Documentation
¶
Index ¶
- func CanUseEBPF() bool
- func SetSensitivePaths(patterns []string)
- type ContainerStrace
- func (c *ContainerStrace) Close() error
- func (c *ContainerStrace) Events() <-chan types.SyscallEvent
- func (c *ContainerStrace) Method() string
- func (c *ContainerStrace) Start(_ uint32) error
- func (c *ContainerStrace) StartAndInstall(ctx context.Context, containerID string, installCmd []string) ([]byte, error)
- type EBPFProbe
- type Probe
- type StraceFallback
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CanUseEBPF ¶
func CanUseEBPF() bool
CanUseEBPF checks whether the current environment supports eBPF kprobes.
func SetSensitivePaths ¶ added in v0.4.0
func SetSensitivePaths(patterns []string)
SetSensitivePaths replaces the sensitive path patterns used by the parser. Must be called exactly once at startup (from PreRunE) before any parsing begins. Not safe for concurrent use.
Types ¶
type ContainerStrace ¶
type ContainerStrace struct {
// contains filtered or unexported fields
}
ContainerStrace monitors connect(2) syscalls by running strace inside the Docker container. This works on all platforms where Docker is available (Linux, macOS, Windows). ContainerStrace monitors connect(2) syscalls by running strace inside the Docker container. This works on all platforms where Docker is available (Linux, macOS, Windows).
func NewContainerStrace ¶
func NewContainerStrace() *ContainerStrace
NewContainerStrace creates a new in-container strace probe.
func (*ContainerStrace) Events ¶
func (c *ContainerStrace) Events() <-chan types.SyscallEvent
Events returns the channel of captured connect events.
func (*ContainerStrace) Method ¶
func (c *ContainerStrace) Method() string
Method returns the probe method identifier.
func (*ContainerStrace) Start ¶
func (c *ContainerStrace) Start(_ uint32) error
Start is not supported for ContainerStrace. Use StartAndInstall instead.
func (*ContainerStrace) StartAndInstall ¶
func (c *ContainerStrace) StartAndInstall(ctx context.Context, containerID string, installCmd []string) ([]byte, error)
StartAndInstall runs strace wrapping pip install inside the container. It blocks until installation completes, populating the events channel.
type EBPFProbe ¶
type EBPFProbe struct {
LostSamples uint64
// contains filtered or unexported fields
}
EBPFProbe monitors syscalls using eBPF kprobes.
func (*EBPFProbe) Events ¶
func (p *EBPFProbe) Events() <-chan types.SyscallEvent
type Probe ¶
type Probe interface {
Start(targetPIDNS uint32) error
Events() <-chan types.SyscallEvent
Close() error
Method() string
}
Probe is the interface for syscall monitoring.
type StraceFallback ¶
type StraceFallback struct {
// contains filtered or unexported fields
}
StraceFallback monitors connect(2) syscalls by running strace on the container PID.
func (*StraceFallback) Close ¶
func (s *StraceFallback) Close() error
func (*StraceFallback) Events ¶
func (s *StraceFallback) Events() <-chan types.SyscallEvent
func (*StraceFallback) Method ¶
func (s *StraceFallback) Method() string
func (*StraceFallback) Start ¶
func (s *StraceFallback) Start(_ uint32) error
Start attaches strace to the target PID and begins parsing output. targetPIDNS is ignored; instead use StartWithPID.
func (*StraceFallback) StartWithPID ¶
func (s *StraceFallback) StartWithPID(pid uint32) error
StartWithPID attaches strace to the given host PID.
Source Files