model

package
v0.0.0-...-97d2b70 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// FragmentsMap - This map holds the cache of resolved dentries for the path fragments method
	PathFragmentsMap = "path_fragments"
	// PathFragmentsSize - Size of the fragments used by the path fragments method
	PathFragmentsSize = 256
	// SingleFragmentSection - This map holds the cache of resolved dentries for the single fragment method
	SingleFragmentsMap = "single_fragments"
	// SingleFragmentSize - Size of the single fragment used by the single fragment method
	SingleFragmentSize = 4351
	// CachedInodesMap - This map holds the list of cached inodes so that the eBPF programs know we don't need
	// resolve them anymore. This is used by both the perf buffer method and the single fragment method.
	CachedInodesMap = "cached_inodes"
	// PerfBufferCachedInodesSize - Max number of cached inodes
	PerfBufferCachedInodesSize = 120000
	// FSEventsMap - Perf event buffer map used to retrieve events in userspace
	FSEventsMap = "fs_events"
	// DentryCacheMap - LRU Hashmap used to cache dentry data between kprobes
	DentryCacheMap = "dentry_cache"
	// DentryCacheBuilderMap - Array map used to reduce the amount of data on the stack
	DentryCacheBuilderMap = "dentry_cache_builder"
	// PathsBuilderMap - Array map used by the perf buffer method and the single fragment method to build paths
	PathsBuilderMap = "paths_builder"
	// InodesFilterMap - This map is used to push inode filters in kernel space.
	InodesFilterMap = "inodes_filter"
)

Variables

View Source 
var (
	// DentryResolutionModeConst - In-kernel configuration constant
	DentryResolutionModeConst = "dentry_resolution_mode"
	// InodeFilteringModeConst - In-kernel configuration constant
	InodeFilteringModeConst = "inode_filtering_mode"
	// FollowModeConst - In-kernel configuration constant
	FollowModeConst = "follow_mode"
	// RecursiveModeConst - In-kernel configuration constant
	RecursiveModeConst = "recursive_mode"
)

Functions

func ErrValueToString 

func ErrValueToString(input int32) string

ErrValueToString - Returns an err as its string representation

func OpenFlagsToStrings 

func OpenFlagsToStrings(input uint32) []string

OpenFlagsToStrings - Returns the string list version of flags

func SetAttrFlagsToString 

func SetAttrFlagsToString(input uint32) []string

SetAttrFlagsToString - Returns the string list representation of SetAttr flags

Types

type DentryResolutionMode 

type DentryResolutionMode uint64

DentryResolutionMode - Mode of resolution of the kernel dentries 

const (
	DentryResolutionFragments      DentryResolutionMode = 0
	DentryResolutionSingleFragment DentryResolutionMode = 1
	DentryResolutionPerfBuffer     DentryResolutionMode = 2
)

type DentryResolver 

type DentryResolver interface {
	ResolveInode(mountID uint32, inode uint64) (string, error)
	RemoveInode(mountID uint32, inode uint64) error
	ResolveKey(key uint32, length uint32) (string, error)
	RemoveEntry(key uint32) error
	AddCacheEntry(key uint32, value interface{}) error
}

DentryResolver - Path resolver for the path fragments and single fragment methods

func NewDentryResolver 

func NewDentryResolver(monitor *Monitor) (DentryResolver, error)

NewDentryResolver - Returns a new resolver configured for the selected resolution method

type ErrValue 

type ErrValue int32

ErrValue - Return value 

const (
	EPERM                 ErrValue = 1      /* Operation not permitted */
	ENOENT                ErrValue = 2      /* No such file or directory */
	ESRCH                 ErrValue = 3      /* No such process */
	EINTR                 ErrValue = 4      /* Interrupted system call */
	EIO                   ErrValue = 5      /* I/O error */
	ENXIO                 ErrValue = 6      /* No such device or address */
	E2BIG                 ErrValue = 7      /* Argument list too long */
	ENOEXEC               ErrValue = 8      /* Exec format error */
	EBADF                 ErrValue = 9      /* Bad file number */
	ECHILD                ErrValue = 10     /* No child processes */
	EAGAIN                ErrValue = 11     /* Try again */
	ENOMEM                ErrValue = 12     /* Out of memory */
	EACCES                ErrValue = 13     /* Permission denied */
	EFAULT                ErrValue = 14     /* Bad address */
	ENOTBLK               ErrValue = 15     /* Block device required */
	EBUSY                 ErrValue = 16     /* Device or resource busy */
	EEXIST                ErrValue = 17     /* File exists */
	EXDEV                 ErrValue = 18     /* Cross-device link */
	ENODEV                ErrValue = 19     /* No such device */
	ENOTDIR               ErrValue = 20     /* Not a directory */
	EISDIR                ErrValue = 21     /* Is a directory */
	EINVAL                ErrValue = 22     /* Invalid argument */
	ENFILE                ErrValue = 23     /* File table overflow */
	EMFILE                ErrValue = 24     /* Too many open files */
	ENOTTY                ErrValue = 25     /* Not a typewriter */
	ETXTBSY               ErrValue = 26     /* Text file busy */
	EFBIG                 ErrValue = 27     /* File too large */
	ENOSPC                ErrValue = 28     /* No space left on device */
	ESPIPE                ErrValue = 29     /* Illegal seek */
	EROFS                 ErrValue = 30     /* Read-only file system */
	EMLINK                ErrValue = 31     /* Too many links */
	EPIPE                 ErrValue = 32     /* Broken pipe */
	EDOM                  ErrValue = 33     /* Math argument out of domain of func */
	ERANGE                ErrValue = 34     /* Math result not representable */
	EDEADLK               ErrValue = 35     /* Resource deadlock would occur */
	ENAMETOOLONG          ErrValue = 36     /* File name too long */
	ENOLCK                ErrValue = 37     /* No record locks available */
	ENOSYS                ErrValue = 38     /* Invalid system call number */
	ENOTEMPTY             ErrValue = 39     /* Directory not empty */
	ELOOP                 ErrValue = 40     /* Too many symbolic links encountered */
	EWOULDBLOCK           ErrValue = EAGAIN /* Operation would block */
	ENOMSG                ErrValue = 42     /* No message of desired type */
	EIDRM                 ErrValue = 43     /* Identifier removed */
	ECHRNG                ErrValue = 44     /* Channel number out of range */
	EL2NSYNC              ErrValue = 45     /* Level 2 not synchronized */
	EL3HLT                ErrValue = 46     /* Level 3 halted */
	EL3RST                ErrValue = 47     /* Level 3 reset */
	ELNRNG                ErrValue = 48     /* Link number out of range */
	EUNATCH               ErrValue = 49     /* Protocol driver not attached */
	ENOCSI                ErrValue = 50     /* No CSI structure available */
	EL2HLT                ErrValue = 51     /* Level 2 halted */
	EBADE                 ErrValue = 52     /* Invalid exchange */
	EBADR                 ErrValue = 53     /* Invalid request descriptor */
	EXFULL                ErrValue = 54     /* Exchange full */
	ENOANO                ErrValue = 55     /* No anode */
	EBADRQC               ErrValue = 56     /* Invalid request code */
	EBADSLT               ErrValue = 57     /* Invalid slot */
	EDEADLOCK             ErrValue = EDEADLK
	EBFONT                ErrValue = 59  /* Bad font file format */
	ENOSTR                ErrValue = 60  /* Device not a stream */
	ENODATA               ErrValue = 61  /* No data available */
	ETIME                 ErrValue = 62  /* Timer expired */
	ENOSR                 ErrValue = 63  /* Out of streams resources */
	ENONET                ErrValue = 64  /* Machine is not on the network */
	ENOPKG                ErrValue = 65  /* Package not installed */
	EREMOTE               ErrValue = 66  /* Object is remote */
	ENOLINK               ErrValue = 67  /* Link has been severed */
	EADV                  ErrValue = 68  /* Advertise error */
	ESRMNT                ErrValue = 69  /* Srmount error */
	ECOMM                 ErrValue = 70  /* Communication error on send */
	EPROTO                ErrValue = 71  /* Protocol error */
	EMULTIHOP             ErrValue = 72  /* Multihop attempted */
	EDOTDOT               ErrValue = 73  /* RFS specific error */
	EBADMSG               ErrValue = 74  /* Not a data message */
	EOVERFLOW             ErrValue = 75  /* Value too large for defined data type */
	ENOTUNIQ              ErrValue = 76  /* Name not unique on network */
	EBADFD                ErrValue = 77  /* File descriptor in bad state */
	EREMCHG               ErrValue = 78  /* Remote address changed */
	ELIBACC               ErrValue = 79  /* Can not access a needed shared library */
	ELIBBAD               ErrValue = 80  /* Accessing a corrupted shared library */
	ELIBSCN               ErrValue = 81  /* .lib section in a.out corrupted */
	ELIBMAX               ErrValue = 82  /* Attempting to link in too many shared libraries */
	ELIBEXEC              ErrValue = 83  /* Cannot exec a shared library directly */
	EILSEQ                ErrValue = 84  /* Illegal byte sequence */
	ERESTART              ErrValue = 85  /* Interrupted system call should be restarted */
	ESTRPIPE              ErrValue = 86  /* Streams pipe error */
	EUSERS                ErrValue = 87  /* Too many users */
	ENOTSOCK              ErrValue = 88  /* Socket operation on non-socket */
	EDESTADDRREQ          ErrValue = 89  /* Destination address required */
	EMSGSIZE              ErrValue = 90  /* Message too long */
	EPROTOTYPE            ErrValue = 91  /* Protocol wrong type for socket */
	ENOPROTOOPT           ErrValue = 92  /* Protocol not available */
	EPROTONOSUPPORT       ErrValue = 93  /* Protocol not supported */
	ESOCKTNOSUPPORT       ErrValue = 94  /* Socket type not supported */
	EOPNOTSUPP            ErrValue = 95  /* Operation not supported on transport endpoint */
	EPFNOSUPPORT          ErrValue = 96  /* Protocol family not supported */
	EAFNOSUPPORT          ErrValue = 97  /* Address family not supported by protocol */
	EADDRINUSE            ErrValue = 98  /* Address already in use */
	EADDRNOTAVAIL         ErrValue = 99  /* Cannot assign requested address */
	ENETDOWN              ErrValue = 100 /* Network is down */
	ENETUNREACH           ErrValue = 101 /* Network is unreachable */
	ENETRESET             ErrValue = 102 /* Network dropped connection because of reset */
	ECONNABORTED          ErrValue = 103 /* Software caused connection abort */
	ECONNRESET            ErrValue = 104 /* Connection reset by peer */
	ENOBUFS               ErrValue = 105 /* No buffer space available */
	EISCONN               ErrValue = 106 /* Transport endpoint is already connected */
	ENOTCONN              ErrValue = 107 /* Transport endpoint is not connected */
	ESHUTDOWN             ErrValue = 108 /* Cannot send after transport endpoint shutdown */
	ETOOMANYREFS          ErrValue = 109 /* Too many references: cannot splice */
	ETIMEDOUT             ErrValue = 110 /* Connection timed out */
	ECONNREFUSED          ErrValue = 111 /* Connection refused */
	EHOSTDOWN             ErrValue = 112 /* Host is down */
	EHOSTUNREACH          ErrValue = 113 /* No route to host */
	EALREADY              ErrValue = 114 /* Operation already in progress */
	EINPROGRESS           ErrValue = 115 /* Operation now in progress */
	ESTALE                ErrValue = 116 /* Stale file handle */
	EUCLEAN               ErrValue = 117 /* Structure needs cleaning */
	ENOTNAM               ErrValue = 118 /* Not a XENIX named type file */
	ENAVAIL               ErrValue = 119 /* No XENIX semaphores available */
	EISNAM                ErrValue = 120 /* Is a named type file */
	EREMOTEIO             ErrValue = 121 /* Remote I/O error */
	EDQUOT                ErrValue = 122 /* Quota exceeded */
	ENOMEDIUM             ErrValue = 123 /* No medium found */
	EMEDIUMTYPE           ErrValue = 124 /* Wrong medium type */
	ECANCELED             ErrValue = 125 /* Operation Canceled */
	ENOKEY                ErrValue = 126 /* Required key not available */
	EKEYEXPIRED           ErrValue = 127 /* Key has expired */
	EKEYREVOKED           ErrValue = 128 /* Key has been revoked */
	EKEYREJECTED          ErrValue = 129 /* Key was rejected by service */
	EOWNERDEAD            ErrValue = 130 /* Owner died */
	ENOTRECOVERABLE       ErrValue = 131 /* State not recoverable */
	ERFKILL               ErrValue = 132 /* Operation not possible due to RF-kill */
	EHWPOISON             ErrValue = 133 /* Memory page has hardware error */
	ERESTARTSYS           ErrValue = 512
	ERESTARTNOINTR        ErrValue = 513
	ERESTARTNOHAND        ErrValue = 514 /* restart if no handler.. */
	ENOIOCTLCMD           ErrValue = 515 /* No ioctl command */
	ERESTART_RESTARTBLOCK ErrValue = 516 /* restart by calling sys_restart_syscall */
	EPROBE_DEFER          ErrValue = 517 /* Driver requests probe retry */
	EOPENSTALE            ErrValue = 518 /* open found a stale dentry */
	ENOPARAM              ErrValue = 519 /* Parameter not supported */

	/* Defined for the NFSv3 protocol */
	EBADHANDLE      ErrValue = 521 /* Illegal NFS file handle */
	ENOTSYNC        ErrValue = 522 /* Update synchronization mismatch */
	EBADCOOKIE      ErrValue = 523 /* Cookie is stale */
	ENOTSUPP        ErrValue = 524 /* Operation is not supported */
	ETOOSMALL       ErrValue = 525 /* Buffer or request is too small */
	ESERVERFAULT    ErrValue = 526 /* An untranslatable error occurred */
	EBADTYPE        ErrValue = 527 /* Type not supported by server */
	EJUKEBOX        ErrValue = 528 /* Request initiated, but will not complete before timeout */
	EIOCBQUEUED     ErrValue = 529 /* iocb queued, will get completion event */
	ERECALLCONFLICT ErrValue = 530 /* conflict with recalled state */
)

type EventName 

type EventName string
var (
	// Open - Open event
	Open EventName = "open"
	// Mkdir - Mkdir event
	Mkdir EventName = "mkdir"
	// Link - Soft link event
	Link EventName = "link"
	// Rename - Rename event
	Rename EventName = "rename"
	// SetAttr - Attribute update event
	SetAttr EventName = "setattr"
	// Unlink - File deletion event
	Unlink EventName = "unlink"
	// Rmdir - Directory deletion event
	Rmdir EventName = "rmdir"
	// Modify - File modification event
	Modify EventName = "modify"
	// Unknown - Unknown file event
	Unknown EventName = "unknown"
)

func GetEventType 

func GetEventType(evtType uint32) EventName

GetEventType - Returns the event type

type FSEvent 

type FSEvent struct {
	Timestamp            time.Time `json:"-"`
	Pid                  uint32    `json:"pid"`
	Tid                  uint32    `json:"tid"`
	UID                  uint32    `json:"uid"`
	GID                  uint32    `json:"gid"`
	Comm                 string    `json:"comm"`
	Flags                uint32    `json:"flags,omitempty"`
	Mode                 uint32    `json:"mode,omitempty"`
	SrcInode             uint64    `json:"src_inode,omitempty"`
	SrcPathnameLength    uint32    `json:"-"`
	SrcPathnameKey       uint32    `json:"-"`
	SrcFilename          string    `json:"src_filename,omitempty"`
	SrcMountID           uint32    `json:"src_mount_id,omitempty"`
	TargetInode          uint64    `json:"target_inode,omitempty"`
	TargetPathnameLength uint32    `json:"-"`
	TargetPathnameKey    uint32    `json:"-"`
	TargetFilename       string    `json:"target_filename,omitempty"`
	TargetMountID        uint32    `json:"target_mount_id,omitempty"`
	Retval               int32     `json:"retval"`
	EventType            EventName `json:"event_type"`
}

FSEvent - Raw event definition

func ParseFSEvent 

func ParseFSEvent(data []byte, monitor *Monitor) (*FSEvent, error)

ParseFSEvent - Parses a new FSEvent using the data provided by the kernel

func (*FSEvent) PrintFilenames 

func (fs *FSEvent) PrintFilenames() string

PrintFilenames - Returns a string representation of the filenames of the event

func (*FSEvent) PrintFlags 

func (fs *FSEvent) PrintFlags() string

PrintFlags - Returns a string representation of the flags of the event

func (*FSEvent) PrintMode 

func (fs *FSEvent) PrintMode() string

PrintMode - Returns a string representation of the mode of the event

func (*FSEvent) UnmarshalBinary 

func (e *FSEvent) UnmarshalBinary(data []byte, bootTime time.Time) (int, error)

type FSProbe 

type FSProbe interface {
	GetWaitGroup() *sync.WaitGroup
	GetOptions() *FSProbeOptions
	GetCollection() *ebpf.Collection
	GetBootTime() time.Time
}

type FSProbeOptions 

type FSProbeOptions struct {
	Recursive            bool
	Events               []EventName
	PerfBufferSize       int
	UserSpaceChanSize    int
	DentryResolutionMode DentryResolutionMode
	PathsFiltering       bool
	FollowRenames        bool
	EventChan            chan *FSEvent
	LostChan             chan *LostEvt
}

FSProbeOptions - Filesystem probe options

type LostEvt 

type LostEvt struct {
	Count uint64
	Map   string
}

type Monitor 

type Monitor struct {
	ResolutionModeMaps map[DentryResolutionMode][]string
	DentryResolver     DentryResolver
	FSProbe            FSProbe
	InodeFilterSection string
	Name               string
	Options            *FSProbeOptions
	Probes             map[EventName][]*Probe
	PerfMaps           []*PerfMap
	// contains filtered or unexported fields
}

Monitor - Base monitor

func (*Monitor) AddInodeFilter 

func (m *Monitor) AddInodeFilter(inode uint32, path string) error

func (*Monitor) Configure 

func (m *Monitor) Configure()

Configure - Configures the probes using the provided options

func (*Monitor) GetMap 

func (m *Monitor) GetMap(section string) *ebpf.Map

GetMap - Returns the map at the provided section

func (*Monitor) GetName 

func (m *Monitor) GetName() string

GetName - Returns the name of the monitor

func (*Monitor) Init 

func (m *Monitor) Init(fs FSProbe) error

Init - Initializes the monitor

func (*Monitor) Start 

func (m *Monitor) Start() error

Start - Starts the monitor

func (*Monitor) Stop 

func (m *Monitor) Stop() error

Stop - Stops the monitor

type OpenFlag 

type OpenFlag int

OpenFlag - Open syscall flag 

const (
	OACCMODE   OpenFlag = 3
	ORDONLY    OpenFlag = 0
	OWRONLY    OpenFlag = 1
	ORDWR      OpenFlag = 2
	OCREAT     OpenFlag = 64
	OEXCL      OpenFlag = 128
	ONOCTTY    OpenFlag = 256
	OTRUNC     OpenFlag = 512
	OAPPEND    OpenFlag = 1024
	ONONBLOCK  OpenFlag = 2048
	ODSYNC     OpenFlag = 4096  /* used to be OSYNC, see below */
	FASYNC     OpenFlag = 8192  /* fcntl, for BSD compatibility */
	ODIRECT    OpenFlag = 16384 /* direct disk access hint */
	OLARGEFILE OpenFlag = 32768
	ODIRECTORY OpenFlag = 65536  /* must be a directory */
	ONOFOLLOW  OpenFlag = 131072 /* don't follow links */
	ONOATIME   OpenFlag = 262144
	OCLOEXEC   OpenFlag = 524288 /* set close_on_exec */
)

type PathFragmentsKey 

type PathFragmentsKey struct {
	// contains filtered or unexported fields
}

PathFragmentsKey - Key of a dentry cache hashmap

func (*PathFragmentsKey) GetKeyBytes 

func (pfk *PathFragmentsKey) GetKeyBytes() []byte

func (*PathFragmentsKey) HasEmptyInode 

func (pfk *PathFragmentsKey) HasEmptyInode() bool

func (*PathFragmentsKey) IsNull 

func (pfk *PathFragmentsKey) IsNull() bool

func (*PathFragmentsKey) Read 

func (pfk *PathFragmentsKey) Read(buffer []byte) int

func (*PathFragmentsKey) Set 

func (pfk *PathFragmentsKey) Set(mountID uint32, inode uint64)

func (*PathFragmentsKey) String 

func (pfk *PathFragmentsKey) String() string

func (*PathFragmentsKey) Write 

func (pfk *PathFragmentsKey) Write(buffer []byte)

type PathFragmentsResolver 

type PathFragmentsResolver struct {
	// contains filtered or unexported fields
}

PathFragmentsResolver - Dentry resolver of the path fragments method

func NewPathFragmentsResolver 

func NewPathFragmentsResolver(monitor *Monitor) (*PathFragmentsResolver, error)

NewPathFragmentsResolver - Returns a new PathFragmentsResolver instance

func (*PathFragmentsResolver) AddCacheEntry 

func (pfr *PathFragmentsResolver) AddCacheEntry(key uint32, value interface{}) error

AddCacheEntry - Adds a new entry in the user space cache

func (*PathFragmentsResolver) RemoveEntry 

func (pfr *PathFragmentsResolver) RemoveEntry(key uint32) error

RemoveEntry - Removes an entry from the cache

func (*PathFragmentsResolver) RemoveInode 

func (pfr *PathFragmentsResolver) RemoveInode(mountID uint32, inode uint64) error

RemoveInode - Removes a pathname from the kernel cache using the provided mount id and inode

func (*PathFragmentsResolver) ResolveInode 

func (pfr *PathFragmentsResolver) ResolveInode(mountID uint32, inode uint64) (filename string, err error)

ResolveInode - Resolves a pathname from the provided mount id and inode

func (*PathFragmentsResolver) ResolveKey 

func (pfr *PathFragmentsResolver) ResolveKey(key uint32, length uint32) (string, error)

ResolveKey - Does nothing

type PathFragmentsValue 

type PathFragmentsValue struct {
	Fragment [PathFragmentsSize]byte
	// contains filtered or unexported fields
}

func (*PathFragmentsValue) GetString 

func (pfv *PathFragmentsValue) GetString() string

GetString - Returns the path as a string

func (*PathFragmentsValue) IsRoot 

func (pfv *PathFragmentsValue) IsRoot() bool

IsRoot - Returns true if the current fragment is the root of a mount point

func (*PathFragmentsValue) Read 

func (pfv *PathFragmentsValue) Read(data []byte) error

Read - Reads the provided data into the buffer

type PerfBufferResolver 

type PerfBufferResolver struct {
	// contains filtered or unexported fields
}

func NewPerfBufferResolver 

func NewPerfBufferResolver(monitor *Monitor) (*PerfBufferResolver, error)

NewPerfBufferResolver - Returns a new PerfBufferResolver instance

func (*PerfBufferResolver) AddCacheEntry 

func (pbr *PerfBufferResolver) AddCacheEntry(key uint32, value interface{}) error

AddCacheEntry - Adds a new entry in the LRU cache

func (*PerfBufferResolver) RemoveEntry 

func (pbr *PerfBufferResolver) RemoveEntry(key uint32) error

RemoveEntry - Removes an entry from the cache

func (*PerfBufferResolver) RemoveInode 

func (pbr *PerfBufferResolver) RemoveInode(mountID uint32, inode uint64) error

RemoveInode - Removes a pathname from the kernel cache using the provided mount id and inode

func (*PerfBufferResolver) ResolveInode 

func (pbr *PerfBufferResolver) ResolveInode(mountID uint32, inode uint64) (filename string, err error)

ResolveInode - Does nothing

func (*PerfBufferResolver) ResolveKey 

func (pbr *PerfBufferResolver) ResolveKey(key uint32, length uint32) (string, error)

Resolve - Resolves a pathname from the provided key (length is not used)

type PerfMap 

type PerfMap struct {
	UserSpaceBufferLen int
	PerfOutputMapName  string

	DataHandler func(data []byte, m *Monitor)
	LostHandler func(count uint64, mapName string, m *Monitor)
	// contains filtered or unexported fields
}

PerfMap - Definition of a perf map, used to bring data back to user space

func (*PerfMap) Init 

func (pm *PerfMap) Init(m *Monitor) error

Init - Initializes perfmap

type Probe 

type Probe struct {
	Name    string
	Enabled bool

	Type        ebpf.ProgType
	SectionName string
	// Kprobe specific parameters
	KProbeMaxActive int
	// Constants will be edited with configuration at runtime
	Constants []string
	// contains filtered or unexported fields
}

Probe - eBPF probe structure

func (*Probe) Init 

func (p *Probe) Init(m *Monitor) error

Init - Initializes the probe

func (*Probe) Start 

func (p *Probe) Start() error

Start - Starts the probe

func (*Probe) Stop 

func (p *Probe) Stop() error

Stop - Stops the probe

type SetAttrFlag 

type SetAttrFlag int32

SetAttrFlag - Set Attr flag 

const (
	// AttrMode - Mode changed
	AttrMode SetAttrFlag = 1 << 0
	// AttrUID - UID changed
	AttrUID SetAttrFlag = 1 << 1
	// AttrGID - GID changed
	AttrGID SetAttrFlag = 1 << 2
	// AttrSize - Size changed
	AttrSize SetAttrFlag = 1 << 3
	// AttrAtime - Atime changed
	AttrAtime SetAttrFlag = 1 << 4
	// AttrMtime - Mtime changed
	AttrMtime SetAttrFlag = 1 << 5
	// AttrCtime - Ctime changed
	AttrCtime SetAttrFlag = 1 << 6
	// AttrAtimeSet - ATimeSet
	AttrAtimeSet SetAttrFlag = 1 << 7
	// AttrMTimeSet - MTimeSet
	AttrMTimeSet SetAttrFlag = 1 << 8
	// AttrForce - Not a change, but a change it
	AttrForce SetAttrFlag = 1 << 9
	// AttrKillSUID - Kill SUID
	AttrKillSUID SetAttrFlag = 1 << 11
	// AttrKillSGID - Kill SGID
	AttrKillSGID SetAttrFlag = 1 << 12
	// AttrFile - File changed
	AttrFile SetAttrFlag = 1 << 13
	// AttrKillPriv - Fill Priv
	AttrKillPriv SetAttrFlag = 1 << 14
	// AttrOpen - Open
	AttrOpen SetAttrFlag = 1 << 15
	// AttrTimesSet - TimesSet
	AttrTimesSet SetAttrFlag = 1 << 16
	// AttrTouch - Touch
	AttrTouch SetAttrFlag = 1 << 17
)

type SingleFragmentKey 

type SingleFragmentKey struct {
	// contains filtered or unexported fields
}

SingleFragmentKey - Key of a dentry cache hashmap

func (*SingleFragmentKey) GetKeyBytes 

func (sfk *SingleFragmentKey) GetKeyBytes() []byte

func (*SingleFragmentKey) IsNull 

func (sfk *SingleFragmentKey) IsNull() bool

func (*SingleFragmentKey) Set 

func (sfk *SingleFragmentKey) Set(key uint32)

func (*SingleFragmentKey) String 

func (sfk *SingleFragmentKey) String() string

func (*SingleFragmentKey) Write 

func (sfk *SingleFragmentKey) Write(buffer []byte)

type SingleFragmentResolver 

type SingleFragmentResolver struct {
	// contains filtered or unexported fields
}

func NewSingleFragmentResolver 

func NewSingleFragmentResolver(monitor *Monitor) (*SingleFragmentResolver, error)

NewSingleFragmentResolver - Returns a new SingleFragmentResolver instance

func (*SingleFragmentResolver) AddCacheEntry 

func (sfr *SingleFragmentResolver) AddCacheEntry(key uint32, value interface{}) error

AddCacheEntry - Adds a new entry in the user space cache

func (*SingleFragmentResolver) RemoveEntry 

func (sfr *SingleFragmentResolver) RemoveEntry(key uint32) error

RemoveEntry - Removes an entry from the cache

func (*SingleFragmentResolver) RemoveInode 

func (sfr *SingleFragmentResolver) RemoveInode(mountID uint32, inode uint64) error

RemoveInode - Removes a pathname from the kernel cache using the provided mount id and inode

func (*SingleFragmentResolver) ResolveInode 

func (sfr *SingleFragmentResolver) ResolveInode(mountID uint32, inode uint64) (filename string, err error)

ResolveInode - Does nothing

func (*SingleFragmentResolver) ResolveKey 

func (sfr *SingleFragmentResolver) ResolveKey(key uint32, length uint32) (filename string, err error)

Resolve - Resolves a pathname from the provided mount id and inode

type SingleFragmentValue 

type SingleFragmentValue struct {
	Fragment [SingleFragmentSize]byte
}

func (*SingleFragmentValue) GetString 

func (sfv *SingleFragmentValue) GetString(length uint32) string

GetString - Returns the path as a string

func (*SingleFragmentValue) Read 

func (sfv *SingleFragmentValue) Read(data []byte) error

Read - Reads the provided data into the buffer

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.