adapters

package

v0.3.25 Latest Latest Go to latest Published: Jan 27, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubescape/node-agent

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AcquireMap() map[string]interface{}
func ConvertToMap(e utils.EnrichEvent) map[string]interface{}
func GetExecFullPathFromEvent(execEvent utils.ExecEvent) string
func GetOpcodeName(opcode uint8) (bool, string)
func ReleaseEventMap(eventMap map[string]interface{})
func ReleaseMap(m map[string]interface{})
type BpfAdapter
- func NewBpfAdapter() *BpfAdapter
- func (c *BpfAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *BpfAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type CapabilitiesAdapter
- func NewCapabilitiesAdapter() *CapabilitiesAdapter
- func (c *CapabilitiesAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *CapabilitiesAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type DnsAdapter
- func NewDnsAdapter() *DnsAdapter
- func (c *DnsAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *DnsAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type ExecAdapter
- func NewExecAdapter() *ExecAdapter
- func (c *ExecAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *ExecAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type HTTPAdapter
- func NewHTTPAdapter() *HTTPAdapter
- func (c *HTTPAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *HTTPAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type HardlinkAdapter
- func NewHardlinkAdapter() *HardlinkAdapter
- func (c *HardlinkAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *HardlinkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type IoUringAdapter
- func NewIoUringAdapter() *IoUringAdapter
- func (c *IoUringAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *IoUringAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type KmodAdapter
- func NewKmodAdapter() *KmodAdapter
- func (c *KmodAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *KmodAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type NetworkAdapter
- func NewNetworkAdapter() *NetworkAdapter
- func (c *NetworkAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *NetworkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type OpenAdapter
- func NewOpenAdapter() *OpenAdapter
- func (c *OpenAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *OpenAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type ProcfsFailureSetter
- func NewProcfsCreator() *ProcfsFailureSetter
- func (c *ProcfsFailureSetter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
type PtraceAdapter
- func NewPtraceAdapter() *PtraceAdapter
- func (c *PtraceAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *PtraceAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type RandomXAdapter
- func NewRandomXAdapter() *RandomXAdapter
- func (c *RandomXAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *RandomXAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type SSHAdapter
- func NewSSHAdapter() *SSHAdapter
- func (c *SSHAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *SSHAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type SymlinkAdapter
- func NewSymlinkAdapter() *SymlinkAdapter
- func (c *SymlinkAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *SymlinkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type SyscallAdapter
- func NewSyscallAdapter() *SyscallAdapter
- func (c *SyscallAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *SyscallAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}
type UnshareAdapter
- func NewUnshareAdapter() *UnshareAdapter
- func (c *UnshareAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, ...)
- func (c *UnshareAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

Constants ¶

This section is empty.

Variables ¶

View Source

var OpcodeMap = map[uint8]string{
	iouringsyscall.IORING_OP_NOP:             "No operation",
	iouringsyscall.IORING_OP_READV:           "Vector read",
	iouringsyscall.IORING_OP_WRITEV:          "Vector write",
	iouringsyscall.IORING_OP_FSYNC:           "File sync",
	iouringsyscall.IORING_OP_READ_FIXED:      "Read with fixed buffers",
	iouringsyscall.IORING_OP_WRITE_FIXED:     "Write with fixed buffers",
	iouringsyscall.IORING_OP_POLL_ADD:        "Add poll request",
	iouringsyscall.IORING_OP_POLL_REMOVE:     "Remove poll request",
	iouringsyscall.IORING_OP_SYNC_FILE_RANGE: "Sync file range",
	iouringsyscall.IORING_OP_SENDMSG:         "Send message",
	iouringsyscall.IORING_OP_RECVMSG:         "Receive message",
	iouringsyscall.IORING_OP_TIMEOUT:         "Timeout operation",
	iouringsyscall.IORING_OP_TIMEOUT_REMOVE:  "Remove timeout",
	iouringsyscall.IORING_OP_ACCEPT:          "Accept connection",
	iouringsyscall.IORING_OP_ASYNC_CANCEL:    "Cancel async operation",
	iouringsyscall.IORING_OP_LINK_TIMEOUT:    "Link timeout",
	iouringsyscall.IORING_OP_CONNECT:         "Connect socket",
	iouringsyscall.IORING_OP_FALLOCATE:       "Preallocate file space",
	iouringsyscall.IORING_OP_OPENAT:          "Open file (relative)",
	iouringsyscall.IORING_OP_CLOSE:           "Close file",
	iouringsyscall.IORING_OP_FILES_UPDATE:    "Update registered files",
	iouringsyscall.IORING_OP_STATX:           "Get file status",
	iouringsyscall.IORING_OP_READ:            "Read",
	iouringsyscall.IORING_OP_WRITE:           "Write",
	iouringsyscall.IORING_OP_FADVISE:         "File access pattern advice",
	iouringsyscall.IORING_OP_MADVISE:         "Memory access pattern advice",
	iouringsyscall.IORING_OP_SEND:            "Send data",
	iouringsyscall.IORING_OP_RECV:            "Receive data",
	iouringsyscall.IORING_OP_OPENAT2:         "Enhanced open file (relative)",
	iouringsyscall.IORING_OP_EPOLL_CTL:       "Epoll control",
	iouringsyscall.IORING_OP_SPLICE:          "Splice data",
	iouringsyscall.IORING_OP_PROVIDE_BUFFERS: "Provide buffers",
	iouringsyscall.IORING_OP_REMOVE_BUFFERS:  "Remove buffers",
	iouringsyscall.IORING_OP_TEE:             "Tee data",
	iouringsyscall.IORING_OP_SHUTDOWN:        "Shutdown connection",
	iouringsyscall.IORING_OP_RENAMEAT:        "Rename file (relative)",
	iouringsyscall.IORING_OP_UNLINKAT:        "Unlink file (relative)",
	iouringsyscall.IORING_OP_MKDIRAT:         "Make directory (relative)",
	iouringsyscall.IORING_OP_SYMLINKAT:       "Create symbolic link (relative)",
	iouringsyscall.IORING_OP_LINKAT:          "Create hard link (relative)",
	iouringsyscall.IORING_OP_MSG_RING:        "Message ring",
	iouringsyscall.IORING_OP_FSETXATTR:       "Set file extended attribute",
	iouringsyscall.IORING_OP_SETXATTR:        "Set extended attribute",
	iouringsyscall.IORING_OP_FGETXATTR:       "Get file extended attribute",
	iouringsyscall.IORING_OP_GETXATTR:        "Get extended attribute",
	iouringsyscall.IORING_OP_SOCKET:          "Create socket",
	iouringsyscall.IORING_OP_URING_CMD:       "io_uring command",
	iouringsyscall.IORING_OP_SEND_ZC:         "Zero-copy send",
}

Functions ¶

func AcquireMap ¶

func AcquireMap() map[string]interface{}

AcquireMap gets a map from the pool.

func ConvertToMap ¶

func ConvertToMap(e utils.EnrichEvent) map[string]interface{}

func GetExecFullPathFromEvent ¶

func GetExecFullPathFromEvent(execEvent utils.ExecEvent) string

func GetOpcodeName ¶

func GetOpcodeName(opcode uint8) (bool, string)

func ReleaseEventMap ¶

func ReleaseEventMap(eventMap map[string]interface{})

ReleaseEventMap releases the main event map and all its nested maps back to the pool. This function specifically handles the structure created by ConvertToMap and adapter-specific nested maps.

func ReleaseMap ¶

func ReleaseMap(m map[string]interface{})

ReleaseMap returns a map to the pool after clearing it for reuse.

Types ¶

type BpfAdapter ¶

type BpfAdapter struct {
}

func NewBpfAdapter ¶

func NewBpfAdapter() *BpfAdapter

func (*BpfAdapter) SetFailureMetadata ¶

func (c *BpfAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*BpfAdapter) ToMap ¶

func (c *BpfAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type CapabilitiesAdapter ¶

type CapabilitiesAdapter struct {
}

func NewCapabilitiesAdapter ¶

func NewCapabilitiesAdapter() *CapabilitiesAdapter

func (*CapabilitiesAdapter) SetFailureMetadata ¶

func (c *CapabilitiesAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*CapabilitiesAdapter) ToMap ¶

func (c *CapabilitiesAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type DnsAdapter ¶

type DnsAdapter struct {
}

func NewDnsAdapter ¶

func NewDnsAdapter() *DnsAdapter

func (*DnsAdapter) SetFailureMetadata ¶

func (c *DnsAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*DnsAdapter) ToMap ¶

func (c *DnsAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type ExecAdapter ¶

type ExecAdapter struct {
}

func NewExecAdapter ¶

func NewExecAdapter() *ExecAdapter

func (*ExecAdapter) SetFailureMetadata ¶

func (c *ExecAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*ExecAdapter) ToMap ¶

func (c *ExecAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type HTTPAdapter ¶

type HTTPAdapter struct {
}

func NewHTTPAdapter ¶

func NewHTTPAdapter() *HTTPAdapter

func (*HTTPAdapter) SetFailureMetadata ¶

func (c *HTTPAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*HTTPAdapter) ToMap ¶

func (c *HTTPAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type HardlinkAdapter ¶

type HardlinkAdapter struct {
}

func NewHardlinkAdapter ¶

func NewHardlinkAdapter() *HardlinkAdapter

func (*HardlinkAdapter) SetFailureMetadata ¶

func (c *HardlinkAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*HardlinkAdapter) ToMap ¶

func (c *HardlinkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type IoUringAdapter ¶

type IoUringAdapter struct {
}

func NewIoUringAdapter ¶

func NewIoUringAdapter() *IoUringAdapter

func (*IoUringAdapter) SetFailureMetadata ¶

func (c *IoUringAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*IoUringAdapter) ToMap ¶

func (c *IoUringAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type KmodAdapter ¶

type KmodAdapter struct {
}

func NewKmodAdapter ¶

func NewKmodAdapter() *KmodAdapter

func (*KmodAdapter) SetFailureMetadata ¶

func (c *KmodAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*KmodAdapter) ToMap ¶

func (c *KmodAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type NetworkAdapter ¶

type NetworkAdapter struct {
}

func NewNetworkAdapter ¶

func NewNetworkAdapter() *NetworkAdapter

func (*NetworkAdapter) SetFailureMetadata ¶

func (c *NetworkAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*NetworkAdapter) ToMap ¶

func (c *NetworkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type OpenAdapter ¶

type OpenAdapter struct {
}

func NewOpenAdapter ¶

func NewOpenAdapter() *OpenAdapter

func (*OpenAdapter) SetFailureMetadata ¶

func (c *OpenAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*OpenAdapter) ToMap ¶

func (c *OpenAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type ProcfsFailureSetter ¶

type ProcfsFailureSetter struct {
}

func NewProcfsCreator ¶

func NewProcfsCreator() *ProcfsFailureSetter

func (*ProcfsFailureSetter) SetFailureMetadata ¶

func (c *ProcfsFailureSetter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, state map[string]any)

type PtraceAdapter ¶

type PtraceAdapter struct {
}

func NewPtraceAdapter ¶

func NewPtraceAdapter() *PtraceAdapter

func (*PtraceAdapter) SetFailureMetadata ¶

func (c *PtraceAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*PtraceAdapter) ToMap ¶

func (c *PtraceAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type RandomXAdapter ¶

type RandomXAdapter struct {
}

func NewRandomXAdapter ¶

func NewRandomXAdapter() *RandomXAdapter

func (*RandomXAdapter) SetFailureMetadata ¶

func (c *RandomXAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*RandomXAdapter) ToMap ¶

func (c *RandomXAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type SSHAdapter ¶

type SSHAdapter struct {
}

func NewSSHAdapter ¶

func NewSSHAdapter() *SSHAdapter

func (*SSHAdapter) SetFailureMetadata ¶

func (c *SSHAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*SSHAdapter) ToMap ¶

func (c *SSHAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type SymlinkAdapter ¶

type SymlinkAdapter struct {
}

func NewSymlinkAdapter ¶

func NewSymlinkAdapter() *SymlinkAdapter

func (*SymlinkAdapter) SetFailureMetadata ¶

func (c *SymlinkAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*SymlinkAdapter) ToMap ¶

func (c *SymlinkAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type SyscallAdapter ¶

type SyscallAdapter struct {
}

func NewSyscallAdapter ¶

func NewSyscallAdapter() *SyscallAdapter

func (*SyscallAdapter) SetFailureMetadata ¶

func (c *SyscallAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*SyscallAdapter) ToMap ¶

func (c *SyscallAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

type UnshareAdapter ¶

type UnshareAdapter struct {
}

func NewUnshareAdapter ¶

func NewUnshareAdapter() *UnshareAdapter

func (*UnshareAdapter) SetFailureMetadata ¶

func (c *UnshareAdapter) SetFailureMetadata(failure types.RuleFailure, enrichedEvent *events.EnrichedEvent, _ map[string]any)

func (*UnshareAdapter) ToMap ¶

func (c *UnshareAdapter) ToMap(enrichedEvent *events.EnrichedEvent) map[string]interface{}

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL