Documentation
¶
Index ¶
- Constants
- func EnrichEvent(thirdPartyEnricher containerwatcher.TaskBasedEnricher, event utils.EnrichEvent, ...)
- type CapabilitiesTracer
- type DNSTracer
- type EventQueueInterface
- type ExecTracer
- type ExitTracer
- type ForkTracer
- type HTTPTracer
- type HardlinkTracer
- type IoUringTracer
- type NetworkTracer
- type OpenTracer
- type ProcfsTracer
- type PtraceTracer
- type RandomXTracer
- type SSHTracer
- type SymlinkTracer
- type SyscallTracer
- func (st *SyscallTracer) GetEventType() utils.EventType
- func (st *SyscallTracer) GetName() string
- func (st *SyscallTracer) IsEnabled(cfg interface{}) bool
- func (st *SyscallTracer) Peek(mntns uint64) ([]string, error)
- func (st *SyscallTracer) SetPeekFunc(peekFunc func(mntns uint64) ([]string, error))
- func (st *SyscallTracer) Start(ctx context.Context) error
- func (st *SyscallTracer) Stop() error
- type TopTracer
- type TracerFactory
Constants ¶
const ( SYS_LINKAT = 265 SYS_LINK = 86 SYS_SYMLINKAT = 266 SYS_SYMLINK = 88 SYS_OPEN = 2 SYS_OPENAT = 257 SYS_FORK = 57 )
const ( StatusOK = 200 StatusBadRequest = 300 )
Variables ¶
This section is empty.
Functions ¶
func EnrichEvent ¶
func EnrichEvent(thirdPartyEnricher containerwatcher.TaskBasedEnricher, event utils.EnrichEvent, syscalls []uint64, callback containerwatcher.ResultCallback, containerID string, processID uint32)
Types ¶
type CapabilitiesTracer ¶
type CapabilitiesTracer struct {
// contains filtered or unexported fields
}
CapabilitiesTracer implements TracerInterface for capabilities events
func NewCapabilitiesTracer ¶
func NewCapabilitiesTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), ) *CapabilitiesTracer
NewCapabilitiesTracer creates a new capabilities tracer
func (*CapabilitiesTracer) GetEventType ¶
func (ct *CapabilitiesTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*CapabilitiesTracer) GetName ¶
func (ct *CapabilitiesTracer) GetName() string
GetName returns the unique name of the tracer
func (*CapabilitiesTracer) IsEnabled ¶
func (ct *CapabilitiesTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*CapabilitiesTracer) Start ¶
func (ct *CapabilitiesTracer) Start(ctx context.Context) error
Start initializes and starts the capabilities tracer
func (*CapabilitiesTracer) Stop ¶
func (ct *CapabilitiesTracer) Stop() error
Stop gracefully stops the capabilities tracer
type DNSTracer ¶
type DNSTracer struct {
// contains filtered or unexported fields
}
DNSTracer implements TracerInterface for DNS events
func NewDNSTracer ¶
func NewDNSTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), socketEnricher *socketenricher.SocketEnricher, ) *DNSTracer
NewDNSTracer creates a new DNS tracer
func (*DNSTracer) GetEventType ¶
GetEventType returns the event type this tracer produces
func (*DNSTracer) IsEnabled ¶
IsEnabled checks if this tracer should be enabled based on configuration
type EventQueueInterface ¶
type EventQueueInterface interface {
AddEventDirect(eventType utils.EventType, event utils.K8sEvent, containerID string, processID uint32)
}
EventQueueInterface defines the interface for adding events to the queue
type ExecTracer ¶
type ExecTracer struct {
// contains filtered or unexported fields
}
ExecTracer implements TracerInterface for exec events
func NewExecTracer ¶
func NewExecTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), thirdPartyEnricher containerwatcher.TaskBasedEnricher, ) *ExecTracer
NewExecTracer creates a new exec tracer
func (*ExecTracer) GetEventType ¶
func (et *ExecTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*ExecTracer) GetName ¶
func (et *ExecTracer) GetName() string
GetName returns the unique name of the tracer
func (*ExecTracer) IsEnabled ¶
func (et *ExecTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
type ExitTracer ¶
type ExitTracer struct {
// contains filtered or unexported fields
}
ExitTracer implements TracerInterface for exit events
func NewExitTracer ¶
func NewExitTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), ) *ExitTracer
NewExitTracer creates a new exit tracer
func (*ExitTracer) GetEventType ¶
func (et *ExitTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*ExitTracer) GetName ¶
func (et *ExitTracer) GetName() string
GetName returns the unique name of the tracer
func (*ExitTracer) IsEnabled ¶
func (et *ExitTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
type ForkTracer ¶
type ForkTracer struct {
// contains filtered or unexported fields
}
ForkTracer implements TracerInterface for fork events
func NewForkTracer ¶
func NewForkTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), ) *ForkTracer
NewForkTracer creates a new fork tracer
func (*ForkTracer) GetEventType ¶
func (ft *ForkTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*ForkTracer) GetName ¶
func (ft *ForkTracer) GetName() string
GetName returns the unique name of the tracer
func (*ForkTracer) IsEnabled ¶
func (ft *ForkTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
type HTTPTracer ¶
type HTTPTracer struct {
// contains filtered or unexported fields
}
HTTPTracer implements TracerInterface for HTTP events
func NewHTTPTracer ¶
func NewHTTPTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), ) *HTTPTracer
NewHTTPTracer creates a new HTTP tracer
func (*HTTPTracer) GetEventType ¶
func (ht *HTTPTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*HTTPTracer) GetName ¶
func (ht *HTTPTracer) GetName() string
GetName returns the unique name of the tracer
func (*HTTPTracer) IsEnabled ¶
func (ht *HTTPTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
type HardlinkTracer ¶
type HardlinkTracer struct {
// contains filtered or unexported fields
}
HardlinkTracer implements TracerInterface for hardlink events
func NewHardlinkTracer ¶
func NewHardlinkTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), thirdPartyEnricher containerwatcher.TaskBasedEnricher, ) *HardlinkTracer
NewHardlinkTracer creates a new hardlink tracer
func (*HardlinkTracer) GetEventType ¶
func (ht *HardlinkTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*HardlinkTracer) GetName ¶
func (ht *HardlinkTracer) GetName() string
GetName returns the unique name of the tracer
func (*HardlinkTracer) IsEnabled ¶
func (ht *HardlinkTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*HardlinkTracer) Start ¶
func (ht *HardlinkTracer) Start(ctx context.Context) error
Start initializes and starts the hardlink tracer
func (*HardlinkTracer) Stop ¶
func (ht *HardlinkTracer) Stop() error
Stop gracefully stops the hardlink tracer
type IoUringTracer ¶
type IoUringTracer struct {
// contains filtered or unexported fields
}
IoUringTracer implements TracerInterface for io_uring events
func NewIoUringTracer ¶
func NewIoUringTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), ) *IoUringTracer
NewIoUringTracer creates a new io_uring tracer
func (*IoUringTracer) GetEventType ¶
func (it *IoUringTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*IoUringTracer) GetName ¶
func (it *IoUringTracer) GetName() string
GetName returns the unique name of the tracer
func (*IoUringTracer) IsEnabled ¶
func (it *IoUringTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*IoUringTracer) Start ¶
func (it *IoUringTracer) Start(ctx context.Context) error
Start initializes and starts the io_uring tracer
func (*IoUringTracer) Stop ¶
func (it *IoUringTracer) Stop() error
Stop gracefully stops the io_uring tracer
type NetworkTracer ¶
type NetworkTracer struct {
// contains filtered or unexported fields
}
NetworkTracer implements TracerInterface for network events
func NewNetworkTracer ¶
func NewNetworkTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), socketEnricher *socketenricher.SocketEnricher, ) *NetworkTracer
NewNetworkTracer creates a new network tracer
func (*NetworkTracer) GetEventType ¶
func (nt *NetworkTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*NetworkTracer) GetName ¶
func (nt *NetworkTracer) GetName() string
GetName returns the unique name of the tracer
func (*NetworkTracer) IsEnabled ¶
func (nt *NetworkTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*NetworkTracer) Start ¶
func (nt *NetworkTracer) Start(ctx context.Context) error
Start initializes and starts the network tracer
func (*NetworkTracer) Stop ¶
func (nt *NetworkTracer) Stop() error
Stop gracefully stops the network tracer
type OpenTracer ¶
type OpenTracer struct {
// contains filtered or unexported fields
}
OpenTracer implements TracerInterface for open events
func NewOpenTracer ¶
func NewOpenTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), thirdPartyEnricher containerwatcher.TaskBasedEnricher, ) *OpenTracer
NewOpenTracer creates a new open tracer
func (*OpenTracer) GetEventType ¶
func (ot *OpenTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*OpenTracer) GetName ¶
func (ot *OpenTracer) GetName() string
GetName returns the unique name of the tracer
func (*OpenTracer) IsEnabled ¶
func (ot *OpenTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
type ProcfsTracer ¶
type ProcfsTracer struct {
// contains filtered or unexported fields
}
ProcfsTracer implements TracerInterface for procfs events
func NewProcfsTracer ¶
func NewProcfsTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), cfg config.Config, ) *ProcfsTracer
NewProcfsTracer creates a new procfs tracer
func (*ProcfsTracer) GetEventType ¶
func (pt *ProcfsTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*ProcfsTracer) GetName ¶
func (pt *ProcfsTracer) GetName() string
GetName returns the unique name of the tracer
func (*ProcfsTracer) IsEnabled ¶
func (pt *ProcfsTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*ProcfsTracer) Start ¶
func (pt *ProcfsTracer) Start(ctx context.Context) error
Start initializes and starts the procfs tracer
func (*ProcfsTracer) Stop ¶
func (pt *ProcfsTracer) Stop() error
Stop gracefully stops the procfs tracer
type PtraceTracer ¶
type PtraceTracer struct {
// contains filtered or unexported fields
}
PtraceTracer implements TracerInterface for ptrace events
func NewPtraceTracer ¶
func NewPtraceTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), ) *PtraceTracer
NewPtraceTracer creates a new ptrace tracer
func (*PtraceTracer) GetEventType ¶
func (pt *PtraceTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*PtraceTracer) GetName ¶
func (pt *PtraceTracer) GetName() string
GetName returns the unique name of the tracer
func (*PtraceTracer) IsEnabled ¶
func (pt *PtraceTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*PtraceTracer) Start ¶
func (pt *PtraceTracer) Start(ctx context.Context) error
Start initializes and starts the ptrace tracer
func (*PtraceTracer) Stop ¶
func (pt *PtraceTracer) Stop() error
Stop gracefully stops the ptrace tracer
type RandomXTracer ¶
type RandomXTracer struct {
// contains filtered or unexported fields
}
RandomXTracer implements TracerInterface for RandomX events
func NewRandomXTracer ¶
func NewRandomXTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), ) *RandomXTracer
NewRandomXTracer creates a new RandomX tracer
func (*RandomXTracer) GetEventType ¶
func (rt *RandomXTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*RandomXTracer) GetName ¶
func (rt *RandomXTracer) GetName() string
GetName returns the unique name of the tracer
func (*RandomXTracer) IsEnabled ¶
func (rt *RandomXTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*RandomXTracer) Start ¶
func (rt *RandomXTracer) Start(ctx context.Context) error
Start initializes and starts the RandomX tracer
func (*RandomXTracer) Stop ¶
func (rt *RandomXTracer) Stop() error
Stop gracefully stops the RandomX tracer
type SSHTracer ¶
type SSHTracer struct {
// contains filtered or unexported fields
}
SSHTracer implements TracerInterface for SSH events
func NewSSHTracer ¶
func NewSSHTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), socketEnricher *socketenricher.SocketEnricher, ) *SSHTracer
NewSSHTracer creates a new SSH tracer
func (*SSHTracer) GetEventType ¶
GetEventType returns the event type this tracer produces
func (*SSHTracer) IsEnabled ¶
IsEnabled checks if this tracer should be enabled based on configuration
type SymlinkTracer ¶
type SymlinkTracer struct {
// contains filtered or unexported fields
}
SymlinkTracer implements TracerInterface for symlink events
func NewSymlinkTracer ¶
func NewSymlinkTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), thirdPartyEnricher containerwatcher.TaskBasedEnricher, ) *SymlinkTracer
NewSymlinkTracer creates a new symlink tracer
func (*SymlinkTracer) GetEventType ¶
func (st *SymlinkTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*SymlinkTracer) GetName ¶
func (st *SymlinkTracer) GetName() string
GetName returns the unique name of the tracer
func (*SymlinkTracer) IsEnabled ¶
func (st *SymlinkTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*SymlinkTracer) Start ¶
func (st *SymlinkTracer) Start(ctx context.Context) error
Start initializes and starts the symlink tracer
func (*SymlinkTracer) Stop ¶
func (st *SymlinkTracer) Stop() error
Stop gracefully stops the symlink tracer
type SyscallTracer ¶
type SyscallTracer struct {
// contains filtered or unexported fields
}
SyscallTracer implements TracerInterface for syscall/seccomp events
func NewSyscallTracer ¶
func NewSyscallTracer(containerProfileManager containerprofilemanager.ContainerProfileManagerClient, ruleManager rulemanager.RuleManagerClient) *SyscallTracer
NewSyscallTracer creates a new syscall tracer
func (*SyscallTracer) GetEventType ¶
func (st *SyscallTracer) GetEventType() utils.EventType
GetEventType returns the event type this tracer produces
func (*SyscallTracer) GetName ¶
func (st *SyscallTracer) GetName() string
GetName returns the unique name of the tracer
func (*SyscallTracer) IsEnabled ¶
func (st *SyscallTracer) IsEnabled(cfg interface{}) bool
IsEnabled checks if this tracer should be enabled based on configuration
func (*SyscallTracer) Peek ¶
func (st *SyscallTracer) Peek(mntns uint64) ([]string, error)
Peek provides the peek function for other components
func (*SyscallTracer) SetPeekFunc ¶
func (st *SyscallTracer) SetPeekFunc(peekFunc func(mntns uint64) ([]string, error))
SetPeekFunc sets the peek function (kept for compatibility, but not used since we directly use tracer.Peek)
func (*SyscallTracer) Start ¶
func (st *SyscallTracer) Start(ctx context.Context) error
Start initializes and starts the syscall tracer
func (*SyscallTracer) Stop ¶
func (st *SyscallTracer) Stop() error
Stop gracefully stops the syscall tracer
type TopTracer ¶
type TopTracer struct {
// contains filtered or unexported fields
}
TopTracer implements TracerInterface for top events (Prometheus metrics)
func NewTopTracer ¶
func NewTopTracer( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, eventCallback func(utils.K8sEvent, string, uint32), ) *TopTracer
NewTopTracer creates a new top tracer
func (*TopTracer) GetEventType ¶
GetEventType returns the event type this tracer produces
func (*TopTracer) IsEnabled ¶
IsEnabled checks if this tracer should be enabled based on configuration
type TracerFactory ¶
type TracerFactory struct {
// contains filtered or unexported fields
}
TracerFactory manages the creation and configuration of all tracers
func NewTracerFactory ¶
func NewTracerFactory( containerCollection *containercollection.ContainerCollection, tracerCollection *tracercollection.TracerCollection, containerSelector containercollection.ContainerSelector, orderedEventQueue EventQueueInterface, socketEnricher *socketenricher.SocketEnricher, containerProfileManager containerprofilemanager.ContainerProfileManagerClient, ruleManager rulemanager.RuleManagerClient, thirdPartyTracers mapset.Set[containerwatcher.CustomTracer], thirdPartyEnricher containerwatcher.TaskBasedEnricher, cfg config.Config, ) *TracerFactory
NewTracerFactory creates a new tracer factory
func (*TracerFactory) CreateAllTracers ¶
func (tf *TracerFactory) CreateAllTracers(manager containerwatcher.TracerRegistrer)
CreateAllTracers creates all configured tracers
func (*TracerFactory) GetThirdPartyTracers ¶
func (tf *TracerFactory) GetThirdPartyTracers() []containerwatcher.CustomTracer
GetThirdPartyTracers returns all registered third-party tracers
Source Files