Documentation
¶
Index ¶
- Constants
- func CollectLoopbackIpc(bpfMod *bpf.BpfModule, exit <-chan struct{}, commId *CommIdentifier, ...) error
- func CollectPipeIpc(bpfMod *bpf.BpfModule, exit <-chan struct{}, ...) error
- func CollectPtyWrites(bpfMod *bpf.BpfModule, exit <-chan struct{}, commId *CommIdentifier, ...) error
- func CollectSignals(bpfMod *bpf.BpfModule, exit <-chan struct{}, commId *CommIdentifier, ...) error
- func CollectUnixSocketIpc(bpfMod *bpf.BpfModule, exit <-chan struct{}, commId *CommIdentifier, ...) error
- func InitLoopbackIpcCollection(bpfBuilder *bpf.BpfBuilder, tcp bool, udp bool) error
- func InitPipeIpcCollection(bpfBuilder *bpf.BpfBuilder) error
- func InitPtyWriteCollection(bpfBuilder *bpf.BpfBuilder) error
- func InitSignalCollection(bpfBuilder *bpf.BpfBuilder) error
- func InitUnixSocketIpcCollection(bpfBuilder *bpf.BpfBuilder, streams bool, dgrams bool) error
- func OpenTestPty() (pty *os.File, processTTY string, err error)
- func ScanProcessComms() (map[uint64]string, error)
- func ScanProcessSocketInodes() (map[uint64]inodeProcessInfo, error)
- func SetupCommCollectionBpf(bpfBuilder *bpf.BpfBuilder) error
- func SetupIpcBytesOutput(bpfBuilder *bpf.BpfBuilder, dumpBytes bool, dumpBytesMax uint) error
- func SetupSockIdCollectionBpf(bpfBuilder *bpf.BpfBuilder) error
- func TsFromKtime(timestamp uint64) time.Time
- type CommIdentifier
- type PtyError
- type SocketIdentifier
Constants ¶
View Source
const ( UNIX_IPC_TYPE_NONE = 0 UNIX_IPC_TYPE_STREAM = iota UNIX_IPC_TYPE_DGRAM = iota )
Variables ¶
This section is empty.
Functions ¶
func CollectLoopbackIpc ¶
func CollectLoopbackIpc(bpfMod *bpf.BpfModule, exit <-chan struct{}, commId *CommIdentifier, sockId *SocketIdentifier, ipcDataEmitter *events.IpcDataEmitter) error
func CollectPipeIpc ¶
func CollectPipeIpc(bpfMod *bpf.BpfModule, exit <-chan struct{}, ipcDataEmitter *events.IpcDataEmitter) error
func CollectPtyWrites ¶
func CollectPtyWrites(bpfMod *bpf.BpfModule, exit <-chan struct{}, commId *CommIdentifier, ipcDataEmitter *events.IpcDataEmitter) error
func CollectSignals ¶
func CollectSignals(bpfMod *bpf.BpfModule, exit <-chan struct{}, commId *CommIdentifier, ipcDataEmitter *events.IpcDataEmitter) error
func CollectUnixSocketIpc ¶
func CollectUnixSocketIpc(bpfMod *bpf.BpfModule, exit <-chan struct{}, commId *CommIdentifier, sockId *SocketIdentifier, ipcDataEmitter *events.IpcDataEmitter) error
in theory we could pass sockId for just the datagram case
func InitLoopbackIpcCollection ¶
func InitLoopbackIpcCollection(bpfBuilder *bpf.BpfBuilder, tcp bool, udp bool) error
func InitPipeIpcCollection ¶
func InitPipeIpcCollection(bpfBuilder *bpf.BpfBuilder) error
func InitPtyWriteCollection ¶
func InitPtyWriteCollection(bpfBuilder *bpf.BpfBuilder) error
func InitSignalCollection ¶
func InitSignalCollection(bpfBuilder *bpf.BpfBuilder) error
func InitUnixSocketIpcCollection ¶
func InitUnixSocketIpcCollection(bpfBuilder *bpf.BpfBuilder, streams bool, dgrams bool) error
func OpenTestPty ¶
Open returns a control pty and the name of the linked process tty.
func ScanProcessComms ¶
func ScanProcessSocketInodes ¶
func SetupCommCollectionBpf ¶
func SetupCommCollectionBpf(bpfBuilder *bpf.BpfBuilder) error
func SetupIpcBytesOutput ¶
func SetupIpcBytesOutput(bpfBuilder *bpf.BpfBuilder, dumpBytes bool, dumpBytesMax uint) error
func SetupSockIdCollectionBpf ¶
func SetupSockIdCollectionBpf(bpfBuilder *bpf.BpfBuilder) error
func TsFromKtime ¶
Types ¶
type CommIdentifier ¶
type CommIdentifier struct {
// contains filtered or unexported fields
}
func NewCommIdentifier ¶
func NewCommIdentifier(bpfMod *bpf.BpfModule) (*CommIdentifier, error)
func (CommIdentifier) CommForPid ¶
func (c CommIdentifier) CommForPid(pid int64, comm [16]byte) string
type SocketIdentifier ¶
type SocketIdentifier struct {
// contains filtered or unexported fields
}
func NewSocketIdentifier ¶
func NewSocketIdentifier(bpfMod *bpf.BpfModule) (*SocketIdentifier, error)
func (SocketIdentifier) GuessMissingSockPidFromUsermode ¶
func (s SocketIdentifier) GuessMissingSockPidFromUsermode(inode uint64) (uint64, bool)
Source Files
Click to show internal directories.
Click to hide internal directories.