eventauditor

package

v0.0.0-...-c365bfc Latest Latest Go to latest Published: Oct 26, 2021 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chae-yc/KubeArmor

Documentation ¶

Index ¶

Constants
type EventAuditor
- func NewEventAuditor(feeder *fd.Feeder, containers *map[string]tp.Container, ...) *EventAuditor
- func (ea *EventAuditor) DestroyEntryPointPrograms(bman *KABPFManager) error
- func (ea *EventAuditor) DestroyEntryPoints() bool
- func (ea *EventAuditor) DestroyEventAuditor() error
- func (ea *EventAuditor) DestroyProcessMaps(bman *KABPFManager) error
- func (ea *EventAuditor) DestroyProcessPrograms(bman *KABPFManager) error
- func (ea *EventAuditor) DisableEntryPoint(probe string)
- func (ea *EventAuditor) EnableEntryPoint(probe string)
- func (ea *EventAuditor) GenerateAuditProgram(probe string, codeBlocks []string) string
- func (ea *EventAuditor) GenerateCodeBlock(auditEvent tp.AuditEventType) (string, error)
- func (ea *EventAuditor) InitializeEntryPointPrograms(bman *KABPFManager) error
- func (ea *EventAuditor) InitializeEntryPoints() bool
- func (ea *EventAuditor) InitializeProcessMaps(bman *KABPFManager) error
- func (ea *EventAuditor) InitializeProcessPrograms(bman *KABPFManager) error
- func (ea *EventAuditor) LoadAuditProgram(source string, probe string) (uint32, error)
- func (ea *EventAuditor) PopulateProcessJMPMap(bman *KABPFManager) error
- func (ea *EventAuditor) SaveRuntimeInfo() error
- func (ea *EventAuditor) UpdateAuditPrograms()
- func (ea *EventAuditor) UpdateEntryPoints()
- func (ea *EventAuditor) UpdateProcessMaps()
type EventElement
- func (ee *EventElement) KeyPointer() unsafe.Pointer
- func (ee *EventElement) MapName() string
- func (ee *EventElement) SetFoundValue(value []byte)
- func (ee *EventElement) SetKey(eventID uint32)
- func (ee *EventElement) SetValue(flag uint32)
- func (ee *EventElement) ValuePointer() unsafe.Pointer
type EventFilterElement
- func (efe *EventFilterElement) KeyPointer() unsafe.Pointer
- func (efe *EventFilterElement) MapName() string
- func (efe *EventFilterElement) SetFoundValue(value []byte)
- func (efe *EventFilterElement) SetKey(pidNS, mntNS, eventID uint32)
- func (efe *EventFilterElement) SetValue(jumpIdx uint32)
- func (efe *EventFilterElement) ValuePointer() unsafe.Pointer
type EventFilterKey
type EventFilterValue
type EventJumpTableElement
- func (ejte *EventJumpTableElement) KeyPointer() unsafe.Pointer
- func (ejte *EventJumpTableElement) MapName() string
- func (ejte *EventJumpTableElement) SetFoundValue(value []byte)
- func (ejte *EventJumpTableElement) SetKey(jumpIdx uint32)
- func (ejte *EventJumpTableElement) SetValue(progFd uint32)
- func (ejte *EventJumpTableElement) ValuePointer() unsafe.Pointer
type KABPFEventName
type KABPFManager
- func NewKABPFManager() *KABPFManager
- func (bm *KABPFManager) AttachProgram(kaProg KABPFProg) error
- func (bm *KABPFManager) DestroyMap(kaMap KABPFMap) error
- func (bm *KABPFManager) DestroyProgram(kaProg KABPFProg) error
- func (bm *KABPFManager) DetachProgram(kaProg KABPFProg) error
- func (bm *KABPFManager) InitMap(kaMap KABPFMap, pin bool) error
- func (bm *KABPFManager) InitProgram(kaProg KABPFProg) error
- func (bm *KABPFManager) MapDeleteElement(e lbpf.KABPFMapElement) error
- func (bm *KABPFManager) MapLookupElement(e lbpf.KABPFMapElement) ([]byte, error)
- func (bm *KABPFManager) MapUpdateElement(e lbpf.KABPFMapElement) error
- func (bm *KABPFManager) SetObjsMapsPath(path string) error
- func (bm *KABPFManager) SetObjsProgsPath(path string) error
type KABPFMap
- func KAEAGetMap(name KABPFMapName) KABPFMap
type KABPFMapName
type KABPFObjFileName
type KABPFProg
- func KAEAGetEntryPointProg(name string) KABPFProg
- func KAEAGetProg(name KABPFProgName) KABPFProg
type KABPFProgName
type KABPFTailProg
type PatternElement
- func (pme *PatternElement) KeyPointer() unsafe.Pointer
- func (pme *PatternElement) MapName() string
- func (pme *PatternElement) SetFoundValue(value []byte)
- func (pme *PatternElement) SetKey(pattern string)
- func (pme *PatternElement) SetValue(patternID uint32)
- func (pme *PatternElement) ValuePointer() unsafe.Pointer
type PatternMapKey
type PatternMapValue
type ProcessFilterElement
- func (pfe *ProcessFilterElement) KeyPointer() unsafe.Pointer
- func (pfe *ProcessFilterElement) MapName() string
- func (pfe *ProcessFilterElement) SetFoundValue(value []byte)
- func (pfe *ProcessFilterElement) SetKey(pidNS, mntNS, hostPID uint32)
- func (pfe *ProcessFilterElement) SetValue(inspect bool)
- func (pfe *ProcessFilterElement) ValuePointer() unsafe.Pointer
type ProcessFilterKey
type ProcessFilterValue
type ProcessJMPElement
- func (pme *ProcessJMPElement) KeyPointer() unsafe.Pointer
- func (pme *ProcessJMPElement) MapName() string
- func (pme *ProcessJMPElement) SetFoundValue(value []byte)
- func (pme *ProcessJMPElement) SetKey(index uint32)
- func (pme *ProcessJMPElement) SetValue(progFD uint32)
- func (pme *ProcessJMPElement) ValuePointer() unsafe.Pointer
type ProcessSpecElement
- func (pse *ProcessSpecElement) KeyPointer() unsafe.Pointer
- func (pse *ProcessSpecElement) MapName() string
- func (pse *ProcessSpecElement) SetFoundValue(value []byte)
- func (pse *ProcessSpecElement) SetKey(pidNS, mntNS, patternID uint32)
- func (pse *ProcessSpecElement) SetValue(inspect bool)
- func (pse *ProcessSpecElement) ValuePointer() unsafe.Pointer
type ProcessSpecKey
type ProcessSpecValue
type Token
type TokenType
type TokenValue

Constants ¶

View Source

const (
	CodeGenSourcePrefix = "./BPF/codegen_"
	CodeGenSourceSuffix = ".bpf.c"
	CodeGenObjectPrefix = "codegen_"
	CodeGenObjectSuffix = ".bpf.o"
)

Configuration

View Source

const (
	KAEASysExecveProg      KABPFProgName    = "ka_ea_sched_process_exec"
	KAEASysExecveEvent     KABPFEventName   = "sched/sched_process_exec"
	KAEASysExecveTailProg0 KABPFProgName    = "ka_ea_sched_process_exec_0"
	KAEASysExecveTailProg1 KABPFProgName    = "ka_ea_sched_process_exec_1"
	KAEASysExecveProgFile  KABPFObjFileName = "ka_ea_process.bpf.o"

	KAEASysExitProg     KABPFProgName    = "ka_ea_sched_process_exit"
	KAEASysExitEvent    KABPFEventName   = "sched/sched_process_exit"
	KAEASysExitProgFile KABPFObjFileName = "ka_ea_process.bpf.o"
)

KubeArmor Event Auditor Programs

View Source

const (
	KAEAProcessJMPMap     KABPFMapName     = "ka_ea_process_jmp_map"
	KAEAProcessJMPMapFile KABPFObjFileName = "ka_ea_process.bpf.o"

	KAEAPatternMap     KABPFMapName     = "ka_ea_pattern_map"
	KAEAPatternMapFile KABPFObjFileName = "ka_ea_process.bpf.o"

	KAEAProcessSpecMap     KABPFMapName     = "ka_ea_process_spec_map"
	KAEAProcessSpecMapFile KABPFObjFileName = "ka_ea_process.bpf.o"

	KAEAProcessFilterMap     KABPFMapName     = "ka_ea_process_filter_map"
	KAEAProcessFilterMapFile KABPFObjFileName = "ka_ea_process.bpf.o"

	KAEAEventMap     KABPFMapName     = "ka_ea_event_map"
	KAEAEventMapFile KABPFObjFileName = "ka_ea_entrypoint.bpf.o"

	KAEAEventFilterMap     KABPFMapName     = "ka_ea_event_filter_map"
	KAEAEventFilterMapFile KABPFObjFileName = "ka_ea_entrypoint.bpf.o"

	KAEAEventJumpTable     KABPFMapName     = "ka_ea_event_jmp_table"
	KAEAEventJumpTableFile KABPFObjFileName = "ka_ea_entrypoint.bpf.o"
)

KubeArmor Event Auditor Maps

View Source

const KABPFPinBasePath = "/sys/fs/bpf/"

KABPFPinBasePath constant

View Source

const PatternMaxLen = int(C.MAX_PATTERN_LEN)

PatternMaxLen constant

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type EventAuditor ¶

type EventAuditor struct {
	// logs
	Logger *fd.Feeder

	// containers
	Containers     *map[string]tp.Container
	ContainersLock **sync.RWMutex

	// endpoints
	EndPoints     *[]tp.EndPoint
	EndPointsLock **sync.RWMutex

	// audit policies
	AuditPolicies     *map[string]tp.AuditPolicy
	AuditPoliciesLock **sync.RWMutex

	// bpf
	BPFManager *KABPFManager

	// all entrypoints that KubeArmor supports
	SupportedEntryPoints map[string]uint32

	// entrypoint arguments
	EntryPointParameters map[string][]string

	// all entrypoints in the audit policy
	ActiveEntryPoints []string

	// patterns and process specs
	Patterns     map[PatternElement]bool
	ProcessSpecs map[ProcessSpecElement]bool

	// cache for compiled rules
	// map[eventString]codeBlock
	EventCodeBlockCache map[string]string

	// cache for loaded programs
	// map[sourceCode]jumpTableIndex
	EventProgramCache map[string]uint32

	// next index to use
	NextJumpTableIndex uint32

	// lock for caches and index count
	CacheIndexLock *sync.RWMutex
}

EventAuditor Structure

func NewEventAuditor ¶

func NewEventAuditor(feeder *fd.Feeder, containers *map[string]tp.Container, containersLock **sync.RWMutex,
	endPoints *[]tp.EndPoint, endPointsLock **sync.RWMutex, auditPolicies *map[string]tp.AuditPolicy, auditPoliciesLock **sync.RWMutex) *EventAuditor

NewEventAuditor Function

func (*EventAuditor) DestroyEntryPointPrograms ¶

func (ea *EventAuditor) DestroyEntryPointPrograms(bman *KABPFManager) error

DestroyEntryPointPrograms Function

func (*EventAuditor) DestroyEntryPoints ¶

func (ea *EventAuditor) DestroyEntryPoints() bool

DestroyEntryPoints Function

func (*EventAuditor) DestroyEventAuditor ¶

func (ea *EventAuditor) DestroyEventAuditor() error

DestroyEventAuditor Function

func (*EventAuditor) DestroyProcessMaps ¶

func (ea *EventAuditor) DestroyProcessMaps(bman *KABPFManager) error

DestroyProcessMaps Function

func (*EventAuditor) DestroyProcessPrograms ¶

func (ea *EventAuditor) DestroyProcessPrograms(bman *KABPFManager) error

DestroyProcessPrograms Function

func (*EventAuditor) DisableEntryPoint ¶

func (ea *EventAuditor) DisableEntryPoint(probe string)

DisableEntryPoint Function

func (*EventAuditor) EnableEntryPoint ¶

func (ea *EventAuditor) EnableEntryPoint(probe string)

EnableEntryPoint Function

func (*EventAuditor) GenerateAuditProgram ¶

func (ea *EventAuditor) GenerateAuditProgram(probe string, codeBlocks []string) string

GenerateAuditProgram Function

func (*EventAuditor) GenerateCodeBlock ¶

func (ea *EventAuditor) GenerateCodeBlock(auditEvent tp.AuditEventType) (string, error)

GenerateCodeBlock Function

func (*EventAuditor) InitializeEntryPointPrograms ¶

func (ea *EventAuditor) InitializeEntryPointPrograms(bman *KABPFManager) error

InitializeEntryPointPrograms Function

func (*EventAuditor) InitializeEntryPoints ¶

func (ea *EventAuditor) InitializeEntryPoints() bool

InitializeEntryPoints Function

func (*EventAuditor) InitializeProcessMaps ¶

func (ea *EventAuditor) InitializeProcessMaps(bman *KABPFManager) error

InitializeProcessMaps Function

func (*EventAuditor) InitializeProcessPrograms ¶

func (ea *EventAuditor) InitializeProcessPrograms(bman *KABPFManager) error

InitializeProcessPrograms Function

func (*EventAuditor) LoadAuditProgram ¶

func (ea *EventAuditor) LoadAuditProgram(source string, probe string) (uint32, error)

LoadAuditProgram Function

func (*EventAuditor) PopulateProcessJMPMap ¶

func (ea *EventAuditor) PopulateProcessJMPMap(bman *KABPFManager) error

PopulateProcessJMPMap Function

func (*EventAuditor) SaveRuntimeInfo ¶

func (ea *EventAuditor) SaveRuntimeInfo() error

SaveRuntimeInfo Function

func (*EventAuditor) UpdateAuditPrograms ¶

func (ea *EventAuditor) UpdateAuditPrograms()

UpdateAuditPrograms Function

func (*EventAuditor) UpdateEntryPoints ¶

func (ea *EventAuditor) UpdateEntryPoints()

UpdateEntryPoints Function

func (*EventAuditor) UpdateProcessMaps ¶

func (ea *EventAuditor) UpdateProcessMaps()

UpdateProcessMaps Function

type EventElement ¶

type EventElement struct {
	Key   uint32
	Value uint32
}

EventElement Structure

func (*EventElement) KeyPointer ¶

func (ee *EventElement) KeyPointer() unsafe.Pointer

KeyPointer Function (EventElement)

func (*EventElement) MapName ¶

func (ee *EventElement) MapName() string

MapName Function (EventElement)

func (*EventElement) SetFoundValue ¶

func (ee *EventElement) SetFoundValue(value []byte)

SetFoundValue Function (EventElement)

func (*EventElement) SetKey ¶

func (ee *EventElement) SetKey(eventID uint32)

SetKey Function (EventElement)

func (*EventElement) SetValue ¶

func (ee *EventElement) SetValue(flag uint32)

SetValue Function (EventElement)

func (*EventElement) ValuePointer ¶

func (ee *EventElement) ValuePointer() unsafe.Pointer

ValuePointer Function (EventElement)

type EventFilterElement ¶

type EventFilterElement struct {
	Key   EventFilterKey
	Value EventFilterValue
}

EventFilterElement Structure

func (*EventFilterElement) KeyPointer ¶

func (efe *EventFilterElement) KeyPointer() unsafe.Pointer

KeyPointer Function (EventFilterElement)

func (*EventFilterElement) MapName ¶

func (efe *EventFilterElement) MapName() string

MapName Function (EventFilterElement)

func (*EventFilterElement) SetFoundValue ¶

func (efe *EventFilterElement) SetFoundValue(value []byte)

SetFoundValue Function (EventFilterElement)

func (*EventFilterElement) SetKey ¶

func (efe *EventFilterElement) SetKey(pidNS, mntNS, eventID uint32)

SetKey Function (EventFilterElement)

func (*EventFilterElement) SetValue ¶

func (efe *EventFilterElement) SetValue(jumpIdx uint32)

SetValue Function (EventFilterElement)

func (*EventFilterElement) ValuePointer ¶

func (efe *EventFilterElement) ValuePointer() unsafe.Pointer

ValuePointer Function (EventFilterElement)

type EventFilterKey ¶

type EventFilterKey struct {
	PidNS   uint32
	MntNS   uint32
	EventID uint32
}

EventFilterKey Structure

type EventFilterValue ¶

type EventFilterValue struct {
	JumpIdx uint32
}

EventFilterValue Structure

type EventJumpTableElement ¶

type EventJumpTableElement struct {
	JumpIdx uint32
	ProgFD  uint32
}

EventJumpTableElement Structure

func (*EventJumpTableElement) KeyPointer ¶

func (ejte *EventJumpTableElement) KeyPointer() unsafe.Pointer

KeyPointer Function (EventJumpTableElement)

func (*EventJumpTableElement) MapName ¶

func (ejte *EventJumpTableElement) MapName() string

MapName Function (EventJumpTableElement)

func (*EventJumpTableElement) SetFoundValue ¶

func (ejte *EventJumpTableElement) SetFoundValue(value []byte)

SetFoundValue Function (EventFilterElement)

func (*EventJumpTableElement) SetKey ¶

func (ejte *EventJumpTableElement) SetKey(jumpIdx uint32)

SetKey Function (EventJumpTableElement)

func (*EventJumpTableElement) SetValue ¶

func (ejte *EventJumpTableElement) SetValue(progFd uint32)

SetValue Function (EventJumpTableElement)

func (*EventJumpTableElement) ValuePointer ¶

func (ejte *EventJumpTableElement) ValuePointer() unsafe.Pointer

ValuePointer Function (EventJumpTableElement)

type KABPFEventName ¶

type KABPFEventName string

KABPFEventName type

type KABPFManager ¶

type KABPFManager struct {
	// contains filtered or unexported fields
}

KABPFManager Structure

func NewKABPFManager ¶

func NewKABPFManager() *KABPFManager

NewKABPFManager Fucntion

func (*KABPFManager) AttachProgram ¶

func (bm *KABPFManager) AttachProgram(kaProg KABPFProg) error

AttachProgram Function

func (*KABPFManager) DestroyMap ¶

func (bm *KABPFManager) DestroyMap(kaMap KABPFMap) error

DestroyMap Function

func (*KABPFManager) DestroyProgram ¶

func (bm *KABPFManager) DestroyProgram(kaProg KABPFProg) error

DestroyProgram Function

func (*KABPFManager) DetachProgram ¶

func (bm *KABPFManager) DetachProgram(kaProg KABPFProg) error

DetachProgram Function

func (*KABPFManager) InitMap ¶

func (bm *KABPFManager) InitMap(kaMap KABPFMap, pin bool) error

InitMap Function

func (*KABPFManager) InitProgram ¶

func (bm *KABPFManager) InitProgram(kaProg KABPFProg) error

InitProgram Function

func (*KABPFManager) MapDeleteElement ¶

func (bm *KABPFManager) MapDeleteElement(e lbpf.KABPFMapElement) error

MapDeleteElement Function

func (*KABPFManager) MapLookupElement ¶

func (bm *KABPFManager) MapLookupElement(e lbpf.KABPFMapElement) ([]byte, error)

MapLookupElement Function

func (*KABPFManager) MapUpdateElement ¶

func (bm *KABPFManager) MapUpdateElement(e lbpf.KABPFMapElement) error

MapUpdateElement Function

func (*KABPFManager) SetObjsMapsPath ¶

func (bm *KABPFManager) SetObjsMapsPath(path string) error

SetObjsMapsPath Function

func (*KABPFManager) SetObjsProgsPath ¶

func (bm *KABPFManager) SetObjsProgsPath(path string) error

SetObjsProgsPath Function

type KABPFMap ¶

type KABPFMap struct {
	Name     KABPFMapName
	FileName KABPFObjFileName
}

KABPFMap structure

func KAEAGetMap ¶

func KAEAGetMap(name KABPFMapName) KABPFMap

KAEAGetMap Function

type KABPFMapName ¶

type KABPFMapName string

KABPFMapName type

type KABPFObjFileName ¶

type KABPFObjFileName string

KABPFObjFileName type

type KABPFProg ¶

type KABPFProg struct {
	Name      KABPFProgName
	EventName KABPFEventName
	EventType lbpf.KABPFLinkType
	TailProgs []KABPFTailProg
	FileName  KABPFObjFileName
}

KABPFProg structure

func KAEAGetEntryPointProg ¶

func KAEAGetEntryPointProg(name string) KABPFProg

KAEAGetEntryPointProg Function

func KAEAGetProg ¶

func KAEAGetProg(name KABPFProgName) KABPFProg

KAEAGetProg Function

type KABPFProgName ¶

type KABPFProgName string

KABPFProgName type

type KABPFTailProg ¶

type KABPFTailProg struct {
	Name  KABPFProgName
	Index uint32
}

KABPFTailProg structure

type PatternElement ¶

type PatternElement struct {
	Key   PatternMapKey
	Value PatternMapValue
}

PatternElement Structure

func (*PatternElement) KeyPointer ¶

func (pme *PatternElement) KeyPointer() unsafe.Pointer

KeyPointer Function (PatternElement)

func (*PatternElement) MapName ¶

func (pme *PatternElement) MapName() string

MapName Function (PatternElement)

func (*PatternElement) SetFoundValue ¶

func (pme *PatternElement) SetFoundValue(value []byte)

SetFoundValue Function (PatternElement)

func (*PatternElement) SetKey ¶

func (pme *PatternElement) SetKey(pattern string)

SetKey Function (PatternElement)

func (*PatternElement) SetValue ¶

func (pme *PatternElement) SetValue(patternID uint32)

SetValue Function (PatternElement)

func (*PatternElement) ValuePointer ¶

func (pme *PatternElement) ValuePointer() unsafe.Pointer

ValuePointer Function (PatternElement)

type PatternMapKey ¶

type PatternMapKey struct {
	Pattern [PatternMaxLen]byte
}

PatternMapKey Structure

type PatternMapValue ¶

type PatternMapValue struct {
	PatternID uint32
}

PatternMapValue Structure

type ProcessFilterElement ¶

type ProcessFilterElement struct {
	Key   ProcessFilterKey
	Value ProcessFilterValue
}

ProcessFilterElement Structure

func (*ProcessFilterElement) KeyPointer ¶

func (pfe *ProcessFilterElement) KeyPointer() unsafe.Pointer

KeyPointer Function (ProcessFilterElement)

func (*ProcessFilterElement) MapName ¶

func (pfe *ProcessFilterElement) MapName() string

MapName Function (ProcessFilterElement)

func (*ProcessFilterElement) SetFoundValue ¶

func (pfe *ProcessFilterElement) SetFoundValue(value []byte)

SetFoundValue Function (ProcessFilterElement)

func (*ProcessFilterElement) SetKey ¶

func (pfe *ProcessFilterElement) SetKey(pidNS, mntNS, hostPID uint32)

SetKey Function (ProcessFilterElement)

func (*ProcessFilterElement) SetValue ¶

func (pfe *ProcessFilterElement) SetValue(inspect bool)

SetValue Function (ProcessFilterElement)

func (*ProcessFilterElement) ValuePointer ¶

func (pfe *ProcessFilterElement) ValuePointer() unsafe.Pointer

ValuePointer Function (ProcessFilterElement)

type ProcessFilterKey ¶

type ProcessFilterKey struct {
	PidNS   uint32
	MntNS   uint32
	HostPID uint32
}

ProcessFilterKey Structure

type ProcessFilterValue ¶

type ProcessFilterValue struct {
	Inspect bool
}

ProcessFilterValue Structure

type ProcessJMPElement ¶

type ProcessJMPElement struct {
	Key   uint32
	Value uint32
}

ProcessJMPElement Structure

func (*ProcessJMPElement) KeyPointer ¶

func (pme *ProcessJMPElement) KeyPointer() unsafe.Pointer

KeyPointer Function (ProcessJMPElement)

func (*ProcessJMPElement) MapName ¶

func (pme *ProcessJMPElement) MapName() string

MapName Function (ProcessJMPElement)

func (*ProcessJMPElement) SetFoundValue ¶

func (pme *ProcessJMPElement) SetFoundValue(value []byte)

SetFoundValue Function (ProcessJMPElement)

func (*ProcessJMPElement) SetKey ¶

func (pme *ProcessJMPElement) SetKey(index uint32)

SetKey Function (ProcessJMPElement)

func (*ProcessJMPElement) SetValue ¶

func (pme *ProcessJMPElement) SetValue(progFD uint32)

SetValue Function (ProcessJMPElement)

func (*ProcessJMPElement) ValuePointer ¶

func (pme *ProcessJMPElement) ValuePointer() unsafe.Pointer

ValuePointer Function (ProcessJMPElement)

type ProcessSpecElement ¶

type ProcessSpecElement struct {
	Key   ProcessSpecKey
	Value ProcessSpecValue
}

ProcessSpecElement Structure

func (*ProcessSpecElement) KeyPointer ¶

func (pse *ProcessSpecElement) KeyPointer() unsafe.Pointer

KeyPointer Function (ProcessSpecElement)

func (*ProcessSpecElement) MapName ¶

func (pse *ProcessSpecElement) MapName() string

MapName Function (ProcessSpecElement)

func (*ProcessSpecElement) SetFoundValue ¶

func (pse *ProcessSpecElement) SetFoundValue(value []byte)

SetFoundValue Function (ProcessSpecElement)

func (*ProcessSpecElement) SetKey ¶

func (pse *ProcessSpecElement) SetKey(pidNS, mntNS, patternID uint32)

SetKey Function (ProcessSpecElement)

func (*ProcessSpecElement) SetValue ¶

func (pse *ProcessSpecElement) SetValue(inspect bool)

SetValue Function (ProcessSpecElement)

func (*ProcessSpecElement) ValuePointer ¶

func (pse *ProcessSpecElement) ValuePointer() unsafe.Pointer

ValuePointer Function (ProcessSpecElement)

type ProcessSpecKey ¶

type ProcessSpecKey struct {
	PidNS     uint32
	MntNS     uint32
	PatternID uint32
}

ProcessSpecKey Structure

type ProcessSpecValue ¶

type ProcessSpecValue struct {
	Inspect bool
}

ProcessSpecValue Structure

type Token ¶

type Token struct {
	Type  TokenType
	Value TokenValue
}

Token Structure

type TokenType ¶

type TokenType int64

TokenType Type

const (
	Undefined TokenType = iota
	Number
	Range
	Glob
)

TokenTypes

type TokenValue ¶

type TokenValue interface{}

TokenValue Type

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL