaml:"numAnswers,omitempty"`
	OldPath              string                  `json:"oldPath,omitempty" yaml:"oldPath,omitempty"`
	Opcode               int                     `json:"opcode,omitempty" yaml:"opcode,omitempty"`
	PID64                uint64                  `json:"pid64,omitempty" yaml:"pid64,omitempty"`
	Path                 string                  `json:"path,omitempty" yaml:"path,omitempty"`
	Pcomm                string                  `json:"pcomm,omitempty" yaml:"pcomm,omitempty"`
	Pid                  uint32                  `json:"pid,omitempty" yaml:"pid,omitempty"`
	PktType              string                  `json:"pktType,omitempty" yaml:"pktType,omitempty"`
	Pod                  string                  `json:"pod,omitempty" yaml:"pod,omitempty"`
	PodHostIP            string                  `json:"podHostIP,omitempty" yaml:"podHostIP,omitempty"`
	PodLabels            map[string]string       `json:"podLabels,omitempty" yaml:"podLabels,omitempty"`
	Ppid                 uint32                  `json:"ppid,omitempty" yaml:"ppid,omitempty"`
	Proto                string                  `json:"proto,omitempty" yaml:"proto,omitempty"`
	Ptid                 uint64                  `json:"ptid,omitempty" yaml:"ptid,omitempty"`
	PtraceRequest        int                     `json:"ptraceRequest,omitempty" yaml:"ptraceRequest,omitempty"`
	PupperLayer          bool                    `json:"pupperLayer,omitempty" yaml:"pupperLayer,omitempty"`
	Qr                   DNSPktType              `json:"qr,omitempty" yaml:"qr,omitempty"`
	Request              *http.Request           `json:"request,omitempty" yaml:"request,omitempty"`
	Response             *http.Response          `json:"response,omitempty" yaml:"response,omitempty"`
	Signal               uint32                  `json:"signal,omitempty" yaml:"signal,omitempty"`
	SockFd               uint32                  `json:"sockFd,omitempty" yaml:"sockFd,omitempty"`
	SocketInode          uint64                  `json:"socketInode,omitempty" yaml:"socketInode,omitempty"`
	SrcIP                string                  `json:"srcIP,omitempty" yaml:"srcIP,omitempty"`
	SrcPort              uint16                  `json:"srcPort,omitempty" yaml:"srcPort,omitempty"`
	StatusCode           int                     `json:"statusCode,omitempty" yaml:"statusCode,omitempty"`
	Syscall              string                  `json:"syscall,omitempty" yaml:"syscall,omitempty"`
	Syscalls             []byte                  `json:"syscalls,omitempty" yaml:"syscalls,omitempty"`
	Tid                  uint64                  `json:"tid,omitempty" yaml:"tid,omitempty"`
	Timestamp            int64                   `json:"timestamp,omitempty" yaml:"timestamp,omitempty"`
	Type                 HTTPDataType            `json:"type,omitempty" yaml:"type,omitempty"`
	Uid                  uint32                  `json:"uid,omitempty" yaml:"uid,omitempty"`
	UpperLayer           bool                    `json:"upperLayer,omitempty" yaml:"upperLayer,omitempty"`
	UserData             int                     `json:"userData,omitempty" yaml:"userData,omitempty"`
}

func (*StructEvent) GetAddresses added in v0.3.3 

func (e *StructEvent) GetAddresses() []string

func (*StructEvent) GetArgs added in v0.3.3 

func (e *StructEvent) GetArgs() []string

func (*StructEvent) GetAttrSize added in v0.3.3 

func (e *StructEvent) GetAttrSize() uint32

func (*StructEvent) GetBuf added in v0.3.3 

func (e *StructEvent) GetBuf() []byte

func (*StructEvent) GetCapability added in v0.3.3 

func (e *StructEvent) GetCapability() string

func (*StructEvent) GetCmd added in v0.3.3 

func (e *StructEvent) GetCmd() uint32

func (*StructEvent) GetComm added in v0.3.3 

func (e *StructEvent) GetComm() string

func (*StructEvent) GetContainer added in v0.3.3 

func (e *StructEvent) GetContainer() string

func (*StructEvent) GetContainerID added in v0.3.3 

func (e *StructEvent) GetContainerID() string

func (*StructEvent) GetContainerImage added in v0.3.3 

func (e *StructEvent) GetContainerImage() string

func (*StructEvent) GetContainerImageDigest added in v0.3.3 

func (e *StructEvent) GetContainerImageDigest() string

func (*StructEvent) GetCwd added in v0.3.3 

func (e *StructEvent) GetCwd() string

func (*StructEvent) GetDNSName added in v0.3.3 

func (e *StructEvent) GetDNSName() string

func (*StructEvent) GetDirection added in v0.3.3 

func (e *StructEvent) GetDirection() consts.NetworkDirection

func (*StructEvent) GetDstEndpoint added in v0.3.3 

func (e *StructEvent) GetDstEndpoint() types.L4Endpoint

func (*StructEvent) GetDstIP added in v0.3.3 

func (e *StructEvent) GetDstIP() string

func (*StructEvent) GetDstPort added in v0.3.3 

func (e *StructEvent) GetDstPort() uint16

func (*StructEvent) GetError added in v0.3.3 

func (e *StructEvent) GetError() int64

func (*StructEvent) GetEventType added in v0.3.3 

func (e *StructEvent) GetEventType() EventType

func (*StructEvent) GetExePath added in v0.3.3 

func (e *StructEvent) GetExePath() string

func (*StructEvent) GetExitCode added in v0.3.3 

func (e *StructEvent) GetExitCode() uint32

func (*StructEvent) GetExtra added in v0.3.3 

func (e *StructEvent) GetExtra() interface{}

func (*StructEvent) GetFlags added in v0.3.3 

func (e *StructEvent) GetFlags() []string

func (*StructEvent) GetFlagsRaw added in v0.3.3 

func (e *StructEvent) GetFlagsRaw() uint32

func (*StructEvent) GetFullPath added in v0.3.3 

func (e *StructEvent) GetFullPath() string

func (*StructEvent) GetGid added in v0.3.3 

func (e *StructEvent) GetGid() *uint32

func (*StructEvent) GetHostNetwork added in v0.3.3 

func (e *StructEvent) GetHostNetwork() bool

func (*StructEvent) GetIdentifier added in v0.3.3 

func (e *StructEvent) GetIdentifier() string

func (*StructEvent) GetInternal added in v0.3.3 

func (e *StructEvent) GetInternal() bool

func (*StructEvent) GetModule added in v0.3.3 

func (e *StructEvent) GetModule() string

func (*StructEvent) GetMountNsID added in v0.3.3 

func (e *StructEvent) GetMountNsID() uint64

func (*StructEvent) GetNamespace added in v0.3.3 

func (e *StructEvent) GetNamespace() string

func (*StructEvent) GetNewPath added in v0.3.3 

func (e *StructEvent) GetNewPath() string

func (*StructEvent) GetNumAnswers added in v0.3.3 

func (e *StructEvent) GetNumAnswers() int

func (*StructEvent) GetOldPath added in v0.3.3 

func (e *StructEvent) GetOldPath() string

func (*StructEvent) GetOpcode added in v0.3.3 

func (e *StructEvent) GetOpcode() int

func (*StructEvent) GetOtherIp added in v0.3.3 

func (e *StructEvent) GetOtherIp() string

func (*StructEvent) GetPID added in v0.3.3 

func (e *StructEvent) GetPID() uint32

func (*StructEvent) GetPID64 added in v0.3.3 

func (e *StructEvent) GetPID64() uint64

GetPID64 is a special implementation for stack trace events.

func (*StructEvent) GetPath added in v0.3.3 

func (e *StructEvent) GetPath() string

func (*StructEvent) GetPcomm added in v0.3.3 

func (e *StructEvent) GetPcomm() string

func (*StructEvent) GetPktType added in v0.3.3 

func (e *StructEvent) GetPktType() string

func (*StructEvent) GetPod added in v0.3.3 

func (e *StructEvent) GetPod() string

func (*StructEvent) GetPodHostIP added in v0.3.3 

func (e *StructEvent) GetPodHostIP() string

func (*StructEvent) GetPodLabels added in v0.3.3 

func (e *StructEvent) GetPodLabels() map[string]string

func (*StructEvent) GetPpid added in v0.3.3 

func (e *StructEvent) GetPpid() uint32

func (*StructEvent) GetProto added in v0.3.3 

func (e *StructEvent) GetProto() string

func (*StructEvent) GetPtid added in v0.3.3 

func (e *StructEvent) GetPtid() uint64

func (*StructEvent) GetPupperLayer added in v0.3.3 

func (e *StructEvent) GetPupperLayer() bool

func (*StructEvent) GetQr added in v0.3.3 

func (e *StructEvent) GetQr() DNSPktType

func (*StructEvent) GetRequest added in v0.3.3 

func (e *StructEvent) GetRequest() *http.Request

func (*StructEvent) GetResponse added in v0.3.3 

func (e *StructEvent) GetResponse() *http.Response

func (*StructEvent) GetSignal added in v0.3.3 

func (e *StructEvent) GetSignal() uint32

func (*StructEvent) GetSockFd added in v0.3.3 

func (e *StructEvent) GetSockFd() uint32

func (*StructEvent) GetSocketInode added in v0.3.3 

func (e *StructEvent) GetSocketInode() uint64

func (*StructEvent) GetSrcIP added in v0.3.3 

func (e *StructEvent) GetSrcIP() string

func (*StructEvent) GetSrcPort added in v0.3.3 

func (e *StructEvent) GetSrcPort() uint16

func (*StructEvent) GetSyscall added in v0.3.3 

func (e *StructEvent) GetSyscall() string

func (*StructEvent) GetSyscalls added in v0.3.3 

func (e *StructEvent) GetSyscalls() []byte

func (*StructEvent) GetTid added in v0.3.3 

func (e *StructEvent) GetTid() uint64

func (*StructEvent) GetTimestamp added in v0.3.3 

func (e *StructEvent) GetTimestamp() types.Time

func (*StructEvent) GetType added in v0.3.3 

func (e *StructEvent) GetType() HTTPDataType

func (*StructEvent) GetUid added in v0.3.3 

func (e *StructEvent) GetUid() *uint32

func (*StructEvent) GetUpperLayer added in v0.3.3 

func (e *StructEvent) GetUpperLayer() bool

func (*StructEvent) HasDroppedEvents added in v0.3.3 

func (e *StructEvent) HasDroppedEvents() bool

func (*StructEvent) IsDir added in v0.3.3 

func (e *StructEvent) IsDir() bool

func (*StructEvent) MakeHttpEvent added in v0.3.3 

func (e *StructEvent) MakeHttpEvent(request *http.Request, direction consts.NetworkDirection) HttpEvent

func (*StructEvent) Release added in v0.3.3 

func (e *StructEvent) Release()

func (*StructEvent) SetExtra added in v0.3.3 

func (e *StructEvent) SetExtra(extra interface{})

func (*StructEvent) SetResponse added in v0.3.3 

func (e *StructEvent) SetResponse(response *http.Response)

type SyscallEvent added in v0.3.3 

type SyscallEvent interface {
	EnrichEvent
	GetSyscall() string
}

type UnshareEvent added in v0.3.3 

type UnshareEvent interface {
	EnrichEvent
	GetExePath() string
	// GetFlags() uint64
	GetUpperLayer() bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.