containerwatcher

package
v0.2.368 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 12, 2025 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SYS_LINKAT    = 265
	SYS_LINK      = 86
	SYS_SYMLINKAT = 266
	SYS_SYMLINK   = 88
	SYS_OPEN      = 2
	SYS_OPENAT    = 257
	SYS_FORK      = 57
)

The numbers can be arbitrary identifiers since they're not actually used for system calls, so we don't need to handle other architecture specifically.

View Source 
const (
	MaxSniffingTimeLabel = "kubescape.io/max-sniffing-time"
)

Variables

This section is empty.

Functions

func CreateIGContainerWatcher 

func CreateIGContainerWatcher(
	cfg config.Config,
	containerProfileManager containerprofilemanager.ContainerProfileManagerClient,
	k8sClient *k8sinterface.KubernetesApi,
	igK8sClient *containercollection.K8sClient,
	dnsManagerClient dnsmanager.DNSManagerClient,
	metrics metricsmanager.MetricsManager,
	ruleManager rulemanager.RuleManagerClient,
	malwareManager malwaremanager.MalwareManagerClient,
	sbomManager sbommanager.SbomManagerClient,
	ruleBindingPodNotify *chan rulebindingmanager.RuleBindingNotify,
	runtime *containerutilsTypes.RuntimeConfig,
	thirdPartyEventReceivers *maps.SafeMap[utils.EventType, mapset.Set[containerwatcher.EventReceiver]],
	thirdPartyEnricher containerwatcher.TaskBasedEnricher,
	processTreeManager processtree.ProcessTreeManager,
	clusterName string,
	objectCache objectcache.ObjectCache,
	networkStreamClient networkstream.NetworkStreamClient,
	containerProcessTree containerprocesstree.ContainerProcessTree,
) (containerwatcher.ContainerWatcher, error)

CreateIGContainerWatcher creates a new container watcher with the ordered event processing design This function maintains compatibility with the v1 API while using the new v2 implementation

Types

type ContainerWatcher 

type ContainerWatcher struct {
	// contains filtered or unexported fields
}

ContainerWatcher represents the new container watcher implementation

func CreateContainerWatcher 

func CreateContainerWatcher(
	cfg config.Config,
	containerProfileManager containerprofilemanager.ContainerProfileManagerClient,
	k8sClient *k8sinterface.KubernetesApi,
	igK8sClient *containercollection.K8sClient,
	dnsManagerClient dnsmanager.DNSManagerClient,
	metrics metricsmanager.MetricsManager,
	ruleManager rulemanager.RuleManagerClient,
	malwareManager malwaremanager.MalwareManagerClient,
	sbomManager sbommanager.SbomManagerClient,
	ruleBindingPodNotify *chan rulebindingmanager.RuleBindingNotify,
	runtime *containerutilsTypes.RuntimeConfig,
	thirdPartyEventReceivers *maps.SafeMap[utils.EventType, mapset.Set[containerwatcher.EventReceiver]],
	thirdPartyEnricher containerwatcher.TaskBasedEnricher,
	processTreeManager processtree.ProcessTreeManager,
	clusterName string,
	objectCache objectcache.ObjectCache,
	networkStreamClient networkstream.NetworkStreamClient,
	containerProcessTree containerprocesstree.ContainerProcessTree,
) (*ContainerWatcher, error)

CreateContainerWatcher creates a new container watcher with the ordered event processing design

func (*ContainerWatcher) GetContainerCollection 

func (cw *ContainerWatcher) GetContainerCollection() *containercollection.ContainerCollection

GetContainerCollection returns the container collection

func (*ContainerWatcher) GetContainerSelector 

func (cw *ContainerWatcher) GetContainerSelector() *containercollection.ContainerSelector

GetContainerSelector returns the container selector

func (*ContainerWatcher) GetSocketEnricher 

func (cw *ContainerWatcher) GetSocketEnricher() *socketenricher.SocketEnricher

GetSocketEnricher returns the socket enricher

func (*ContainerWatcher) GetTracerCollection 

func (cw *ContainerWatcher) GetTracerCollection() *tracercollection.TracerCollection

GetTracerCollection returns the tracer collection

func (*ContainerWatcher) Ready 

func (cw *ContainerWatcher) Ready() bool

Ready returns true if the container watcher is ready to process events

func (*ContainerWatcher) RegisterContainerReceiver 

func (cw *ContainerWatcher) RegisterContainerReceiver(receiver containerwatcher.ContainerReceiver)

RegisterContainerReceiver registers a container receiver

func (*ContainerWatcher) RegisterCustomTracer 

func (cw *ContainerWatcher) RegisterCustomTracer(tracer containerwatcher.CustomTracer) error

RegisterCustomTracer registers a custom tracer

func (*ContainerWatcher) Start 

func (cw *ContainerWatcher) Start(ctx context.Context) error

Start initializes and starts the container watcher

func (*ContainerWatcher) StartContainerCollection 

func (cw *ContainerWatcher) StartContainerCollection(ctx context.Context) error

StartContainerCollection starts the container collection

func (*ContainerWatcher) Stop 

func (cw *ContainerWatcher) Stop()

Stop gracefully stops the container watcher

func (*ContainerWatcher) StopContainerCollection 

func (cw *ContainerWatcher) StopContainerCollection()

StopContainerCollection stops the container collection

func (*ContainerWatcher) UnregisterContainerReceiver 

func (cw *ContainerWatcher) UnregisterContainerReceiver(receiver containerwatcher.ContainerReceiver)

UnregisterContainerReceiver unregisters a container receiver

func (*ContainerWatcher) UnregisterCustomTracer 

func (cw *ContainerWatcher) UnregisterCustomTracer(tracer containerwatcher.CustomTracer) error

UnregisterCustomTracer unregisters a custom tracer

type EventEnricher 

type EventEnricher struct {
	// contains filtered or unexported fields
}

EventEnricher handles event enrichment with metrics and logging

func NewEventEnricher 

func NewEventEnricher(
	processTreeManager processtree.ProcessTreeManager,
) *EventEnricher

NewEventEnricher creates a new event enricher

func (*EventEnricher) EnrichEvents 

func (ee *EventEnricher) EnrichEvents(entry eventEntry) *ebpfevents.EnrichedEvent

type EventHandlerFactory 

type EventHandlerFactory struct {
	// contains filtered or unexported fields
}

EventHandlerFactory manages the mapping of event types to their managers

func NewEventHandlerFactory 

func NewEventHandlerFactory(
	cfg config.Config,
	containerCollection *containercollection.ContainerCollection,
	containerProfileManager containerprofilemanager.ContainerProfileManagerClient,
	dnsManager dnsmanager.DNSManagerClient,
	ruleManager rulemanager.RuleManagerClient,
	malwareManager malwaremanager.MalwareManagerClient,
	networkStreamClient networkstream.NetworkStreamClient,
	metrics metricsmanager.MetricsManager,
	thirdPartyEventReceivers *maps.SafeMap[utils.EventType, mapset.Set[containerwatcher.EventReceiver]],
	thirdPartyEnricher containerwatcher.TaskBasedEnricher,
	rulePolicyReporter *rulepolicy.RulePolicyReporter,
) *EventHandlerFactory

NewEventHandlerFactory creates a new event handler factory

func (*EventHandlerFactory) ProcessEvent 

func (ehf *EventHandlerFactory) ProcessEvent(enrichedEvent *events.EnrichedEvent)

ProcessEvent processes an event through all registered handlers

type Manager 

type Manager interface {
	ReportEvent(eventType utils.EventType, event utils.K8sEvent)
}

Manager represents a component that can receive events

type ManagerAdapter 

type ManagerAdapter struct {
	// contains filtered or unexported fields
}

ManagerAdapter adapts different manager interfaces to the common Manager interface

func NewManagerAdapter 

func NewManagerAdapter(reportEventFunc func(eventType utils.EventType, event utils.K8sEvent)) *ManagerAdapter

NewManagerAdapter creates a new manager adapter

func (*ManagerAdapter) ReportEvent 

func (ma *ManagerAdapter) ReportEvent(eventType utils.EventType, event utils.K8sEvent)

ReportEvent implements the Manager interface

type OrderedEventQueue 

type OrderedEventQueue struct {
	// contains filtered or unexported fields
}

func NewOrderedEventQueue 

func NewOrderedEventQueue(collectionInterval time.Duration, maxBufferSize int, processTreeManager processtree.ProcessTreeManager) *OrderedEventQueue

func (*OrderedEventQueue) AddEventDirect 

func (oeq *OrderedEventQueue) AddEventDirect(eventType utils.EventType, event utils.K8sEvent, containerID string, processID uint32)

func (*OrderedEventQueue) Empty 

func (oeq *OrderedEventQueue) Empty() bool

Empty returns whether the queue is empty

func (*OrderedEventQueue) GetFullQueueAlertChannel 

func (oeq *OrderedEventQueue) GetFullQueueAlertChannel() <-chan struct{}

func (*OrderedEventQueue) PeekEvent 

func (oeq *OrderedEventQueue) PeekEvent() (eventEntry, bool)

func (*OrderedEventQueue) PopEvent 

func (oeq *OrderedEventQueue) PopEvent() (eventEntry, bool)

func (*OrderedEventQueue) Size 

func (oeq *OrderedEventQueue) Size() int

Size returns the number of events in the queue

type TracerManager 

type TracerManager struct {
	// contains filtered or unexported fields
}

func NewTracerManager 

func NewTracerManager(cfg config.Config, tracerFactory containerwatcher.TracerFactoryInterface) *TracerManager

func (*TracerManager) GetAllTracers 

func (tm *TracerManager) GetAllTracers() map[utils.EventType]containerwatcher.TracerInterface

func (*TracerManager) GetTracer 

func (tm *TracerManager) GetTracer(eventType utils.EventType) (containerwatcher.TracerInterface, bool)

func (*TracerManager) RegisterTracer 

func (tm *TracerManager) RegisterTracer(tracer containerwatcher.TracerInterface)

func (*TracerManager) StartAllTracers 

func (tm *TracerManager) StartAllTracers(ctx context.Context) error

func (*TracerManager) StopAllTracers 

func (tm *TracerManager) StopAllTracers() error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.