eventchecker

package
v0.0.0-...-8100230 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckerLogPrefix 

func CheckerLogPrefix(checker interface{ GetCheckerType() string }) string

CheckerLogPrefix is a helper that outputs the log prefix for an event checker, which is a combination of the checker type and the checker name if applicable.

func NextResponseCheck 

func NextResponseCheck(c MultiEventChecker, res *tetragon.GetEventsResponse, l *logrus.Logger) (bool, error)

NextResponseCheck checks the next response

Types

type BinaryPropertiesChecker 

type BinaryPropertiesChecker struct {
	Setuid            *uint32                              `json:"setuid,omitempty"`
	Setgid            *uint32                              `json:"setgid,omitempty"`
	PrivilegesChanged *ProcessPrivilegesChangedListMatcher `json:"privilegesChanged,omitempty"`
	File              *FilePropertiesChecker               `json:"file,omitempty"`
}

BinaryPropertiesChecker implements a checker struct to check a BinaryProperties field

func NewBinaryPropertiesChecker 

func NewBinaryPropertiesChecker() *BinaryPropertiesChecker

NewBinaryPropertiesChecker creates a new BinaryPropertiesChecker

func (*BinaryPropertiesChecker) Check 

func (checker *BinaryPropertiesChecker) Check(event *tetragon.BinaryProperties) error

Check checks a BinaryProperties field

func (*BinaryPropertiesChecker) FromBinaryProperties 

func (checker *BinaryPropertiesChecker) FromBinaryProperties(event *tetragon.BinaryProperties) *BinaryPropertiesChecker

FromBinaryProperties populates the BinaryPropertiesChecker using data from a BinaryProperties field

func (*BinaryPropertiesChecker) GetCheckerType 

func (checker *BinaryPropertiesChecker) GetCheckerType() string

Get the type of the checker as a string

func (*BinaryPropertiesChecker) WithFile 

func (checker *BinaryPropertiesChecker) WithFile(check *FilePropertiesChecker) *BinaryPropertiesChecker

WithFile adds a File check to the BinaryPropertiesChecker

func (*BinaryPropertiesChecker) WithPrivilegesChanged 

func (checker *BinaryPropertiesChecker) WithPrivilegesChanged(check *ProcessPrivilegesChangedListMatcher) *BinaryPropertiesChecker

WithPrivilegesChanged adds a PrivilegesChanged check to the BinaryPropertiesChecker

func (*BinaryPropertiesChecker) WithSetgid 

func (checker *BinaryPropertiesChecker) WithSetgid(check uint32) *BinaryPropertiesChecker

WithSetgid adds a Setgid check to the BinaryPropertiesChecker

func (*BinaryPropertiesChecker) WithSetuid 

func (checker *BinaryPropertiesChecker) WithSetuid(check uint32) *BinaryPropertiesChecker

WithSetuid adds a Setuid check to the BinaryPropertiesChecker

type CapabilitiesChecker 

type CapabilitiesChecker struct {
	Permitted   *CapabilitiesTypeListMatcher `json:"permitted,omitempty"`
	Effective   *CapabilitiesTypeListMatcher `json:"effective,omitempty"`
	Inheritable *CapabilitiesTypeListMatcher `json:"inheritable,omitempty"`
}

CapabilitiesChecker implements a checker struct to check a Capabilities field

func NewCapabilitiesChecker 

func NewCapabilitiesChecker() *CapabilitiesChecker

NewCapabilitiesChecker creates a new CapabilitiesChecker

func (*CapabilitiesChecker) Check 

func (checker *CapabilitiesChecker) Check(event *tetragon.Capabilities) error

Check checks a Capabilities field

func (*CapabilitiesChecker) FromCapabilities 

func (checker *CapabilitiesChecker) FromCapabilities(event *tetragon.Capabilities) *CapabilitiesChecker

FromCapabilities populates the CapabilitiesChecker using data from a Capabilities field

func (*CapabilitiesChecker) GetCheckerType 

func (checker *CapabilitiesChecker) GetCheckerType() string

Get the type of the checker as a string

func (*CapabilitiesChecker) WithEffective 

func (checker *CapabilitiesChecker) WithEffective(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker

WithEffective adds a Effective check to the CapabilitiesChecker

func (*CapabilitiesChecker) WithInheritable 

func (checker *CapabilitiesChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker

WithInheritable adds a Inheritable check to the CapabilitiesChecker

func (*CapabilitiesChecker) WithPermitted 

func (checker *CapabilitiesChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker

WithPermitted adds a Permitted check to the CapabilitiesChecker

type CapabilitiesTypeChecker 

type CapabilitiesTypeChecker tetragon.CapabilitiesType

CapabilitiesTypeChecker checks a tetragon.CapabilitiesType

func NewCapabilitiesTypeChecker 

func NewCapabilitiesTypeChecker(val tetragon.CapabilitiesType) *CapabilitiesTypeChecker

NewCapabilitiesTypeChecker creates a new CapabilitiesTypeChecker

func (*CapabilitiesTypeChecker) Check 

func (enum *CapabilitiesTypeChecker) Check(val *tetragon.CapabilitiesType) error

Check checks a CapabilitiesType against the checker

func (CapabilitiesTypeChecker) MarshalJSON 

func (enum CapabilitiesTypeChecker) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface

func (*CapabilitiesTypeChecker) UnmarshalJSON 

func (enum *CapabilitiesTypeChecker) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface

type CapabilitiesTypeListMatcher 

type CapabilitiesTypeListMatcher struct {
	Operator listmatcher.Operator       `json:"operator"`
	Values   []*CapabilitiesTypeChecker `json:"values"`
}

CapabilitiesTypeListMatcher checks a list of tetragon.CapabilitiesType fields

func NewCapabilitiesTypeListMatcher 

func NewCapabilitiesTypeListMatcher() *CapabilitiesTypeListMatcher

NewCapabilitiesTypeListMatcher creates a new CapabilitiesTypeListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*CapabilitiesTypeListMatcher) Check 

func (checker *CapabilitiesTypeListMatcher) Check(values []tetragon.CapabilitiesType) error

Check checks a list of tetragon.CapabilitiesType fields

func (*CapabilitiesTypeListMatcher) WithOperator 

func (checker *CapabilitiesTypeListMatcher) WithOperator(operator listmatcher.Operator) *CapabilitiesTypeListMatcher

WithOperator sets the match kind for the CapabilitiesTypeListMatcher

func (*CapabilitiesTypeListMatcher) WithValues 

func (checker *CapabilitiesTypeListMatcher) WithValues(values ...*CapabilitiesTypeChecker) *CapabilitiesTypeListMatcher

WithValues sets the checkers that the CapabilitiesTypeListMatcher should use

type ContainerChecker 

type ContainerChecker struct {
	Id             *stringmatcher.StringMatcher       `json:"id,omitempty"`
	Name           *stringmatcher.StringMatcher       `json:"name,omitempty"`
	Image          *ImageChecker                      `json:"image,omitempty"`
	StartTime      *timestampmatcher.TimestampMatcher `json:"startTime,omitempty"`
	Pid            *uint32                            `json:"pid,omitempty"`
	MaybeExecProbe *bool                              `json:"maybeExecProbe,omitempty"`
}

ContainerChecker implements a checker struct to check a Container field

func NewContainerChecker 

func NewContainerChecker() *ContainerChecker

NewContainerChecker creates a new ContainerChecker

func (*ContainerChecker) Check 

func (checker *ContainerChecker) Check(event *tetragon.Container) error

Check checks a Container field

func (*ContainerChecker) FromContainer 

func (checker *ContainerChecker) FromContainer(event *tetragon.Container) *ContainerChecker

FromContainer populates the ContainerChecker using data from a Container field

func (*ContainerChecker) GetCheckerType 

func (checker *ContainerChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ContainerChecker) WithId 

func (checker *ContainerChecker) WithId(check *stringmatcher.StringMatcher) *ContainerChecker

WithId adds a Id check to the ContainerChecker

func (*ContainerChecker) WithImage 

func (checker *ContainerChecker) WithImage(check *ImageChecker) *ContainerChecker

WithImage adds a Image check to the ContainerChecker

func (*ContainerChecker) WithMaybeExecProbe 

func (checker *ContainerChecker) WithMaybeExecProbe(check bool) *ContainerChecker

WithMaybeExecProbe adds a MaybeExecProbe check to the ContainerChecker

func (*ContainerChecker) WithName 

func (checker *ContainerChecker) WithName(check *stringmatcher.StringMatcher) *ContainerChecker

WithName adds a Name check to the ContainerChecker

func (*ContainerChecker) WithPid 

func (checker *ContainerChecker) WithPid(check uint32) *ContainerChecker

WithPid adds a Pid check to the ContainerChecker

func (*ContainerChecker) WithStartTime 

func (checker *ContainerChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ContainerChecker

WithStartTime adds a StartTime check to the ContainerChecker

type Event 

type Event tetragon.Event

Event is an empty interface used for events like ProcessExec, etc.

func EventFromResponse 

func EventFromResponse(response *tetragon.GetEventsResponse) (Event, error)

EventFromResponse coerces an event from a Tetragon gRPC response

type EventChecker 

type EventChecker interface {
	// CheckEvent checks a single event
	CheckEvent(Event) error
	// CheckEvent checks a single gRPC response
	CheckResponse(*tetragon.GetEventsResponse) error
}

EventChecker is an interface for checking a Tetragon event

func CheckerFromEvent 

func CheckerFromEvent(event Event) (EventChecker, error)

CheckerFromEvent converts an event into an EventChecker

func CheckerFromResponse 

func CheckerFromResponse(response *tetragon.GetEventsResponse) (EventChecker, error)

ResponseToChecker converts a gRPC response into an EventChecker

type FilePropertiesChecker 

type FilePropertiesChecker struct {
	Inode *InodePropertiesChecker      `json:"inode,omitempty"`
	Path  *stringmatcher.StringMatcher `json:"path,omitempty"`
}

FilePropertiesChecker implements a checker struct to check a FileProperties field

func NewFilePropertiesChecker 

func NewFilePropertiesChecker() *FilePropertiesChecker

NewFilePropertiesChecker creates a new FilePropertiesChecker

func (*FilePropertiesChecker) Check 

func (checker *FilePropertiesChecker) Check(event *tetragon.FileProperties) error

Check checks a FileProperties field

func (*FilePropertiesChecker) FromFileProperties 

func (checker *FilePropertiesChecker) FromFileProperties(event *tetragon.FileProperties) *FilePropertiesChecker

FromFileProperties populates the FilePropertiesChecker using data from a FileProperties field

func (*FilePropertiesChecker) GetCheckerType 

func (checker *FilePropertiesChecker) GetCheckerType() string

Get the type of the checker as a string

func (*FilePropertiesChecker) WithInode 

func (checker *FilePropertiesChecker) WithInode(check *InodePropertiesChecker) *FilePropertiesChecker

WithInode adds a Inode check to the FilePropertiesChecker

func (*FilePropertiesChecker) WithPath 

func (checker *FilePropertiesChecker) WithPath(check *stringmatcher.StringMatcher) *FilePropertiesChecker

WithPath adds a Path check to the FilePropertiesChecker

type FnEventChecker 

type FnEventChecker struct {
	// NextCheckFn checks an event and returns a boolean value indicating
	// whether the checker has concluded, and an error indicating whether the
	// check was successful. The boolean value allows short-circuiting checks.
	//
	// Specifically:
	// (false,  nil): this event check was successful, but need to check more events
	// (false, !nil): this event check not was successful, but need to check more events
	// (true,   nil): checker was successful, no need to check more events
	// (true,  !nil): checker failed, no need to check more events
	NextCheckFn func(Event, *logrus.Logger) (bool, error)
	// FinalCheckFn indicates that the sequence of events has ended, and asks the
	// checker to make a final decision. Any cleanup should also be performed here.
	FinalCheckFn func(*logrus.Logger) error
}

FnEventChecker checks a series of events using custom-defined functions for the MultiEventChecker implementation

func (*FnEventChecker) FinalCheck 

func (checker *FnEventChecker) FinalCheck(logger *logrus.Logger) error

FinalCheck implements the MultiEventChecker interface

func (*FnEventChecker) NextEventCheck 

func (checker *FnEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)

NextEventCheck implements the MultiEventChecker interface

type ImageChecker 

type ImageChecker struct {
	Id   *stringmatcher.StringMatcher `json:"id,omitempty"`
	Name *stringmatcher.StringMatcher `json:"name,omitempty"`
}

ImageChecker implements a checker struct to check a Image field

func NewImageChecker 

func NewImageChecker() *ImageChecker

NewImageChecker creates a new ImageChecker

func (*ImageChecker) Check 

func (checker *ImageChecker) Check(event *tetragon.Image) error

Check checks a Image field

func (*ImageChecker) FromImage 

func (checker *ImageChecker) FromImage(event *tetragon.Image) *ImageChecker

FromImage populates the ImageChecker using data from a Image field

func (*ImageChecker) GetCheckerType 

func (checker *ImageChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ImageChecker) WithId 

func (checker *ImageChecker) WithId(check *stringmatcher.StringMatcher) *ImageChecker

WithId adds a Id check to the ImageChecker

func (*ImageChecker) WithName 

func (checker *ImageChecker) WithName(check *stringmatcher.StringMatcher) *ImageChecker

WithName adds a Name check to the ImageChecker

type InodePropertiesChecker 

type InodePropertiesChecker struct {
	Number *uint64 `json:"number,omitempty"`
	Links  *uint32 `json:"links,omitempty"`
}

InodePropertiesChecker implements a checker struct to check a InodeProperties field

func NewInodePropertiesChecker 

func NewInodePropertiesChecker() *InodePropertiesChecker

NewInodePropertiesChecker creates a new InodePropertiesChecker

func (*InodePropertiesChecker) Check 

func (checker *InodePropertiesChecker) Check(event *tetragon.InodeProperties) error

Check checks a InodeProperties field

func (*InodePropertiesChecker) FromInodeProperties 

func (checker *InodePropertiesChecker) FromInodeProperties(event *tetragon.InodeProperties) *InodePropertiesChecker

FromInodeProperties populates the InodePropertiesChecker using data from a InodeProperties field

func (*InodePropertiesChecker) GetCheckerType 

func (checker *InodePropertiesChecker) GetCheckerType() string

Get the type of the checker as a string 

func (checker *InodePropertiesChecker) WithLinks(check uint32) *InodePropertiesChecker

WithLinks adds a Links check to the InodePropertiesChecker

func (*InodePropertiesChecker) WithNumber 

func (checker *InodePropertiesChecker) WithNumber(check uint64) *InodePropertiesChecker

WithNumber adds a Number check to the InodePropertiesChecker

type KernelModuleChecker 

type KernelModuleChecker struct {
	Name        *stringmatcher.StringMatcher `json:"name,omitempty"`
	SignatureOk *bool                        `json:"signatureOk,omitempty"`
	Tainted     *TaintedBitsTypeListMatcher  `json:"tainted,omitempty"`
}

KernelModuleChecker implements a checker struct to check a KernelModule field

func NewKernelModuleChecker 

func NewKernelModuleChecker() *KernelModuleChecker

NewKernelModuleChecker creates a new KernelModuleChecker

func (*KernelModuleChecker) Check 

func (checker *KernelModuleChecker) Check(event *tetragon.KernelModule) error

Check checks a KernelModule field

func (*KernelModuleChecker) FromKernelModule 

func (checker *KernelModuleChecker) FromKernelModule(event *tetragon.KernelModule) *KernelModuleChecker

FromKernelModule populates the KernelModuleChecker using data from a KernelModule field

func (*KernelModuleChecker) GetCheckerType 

func (checker *KernelModuleChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KernelModuleChecker) WithName 

func (checker *KernelModuleChecker) WithName(check *stringmatcher.StringMatcher) *KernelModuleChecker

WithName adds a Name check to the KernelModuleChecker

func (*KernelModuleChecker) WithSignatureOk 

func (checker *KernelModuleChecker) WithSignatureOk(check bool) *KernelModuleChecker

WithSignatureOk adds a SignatureOk check to the KernelModuleChecker

func (*KernelModuleChecker) WithTainted 

func (checker *KernelModuleChecker) WithTainted(check *TaintedBitsTypeListMatcher) *KernelModuleChecker

WithTainted adds a Tainted check to the KernelModuleChecker

type KprobeActionChecker 

type KprobeActionChecker tetragon.KprobeAction

KprobeActionChecker checks a tetragon.KprobeAction

func NewKprobeActionChecker 

func NewKprobeActionChecker(val tetragon.KprobeAction) *KprobeActionChecker

NewKprobeActionChecker creates a new KprobeActionChecker

func (*KprobeActionChecker) Check 

func (enum *KprobeActionChecker) Check(val *tetragon.KprobeAction) error

Check checks a KprobeAction against the checker

func (KprobeActionChecker) MarshalJSON 

func (enum KprobeActionChecker) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface

func (*KprobeActionChecker) UnmarshalJSON 

func (enum *KprobeActionChecker) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface

type KprobeArgumentChecker 

type KprobeArgumentChecker struct {
	StringArg             *stringmatcher.StringMatcher `json:"stringArg,omitempty"`
	IntArg                *int32                       `json:"intArg,omitempty"`
	SkbArg                *KprobeSkbChecker            `json:"skbArg,omitempty"`
	SizeArg               *uint64                      `json:"sizeArg,omitempty"`
	BytesArg              *bytesmatcher.BytesMatcher   `json:"bytesArg,omitempty"`
	PathArg               *KprobePathChecker           `json:"pathArg,omitempty"`
	FileArg               *KprobeFileChecker           `json:"fileArg,omitempty"`
	TruncatedBytesArg     *KprobeTruncatedBytesChecker `json:"truncatedBytesArg,omitempty"`
	SockArg               *KprobeSockChecker           `json:"sockArg,omitempty"`
	CredArg               *KprobeCredChecker           `json:"credArg,omitempty"`
	LongArg               *int64                       `json:"longArg,omitempty"`
	BpfAttrArg            *KprobeBpfAttrChecker        `json:"bpfAttrArg,omitempty"`
	PerfEventArg          *KprobePerfEventChecker      `json:"perfEventArg,omitempty"`
	BpfMapArg             *KprobeBpfMapChecker         `json:"bpfMapArg,omitempty"`
	UintArg               *uint32                      `json:"uintArg,omitempty"`
	UserNamespaceArg      *KprobeUserNamespaceChecker  `json:"userNamespaceArg,omitempty"`
	CapabilityArg         *KprobeCapabilityChecker     `json:"capabilityArg,omitempty"`
	ProcessCredentialsArg *ProcessCredentialsChecker   `json:"processCredentialsArg,omitempty"`
	UserNsArg             *UserNamespaceChecker        `json:"userNsArg,omitempty"`
	ModuleArg             *KernelModuleChecker         `json:"moduleArg,omitempty"`
	KernelCapTArg         *stringmatcher.StringMatcher `json:"kernelCapTArg,omitempty"`
	CapInheritableArg     *stringmatcher.StringMatcher `json:"capInheritableArg,omitempty"`
	CapPermittedArg       *stringmatcher.StringMatcher `json:"capPermittedArg,omitempty"`
	CapEffectiveArg       *stringmatcher.StringMatcher `json:"capEffectiveArg,omitempty"`
	LinuxBinprmArg        *KprobeLinuxBinprmChecker    `json:"linuxBinprmArg,omitempty"`
	NetDevArg             *KprobeNetDevChecker         `json:"netDevArg,omitempty"`
	Label                 *stringmatcher.StringMatcher `json:"label,omitempty"`
}

KprobeArgumentChecker implements a checker struct to check a KprobeArgument field

func NewKprobeArgumentChecker 

func NewKprobeArgumentChecker() *KprobeArgumentChecker

NewKprobeArgumentChecker creates a new KprobeArgumentChecker

func (*KprobeArgumentChecker) Check 

func (checker *KprobeArgumentChecker) Check(event *tetragon.KprobeArgument) error

Check checks a KprobeArgument field

func (*KprobeArgumentChecker) FromKprobeArgument 

func (checker *KprobeArgumentChecker) FromKprobeArgument(event *tetragon.KprobeArgument) *KprobeArgumentChecker

FromKprobeArgument populates the KprobeArgumentChecker using data from a KprobeArgument field

func (*KprobeArgumentChecker) GetCheckerType 

func (checker *KprobeArgumentChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeArgumentChecker) WithBpfAttrArg 

func (checker *KprobeArgumentChecker) WithBpfAttrArg(check *KprobeBpfAttrChecker) *KprobeArgumentChecker

WithBpfAttrArg adds a BpfAttrArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithBpfMapArg 

func (checker *KprobeArgumentChecker) WithBpfMapArg(check *KprobeBpfMapChecker) *KprobeArgumentChecker

WithBpfMapArg adds a BpfMapArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithBytesArg 

func (checker *KprobeArgumentChecker) WithBytesArg(check *bytesmatcher.BytesMatcher) *KprobeArgumentChecker

WithBytesArg adds a BytesArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithCapEffectiveArg 

func (checker *KprobeArgumentChecker) WithCapEffectiveArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker

WithCapEffectiveArg adds a CapEffectiveArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithCapInheritableArg 

func (checker *KprobeArgumentChecker) WithCapInheritableArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker

WithCapInheritableArg adds a CapInheritableArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithCapPermittedArg 

func (checker *KprobeArgumentChecker) WithCapPermittedArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker

WithCapPermittedArg adds a CapPermittedArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithCapabilityArg 

func (checker *KprobeArgumentChecker) WithCapabilityArg(check *KprobeCapabilityChecker) *KprobeArgumentChecker

WithCapabilityArg adds a CapabilityArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithCredArg 

func (checker *KprobeArgumentChecker) WithCredArg(check *KprobeCredChecker) *KprobeArgumentChecker

WithCredArg adds a CredArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithFileArg 

func (checker *KprobeArgumentChecker) WithFileArg(check *KprobeFileChecker) *KprobeArgumentChecker

WithFileArg adds a FileArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithIntArg 

func (checker *KprobeArgumentChecker) WithIntArg(check int32) *KprobeArgumentChecker

WithIntArg adds a IntArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithKernelCapTArg 

func (checker *KprobeArgumentChecker) WithKernelCapTArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker

WithKernelCapTArg adds a KernelCapTArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithLabel 

func (checker *KprobeArgumentChecker) WithLabel(check *stringmatcher.StringMatcher) *KprobeArgumentChecker

WithLabel adds a Label check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithLinuxBinprmArg 

func (checker *KprobeArgumentChecker) WithLinuxBinprmArg(check *KprobeLinuxBinprmChecker) *KprobeArgumentChecker

WithLinuxBinprmArg adds a LinuxBinprmArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithLongArg 

func (checker *KprobeArgumentChecker) WithLongArg(check int64) *KprobeArgumentChecker

WithLongArg adds a LongArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithModuleArg 

func (checker *KprobeArgumentChecker) WithModuleArg(check *KernelModuleChecker) *KprobeArgumentChecker

WithModuleArg adds a ModuleArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithNetDevArg 

func (checker *KprobeArgumentChecker) WithNetDevArg(check *KprobeNetDevChecker) *KprobeArgumentChecker

WithNetDevArg adds a NetDevArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithPathArg 

func (checker *KprobeArgumentChecker) WithPathArg(check *KprobePathChecker) *KprobeArgumentChecker

WithPathArg adds a PathArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithPerfEventArg 

func (checker *KprobeArgumentChecker) WithPerfEventArg(check *KprobePerfEventChecker) *KprobeArgumentChecker

WithPerfEventArg adds a PerfEventArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithProcessCredentialsArg 

func (checker *KprobeArgumentChecker) WithProcessCredentialsArg(check *ProcessCredentialsChecker) *KprobeArgumentChecker

WithProcessCredentialsArg adds a ProcessCredentialsArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithSizeArg 

func (checker *KprobeArgumentChecker) WithSizeArg(check uint64) *KprobeArgumentChecker

WithSizeArg adds a SizeArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithSkbArg 

func (checker *KprobeArgumentChecker) WithSkbArg(check *KprobeSkbChecker) *KprobeArgumentChecker

WithSkbArg adds a SkbArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithSockArg 

func (checker *KprobeArgumentChecker) WithSockArg(check *KprobeSockChecker) *KprobeArgumentChecker

WithSockArg adds a SockArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithStringArg 

func (checker *KprobeArgumentChecker) WithStringArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker

WithStringArg adds a StringArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithTruncatedBytesArg 

func (checker *KprobeArgumentChecker) WithTruncatedBytesArg(check *KprobeTruncatedBytesChecker) *KprobeArgumentChecker

WithTruncatedBytesArg adds a TruncatedBytesArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithUintArg 

func (checker *KprobeArgumentChecker) WithUintArg(check uint32) *KprobeArgumentChecker

WithUintArg adds a UintArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithUserNamespaceArg 

func (checker *KprobeArgumentChecker) WithUserNamespaceArg(check *KprobeUserNamespaceChecker) *KprobeArgumentChecker

WithUserNamespaceArg adds a UserNamespaceArg check to the KprobeArgumentChecker

func (*KprobeArgumentChecker) WithUserNsArg 

func (checker *KprobeArgumentChecker) WithUserNsArg(check *UserNamespaceChecker) *KprobeArgumentChecker

WithUserNsArg adds a UserNsArg check to the KprobeArgumentChecker

type KprobeArgumentListMatcher 

type KprobeArgumentListMatcher struct {
	Operator listmatcher.Operator     `json:"operator"`
	Values   []*KprobeArgumentChecker `json:"values"`
}

KprobeArgumentListMatcher checks a list of *tetragon.KprobeArgument fields

func NewKprobeArgumentListMatcher 

func NewKprobeArgumentListMatcher() *KprobeArgumentListMatcher

NewKprobeArgumentListMatcher creates a new KprobeArgumentListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*KprobeArgumentListMatcher) Check 

func (checker *KprobeArgumentListMatcher) Check(values []*tetragon.KprobeArgument) error

Check checks a list of *tetragon.KprobeArgument fields

func (*KprobeArgumentListMatcher) WithOperator 

func (checker *KprobeArgumentListMatcher) WithOperator(operator listmatcher.Operator) *KprobeArgumentListMatcher

WithOperator sets the match kind for the KprobeArgumentListMatcher

func (*KprobeArgumentListMatcher) WithValues 

func (checker *KprobeArgumentListMatcher) WithValues(values ...*KprobeArgumentChecker) *KprobeArgumentListMatcher

WithValues sets the checkers that the KprobeArgumentListMatcher should use

type KprobeBpfAttrChecker 

type KprobeBpfAttrChecker struct {
	ProgType *stringmatcher.StringMatcher `json:"ProgType,omitempty"`
	InsnCnt  *uint32                      `json:"InsnCnt,omitempty"`
	ProgName *stringmatcher.StringMatcher `json:"ProgName,omitempty"`
}

KprobeBpfAttrChecker implements a checker struct to check a KprobeBpfAttr field

func NewKprobeBpfAttrChecker 

func NewKprobeBpfAttrChecker() *KprobeBpfAttrChecker

NewKprobeBpfAttrChecker creates a new KprobeBpfAttrChecker

func (*KprobeBpfAttrChecker) Check 

func (checker *KprobeBpfAttrChecker) Check(event *tetragon.KprobeBpfAttr) error

Check checks a KprobeBpfAttr field

func (*KprobeBpfAttrChecker) FromKprobeBpfAttr 

func (checker *KprobeBpfAttrChecker) FromKprobeBpfAttr(event *tetragon.KprobeBpfAttr) *KprobeBpfAttrChecker

FromKprobeBpfAttr populates the KprobeBpfAttrChecker using data from a KprobeBpfAttr field

func (*KprobeBpfAttrChecker) GetCheckerType 

func (checker *KprobeBpfAttrChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeBpfAttrChecker) WithInsnCnt 

func (checker *KprobeBpfAttrChecker) WithInsnCnt(check uint32) *KprobeBpfAttrChecker

WithInsnCnt adds a InsnCnt check to the KprobeBpfAttrChecker

func (*KprobeBpfAttrChecker) WithProgName 

func (checker *KprobeBpfAttrChecker) WithProgName(check *stringmatcher.StringMatcher) *KprobeBpfAttrChecker

WithProgName adds a ProgName check to the KprobeBpfAttrChecker

func (*KprobeBpfAttrChecker) WithProgType 

func (checker *KprobeBpfAttrChecker) WithProgType(check *stringmatcher.StringMatcher) *KprobeBpfAttrChecker

WithProgType adds a ProgType check to the KprobeBpfAttrChecker

type KprobeBpfMapChecker 

type KprobeBpfMapChecker struct {
	MapType    *stringmatcher.StringMatcher `json:"MapType,omitempty"`
	KeySize    *uint32                      `json:"KeySize,omitempty"`
	ValueSize  *uint32                      `json:"ValueSize,omitempty"`
	MaxEntries *uint32                      `json:"MaxEntries,omitempty"`
	MapName    *stringmatcher.StringMatcher `json:"MapName,omitempty"`
}

KprobeBpfMapChecker implements a checker struct to check a KprobeBpfMap field

func NewKprobeBpfMapChecker 

func NewKprobeBpfMapChecker() *KprobeBpfMapChecker

NewKprobeBpfMapChecker creates a new KprobeBpfMapChecker

func (*KprobeBpfMapChecker) Check 

func (checker *KprobeBpfMapChecker) Check(event *tetragon.KprobeBpfMap) error

Check checks a KprobeBpfMap field

func (*KprobeBpfMapChecker) FromKprobeBpfMap 

func (checker *KprobeBpfMapChecker) FromKprobeBpfMap(event *tetragon.KprobeBpfMap) *KprobeBpfMapChecker

FromKprobeBpfMap populates the KprobeBpfMapChecker using data from a KprobeBpfMap field

func (*KprobeBpfMapChecker) GetCheckerType 

func (checker *KprobeBpfMapChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeBpfMapChecker) WithKeySize 

func (checker *KprobeBpfMapChecker) WithKeySize(check uint32) *KprobeBpfMapChecker

WithKeySize adds a KeySize check to the KprobeBpfMapChecker

func (*KprobeBpfMapChecker) WithMapName 

func (checker *KprobeBpfMapChecker) WithMapName(check *stringmatcher.StringMatcher) *KprobeBpfMapChecker

WithMapName adds a MapName check to the KprobeBpfMapChecker

func (*KprobeBpfMapChecker) WithMapType 

func (checker *KprobeBpfMapChecker) WithMapType(check *stringmatcher.StringMatcher) *KprobeBpfMapChecker

WithMapType adds a MapType check to the KprobeBpfMapChecker

func (*KprobeBpfMapChecker) WithMaxEntries 

func (checker *KprobeBpfMapChecker) WithMaxEntries(check uint32) *KprobeBpfMapChecker

WithMaxEntries adds a MaxEntries check to the KprobeBpfMapChecker

func (*KprobeBpfMapChecker) WithValueSize 

func (checker *KprobeBpfMapChecker) WithValueSize(check uint32) *KprobeBpfMapChecker

WithValueSize adds a ValueSize check to the KprobeBpfMapChecker

type KprobeCapabilityChecker 

type KprobeCapabilityChecker struct {
	Value *int32                       `json:"value,omitempty"`
	Name  *stringmatcher.StringMatcher `json:"name,omitempty"`
}

KprobeCapabilityChecker implements a checker struct to check a KprobeCapability field

func NewKprobeCapabilityChecker 

func NewKprobeCapabilityChecker() *KprobeCapabilityChecker

NewKprobeCapabilityChecker creates a new KprobeCapabilityChecker

func (*KprobeCapabilityChecker) Check 

func (checker *KprobeCapabilityChecker) Check(event *tetragon.KprobeCapability) error

Check checks a KprobeCapability field

func (*KprobeCapabilityChecker) FromKprobeCapability 

func (checker *KprobeCapabilityChecker) FromKprobeCapability(event *tetragon.KprobeCapability) *KprobeCapabilityChecker

FromKprobeCapability populates the KprobeCapabilityChecker using data from a KprobeCapability field

func (*KprobeCapabilityChecker) GetCheckerType 

func (checker *KprobeCapabilityChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeCapabilityChecker) WithName 

func (checker *KprobeCapabilityChecker) WithName(check *stringmatcher.StringMatcher) *KprobeCapabilityChecker

WithName adds a Name check to the KprobeCapabilityChecker

func (*KprobeCapabilityChecker) WithValue 

func (checker *KprobeCapabilityChecker) WithValue(check int32) *KprobeCapabilityChecker

WithValue adds a Value check to the KprobeCapabilityChecker

type KprobeCredChecker 

type KprobeCredChecker struct {
	Permitted   *CapabilitiesTypeListMatcher `json:"permitted,omitempty"`
	Effective   *CapabilitiesTypeListMatcher `json:"effective,omitempty"`
	Inheritable *CapabilitiesTypeListMatcher `json:"inheritable,omitempty"`
}

KprobeCredChecker implements a checker struct to check a KprobeCred field

func NewKprobeCredChecker 

func NewKprobeCredChecker() *KprobeCredChecker

NewKprobeCredChecker creates a new KprobeCredChecker

func (*KprobeCredChecker) Check 

func (checker *KprobeCredChecker) Check(event *tetragon.KprobeCred) error

Check checks a KprobeCred field

func (*KprobeCredChecker) FromKprobeCred 

func (checker *KprobeCredChecker) FromKprobeCred(event *tetragon.KprobeCred) *KprobeCredChecker

FromKprobeCred populates the KprobeCredChecker using data from a KprobeCred field

func (*KprobeCredChecker) GetCheckerType 

func (checker *KprobeCredChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeCredChecker) WithEffective 

func (checker *KprobeCredChecker) WithEffective(check *CapabilitiesTypeListMatcher) *KprobeCredChecker

WithEffective adds a Effective check to the KprobeCredChecker

func (*KprobeCredChecker) WithInheritable 

func (checker *KprobeCredChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *KprobeCredChecker

WithInheritable adds a Inheritable check to the KprobeCredChecker

func (*KprobeCredChecker) WithPermitted 

func (checker *KprobeCredChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *KprobeCredChecker

WithPermitted adds a Permitted check to the KprobeCredChecker

type KprobeFileChecker 

type KprobeFileChecker struct {
	Mount      *stringmatcher.StringMatcher `json:"mount,omitempty"`
	Path       *stringmatcher.StringMatcher `json:"path,omitempty"`
	Flags      *stringmatcher.StringMatcher `json:"flags,omitempty"`
	Permission *stringmatcher.StringMatcher `json:"permission,omitempty"`
}

KprobeFileChecker implements a checker struct to check a KprobeFile field

func NewKprobeFileChecker 

func NewKprobeFileChecker() *KprobeFileChecker

NewKprobeFileChecker creates a new KprobeFileChecker

func (*KprobeFileChecker) Check 

func (checker *KprobeFileChecker) Check(event *tetragon.KprobeFile) error

Check checks a KprobeFile field

func (*KprobeFileChecker) FromKprobeFile 

func (checker *KprobeFileChecker) FromKprobeFile(event *tetragon.KprobeFile) *KprobeFileChecker

FromKprobeFile populates the KprobeFileChecker using data from a KprobeFile field

func (*KprobeFileChecker) GetCheckerType 

func (checker *KprobeFileChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeFileChecker) WithFlags 

func (checker *KprobeFileChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeFileChecker

WithFlags adds a Flags check to the KprobeFileChecker

func (*KprobeFileChecker) WithMount 

func (checker *KprobeFileChecker) WithMount(check *stringmatcher.StringMatcher) *KprobeFileChecker

WithMount adds a Mount check to the KprobeFileChecker

func (*KprobeFileChecker) WithPath 

func (checker *KprobeFileChecker) WithPath(check *stringmatcher.StringMatcher) *KprobeFileChecker

WithPath adds a Path check to the KprobeFileChecker

func (*KprobeFileChecker) WithPermission 

func (checker *KprobeFileChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobeFileChecker

WithPermission adds a Permission check to the KprobeFileChecker

type KprobeLinuxBinprmChecker 

type KprobeLinuxBinprmChecker struct {
	Path       *stringmatcher.StringMatcher `json:"path,omitempty"`
	Flags      *stringmatcher.StringMatcher `json:"flags,omitempty"`
	Permission *stringmatcher.StringMatcher `json:"permission,omitempty"`
}

KprobeLinuxBinprmChecker implements a checker struct to check a KprobeLinuxBinprm field

func NewKprobeLinuxBinprmChecker 

func NewKprobeLinuxBinprmChecker() *KprobeLinuxBinprmChecker

NewKprobeLinuxBinprmChecker creates a new KprobeLinuxBinprmChecker

func (*KprobeLinuxBinprmChecker) Check 

func (checker *KprobeLinuxBinprmChecker) Check(event *tetragon.KprobeLinuxBinprm) error

Check checks a KprobeLinuxBinprm field

func (*KprobeLinuxBinprmChecker) FromKprobeLinuxBinprm 

func (checker *KprobeLinuxBinprmChecker) FromKprobeLinuxBinprm(event *tetragon.KprobeLinuxBinprm) *KprobeLinuxBinprmChecker

FromKprobeLinuxBinprm populates the KprobeLinuxBinprmChecker using data from a KprobeLinuxBinprm field

func (*KprobeLinuxBinprmChecker) GetCheckerType 

func (checker *KprobeLinuxBinprmChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeLinuxBinprmChecker) WithFlags 

func (checker *KprobeLinuxBinprmChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker

WithFlags adds a Flags check to the KprobeLinuxBinprmChecker

func (*KprobeLinuxBinprmChecker) WithPath 

func (checker *KprobeLinuxBinprmChecker) WithPath(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker

WithPath adds a Path check to the KprobeLinuxBinprmChecker

func (*KprobeLinuxBinprmChecker) WithPermission 

func (checker *KprobeLinuxBinprmChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker

WithPermission adds a Permission check to the KprobeLinuxBinprmChecker

type KprobeNetDevChecker 

type KprobeNetDevChecker struct {
	Name *stringmatcher.StringMatcher `json:"name,omitempty"`
}

KprobeNetDevChecker implements a checker struct to check a KprobeNetDev field

func NewKprobeNetDevChecker 

func NewKprobeNetDevChecker() *KprobeNetDevChecker

NewKprobeNetDevChecker creates a new KprobeNetDevChecker

func (*KprobeNetDevChecker) Check 

func (checker *KprobeNetDevChecker) Check(event *tetragon.KprobeNetDev) error

Check checks a KprobeNetDev field

func (*KprobeNetDevChecker) FromKprobeNetDev 

func (checker *KprobeNetDevChecker) FromKprobeNetDev(event *tetragon.KprobeNetDev) *KprobeNetDevChecker

FromKprobeNetDev populates the KprobeNetDevChecker using data from a KprobeNetDev field

func (*KprobeNetDevChecker) GetCheckerType 

func (checker *KprobeNetDevChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeNetDevChecker) WithName 

func (checker *KprobeNetDevChecker) WithName(check *stringmatcher.StringMatcher) *KprobeNetDevChecker

WithName adds a Name check to the KprobeNetDevChecker

type KprobePathChecker 

type KprobePathChecker struct {
	Mount      *stringmatcher.StringMatcher `json:"mount,omitempty"`
	Path       *stringmatcher.StringMatcher `json:"path,omitempty"`
	Flags      *stringmatcher.StringMatcher `json:"flags,omitempty"`
	Permission *stringmatcher.StringMatcher `json:"permission,omitempty"`
}

KprobePathChecker implements a checker struct to check a KprobePath field

func NewKprobePathChecker 

func NewKprobePathChecker() *KprobePathChecker

NewKprobePathChecker creates a new KprobePathChecker

func (*KprobePathChecker) Check 

func (checker *KprobePathChecker) Check(event *tetragon.KprobePath) error

Check checks a KprobePath field

func (*KprobePathChecker) FromKprobePath 

func (checker *KprobePathChecker) FromKprobePath(event *tetragon.KprobePath) *KprobePathChecker

FromKprobePath populates the KprobePathChecker using data from a KprobePath field

func (*KprobePathChecker) GetCheckerType 

func (checker *KprobePathChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobePathChecker) WithFlags 

func (checker *KprobePathChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobePathChecker

WithFlags adds a Flags check to the KprobePathChecker

func (*KprobePathChecker) WithMount 

func (checker *KprobePathChecker) WithMount(check *stringmatcher.StringMatcher) *KprobePathChecker

WithMount adds a Mount check to the KprobePathChecker

func (*KprobePathChecker) WithPath 

func (checker *KprobePathChecker) WithPath(check *stringmatcher.StringMatcher) *KprobePathChecker

WithPath adds a Path check to the KprobePathChecker

func (*KprobePathChecker) WithPermission 

func (checker *KprobePathChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobePathChecker

WithPermission adds a Permission check to the KprobePathChecker

type KprobePerfEventChecker 

type KprobePerfEventChecker struct {
	KprobeFunc  *stringmatcher.StringMatcher `json:"KprobeFunc,omitempty"`
	Type        *stringmatcher.StringMatcher `json:"Type,omitempty"`
	Config      *uint64                      `json:"Config,omitempty"`
	ProbeOffset *uint64                      `json:"ProbeOffset,omitempty"`
}

KprobePerfEventChecker implements a checker struct to check a KprobePerfEvent field

func NewKprobePerfEventChecker 

func NewKprobePerfEventChecker() *KprobePerfEventChecker

NewKprobePerfEventChecker creates a new KprobePerfEventChecker

func (*KprobePerfEventChecker) Check 

func (checker *KprobePerfEventChecker) Check(event *tetragon.KprobePerfEvent) error

Check checks a KprobePerfEvent field

func (*KprobePerfEventChecker) FromKprobePerfEvent 

func (checker *KprobePerfEventChecker) FromKprobePerfEvent(event *tetragon.KprobePerfEvent) *KprobePerfEventChecker

FromKprobePerfEvent populates the KprobePerfEventChecker using data from a KprobePerfEvent field

func (*KprobePerfEventChecker) GetCheckerType 

func (checker *KprobePerfEventChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobePerfEventChecker) WithConfig 

func (checker *KprobePerfEventChecker) WithConfig(check uint64) *KprobePerfEventChecker

WithConfig adds a Config check to the KprobePerfEventChecker

func (*KprobePerfEventChecker) WithKprobeFunc 

func (checker *KprobePerfEventChecker) WithKprobeFunc(check *stringmatcher.StringMatcher) *KprobePerfEventChecker

WithKprobeFunc adds a KprobeFunc check to the KprobePerfEventChecker

func (*KprobePerfEventChecker) WithProbeOffset 

func (checker *KprobePerfEventChecker) WithProbeOffset(check uint64) *KprobePerfEventChecker

WithProbeOffset adds a ProbeOffset check to the KprobePerfEventChecker

func (*KprobePerfEventChecker) WithType 

func (checker *KprobePerfEventChecker) WithType(check *stringmatcher.StringMatcher) *KprobePerfEventChecker

WithType adds a Type check to the KprobePerfEventChecker

type KprobeSkbChecker 

type KprobeSkbChecker struct {
	Hash        *uint32                      `json:"hash,omitempty"`
	Len         *uint32                      `json:"len,omitempty"`
	Priority    *uint32                      `json:"priority,omitempty"`
	Mark        *uint32                      `json:"mark,omitempty"`
	Saddr       *stringmatcher.StringMatcher `json:"saddr,omitempty"`
	Daddr       *stringmatcher.StringMatcher `json:"daddr,omitempty"`
	Sport       *uint32                      `json:"sport,omitempty"`
	Dport       *uint32                      `json:"dport,omitempty"`
	Proto       *uint32                      `json:"proto,omitempty"`
	SecPathLen  *uint32                      `json:"secPathLen,omitempty"`
	SecPathOlen *uint32                      `json:"secPathOlen,omitempty"`
	Protocol    *stringmatcher.StringMatcher `json:"protocol,omitempty"`
	Family      *stringmatcher.StringMatcher `json:"family,omitempty"`
}

KprobeSkbChecker implements a checker struct to check a KprobeSkb field

func NewKprobeSkbChecker 

func NewKprobeSkbChecker() *KprobeSkbChecker

NewKprobeSkbChecker creates a new KprobeSkbChecker

func (*KprobeSkbChecker) Check 

func (checker *KprobeSkbChecker) Check(event *tetragon.KprobeSkb) error

Check checks a KprobeSkb field

func (*KprobeSkbChecker) FromKprobeSkb 

func (checker *KprobeSkbChecker) FromKprobeSkb(event *tetragon.KprobeSkb) *KprobeSkbChecker

FromKprobeSkb populates the KprobeSkbChecker using data from a KprobeSkb field

func (*KprobeSkbChecker) GetCheckerType 

func (checker *KprobeSkbChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeSkbChecker) WithDaddr 

func (checker *KprobeSkbChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker

WithDaddr adds a Daddr check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithDport 

func (checker *KprobeSkbChecker) WithDport(check uint32) *KprobeSkbChecker

WithDport adds a Dport check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithFamily 

func (checker *KprobeSkbChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSkbChecker

WithFamily adds a Family check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithHash 

func (checker *KprobeSkbChecker) WithHash(check uint32) *KprobeSkbChecker

WithHash adds a Hash check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithLen 

func (checker *KprobeSkbChecker) WithLen(check uint32) *KprobeSkbChecker

WithLen adds a Len check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithMark 

func (checker *KprobeSkbChecker) WithMark(check uint32) *KprobeSkbChecker

WithMark adds a Mark check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithPriority 

func (checker *KprobeSkbChecker) WithPriority(check uint32) *KprobeSkbChecker

WithPriority adds a Priority check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithProto 

func (checker *KprobeSkbChecker) WithProto(check uint32) *KprobeSkbChecker

WithProto adds a Proto check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithProtocol 

func (checker *KprobeSkbChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSkbChecker

WithProtocol adds a Protocol check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithSaddr 

func (checker *KprobeSkbChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker

WithSaddr adds a Saddr check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithSecPathLen 

func (checker *KprobeSkbChecker) WithSecPathLen(check uint32) *KprobeSkbChecker

WithSecPathLen adds a SecPathLen check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithSecPathOlen 

func (checker *KprobeSkbChecker) WithSecPathOlen(check uint32) *KprobeSkbChecker

WithSecPathOlen adds a SecPathOlen check to the KprobeSkbChecker

func (*KprobeSkbChecker) WithSport 

func (checker *KprobeSkbChecker) WithSport(check uint32) *KprobeSkbChecker

WithSport adds a Sport check to the KprobeSkbChecker

type KprobeSockChecker 

type KprobeSockChecker struct {
	Family   *stringmatcher.StringMatcher `json:"family,omitempty"`
	Type     *stringmatcher.StringMatcher `json:"type,omitempty"`
	Protocol *stringmatcher.StringMatcher `json:"protocol,omitempty"`
	Mark     *uint32                      `json:"mark,omitempty"`
	Priority *uint32                      `json:"priority,omitempty"`
	Saddr    *stringmatcher.StringMatcher `json:"saddr,omitempty"`
	Daddr    *stringmatcher.StringMatcher `json:"daddr,omitempty"`
	Sport    *uint32                      `json:"sport,omitempty"`
	Dport    *uint32                      `json:"dport,omitempty"`
	Cookie   *uint64                      `json:"cookie,omitempty"`
	State    *stringmatcher.StringMatcher `json:"state,omitempty"`
}

KprobeSockChecker implements a checker struct to check a KprobeSock field

func NewKprobeSockChecker 

func NewKprobeSockChecker() *KprobeSockChecker

NewKprobeSockChecker creates a new KprobeSockChecker

func (*KprobeSockChecker) Check 

func (checker *KprobeSockChecker) Check(event *tetragon.KprobeSock) error

Check checks a KprobeSock field

func (*KprobeSockChecker) FromKprobeSock 

func (checker *KprobeSockChecker) FromKprobeSock(event *tetragon.KprobeSock) *KprobeSockChecker

FromKprobeSock populates the KprobeSockChecker using data from a KprobeSock field

func (*KprobeSockChecker) GetCheckerType 

func (checker *KprobeSockChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeSockChecker) WithCookie 

func (checker *KprobeSockChecker) WithCookie(check uint64) *KprobeSockChecker

WithCookie adds a Cookie check to the KprobeSockChecker

func (*KprobeSockChecker) WithDaddr 

func (checker *KprobeSockChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithDaddr adds a Daddr check to the KprobeSockChecker

func (*KprobeSockChecker) WithDport 

func (checker *KprobeSockChecker) WithDport(check uint32) *KprobeSockChecker

WithDport adds a Dport check to the KprobeSockChecker

func (*KprobeSockChecker) WithFamily 

func (checker *KprobeSockChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithFamily adds a Family check to the KprobeSockChecker

func (*KprobeSockChecker) WithMark 

func (checker *KprobeSockChecker) WithMark(check uint32) *KprobeSockChecker

WithMark adds a Mark check to the KprobeSockChecker

func (*KprobeSockChecker) WithPriority 

func (checker *KprobeSockChecker) WithPriority(check uint32) *KprobeSockChecker

WithPriority adds a Priority check to the KprobeSockChecker

func (*KprobeSockChecker) WithProtocol 

func (checker *KprobeSockChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithProtocol adds a Protocol check to the KprobeSockChecker

func (*KprobeSockChecker) WithSaddr 

func (checker *KprobeSockChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithSaddr adds a Saddr check to the KprobeSockChecker

func (*KprobeSockChecker) WithSport 

func (checker *KprobeSockChecker) WithSport(check uint32) *KprobeSockChecker

WithSport adds a Sport check to the KprobeSockChecker

func (*KprobeSockChecker) WithState 

func (checker *KprobeSockChecker) WithState(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithState adds a State check to the KprobeSockChecker

func (*KprobeSockChecker) WithType 

func (checker *KprobeSockChecker) WithType(check *stringmatcher.StringMatcher) *KprobeSockChecker

WithType adds a Type check to the KprobeSockChecker

type KprobeTruncatedBytesChecker 

type KprobeTruncatedBytesChecker struct {
	BytesArg *bytesmatcher.BytesMatcher `json:"bytesArg,omitempty"`
	OrigSize *uint64                    `json:"origSize,omitempty"`
}

KprobeTruncatedBytesChecker implements a checker struct to check a KprobeTruncatedBytes field

func NewKprobeTruncatedBytesChecker 

func NewKprobeTruncatedBytesChecker() *KprobeTruncatedBytesChecker

NewKprobeTruncatedBytesChecker creates a new KprobeTruncatedBytesChecker

func (*KprobeTruncatedBytesChecker) Check 

func (checker *KprobeTruncatedBytesChecker) Check(event *tetragon.KprobeTruncatedBytes) error

Check checks a KprobeTruncatedBytes field

func (*KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes 

func (checker *KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes(event *tetragon.KprobeTruncatedBytes) *KprobeTruncatedBytesChecker

FromKprobeTruncatedBytes populates the KprobeTruncatedBytesChecker using data from a KprobeTruncatedBytes field

func (*KprobeTruncatedBytesChecker) GetCheckerType 

func (checker *KprobeTruncatedBytesChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeTruncatedBytesChecker) WithBytesArg 

func (checker *KprobeTruncatedBytesChecker) WithBytesArg(check *bytesmatcher.BytesMatcher) *KprobeTruncatedBytesChecker

WithBytesArg adds a BytesArg check to the KprobeTruncatedBytesChecker

func (*KprobeTruncatedBytesChecker) WithOrigSize 

func (checker *KprobeTruncatedBytesChecker) WithOrigSize(check uint64) *KprobeTruncatedBytesChecker

WithOrigSize adds a OrigSize check to the KprobeTruncatedBytesChecker

type KprobeUserNamespaceChecker 

type KprobeUserNamespaceChecker struct {
	Level *int32            `json:"level,omitempty"`
	Owner *uint32           `json:"owner,omitempty"`
	Group *uint32           `json:"group,omitempty"`
	Ns    *NamespaceChecker `json:"ns,omitempty"`
}

KprobeUserNamespaceChecker implements a checker struct to check a KprobeUserNamespace field

func NewKprobeUserNamespaceChecker 

func NewKprobeUserNamespaceChecker() *KprobeUserNamespaceChecker

NewKprobeUserNamespaceChecker creates a new KprobeUserNamespaceChecker

func (*KprobeUserNamespaceChecker) Check 

func (checker *KprobeUserNamespaceChecker) Check(event *tetragon.KprobeUserNamespace) error

Check checks a KprobeUserNamespace field

func (*KprobeUserNamespaceChecker) FromKprobeUserNamespace 

func (checker *KprobeUserNamespaceChecker) FromKprobeUserNamespace(event *tetragon.KprobeUserNamespace) *KprobeUserNamespaceChecker

FromKprobeUserNamespace populates the KprobeUserNamespaceChecker using data from a KprobeUserNamespace field

func (*KprobeUserNamespaceChecker) GetCheckerType 

func (checker *KprobeUserNamespaceChecker) GetCheckerType() string

Get the type of the checker as a string

func (*KprobeUserNamespaceChecker) WithGroup 

func (checker *KprobeUserNamespaceChecker) WithGroup(check uint32) *KprobeUserNamespaceChecker

WithGroup adds a Group check to the KprobeUserNamespaceChecker

func (*KprobeUserNamespaceChecker) WithLevel 

func (checker *KprobeUserNamespaceChecker) WithLevel(check int32) *KprobeUserNamespaceChecker

WithLevel adds a Level check to the KprobeUserNamespaceChecker

func (*KprobeUserNamespaceChecker) WithNs 

func (checker *KprobeUserNamespaceChecker) WithNs(check *NamespaceChecker) *KprobeUserNamespaceChecker

WithNs adds a Ns check to the KprobeUserNamespaceChecker

func (*KprobeUserNamespaceChecker) WithOwner 

func (checker *KprobeUserNamespaceChecker) WithOwner(check uint32) *KprobeUserNamespaceChecker

WithOwner adds a Owner check to the KprobeUserNamespaceChecker

type MultiEventChecker 

type MultiEventChecker interface {
	// NextEventCheck checks an event and returns a boolean value indicating
	// whether the checker has concluded, and an error indicating whether the
	// check was successful. The boolean value allows short-circuiting checks.
	//
	// Specifically:
	// (false,  nil): this event check was successful, but need to check more events
	// (false, !nil): this event check not was successful, but need to check more events
	// (true,   nil): checker was successful, no need to check more events
	// (true,  !nil): checker failed, no need to check more events
	NextEventCheck(Event, *logrus.Logger) (bool, error)

	// FinalCheck indicates that the sequence of events has ended, and
	// asks the checker to make a final decision. Once this function is
	// called, the checker is expected to return to its initial state so
	// that it can be reused. Hence, this function should only be called
	// once for each stream of events.
	FinalCheck(*logrus.Logger) error
}

MultiEventChecker is an interface for checking multiple Tetragon events

type NamespaceChecker 

type NamespaceChecker struct {
	Inum   *uint32 `json:"inum,omitempty"`
	IsHost *bool   `json:"isHost,omitempty"`
}

NamespaceChecker implements a checker struct to check a Namespace field

func NewNamespaceChecker 

func NewNamespaceChecker() *NamespaceChecker

NewNamespaceChecker creates a new NamespaceChecker

func (*NamespaceChecker) Check 

func (checker *NamespaceChecker) Check(event *tetragon.Namespace) error

Check checks a Namespace field

func (*NamespaceChecker) FromNamespace 

func (checker *NamespaceChecker) FromNamespace(event *tetragon.Namespace) *NamespaceChecker

FromNamespace populates the NamespaceChecker using data from a Namespace field

func (*NamespaceChecker) GetCheckerType 

func (checker *NamespaceChecker) GetCheckerType() string

Get the type of the checker as a string

func (*NamespaceChecker) WithInum 

func (checker *NamespaceChecker) WithInum(check uint32) *NamespaceChecker

WithInum adds a Inum check to the NamespaceChecker

func (*NamespaceChecker) WithIsHost 

func (checker *NamespaceChecker) WithIsHost(check bool) *NamespaceChecker

WithIsHost adds a IsHost check to the NamespaceChecker

type NamespacesChecker 

type NamespacesChecker struct {
	Uts             *NamespaceChecker `json:"uts,omitempty"`
	Ipc             *NamespaceChecker `json:"ipc,omitempty"`
	Mnt             *NamespaceChecker `json:"mnt,omitempty"`
	Pid             *NamespaceChecker `json:"pid,omitempty"`
	PidForChildren  *NamespaceChecker `json:"pidForChildren,omitempty"`
	Net             *NamespaceChecker `json:"net,omitempty"`
	Time            *NamespaceChecker `json:"time,omitempty"`
	TimeForChildren *NamespaceChecker `json:"timeForChildren,omitempty"`
	Cgroup          *NamespaceChecker `json:"cgroup,omitempty"`
	User            *NamespaceChecker `json:"user,omitempty"`
}

NamespacesChecker implements a checker struct to check a Namespaces field

func NewNamespacesChecker 

func NewNamespacesChecker() *NamespacesChecker

NewNamespacesChecker creates a new NamespacesChecker

func (*NamespacesChecker) Check 

func (checker *NamespacesChecker) Check(event *tetragon.Namespaces) error

Check checks a Namespaces field

func (*NamespacesChecker) FromNamespaces 

func (checker *NamespacesChecker) FromNamespaces(event *tetragon.Namespaces) *NamespacesChecker

FromNamespaces populates the NamespacesChecker using data from a Namespaces field

func (*NamespacesChecker) GetCheckerType 

func (checker *NamespacesChecker) GetCheckerType() string

Get the type of the checker as a string

func (*NamespacesChecker) WithCgroup 

func (checker *NamespacesChecker) WithCgroup(check *NamespaceChecker) *NamespacesChecker

WithCgroup adds a Cgroup check to the NamespacesChecker

func (*NamespacesChecker) WithIpc 

func (checker *NamespacesChecker) WithIpc(check *NamespaceChecker) *NamespacesChecker

WithIpc adds a Ipc check to the NamespacesChecker

func (*NamespacesChecker) WithMnt 

func (checker *NamespacesChecker) WithMnt(check *NamespaceChecker) *NamespacesChecker

WithMnt adds a Mnt check to the NamespacesChecker

func (*NamespacesChecker) WithNet 

func (checker *NamespacesChecker) WithNet(check *NamespaceChecker) *NamespacesChecker

WithNet adds a Net check to the NamespacesChecker

func (*NamespacesChecker) WithPid 

func (checker *NamespacesChecker) WithPid(check *NamespaceChecker) *NamespacesChecker

WithPid adds a Pid check to the NamespacesChecker

func (*NamespacesChecker) WithPidForChildren 

func (checker *NamespacesChecker) WithPidForChildren(check *NamespaceChecker) *NamespacesChecker

WithPidForChildren adds a PidForChildren check to the NamespacesChecker

func (*NamespacesChecker) WithTime 

func (checker *NamespacesChecker) WithTime(check *NamespaceChecker) *NamespacesChecker

WithTime adds a Time check to the NamespacesChecker

func (*NamespacesChecker) WithTimeForChildren 

func (checker *NamespacesChecker) WithTimeForChildren(check *NamespaceChecker) *NamespacesChecker

WithTimeForChildren adds a TimeForChildren check to the NamespacesChecker

func (*NamespacesChecker) WithUser 

func (checker *NamespacesChecker) WithUser(check *NamespaceChecker) *NamespacesChecker

WithUser adds a User check to the NamespacesChecker

func (*NamespacesChecker) WithUts 

func (checker *NamespacesChecker) WithUts(check *NamespaceChecker) *NamespacesChecker

WithUts adds a Uts check to the NamespacesChecker

type OrderedEventChecker 

type OrderedEventChecker struct {
	// contains filtered or unexported fields
}

OrderedEventChecker checks a series of events in order

func NewOrderedEventChecker 

func NewOrderedEventChecker(checks ...EventChecker) *OrderedEventChecker

NewOrderedEventChecker creates a new OrderedEventChecker

func (*OrderedEventChecker) AddChecks 

func (checker *OrderedEventChecker) AddChecks(checks ...EventChecker)

AddChecks adds one or more checks to the end of this event checker

func (*OrderedEventChecker) FinalCheck 

func (checker *OrderedEventChecker) FinalCheck(logger *logrus.Logger) error

FinalCheck implements the MultiEventChecker interface

func (*OrderedEventChecker) GetChecks 

func (checker *OrderedEventChecker) GetChecks() []EventChecker

GetChecks returns this checker's list of checks

func (*OrderedEventChecker) GetRemainingChecks 

func (checker *OrderedEventChecker) GetRemainingChecks() []EventChecker

GetRemainingChecks returns this checker's list of remaining checks

func (*OrderedEventChecker) NextEventCheck 

func (checker *OrderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)

NextEventCheck implements the MultiEventChecker interface

type PodChecker 

type PodChecker struct {
	Namespace    *stringmatcher.StringMatcher           `json:"namespace,omitempty"`
	Name         *stringmatcher.StringMatcher           `json:"name,omitempty"`
	Container    *ContainerChecker                      `json:"container,omitempty"`
	PodLabels    map[string]stringmatcher.StringMatcher `json:"podLabels,omitempty"`
	Workload     *stringmatcher.StringMatcher           `json:"workload,omitempty"`
	WorkloadKind *stringmatcher.StringMatcher           `json:"workloadKind,omitempty"`
}

PodChecker implements a checker struct to check a Pod field

func NewPodChecker 

func NewPodChecker() *PodChecker

NewPodChecker creates a new PodChecker

func (*PodChecker) Check 

func (checker *PodChecker) Check(event *tetragon.Pod) error

Check checks a Pod field

func (*PodChecker) FromPod 

func (checker *PodChecker) FromPod(event *tetragon.Pod) *PodChecker

FromPod populates the PodChecker using data from a Pod field

func (*PodChecker) GetCheckerType 

func (checker *PodChecker) GetCheckerType() string

Get the type of the checker as a string

func (*PodChecker) WithContainer 

func (checker *PodChecker) WithContainer(check *ContainerChecker) *PodChecker

WithContainer adds a Container check to the PodChecker

func (*PodChecker) WithName 

func (checker *PodChecker) WithName(check *stringmatcher.StringMatcher) *PodChecker

WithName adds a Name check to the PodChecker

func (*PodChecker) WithNamespace 

func (checker *PodChecker) WithNamespace(check *stringmatcher.StringMatcher) *PodChecker

WithNamespace adds a Namespace check to the PodChecker

func (*PodChecker) WithPodLabels 

func (checker *PodChecker) WithPodLabels(check map[string]stringmatcher.StringMatcher) *PodChecker

WithPodLabels adds a PodLabels check to the PodChecker

func (*PodChecker) WithWorkload 

func (checker *PodChecker) WithWorkload(check *stringmatcher.StringMatcher) *PodChecker

WithWorkload adds a Workload check to the PodChecker

func (*PodChecker) WithWorkloadKind 

func (checker *PodChecker) WithWorkloadKind(check *stringmatcher.StringMatcher) *PodChecker

WithWorkloadKind adds a WorkloadKind check to the PodChecker

type ProcessChecker 

type ProcessChecker struct {
	ExecId             *stringmatcher.StringMatcher       `json:"execId,omitempty"`
	Pid                *uint32                            `json:"pid,omitempty"`
	Uid                *uint32                            `json:"uid,omitempty"`
	Cwd                *stringmatcher.StringMatcher       `json:"cwd,omitempty"`
	Binary             *stringmatcher.StringMatcher       `json:"binary,omitempty"`
	Arguments          *stringmatcher.StringMatcher       `json:"arguments,omitempty"`
	Flags              *stringmatcher.StringMatcher       `json:"flags,omitempty"`
	StartTime          *timestampmatcher.TimestampMatcher `json:"startTime,omitempty"`
	Auid               *uint32                            `json:"auid,omitempty"`
	Pod                *PodChecker                        `json:"pod,omitempty"`
	Docker             *stringmatcher.StringMatcher       `json:"docker,omitempty"`
	ParentExecId       *stringmatcher.StringMatcher       `json:"parentExecId,omitempty"`
	Refcnt             *uint32                            `json:"refcnt,omitempty"`
	Cap                *CapabilitiesChecker               `json:"cap,omitempty"`
	Ns                 *NamespacesChecker                 `json:"ns,omitempty"`
	Tid                *uint32                            `json:"tid,omitempty"`
	ProcessCredentials *ProcessCredentialsChecker         `json:"processCredentials,omitempty"`
	BinaryProperties   *BinaryPropertiesChecker           `json:"binaryProperties,omitempty"`
}

ProcessChecker implements a checker struct to check a Process field

func NewProcessChecker 

func NewProcessChecker() *ProcessChecker

NewProcessChecker creates a new ProcessChecker

func (*ProcessChecker) Check 

func (checker *ProcessChecker) Check(event *tetragon.Process) error

Check checks a Process field

func (*ProcessChecker) FromProcess 

func (checker *ProcessChecker) FromProcess(event *tetragon.Process) *ProcessChecker

FromProcess populates the ProcessChecker using data from a Process field

func (*ProcessChecker) GetCheckerType 

func (checker *ProcessChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessChecker) WithArguments 

func (checker *ProcessChecker) WithArguments(check *stringmatcher.StringMatcher) *ProcessChecker

WithArguments adds a Arguments check to the ProcessChecker

func (*ProcessChecker) WithAuid 

func (checker *ProcessChecker) WithAuid(check uint32) *ProcessChecker

WithAuid adds a Auid check to the ProcessChecker

func (*ProcessChecker) WithBinary 

func (checker *ProcessChecker) WithBinary(check *stringmatcher.StringMatcher) *ProcessChecker

WithBinary adds a Binary check to the ProcessChecker

func (*ProcessChecker) WithBinaryProperties 

func (checker *ProcessChecker) WithBinaryProperties(check *BinaryPropertiesChecker) *ProcessChecker

WithBinaryProperties adds a BinaryProperties check to the ProcessChecker

func (*ProcessChecker) WithCap 

func (checker *ProcessChecker) WithCap(check *CapabilitiesChecker) *ProcessChecker

WithCap adds a Cap check to the ProcessChecker

func (*ProcessChecker) WithCwd 

func (checker *ProcessChecker) WithCwd(check *stringmatcher.StringMatcher) *ProcessChecker

WithCwd adds a Cwd check to the ProcessChecker

func (*ProcessChecker) WithDocker 

func (checker *ProcessChecker) WithDocker(check *stringmatcher.StringMatcher) *ProcessChecker

WithDocker adds a Docker check to the ProcessChecker

func (*ProcessChecker) WithExecId 

func (checker *ProcessChecker) WithExecId(check *stringmatcher.StringMatcher) *ProcessChecker

WithExecId adds a ExecId check to the ProcessChecker

func (*ProcessChecker) WithFlags 

func (checker *ProcessChecker) WithFlags(check *stringmatcher.StringMatcher) *ProcessChecker

WithFlags adds a Flags check to the ProcessChecker

func (*ProcessChecker) WithNs 

func (checker *ProcessChecker) WithNs(check *NamespacesChecker) *ProcessChecker

WithNs adds a Ns check to the ProcessChecker

func (*ProcessChecker) WithParentExecId 

func (checker *ProcessChecker) WithParentExecId(check *stringmatcher.StringMatcher) *ProcessChecker

WithParentExecId adds a ParentExecId check to the ProcessChecker

func (*ProcessChecker) WithPid 

func (checker *ProcessChecker) WithPid(check uint32) *ProcessChecker

WithPid adds a Pid check to the ProcessChecker

func (*ProcessChecker) WithPod 

func (checker *ProcessChecker) WithPod(check *PodChecker) *ProcessChecker

WithPod adds a Pod check to the ProcessChecker

func (*ProcessChecker) WithProcessCredentials 

func (checker *ProcessChecker) WithProcessCredentials(check *ProcessCredentialsChecker) *ProcessChecker

WithProcessCredentials adds a ProcessCredentials check to the ProcessChecker

func (*ProcessChecker) WithRefcnt 

func (checker *ProcessChecker) WithRefcnt(check uint32) *ProcessChecker

WithRefcnt adds a Refcnt check to the ProcessChecker

func (*ProcessChecker) WithStartTime 

func (checker *ProcessChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ProcessChecker

WithStartTime adds a StartTime check to the ProcessChecker

func (*ProcessChecker) WithTid 

func (checker *ProcessChecker) WithTid(check uint32) *ProcessChecker

WithTid adds a Tid check to the ProcessChecker

func (*ProcessChecker) WithUid 

func (checker *ProcessChecker) WithUid(check uint32) *ProcessChecker

WithUid adds a Uid check to the ProcessChecker

type ProcessCredentialsChecker 

type ProcessCredentialsChecker struct {
	Uid        *uint32                    `json:"uid,omitempty"`
	Gid        *uint32                    `json:"gid,omitempty"`
	Euid       *uint32                    `json:"euid,omitempty"`
	Egid       *uint32                    `json:"egid,omitempty"`
	Suid       *uint32                    `json:"suid,omitempty"`
	Sgid       *uint32                    `json:"sgid,omitempty"`
	Fsuid      *uint32                    `json:"fsuid,omitempty"`
	Fsgid      *uint32                    `json:"fsgid,omitempty"`
	Securebits *SecureBitsTypeListMatcher `json:"securebits,omitempty"`
	Caps       *CapabilitiesChecker       `json:"caps,omitempty"`
	UserNs     *UserNamespaceChecker      `json:"userNs,omitempty"`
}

ProcessCredentialsChecker implements a checker struct to check a ProcessCredentials field

func NewProcessCredentialsChecker 

func NewProcessCredentialsChecker() *ProcessCredentialsChecker

NewProcessCredentialsChecker creates a new ProcessCredentialsChecker

func (*ProcessCredentialsChecker) Check 

func (checker *ProcessCredentialsChecker) Check(event *tetragon.ProcessCredentials) error

Check checks a ProcessCredentials field

func (*ProcessCredentialsChecker) FromProcessCredentials 

func (checker *ProcessCredentialsChecker) FromProcessCredentials(event *tetragon.ProcessCredentials) *ProcessCredentialsChecker

FromProcessCredentials populates the ProcessCredentialsChecker using data from a ProcessCredentials field

func (*ProcessCredentialsChecker) GetCheckerType 

func (checker *ProcessCredentialsChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessCredentialsChecker) WithCaps 

func (checker *ProcessCredentialsChecker) WithCaps(check *CapabilitiesChecker) *ProcessCredentialsChecker

WithCaps adds a Caps check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithEgid 

func (checker *ProcessCredentialsChecker) WithEgid(check uint32) *ProcessCredentialsChecker

WithEgid adds a Egid check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithEuid 

func (checker *ProcessCredentialsChecker) WithEuid(check uint32) *ProcessCredentialsChecker

WithEuid adds a Euid check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithFsgid 

func (checker *ProcessCredentialsChecker) WithFsgid(check uint32) *ProcessCredentialsChecker

WithFsgid adds a Fsgid check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithFsuid 

func (checker *ProcessCredentialsChecker) WithFsuid(check uint32) *ProcessCredentialsChecker

WithFsuid adds a Fsuid check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithGid 

func (checker *ProcessCredentialsChecker) WithGid(check uint32) *ProcessCredentialsChecker

WithGid adds a Gid check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithSecurebits 

func (checker *ProcessCredentialsChecker) WithSecurebits(check *SecureBitsTypeListMatcher) *ProcessCredentialsChecker

WithSecurebits adds a Securebits check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithSgid 

func (checker *ProcessCredentialsChecker) WithSgid(check uint32) *ProcessCredentialsChecker

WithSgid adds a Sgid check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithSuid 

func (checker *ProcessCredentialsChecker) WithSuid(check uint32) *ProcessCredentialsChecker

WithSuid adds a Suid check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithUid 

func (checker *ProcessCredentialsChecker) WithUid(check uint32) *ProcessCredentialsChecker

WithUid adds a Uid check to the ProcessCredentialsChecker

func (*ProcessCredentialsChecker) WithUserNs 

func (checker *ProcessCredentialsChecker) WithUserNs(check *UserNamespaceChecker) *ProcessCredentialsChecker

WithUserNs adds a UserNs check to the ProcessCredentialsChecker

type ProcessExecChecker 

type ProcessExecChecker struct {
	CheckerName string              `json:"checkerName"`
	Process     *ProcessChecker     `json:"process,omitempty"`
	Parent      *ProcessChecker     `json:"parent,omitempty"`
	Ancestors   *ProcessListMatcher `json:"ancestors,omitempty"`
}

ProcessExecChecker implements a checker struct to check a ProcessExec event

func NewProcessExecChecker 

func NewProcessExecChecker(name string) *ProcessExecChecker

NewProcessExecChecker creates a new ProcessExecChecker

func (*ProcessExecChecker) Check 

func (checker *ProcessExecChecker) Check(event *tetragon.ProcessExec) error

Check checks a ProcessExec event

func (*ProcessExecChecker) CheckEvent 

func (checker *ProcessExecChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessExecChecker) CheckResponse 

func (checker *ProcessExecChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessExecChecker) FromProcessExec 

func (checker *ProcessExecChecker) FromProcessExec(event *tetragon.ProcessExec) *ProcessExecChecker

FromProcessExec populates the ProcessExecChecker using data from a ProcessExec event

func (*ProcessExecChecker) GetCheckerName 

func (checker *ProcessExecChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessExecChecker) GetCheckerType 

func (checker *ProcessExecChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessExecChecker) WithAncestors 

func (checker *ProcessExecChecker) WithAncestors(check *ProcessListMatcher) *ProcessExecChecker

WithAncestors adds a Ancestors check to the ProcessExecChecker

func (*ProcessExecChecker) WithParent 

func (checker *ProcessExecChecker) WithParent(check *ProcessChecker) *ProcessExecChecker

WithParent adds a Parent check to the ProcessExecChecker

func (*ProcessExecChecker) WithProcess 

func (checker *ProcessExecChecker) WithProcess(check *ProcessChecker) *ProcessExecChecker

WithProcess adds a Process check to the ProcessExecChecker

type ProcessExitChecker 

type ProcessExitChecker struct {
	CheckerName string                             `json:"checkerName"`
	Process     *ProcessChecker                    `json:"process,omitempty"`
	Parent      *ProcessChecker                    `json:"parent,omitempty"`
	Signal      *stringmatcher.StringMatcher       `json:"signal,omitempty"`
	Status      *uint32                            `json:"status,omitempty"`
	Time        *timestampmatcher.TimestampMatcher `json:"time,omitempty"`
}

ProcessExitChecker implements a checker struct to check a ProcessExit event

func NewProcessExitChecker 

func NewProcessExitChecker(name string) *ProcessExitChecker

NewProcessExitChecker creates a new ProcessExitChecker

func (*ProcessExitChecker) Check 

func (checker *ProcessExitChecker) Check(event *tetragon.ProcessExit) error

Check checks a ProcessExit event

func (*ProcessExitChecker) CheckEvent 

func (checker *ProcessExitChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessExitChecker) CheckResponse 

func (checker *ProcessExitChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessExitChecker) FromProcessExit 

func (checker *ProcessExitChecker) FromProcessExit(event *tetragon.ProcessExit) *ProcessExitChecker

FromProcessExit populates the ProcessExitChecker using data from a ProcessExit event

func (*ProcessExitChecker) GetCheckerName 

func (checker *ProcessExitChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessExitChecker) GetCheckerType 

func (checker *ProcessExitChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessExitChecker) WithParent 

func (checker *ProcessExitChecker) WithParent(check *ProcessChecker) *ProcessExitChecker

WithParent adds a Parent check to the ProcessExitChecker

func (*ProcessExitChecker) WithProcess 

func (checker *ProcessExitChecker) WithProcess(check *ProcessChecker) *ProcessExitChecker

WithProcess adds a Process check to the ProcessExitChecker

func (*ProcessExitChecker) WithSignal 

func (checker *ProcessExitChecker) WithSignal(check *stringmatcher.StringMatcher) *ProcessExitChecker

WithSignal adds a Signal check to the ProcessExitChecker

func (*ProcessExitChecker) WithStatus 

func (checker *ProcessExitChecker) WithStatus(check uint32) *ProcessExitChecker

WithStatus adds a Status check to the ProcessExitChecker

func (*ProcessExitChecker) WithTime 

func (checker *ProcessExitChecker) WithTime(check *timestampmatcher.TimestampMatcher) *ProcessExitChecker

WithTime adds a Time check to the ProcessExitChecker

type ProcessKprobeChecker 

type ProcessKprobeChecker struct {
	CheckerName      string                       `json:"checkerName"`
	Process          *ProcessChecker              `json:"process,omitempty"`
	Parent           *ProcessChecker              `json:"parent,omitempty"`
	FunctionName     *stringmatcher.StringMatcher `json:"functionName,omitempty"`
	Args             *KprobeArgumentListMatcher   `json:"args,omitempty"`
	Return           *KprobeArgumentChecker       `json:"return,omitempty"`
	Action           *KprobeActionChecker         `json:"action,omitempty"`
	KernelStackTrace *StackTraceEntryListMatcher  `json:"kernelStackTrace,omitempty"`
	PolicyName       *stringmatcher.StringMatcher `json:"policyName,omitempty"`
	ReturnAction     *KprobeActionChecker         `json:"returnAction,omitempty"`
	Message          *stringmatcher.StringMatcher `json:"message,omitempty"`
	Tags             *StringListMatcher           `json:"tags,omitempty"`
	UserStackTrace   *StackTraceEntryListMatcher  `json:"userStackTrace,omitempty"`
}

ProcessKprobeChecker implements a checker struct to check a ProcessKprobe event

func NewProcessKprobeChecker 

func NewProcessKprobeChecker(name string) *ProcessKprobeChecker

NewProcessKprobeChecker creates a new ProcessKprobeChecker

func (*ProcessKprobeChecker) Check 

func (checker *ProcessKprobeChecker) Check(event *tetragon.ProcessKprobe) error

Check checks a ProcessKprobe event

func (*ProcessKprobeChecker) CheckEvent 

func (checker *ProcessKprobeChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessKprobeChecker) CheckResponse 

func (checker *ProcessKprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessKprobeChecker) FromProcessKprobe 

func (checker *ProcessKprobeChecker) FromProcessKprobe(event *tetragon.ProcessKprobe) *ProcessKprobeChecker

FromProcessKprobe populates the ProcessKprobeChecker using data from a ProcessKprobe event

func (*ProcessKprobeChecker) GetCheckerName 

func (checker *ProcessKprobeChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessKprobeChecker) GetCheckerType 

func (checker *ProcessKprobeChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessKprobeChecker) WithAction 

func (checker *ProcessKprobeChecker) WithAction(check tetragon.KprobeAction) *ProcessKprobeChecker

WithAction adds a Action check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithArgs 

func (checker *ProcessKprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessKprobeChecker

WithArgs adds a Args check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithFunctionName 

func (checker *ProcessKprobeChecker) WithFunctionName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker

WithFunctionName adds a FunctionName check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithKernelStackTrace 

func (checker *ProcessKprobeChecker) WithKernelStackTrace(check *StackTraceEntryListMatcher) *ProcessKprobeChecker

WithKernelStackTrace adds a KernelStackTrace check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithMessage 

func (checker *ProcessKprobeChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessKprobeChecker

WithMessage adds a Message check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithParent 

func (checker *ProcessKprobeChecker) WithParent(check *ProcessChecker) *ProcessKprobeChecker

WithParent adds a Parent check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithPolicyName 

func (checker *ProcessKprobeChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker

WithPolicyName adds a PolicyName check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithProcess 

func (checker *ProcessKprobeChecker) WithProcess(check *ProcessChecker) *ProcessKprobeChecker

WithProcess adds a Process check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithReturn 

func (checker *ProcessKprobeChecker) WithReturn(check *KprobeArgumentChecker) *ProcessKprobeChecker

WithReturn adds a Return check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithReturnAction 

func (checker *ProcessKprobeChecker) WithReturnAction(check tetragon.KprobeAction) *ProcessKprobeChecker

WithReturnAction adds a ReturnAction check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithTags 

func (checker *ProcessKprobeChecker) WithTags(check *StringListMatcher) *ProcessKprobeChecker

WithTags adds a Tags check to the ProcessKprobeChecker

func (*ProcessKprobeChecker) WithUserStackTrace 

func (checker *ProcessKprobeChecker) WithUserStackTrace(check *StackTraceEntryListMatcher) *ProcessKprobeChecker

WithUserStackTrace adds a UserStackTrace check to the ProcessKprobeChecker

type ProcessListMatcher 

type ProcessListMatcher struct {
	Operator listmatcher.Operator `json:"operator"`
	Values   []*ProcessChecker    `json:"values"`
}

ProcessListMatcher checks a list of *tetragon.Process fields

func NewProcessListMatcher 

func NewProcessListMatcher() *ProcessListMatcher

NewProcessListMatcher creates a new ProcessListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*ProcessListMatcher) Check 

func (checker *ProcessListMatcher) Check(values []*tetragon.Process) error

Check checks a list of *tetragon.Process fields

func (*ProcessListMatcher) WithOperator 

func (checker *ProcessListMatcher) WithOperator(operator listmatcher.Operator) *ProcessListMatcher

WithOperator sets the match kind for the ProcessListMatcher

func (*ProcessListMatcher) WithValues 

func (checker *ProcessListMatcher) WithValues(values ...*ProcessChecker) *ProcessListMatcher

WithValues sets the checkers that the ProcessListMatcher should use

type ProcessLoaderChecker 

type ProcessLoaderChecker struct {
	CheckerName string                       `json:"checkerName"`
	Process     *ProcessChecker              `json:"process,omitempty"`
	Path        *stringmatcher.StringMatcher `json:"path,omitempty"`
	Buildid     *bytesmatcher.BytesMatcher   `json:"buildid,omitempty"`
}

ProcessLoaderChecker implements a checker struct to check a ProcessLoader event

func NewProcessLoaderChecker 

func NewProcessLoaderChecker(name string) *ProcessLoaderChecker

NewProcessLoaderChecker creates a new ProcessLoaderChecker

func (*ProcessLoaderChecker) Check 

func (checker *ProcessLoaderChecker) Check(event *tetragon.ProcessLoader) error

Check checks a ProcessLoader event

func (*ProcessLoaderChecker) CheckEvent 

func (checker *ProcessLoaderChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessLoaderChecker) CheckResponse 

func (checker *ProcessLoaderChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessLoaderChecker) FromProcessLoader 

func (checker *ProcessLoaderChecker) FromProcessLoader(event *tetragon.ProcessLoader) *ProcessLoaderChecker

FromProcessLoader populates the ProcessLoaderChecker using data from a ProcessLoader event

func (*ProcessLoaderChecker) GetCheckerName 

func (checker *ProcessLoaderChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessLoaderChecker) GetCheckerType 

func (checker *ProcessLoaderChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessLoaderChecker) WithBuildid 

func (checker *ProcessLoaderChecker) WithBuildid(check *bytesmatcher.BytesMatcher) *ProcessLoaderChecker

WithBuildid adds a Buildid check to the ProcessLoaderChecker

func (*ProcessLoaderChecker) WithPath 

func (checker *ProcessLoaderChecker) WithPath(check *stringmatcher.StringMatcher) *ProcessLoaderChecker

WithPath adds a Path check to the ProcessLoaderChecker

func (*ProcessLoaderChecker) WithProcess 

func (checker *ProcessLoaderChecker) WithProcess(check *ProcessChecker) *ProcessLoaderChecker

WithProcess adds a Process check to the ProcessLoaderChecker

type ProcessPrivilegesChangedChecker 

type ProcessPrivilegesChangedChecker tetragon.ProcessPrivilegesChanged

ProcessPrivilegesChangedChecker checks a tetragon.ProcessPrivilegesChanged

func NewProcessPrivilegesChangedChecker 

func NewProcessPrivilegesChangedChecker(val tetragon.ProcessPrivilegesChanged) *ProcessPrivilegesChangedChecker

NewProcessPrivilegesChangedChecker creates a new ProcessPrivilegesChangedChecker

func (*ProcessPrivilegesChangedChecker) Check 

func (enum *ProcessPrivilegesChangedChecker) Check(val *tetragon.ProcessPrivilegesChanged) error

Check checks a ProcessPrivilegesChanged against the checker

func (ProcessPrivilegesChangedChecker) MarshalJSON 

func (enum ProcessPrivilegesChangedChecker) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface

func (*ProcessPrivilegesChangedChecker) UnmarshalJSON 

func (enum *ProcessPrivilegesChangedChecker) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface

type ProcessPrivilegesChangedListMatcher 

type ProcessPrivilegesChangedListMatcher struct {
	Operator listmatcher.Operator               `json:"operator"`
	Values   []*ProcessPrivilegesChangedChecker `json:"values"`
}

ProcessPrivilegesChangedListMatcher checks a list of tetragon.ProcessPrivilegesChanged fields

func NewProcessPrivilegesChangedListMatcher 

func NewProcessPrivilegesChangedListMatcher() *ProcessPrivilegesChangedListMatcher

NewProcessPrivilegesChangedListMatcher creates a new ProcessPrivilegesChangedListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*ProcessPrivilegesChangedListMatcher) Check 

func (checker *ProcessPrivilegesChangedListMatcher) Check(values []tetragon.ProcessPrivilegesChanged) error

Check checks a list of tetragon.ProcessPrivilegesChanged fields

func (*ProcessPrivilegesChangedListMatcher) WithOperator 

func (checker *ProcessPrivilegesChangedListMatcher) WithOperator(operator listmatcher.Operator) *ProcessPrivilegesChangedListMatcher

WithOperator sets the match kind for the ProcessPrivilegesChangedListMatcher

func (*ProcessPrivilegesChangedListMatcher) WithValues 

func (checker *ProcessPrivilegesChangedListMatcher) WithValues(values ...*ProcessPrivilegesChangedChecker) *ProcessPrivilegesChangedListMatcher

WithValues sets the checkers that the ProcessPrivilegesChangedListMatcher should use

type ProcessTracepointChecker 

type ProcessTracepointChecker struct {
	CheckerName string                       `json:"checkerName"`
	Process     *ProcessChecker              `json:"process,omitempty"`
	Parent      *ProcessChecker              `json:"parent,omitempty"`
	Subsys      *stringmatcher.StringMatcher `json:"subsys,omitempty"`
	Event       *stringmatcher.StringMatcher `json:"event,omitempty"`
	Args        *KprobeArgumentListMatcher   `json:"args,omitempty"`
	PolicyName  *stringmatcher.StringMatcher `json:"policyName,omitempty"`
	Action      *KprobeActionChecker         `json:"action,omitempty"`
	Message     *stringmatcher.StringMatcher `json:"message,omitempty"`
	Tags        *StringListMatcher           `json:"tags,omitempty"`
}

ProcessTracepointChecker implements a checker struct to check a ProcessTracepoint event

func NewProcessTracepointChecker 

func NewProcessTracepointChecker(name string) *ProcessTracepointChecker

NewProcessTracepointChecker creates a new ProcessTracepointChecker

func (*ProcessTracepointChecker) Check 

func (checker *ProcessTracepointChecker) Check(event *tetragon.ProcessTracepoint) error

Check checks a ProcessTracepoint event

func (*ProcessTracepointChecker) CheckEvent 

func (checker *ProcessTracepointChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessTracepointChecker) CheckResponse 

func (checker *ProcessTracepointChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessTracepointChecker) FromProcessTracepoint 

func (checker *ProcessTracepointChecker) FromProcessTracepoint(event *tetragon.ProcessTracepoint) *ProcessTracepointChecker

FromProcessTracepoint populates the ProcessTracepointChecker using data from a ProcessTracepoint event

func (*ProcessTracepointChecker) GetCheckerName 

func (checker *ProcessTracepointChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessTracepointChecker) GetCheckerType 

func (checker *ProcessTracepointChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessTracepointChecker) WithAction 

func (checker *ProcessTracepointChecker) WithAction(check tetragon.KprobeAction) *ProcessTracepointChecker

WithAction adds a Action check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithArgs 

func (checker *ProcessTracepointChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessTracepointChecker

WithArgs adds a Args check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithEvent 

func (checker *ProcessTracepointChecker) WithEvent(check *stringmatcher.StringMatcher) *ProcessTracepointChecker

WithEvent adds a Event check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithMessage 

func (checker *ProcessTracepointChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessTracepointChecker

WithMessage adds a Message check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithParent 

func (checker *ProcessTracepointChecker) WithParent(check *ProcessChecker) *ProcessTracepointChecker

WithParent adds a Parent check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithPolicyName 

func (checker *ProcessTracepointChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessTracepointChecker

WithPolicyName adds a PolicyName check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithProcess 

func (checker *ProcessTracepointChecker) WithProcess(check *ProcessChecker) *ProcessTracepointChecker

WithProcess adds a Process check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithSubsys 

func (checker *ProcessTracepointChecker) WithSubsys(check *stringmatcher.StringMatcher) *ProcessTracepointChecker

WithSubsys adds a Subsys check to the ProcessTracepointChecker

func (*ProcessTracepointChecker) WithTags 

func (checker *ProcessTracepointChecker) WithTags(check *StringListMatcher) *ProcessTracepointChecker

WithTags adds a Tags check to the ProcessTracepointChecker

type ProcessUprobeChecker 

type ProcessUprobeChecker struct {
	CheckerName string                       `json:"checkerName"`
	Process     *ProcessChecker              `json:"process,omitempty"`
	Parent      *ProcessChecker              `json:"parent,omitempty"`
	Path        *stringmatcher.StringMatcher `json:"path,omitempty"`
	Symbol      *stringmatcher.StringMatcher `json:"symbol,omitempty"`
	PolicyName  *stringmatcher.StringMatcher `json:"policyName,omitempty"`
	Message     *stringmatcher.StringMatcher `json:"message,omitempty"`
	Args        *KprobeArgumentListMatcher   `json:"args,omitempty"`
	Tags        *StringListMatcher           `json:"tags,omitempty"`
}

ProcessUprobeChecker implements a checker struct to check a ProcessUprobe event

func NewProcessUprobeChecker 

func NewProcessUprobeChecker(name string) *ProcessUprobeChecker

NewProcessUprobeChecker creates a new ProcessUprobeChecker

func (*ProcessUprobeChecker) Check 

func (checker *ProcessUprobeChecker) Check(event *tetragon.ProcessUprobe) error

Check checks a ProcessUprobe event

func (*ProcessUprobeChecker) CheckEvent 

func (checker *ProcessUprobeChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*ProcessUprobeChecker) CheckResponse 

func (checker *ProcessUprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*ProcessUprobeChecker) FromProcessUprobe 

func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUprobe) *ProcessUprobeChecker

FromProcessUprobe populates the ProcessUprobeChecker using data from a ProcessUprobe event

func (*ProcessUprobeChecker) GetCheckerName 

func (checker *ProcessUprobeChecker) GetCheckerName() string

Get the name associated with the checker

func (*ProcessUprobeChecker) GetCheckerType 

func (checker *ProcessUprobeChecker) GetCheckerType() string

Get the type of the checker as a string

func (*ProcessUprobeChecker) WithArgs 

func (checker *ProcessUprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessUprobeChecker

WithArgs adds a Args check to the ProcessUprobeChecker

func (*ProcessUprobeChecker) WithMessage 

func (checker *ProcessUprobeChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessUprobeChecker

WithMessage adds a Message check to the ProcessUprobeChecker

func (*ProcessUprobeChecker) WithParent 

func (checker *ProcessUprobeChecker) WithParent(check *ProcessChecker) *ProcessUprobeChecker

WithParent adds a Parent check to the ProcessUprobeChecker

func (*ProcessUprobeChecker) WithPath 

func (checker *ProcessUprobeChecker) WithPath(check *stringmatcher.StringMatcher) *ProcessUprobeChecker

WithPath adds a Path check to the ProcessUprobeChecker

func (*ProcessUprobeChecker) WithPolicyName 

func (checker *ProcessUprobeChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessUprobeChecker

WithPolicyName adds a PolicyName check to the ProcessUprobeChecker

func (*ProcessUprobeChecker) WithProcess 

func (checker *ProcessUprobeChecker) WithProcess(check *ProcessChecker) *ProcessUprobeChecker

WithProcess adds a Process check to the ProcessUprobeChecker

func (*ProcessUprobeChecker) WithSymbol 

func (checker *ProcessUprobeChecker) WithSymbol(check *stringmatcher.StringMatcher) *ProcessUprobeChecker

WithSymbol adds a Symbol check to the ProcessUprobeChecker

func (*ProcessUprobeChecker) WithTags 

func (checker *ProcessUprobeChecker) WithTags(check *StringListMatcher) *ProcessUprobeChecker

WithTags adds a Tags check to the ProcessUprobeChecker

type RateLimitInfoChecker 

type RateLimitInfoChecker struct {
	CheckerName                  string  `json:"checkerName"`
	NumberOfDroppedProcessEvents *uint64 `json:"numberOfDroppedProcessEvents,omitempty"`
}

RateLimitInfoChecker implements a checker struct to check a RateLimitInfo event

func NewRateLimitInfoChecker 

func NewRateLimitInfoChecker(name string) *RateLimitInfoChecker

NewRateLimitInfoChecker creates a new RateLimitInfoChecker

func (*RateLimitInfoChecker) Check 

func (checker *RateLimitInfoChecker) Check(event *tetragon.RateLimitInfo) error

Check checks a RateLimitInfo event

func (*RateLimitInfoChecker) CheckEvent 

func (checker *RateLimitInfoChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*RateLimitInfoChecker) CheckResponse 

func (checker *RateLimitInfoChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*RateLimitInfoChecker) FromRateLimitInfo 

func (checker *RateLimitInfoChecker) FromRateLimitInfo(event *tetragon.RateLimitInfo) *RateLimitInfoChecker

FromRateLimitInfo populates the RateLimitInfoChecker using data from a RateLimitInfo event

func (*RateLimitInfoChecker) GetCheckerName 

func (checker *RateLimitInfoChecker) GetCheckerName() string

Get the name associated with the checker

func (*RateLimitInfoChecker) GetCheckerType 

func (checker *RateLimitInfoChecker) GetCheckerType() string

Get the type of the checker as a string

func (*RateLimitInfoChecker) WithNumberOfDroppedProcessEvents 

func (checker *RateLimitInfoChecker) WithNumberOfDroppedProcessEvents(check uint64) *RateLimitInfoChecker

WithNumberOfDroppedProcessEvents adds a NumberOfDroppedProcessEvents check to the RateLimitInfoChecker

type SecureBitsTypeChecker 

type SecureBitsTypeChecker tetragon.SecureBitsType

SecureBitsTypeChecker checks a tetragon.SecureBitsType

func NewSecureBitsTypeChecker 

func NewSecureBitsTypeChecker(val tetragon.SecureBitsType) *SecureBitsTypeChecker

NewSecureBitsTypeChecker creates a new SecureBitsTypeChecker

func (*SecureBitsTypeChecker) Check 

func (enum *SecureBitsTypeChecker) Check(val *tetragon.SecureBitsType) error

Check checks a SecureBitsType against the checker

func (SecureBitsTypeChecker) MarshalJSON 

func (enum SecureBitsTypeChecker) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface

func (*SecureBitsTypeChecker) UnmarshalJSON 

func (enum *SecureBitsTypeChecker) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface

type SecureBitsTypeListMatcher 

type SecureBitsTypeListMatcher struct {
	Operator listmatcher.Operator     `json:"operator"`
	Values   []*SecureBitsTypeChecker `json:"values"`
}

SecureBitsTypeListMatcher checks a list of tetragon.SecureBitsType fields

func NewSecureBitsTypeListMatcher 

func NewSecureBitsTypeListMatcher() *SecureBitsTypeListMatcher

NewSecureBitsTypeListMatcher creates a new SecureBitsTypeListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*SecureBitsTypeListMatcher) Check 

func (checker *SecureBitsTypeListMatcher) Check(values []tetragon.SecureBitsType) error

Check checks a list of tetragon.SecureBitsType fields

func (*SecureBitsTypeListMatcher) WithOperator 

func (checker *SecureBitsTypeListMatcher) WithOperator(operator listmatcher.Operator) *SecureBitsTypeListMatcher

WithOperator sets the match kind for the SecureBitsTypeListMatcher

func (*SecureBitsTypeListMatcher) WithValues 

func (checker *SecureBitsTypeListMatcher) WithValues(values ...*SecureBitsTypeChecker) *SecureBitsTypeListMatcher

WithValues sets the checkers that the SecureBitsTypeListMatcher should use

type StackTraceEntryChecker 

type StackTraceEntryChecker struct {
	Address *uint64                      `json:"address,omitempty"`
	Offset  *uint64                      `json:"offset,omitempty"`
	Symbol  *stringmatcher.StringMatcher `json:"symbol,omitempty"`
	Module  *stringmatcher.StringMatcher `json:"module,omitempty"`
}

StackTraceEntryChecker implements a checker struct to check a StackTraceEntry field

func NewStackTraceEntryChecker 

func NewStackTraceEntryChecker() *StackTraceEntryChecker

NewStackTraceEntryChecker creates a new StackTraceEntryChecker

func (*StackTraceEntryChecker) Check 

func (checker *StackTraceEntryChecker) Check(event *tetragon.StackTraceEntry) error

Check checks a StackTraceEntry field

func (*StackTraceEntryChecker) FromStackTraceEntry 

func (checker *StackTraceEntryChecker) FromStackTraceEntry(event *tetragon.StackTraceEntry) *StackTraceEntryChecker

FromStackTraceEntry populates the StackTraceEntryChecker using data from a StackTraceEntry field

func (*StackTraceEntryChecker) GetCheckerType 

func (checker *StackTraceEntryChecker) GetCheckerType() string

Get the type of the checker as a string

func (*StackTraceEntryChecker) WithAddress 

func (checker *StackTraceEntryChecker) WithAddress(check uint64) *StackTraceEntryChecker

WithAddress adds a Address check to the StackTraceEntryChecker

func (*StackTraceEntryChecker) WithModule 

func (checker *StackTraceEntryChecker) WithModule(check *stringmatcher.StringMatcher) *StackTraceEntryChecker

WithModule adds a Module check to the StackTraceEntryChecker

func (*StackTraceEntryChecker) WithOffset 

func (checker *StackTraceEntryChecker) WithOffset(check uint64) *StackTraceEntryChecker

WithOffset adds a Offset check to the StackTraceEntryChecker

func (*StackTraceEntryChecker) WithSymbol 

func (checker *StackTraceEntryChecker) WithSymbol(check *stringmatcher.StringMatcher) *StackTraceEntryChecker

WithSymbol adds a Symbol check to the StackTraceEntryChecker

type StackTraceEntryListMatcher 

type StackTraceEntryListMatcher struct {
	Operator listmatcher.Operator      `json:"operator"`
	Values   []*StackTraceEntryChecker `json:"values"`
}

StackTraceEntryListMatcher checks a list of *tetragon.StackTraceEntry fields

func NewStackTraceEntryListMatcher 

func NewStackTraceEntryListMatcher() *StackTraceEntryListMatcher

NewStackTraceEntryListMatcher creates a new StackTraceEntryListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*StackTraceEntryListMatcher) Check 

func (checker *StackTraceEntryListMatcher) Check(values []*tetragon.StackTraceEntry) error

Check checks a list of *tetragon.StackTraceEntry fields

func (*StackTraceEntryListMatcher) WithOperator 

func (checker *StackTraceEntryListMatcher) WithOperator(operator listmatcher.Operator) *StackTraceEntryListMatcher

WithOperator sets the match kind for the StackTraceEntryListMatcher

func (*StackTraceEntryListMatcher) WithValues 

func (checker *StackTraceEntryListMatcher) WithValues(values ...*StackTraceEntryChecker) *StackTraceEntryListMatcher

WithValues sets the checkers that the StackTraceEntryListMatcher should use

type StringListMatcher 

type StringListMatcher struct {
	Operator listmatcher.Operator           `json:"operator"`
	Values   []*stringmatcher.StringMatcher `json:"values"`
}

StringListMatcher checks a list of string fields

func NewStringListMatcher 

func NewStringListMatcher() *StringListMatcher

NewStringListMatcher creates a new StringListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*StringListMatcher) Check 

func (checker *StringListMatcher) Check(values []string) error

Check checks a list of string fields

func (*StringListMatcher) WithOperator 

func (checker *StringListMatcher) WithOperator(operator listmatcher.Operator) *StringListMatcher

WithOperator sets the match kind for the StringListMatcher

func (*StringListMatcher) WithValues 

func (checker *StringListMatcher) WithValues(values ...*stringmatcher.StringMatcher) *StringListMatcher

WithValues sets the checkers that the StringListMatcher should use

type TaintedBitsTypeChecker 

type TaintedBitsTypeChecker tetragon.TaintedBitsType

TaintedBitsTypeChecker checks a tetragon.TaintedBitsType

func NewTaintedBitsTypeChecker 

func NewTaintedBitsTypeChecker(val tetragon.TaintedBitsType) *TaintedBitsTypeChecker

NewTaintedBitsTypeChecker creates a new TaintedBitsTypeChecker

func (*TaintedBitsTypeChecker) Check 

func (enum *TaintedBitsTypeChecker) Check(val *tetragon.TaintedBitsType) error

Check checks a TaintedBitsType against the checker

func (TaintedBitsTypeChecker) MarshalJSON 

func (enum TaintedBitsTypeChecker) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface

func (*TaintedBitsTypeChecker) UnmarshalJSON 

func (enum *TaintedBitsTypeChecker) UnmarshalJSON(b []byte) error

UnmarshalJSON implements json.Unmarshaler interface

type TaintedBitsTypeListMatcher 

type TaintedBitsTypeListMatcher struct {
	Operator listmatcher.Operator      `json:"operator"`
	Values   []*TaintedBitsTypeChecker `json:"values"`
}

TaintedBitsTypeListMatcher checks a list of tetragon.TaintedBitsType fields

func NewTaintedBitsTypeListMatcher 

func NewTaintedBitsTypeListMatcher() *TaintedBitsTypeListMatcher

NewTaintedBitsTypeListMatcher creates a new TaintedBitsTypeListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()

func (*TaintedBitsTypeListMatcher) Check 

func (checker *TaintedBitsTypeListMatcher) Check(values []tetragon.TaintedBitsType) error

Check checks a list of tetragon.TaintedBitsType fields

func (*TaintedBitsTypeListMatcher) WithOperator 

func (checker *TaintedBitsTypeListMatcher) WithOperator(operator listmatcher.Operator) *TaintedBitsTypeListMatcher

WithOperator sets the match kind for the TaintedBitsTypeListMatcher

func (*TaintedBitsTypeListMatcher) WithValues 

func (checker *TaintedBitsTypeListMatcher) WithValues(values ...*TaintedBitsTypeChecker) *TaintedBitsTypeListMatcher

WithValues sets the checkers that the TaintedBitsTypeListMatcher should use

type TestChecker 

type TestChecker struct {
	CheckerName string  `json:"checkerName"`
	Arg0        *uint64 `json:"arg0,omitempty"`
	Arg1        *uint64 `json:"arg1,omitempty"`
	Arg2        *uint64 `json:"arg2,omitempty"`
	Arg3        *uint64 `json:"arg3,omitempty"`
}

TestChecker implements a checker struct to check a Test event

func NewTestChecker 

func NewTestChecker(name string) *TestChecker

NewTestChecker creates a new TestChecker

func (*TestChecker) Check 

func (checker *TestChecker) Check(event *tetragon.Test) error

Check checks a Test event

func (*TestChecker) CheckEvent 

func (checker *TestChecker) CheckEvent(event Event) error

CheckEvent checks a single event and implements the EventChecker interface

func (*TestChecker) CheckResponse 

func (checker *TestChecker) CheckResponse(response *tetragon.GetEventsResponse) error

CheckResponse checks a single gRPC response and implements the EventChecker interface

func (*TestChecker) FromTest 

func (checker *TestChecker) FromTest(event *tetragon.Test) *TestChecker

FromTest populates the TestChecker using data from a Test event

func (*TestChecker) GetCheckerName 

func (checker *TestChecker) GetCheckerName() string

Get the name associated with the checker

func (*TestChecker) GetCheckerType 

func (checker *TestChecker) GetCheckerType() string

Get the type of the checker as a string

func (*TestChecker) WithArg0 

func (checker *TestChecker) WithArg0(check uint64) *TestChecker

WithArg0 adds a Arg0 check to the TestChecker

func (*TestChecker) WithArg1 

func (checker *TestChecker) WithArg1(check uint64) *TestChecker

WithArg1 adds a Arg1 check to the TestChecker

func (*TestChecker) WithArg2 

func (checker *TestChecker) WithArg2(check uint64) *TestChecker

WithArg2 adds a Arg2 check to the TestChecker

func (*TestChecker) WithArg3 

func (checker *TestChecker) WithArg3(check uint64) *TestChecker

WithArg3 adds a Arg3 check to the TestChecker

type UnorderedEventChecker 

type UnorderedEventChecker struct {
	// contains filtered or unexported fields
}

UnorderedEventChecker checks a series of events in arbitrary order

func NewUnorderedEventChecker 

func NewUnorderedEventChecker(checks ...EventChecker) *UnorderedEventChecker

NewUnorderedEventChecker creates a new UnorderedEventChecker

func (*UnorderedEventChecker) AddChecks 

func (checker *UnorderedEventChecker) AddChecks(checks ...EventChecker)

AddChecks adds one or more checks to the set of checks in this event checker

func (*UnorderedEventChecker) FinalCheck 

func (checker *UnorderedEventChecker) FinalCheck(logger *logrus.Logger) error

FinalCheck implements the MultiEventChecker interface

func (*UnorderedEventChecker) GetChecks 

func (checker *UnorderedEventChecker) GetChecks() []EventChecker

GetChecks returns this checker's list of checks

func (*UnorderedEventChecker) GetRemainingChecks 

func (checker *UnorderedEventChecker) GetRemainingChecks() []EventChecker

GetRemainingChecks returns this checker's list of remaining checks

func (*UnorderedEventChecker) NextEventCheck 

func (checker *UnorderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)

NextEventCheck implements the MultiEventChecker interface

type UserNamespaceChecker 

type UserNamespaceChecker struct {
	Level *int32            `json:"level,omitempty"`
	Uid   *uint32           `json:"uid,omitempty"`
	Gid   *uint32           `json:"gid,omitempty"`
	Ns    *NamespaceChecker `json:"ns,omitempty"`
}

UserNamespaceChecker implements a checker struct to check a UserNamespace field

func NewUserNamespaceChecker 

func NewUserNamespaceChecker() *UserNamespaceChecker

NewUserNamespaceChecker creates a new UserNamespaceChecker

func (*UserNamespaceChecker) Check 

func (checker *UserNamespaceChecker) Check(event *tetragon.UserNamespace) error

Check checks a UserNamespace field

func (*UserNamespaceChecker) FromUserNamespace 

func (checker *UserNamespaceChecker) FromUserNamespace(event *tetragon.UserNamespace) *UserNamespaceChecker

FromUserNamespace populates the UserNamespaceChecker using data from a UserNamespace field

func (*UserNamespaceChecker) GetCheckerType 

func (checker *UserNamespaceChecker) GetCheckerType() string

Get the type of the checker as a string

func (*UserNamespaceChecker) WithGid 

func (checker *UserNamespaceChecker) WithGid(check uint32) *UserNamespaceChecker

WithGid adds a Gid check to the UserNamespaceChecker

func (*UserNamespaceChecker) WithLevel 

func (checker *UserNamespaceChecker) WithLevel(check int32) *UserNamespaceChecker

WithLevel adds a Level check to the UserNamespaceChecker

func (*UserNamespaceChecker) WithNs 

func (checker *UserNamespaceChecker) WithNs(check *NamespaceChecker) *UserNamespaceChecker

WithNs adds a Ns check to the UserNamespaceChecker

func (*UserNamespaceChecker) WithUid 

func (checker *UserNamespaceChecker) WithUid(check uint32) *UserNamespaceChecker

WithUid adds a Uid check to the UserNamespaceChecker

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.