dedupcache

package
v0.3.94 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package dedupcache provides a lock-free, fixed-size deduplication cache for high-throughput eBPF event filtering before CEL rule evaluation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ComputeCapabilitiesKey 

func ComputeCapabilitiesKey(mntns uint64, pid uint32, capability string, syscall string) uint64

ComputeCapabilitiesKey computes a dedup key for capabilities events.

func ComputeDNSKey 

func ComputeDNSKey(mntns uint64, dnsName string) uint64

ComputeDNSKey computes a dedup key for DNS events. No qtype getter exists in the interface, so key is mntns + dnsName.

func ComputeHTTPKey 

func ComputeHTTPKey(mntns uint64, pid uint32, direction string, method string, host string, path string, rawQuery string) uint64

ComputeHTTPKey computes a dedup key for HTTP events.

func ComputeHardlinkKey 

func ComputeHardlinkKey(mntns uint64, pid uint32, oldPath string, newPath string) uint64

ComputeHardlinkKey computes a dedup key for hardlink events.

func ComputeNetworkKey 

func ComputeNetworkKey(mntns uint64, pid uint32, dstAddr string, dstPort uint16, proto string) uint64

ComputeNetworkKey computes a dedup key for network events.

func ComputeOpenKey 

func ComputeOpenKey(mntns uint64, pid uint32, path string, flagsRaw uint32) uint64

ComputeOpenKey computes a dedup key for open events.

func ComputePtraceKey 

func ComputePtraceKey(mntns uint64, pid uint32, exePath string) uint64

ComputePtraceKey computes a dedup key for ptrace events.

func ComputeSSHKey 

func ComputeSSHKey(mntns uint64, dstIP string, dstPort uint16) uint64

ComputeSSHKey computes a dedup key for SSH events.

func ComputeSymlinkKey 

func ComputeSymlinkKey(mntns uint64, pid uint32, oldPath string, newPath string) uint64

ComputeSymlinkKey computes a dedup key for symlink events.

func ComputeSyscallKey 

func ComputeSyscallKey(mntns uint64, pid uint32, syscall string) uint64

ComputeSyscallKey computes a dedup key for syscall events.

Types

type DedupCache 

type DedupCache struct {
	// contains filtered or unexported fields
}

DedupCache is a lock-free, fixed-size deduplication cache. Each slot packs a 48-bit key and 16-bit expiry bucket into a single atomic uint64. Concurrent access from thousands of goroutines is safe without mutexes — benign races only cause missed dedup (safe direction), never false dedup.

func NewDedupCache 

func NewDedupCache(slotsExponent uint8) *DedupCache

NewDedupCache creates a cache with 2^slotsExponent slots. Each slot is 8 bytes; e.g. exponent 18 = 262,144 slots = 2 MB. slotsExponent is clamped to [10, 30] (1 KB to 8 GB).

func (*DedupCache) CheckAndSet 

func (c *DedupCache) CheckAndSet(key uint64, ttlBuckets uint16, currentBucket uint16) bool

CheckAndSet returns true if the key is already present and not expired (duplicate). Otherwise it inserts the key with expiry = currentBucket + ttlBuckets and returns false.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.