helpers

package module
v0.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2022 License: Apache-2.0 Imports: 15 Imported by: 39

Documentation

Index

Examples

Constants

View Source 
const (
	HugetlbFlagEncodeShift = 26
	MapHugeSizeMask        = ((1 << 6) - 1) << HugetlbFlagEncodeShift
)

Variables

View Source 
var (
	SO_DEBUG                         = SocketOptionArgument{unix.SO_DEBUG, "SO_DEBUG"}
	SO_REUSEADDR                     = SocketOptionArgument{unix.SO_REUSEADDR, "SO_REUSEADDR"}
	SO_TYPE                          = SocketOptionArgument{unix.SO_TYPE, "SO_TYPE"}
	SO_ERROR                         = SocketOptionArgument{unix.SO_ERROR, "SO_ERROR"}
	SO_DONTROUTE                     = SocketOptionArgument{unix.SO_DONTROUTE, "SO_DONTROUTE"}
	SO_BROADCAST                     = SocketOptionArgument{unix.SO_BROADCAST, "SO_BROADCAST"}
	SO_SNDBUF                        = SocketOptionArgument{unix.SO_SNDBUF, "SO_SNDBUF"}
	SO_RCVBUF                        = SocketOptionArgument{unix.SO_RCVBUF, "SO_RCVBUF"}
	SO_SNDBUFFORCE                   = SocketOptionArgument{unix.SO_SNDBUFFORCE, "SO_SNDBUFFORCE"}
	SO_RCVBUFFORCE                   = SocketOptionArgument{unix.SO_RCVBUFFORCE, "SO_RCVBUFFORCE"}
	SO_KEEPALIVE                     = SocketOptionArgument{unix.SO_KEEPALIVE, "SO_KEEPALIVE"}
	SO_OOBINLINE                     = SocketOptionArgument{unix.SO_OOBINLINE, "SO_OOBINLINE"}
	SO_NO_CHECK                      = SocketOptionArgument{unix.SO_NO_CHECK, "SO_NO_CHECK"}
	SO_PRIORITY                      = SocketOptionArgument{unix.SO_PRIORITY, "SO_PRIORITY"}
	SO_LINGER                        = SocketOptionArgument{unix.SO_LINGER, "SO_LINGER"}
	SO_BSDCOMPAT                     = SocketOptionArgument{unix.SO_BSDCOMPAT, "SO_BSDCOMPAT"}
	SO_REUSEPORT                     = SocketOptionArgument{unix.SO_REUSEPORT, "SO_REUSEPORT"}
	SO_PASSCRED                      = SocketOptionArgument{unix.SO_PASSCRED, "SO_PASSCRED"}
	SO_PEERCRED                      = SocketOptionArgument{unix.SO_PEERCRED, "SO_PEERCRED"}
	SO_RCVLOWAT                      = SocketOptionArgument{unix.SO_RCVLOWAT, "SO_RCVLOWAT"}
	SO_SNDLOWAT                      = SocketOptionArgument{unix.SO_SNDLOWAT, "SO_SNDLOWAT"}
	SO_SECURITY_AUTHENTICATION       = SocketOptionArgument{unix.SO_SECURITY_AUTHENTICATION, "SO_SECURITY_AUTHENTICATION"}
	SO_SECURITY_ENCRYPTION_TRANSPORT = SocketOptionArgument{unix.SO_SECURITY_ENCRYPTION_TRANSPORT, "SO_SECURITY_ENCRYPTION_TRANSPORT"}
	SO_SECURITY_ENCRYPTION_NETWORK   = SocketOptionArgument{unix.SO_SECURITY_ENCRYPTION_NETWORK, "SO_SECURITY_ENCRYPTION_NETWORK"}
	SO_BINDTODEVICE                  = SocketOptionArgument{unix.SO_BINDTODEVICE, "SO_BINDTODEVICE"}
	SO_ATTACH_FILTER                 = SocketOptionArgument{unix.SO_ATTACH_FILTER, "SO_ATTACH_FILTER"}
	SO_GET_FILTER                    = SocketOptionArgument{unix.SO_GET_FILTER, "SO_GET_FILTER"}
	SO_DETACH_FILTER                 = SocketOptionArgument{unix.SO_DETACH_FILTER, "SO_DETACH_FILTER"}
	SO_PEERNAME                      = SocketOptionArgument{unix.SO_PEERNAME, "SO_PEERNAME"}
	SO_ACCEPTCONN                    = SocketOptionArgument{unix.SO_ACCEPTCONN, "SO_ACCEPTCONN"}
	SO_PEERSEC                       = SocketOptionArgument{unix.SO_PEERSEC, "SO_PEERSEC"}
	SO_PASSSEC                       = SocketOptionArgument{unix.SO_PASSSEC, "SO_PASSSEC"}
	SO_MARK                          = SocketOptionArgument{unix.SO_MARK, "SO_MARK"}
	SO_PROTOCOL                      = SocketOptionArgument{unix.SO_PROTOCOL, "SO_PROTOCOL"}
	SO_DOMAIN                        = SocketOptionArgument{unix.SO_DOMAIN, "SO_DOMAIN"}
	SO_RXQ_OVFL                      = SocketOptionArgument{unix.SO_RXQ_OVFL, "SO_RXQ_OVFL"}
	SO_WIFI_STATUS                   = SocketOptionArgument{unix.SO_WIFI_STATUS, "SO_WIFI_STATUS"}
	SO_PEEK_OFF                      = SocketOptionArgument{unix.SO_PEEK_OFF, "SO_PEEK_OFF"}
	SO_NOFCS                         = SocketOptionArgument{unix.SO_NOFCS, "SO_NOFCS"}
	SO_LOCK_FILTER                   = SocketOptionArgument{unix.SO_LOCK_FILTER, "SO_LOCK_FILTER"}
	SO_SELECT_ERR_QUEUE              = SocketOptionArgument{unix.SO_SELECT_ERR_QUEUE, "SO_SELECT_ERR_QUEUE"}
	SO_BUSY_POLL                     = SocketOptionArgument{unix.SO_BUSY_POLL, "SO_BUSY_POLL"}
	SO_MAX_PACING_RATE               = SocketOptionArgument{unix.SO_MAX_PACING_RATE, "SO_MAX_PACING_RATE"}
	SO_BPF_EXTENSIONS                = SocketOptionArgument{unix.SO_BPF_EXTENSIONS, "SO_BPF_EXTENSIONS"}
	SO_INCOMING_CPU                  = SocketOptionArgument{unix.SO_INCOMING_CPU, "SO_INCOMING_CPU"}
	SO_ATTACH_BPF                    = SocketOptionArgument{unix.SO_ATTACH_BPF, "SO_ATTACH_BPF"}
	SO_ATTACH_REUSEPORT_CBPF         = SocketOptionArgument{unix.SO_ATTACH_REUSEPORT_CBPF, "SO_ATTACH_REUSEPORT_CBPF"}
	SO_ATTACH_REUSEPORT_EBPF         = SocketOptionArgument{unix.SO_ATTACH_REUSEPORT_EBPF, "SO_ATTACH_REUSEPORT_EBPF"}
	SO_CNX_ADVICE                    = SocketOptionArgument{unix.SO_CNX_ADVICE, "SO_CNX_ADVICE"}
	SCM_TIMESTAMPING_OPT_STATS       = SocketOptionArgument{unix.SCM_TIMESTAMPING_OPT_STATS, "SCM_TIMESTAMPING_OPT_STATS"}
	SO_MEMINFO                       = SocketOptionArgument{unix.SO_MEMINFO, "SO_MEMINFO"}
	SO_INCOMING_NAPI_ID              = SocketOptionArgument{unix.SO_INCOMING_NAPI_ID, "SO_INCOMING_NAPI_ID"}
	SO_COOKIE                        = SocketOptionArgument{unix.SO_COOKIE, "SO_COOKIE"}
	SCM_TIMESTAMPING_PKTINFO         = SocketOptionArgument{unix.SCM_TIMESTAMPING_PKTINFO, "SCM_TIMESTAMPING_PKTINFO"}
	SO_PEERGROUPS                    = SocketOptionArgument{unix.SO_PEERGROUPS, "SO_PEERGROUPS"}
	SO_ZEROCOPY                      = SocketOptionArgument{unix.SO_ZEROCOPY, "SO_ZEROCOPY"}
	SO_TXTIME                        = SocketOptionArgument{unix.SO_TXTIME, "SO_TXTIME"}
	SO_BINDTOIFINDEX                 = SocketOptionArgument{unix.SO_BINDTOIFINDEX, "SO_BINDTOIFINDEX"}
	SO_TIMESTAMP_NEW                 = SocketOptionArgument{unix.SO_TIMESTAMP_NEW, "SO_TIMESTAMP_NEW"}
	SO_TIMESTAMPNS_NEW               = SocketOptionArgument{unix.SO_TIMESTAMPNS_NEW, "SO_TIMESTAMPNS_NEW"}
	SO_TIMESTAMPING_NEW              = SocketOptionArgument{unix.SO_TIMESTAMPING_NEW, "SO_TIMESTAMPING_NEW"}
	SO_RCVTIMEO_NEW                  = SocketOptionArgument{unix.SO_RCVTIMEO_NEW, "SO_RCVTIMEO_NEW"}
	SO_SNDTIMEO_NEW                  = SocketOptionArgument{unix.SO_SNDTIMEO_NEW, "SO_SNDTIMEO_NEW"}
	SO_DETACH_REUSEPORT_BPF          = SocketOptionArgument{unix.SO_DETACH_REUSEPORT_BPF, "SO_DETACH_REUSEPORT_BPF"}
	SO_PREFER_BUSY_POLL              = SocketOptionArgument{unix.SO_PREFER_BUSY_POLL, "SO_PREFER_BUSY_POLL"}
	SO_BUSY_POLL_BUDGET              = SocketOptionArgument{unix.SO_BUSY_POLL_BUDGET, "SO_BUSY_POLL_BUDGET"}
	SO_TIMESTAMP                     = SocketOptionArgument{unix.SO_TIMESTAMP, "SO_TIMESTAMP"}
	SO_TIMESTAMPNS                   = SocketOptionArgument{unix.SO_TIMESTAMPNS, "SO_TIMESTAMPNS"}
	SO_TIMESTAMPING                  = SocketOptionArgument{unix.SO_TIMESTAMPING, "SO_TIMESTAMPING"}
	SO_RCVTIMEO                      = SocketOptionArgument{unix.SO_RCVTIMEO, "SO_RCVTIMEO"}
	SO_SNDTIMEO                      = SocketOptionArgument{unix.SO_SNDTIMEO, "SO_SNDTIMEO"}

	// The following are newer, so aren't included in the unix package
	SO_NETNS_COOKIE SocketOptionArgument = SocketOptionArgument{71, "SO_NETNS_COOKIE"}
	SO_BUF_LOCK     SocketOptionArgument = SocketOptionArgument{72, "SO_BUF_LOCK"}
	SO_RESERVE_MEM  SocketOptionArgument = SocketOptionArgument{73, "SO_RESERVE_MEM"}
	SO_TXREHASH     SocketOptionArgument = SocketOptionArgument{74, "SO_TXREHASH"}
)

Functions

func FtraceEnabled 

func FtraceEnabled() (bool, error)

func OSBTFEnabled 

func OSBTFEnabled() bool

OSBTFEnabled checks if kernel has embedded BTF vmlinux file

func OptionAreContainedInArgument 

func OptionAreContainedInArgument(rawArgument uint64, options ...SystemFunctionArgument) bool

OptionAreContainedInArgument checks whether the argument (rawArgument) contains all of the 'options' such as with flags passed to the clone flag. This function takes an arbitrary number of SystemCallArguments.It will only return true if each and every option is present in rawArgument. Typically linux syscalls have multiple options specified in a single argument via bitmasks = which this function checks for.

func Parse16BytesSliceIP 

func Parse16BytesSliceIP(in []byte) string

Parse16BytesSliceIP parses the IP address encoded as 16 bytes long PrintBytesSliceIP. It would be more correct to accept a [16]byte instead of variable lenth slice, but that would case unnecessary memory copying and type conversions.

func ParseUint32IP 

func ParseUint32IP(in uint32) string

ParseUint32IP parses the IP address encoded as a uint32

func SymbolToOffset 

func SymbolToOffset(path, symbol string) (uint32, error)

SymbolToOffset attempts to resolve a 'symbol' name in the binary found at 'path' to an offset. The offset can be used for attaching a u(ret)probe

func TracePipeListen 

func TracePipeListen() error

TracePipeListen reads data from the trace pipe that bpf_trace_printk() writes to, (/sys/kernel/debug/tracing/trace_pipe). It writes the data to stdout. The pipe is global, so this function is not associated with any BPF program. It is recommended to use bpf_trace_printk() and this function for debug purposes only. This is a blocking function intended to be called from a goroutine.

Example (Usage) 
package main

import (
	"fmt"
	"os"

	"github.com/aquasecurity/libbpfgo/helpers"
)

func main() {
	go func() {
		err := helpers.TracePipeListen()
		if err != nil {
			fmt.Fprintf(os.Stderr, "%s\n", err.Error())
		}
	}()
}

Output:

func UnameMachine 

func UnameMachine() (string, error)

UnameMachine gets the version string of host's architecture

func UnameRelease 

func UnameRelease() (string, error)

UnameRelease gets the version string of the current running kernel

Types

type AccessModeArgument 

type AccessModeArgument struct {
	// contains filtered or unexported fields
}
var (
	F_OK AccessModeArgument = AccessModeArgument{/* contains filtered or unexported fields */}
	X_OK AccessModeArgument = AccessModeArgument{/* contains filtered or unexported fields */}
	W_OK AccessModeArgument = AccessModeArgument{/* contains filtered or unexported fields */}
	R_OK AccessModeArgument = AccessModeArgument{/* contains filtered or unexported fields */}
)

func ParseAccessMode 

func ParseAccessMode(rawValue uint64) (AccessModeArgument, error)

ParseAccessMode parses the mode from the `access` system call http://man7.org/linux/man-pages/man2/access.2.html

func (AccessModeArgument) String 

func (a AccessModeArgument) String() string

func (AccessModeArgument) Value 

func (a AccessModeArgument) Value() uint64

type BPFCommandArgument 

type BPFCommandArgument uint64
const (
	BPF_MAP_CREATE BPFCommandArgument = iota
	BPF_MAP_LOOKUP_ELEM
	BPF_MAP_UPDATE_ELEM
	BPF_MAP_DELETE_ELEM
	BPF_MAP_GET_NEXT_KEY
	BPF_PROG_LOAD
	BPF_OBJ_PIN
	BPF_OBJ_GET
	BPF_PROG_ATTACH
	BPF_PROG_DETACH
	BPF_PROG_TEST_RUN
	BPF_PROG_GET_NEXT_ID
	BPF_MAP_GET_NEXT_ID
	BPF_PROG_GET_FD_BY_ID
	BPF_MAP_GET_FD_BY_ID
	BPF_OBJ_GET_INFO_BY_FD
	BPF_PROG_QUERY
	BPF_RAW_TRACEPOINT_OPEN
	BPF_BTF_LOAD
	BPF_BTF_GET_FD_BY_ID
	BPF_TASK_FD_QUERY
	BPF_MAP_LOOKUP_AND_DELETE_ELEM
	BPF_MAP_FREEZE
	BPF_BTF_GET_NEXT_ID
	BPF_MAP_LOOKUP_BATCH
	BPF_MAP_LOOKUP_AND_DELETE_BATCH
	BPF_MAP_UPDATE_BATCH
	BPF_MAP_DELETE_BATCH
	BPF_LINK_CREATE
	BPF_LINK_UPDATE
	BPF_LINK_GET_FD_BY_ID
	BPF_LINK_GET_NEXT_ID
	BPF_ENABLE_STATS
	BPF_ITER_CREATE
	BPF_LINK_DETACH
)

func ParseBPFCmd 

func ParseBPFCmd(cmd uint64) (BPFCommandArgument, error)

ParseBPFCmd parses the raw value of the `cmd` argument of the `bpf` syscall https://man7.org/linux/man-pages/man2/bpf.2.html

func (BPFCommandArgument) String 

func (b BPFCommandArgument) String() string

String parses the `cmd` argument of the `bpf` syscall https://man7.org/linux/man-pages/man2/bpf.2.html

func (BPFCommandArgument) Value 

func (b BPFCommandArgument) Value() uint64

type BPFProgType added in v0.4.3 

type BPFProgType uint32

BPFProgType is an enum as defined in https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/bpf.h 

const (
	BPFProgTypeUnspec BPFProgType = iota
	BPFProgTypeSocketFilter
	BPFProgTypeKprobe
	BPFProgTypeSchedCls
	BPFProgTypeSchedAct
	BPFProgTypeTracepoint
	BPFProgTypeXdp
	BPFProgTypePerfEvent
	BPFProgTypeCgroupSkb
	BPFProgTypeCgroupSock
	BPFProgTypeLwtIn
	BPFProgTypeLwtOut
	BPFProgTypeLwtXmit
	BPFProgTypeSockOps
	BPFProgTypeSkSkb
	BPFProgTypeCgroupDevice
	BPFProgTypeSkMsg
	BPFProgTypeRawTracepoint
	BPFProgTypeCgroupSockAddr
	BPFProgTypeLwtSeg6Local
	BPFProgTypeLircMode2
	BPFProgTypeSkReuseport
	BPFProgTypeFlowDissector
	BPFProgTypeCgroupSysctl
	BPFProgTypeRawTracepointWritable
	BPFProgTypeCgroupSockopt
	BPFProgTypeTracing
	BPFProgTypeStructOps
	BPFProgTypeExt
	BPFProgTypeLsm
	BPFProgTypeSkLookup
	BPFProgTypeSyscall
)

func ParseBPFProgType 

func ParseBPFProgType(rawValue uint64) (BPFProgType, error)

func (BPFProgType) String added in v0.4.3 

func (b BPFProgType) String() string

func (BPFProgType) Value added in v0.4.3 

func (b BPFProgType) Value() uint64

type CapabilityFlagArgument 

type CapabilityFlagArgument uint64
const (
	CAP_CHOWN CapabilityFlagArgument = iota
	CAP_DAC_OVERRIDE
	CAP_DAC_READ_SEARCH
	CAP_FOWNER
	CAP_FSETID
	CAP_KILL
	CAP_SETGID
	CAP_SETUID
	CAP_SETPCAP
	CAP_LINUX_IMMUTABLE
	CAP_NET_BIND_SERVICE
	CAP_NET_BROADCAST
	CAP_NET_ADMIN
	CAP_NET_RAW
	CAP_IPC_LOCK
	CAP_IPC_OWNER
	CAP_SYS_MODULE
	CAP_SYS_RAWIO
	CAP_SYS_CHROOT
	CAP_SYS_PTRACE
	CAP_SYS_PACCT
	CAP_SYS_ADMIN
	CAP_SYS_BOOT
	CAP_SYS_NICE
	CAP_SYS_RESOURCE
	CAP_SYS_TIME
	CAP_SYS_TTY_CONFIG
	CAP_MKNOD
	CAP_LEASE
	CAP_AUDIT_WRITE
	CAP_AUDIT_CONTROL
	CAP_SETFCAP
	CAP_MAC_OVERRIDE
	CAP_MAC_ADMIN
	CAP_SYSLOG
	CAP_WAKE_ALARM
	CAP_BLOCK_SUSPEND
	CAP_AUDIT_READ
)

func ParseCapability 

func ParseCapability(rawValue uint64) (CapabilityFlagArgument, error)

ParseCapability parses the `capability` bitmask argument of the `cap_capable` function

func (CapabilityFlagArgument) String 

func (c CapabilityFlagArgument) String() string

func (CapabilityFlagArgument) Value 

func (c CapabilityFlagArgument) Value() uint64

type CloneFlagArgument 

type CloneFlagArgument struct {
	// contains filtered or unexported fields
}
var (
	// These values are copied from uapi/linux/sched.h
	CLONE_VM             CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_FS             CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_FILES          CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_SIGHAND        CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_PIDFD          CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_PTRACE         CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_VFORK          CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_PARENT         CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_THREAD         CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_NEWNS          CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_SYSVSEM        CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_SETTLS         CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_PARENT_SETTID  CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_CHILD_CLEARTID CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_DETACHED       CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_UNTRACED       CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_CHILD_SETTID   CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_NEWCGROUP      CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_NEWUTS         CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_NEWIPC         CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_NEWUSER        CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_NEWPID         CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_NEWNET         CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
	CLONE_IO             CloneFlagArgument = CloneFlagArgument{/* contains filtered or unexported fields */}
)

func ParseCloneFlags 

func ParseCloneFlags(rawValue uint64) (CloneFlagArgument, error)

func (CloneFlagArgument) String 

func (c CloneFlagArgument) String() string

func (CloneFlagArgument) Value 

func (c CloneFlagArgument) Value() uint64

type ExecFlagArgument 

type ExecFlagArgument struct {
	// contains filtered or unexported fields
}
var (
	AT_SYMLINK_NOFOLLOW   ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_EACCESS            ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_REMOVEDIR          ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_SYMLINK_FOLLOW     ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_NO_AUTOMOUNT       ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_EMPTY_PATH         ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_STATX_SYNC_TYPE    ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_STATX_SYNC_AS_STAT ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_STATX_FORCE_SYNC   ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_STATX_DONT_SYNC    ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
	AT_RECURSIVE          ExecFlagArgument = ExecFlagArgument{/* contains filtered or unexported fields */}
)

func ParseExecFlag 

func ParseExecFlag(rawValue uint64) (ExecFlagArgument, error)

func (ExecFlagArgument) String 

func (e ExecFlagArgument) String() string

func (ExecFlagArgument) Value 

func (e ExecFlagArgument) Value() uint64

type InodeModeArgument 

type InodeModeArgument struct {
	// contains filtered or unexported fields
}
var (
	S_IFSOCK InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IFLNK  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IFREG  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IFBLK  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IFDIR  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IFCHR  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IFIFO  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IRWXU  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IRUSR  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IWUSR  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IXUSR  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IRWXG  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IRGRP  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IWGRP  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IXGRP  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IRWXO  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IROTH  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IWOTH  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
	S_IXOTH  InodeModeArgument = InodeModeArgument{/* contains filtered or unexported fields */}
)

func ParseInodeMode 

func ParseInodeMode(rawValue uint64) (InodeModeArgument, error)

func (InodeModeArgument) String 

func (mode InodeModeArgument) String() string

func (InodeModeArgument) Value 

func (mode InodeModeArgument) Value() uint64

type KernelConfig 

type KernelConfig struct {
	// contains filtered or unexported fields
}

KernelConfig is a set of kernel configuration options (currently for running OS only)

func InitKernelConfig 

func InitKernelConfig() (*KernelConfig, error)

InitKernelConfig inits external KernelConfig object

func (*KernelConfig) AddCustomKernelConfig 

func (k *KernelConfig) AddCustomKernelConfig(key KernelConfigOption, value string) error

AddCustomKernelConfig allows user to extend list of possible existing kconfigs to be parsed from kConfigFilePath

func (*KernelConfig) AddNeeded 

func (k *KernelConfig) AddNeeded(option KernelConfigOption, value interface{})

AddNeeded adds a KernelConfigOption and its value, if needed, as required for further checks with CheckMissing

Examples: kernelConfig.AddNeeded(helpers.CONFIG_BPF, helpers.ANY) kernelConfig.AddNeeded(helpers.CONFIG_BPF_PRELOAD, helpers.ANY) kernelConfig.AddNeeded(helpers.CONFIG_HZ, "250")

func (*KernelConfig) CheckMissing 

func (k *KernelConfig) CheckMissing() []KernelConfigOption

CheckMissing returns an array of KernelConfigOption's that were added to KernelConfig as needed but couldn't be found. It returns an empty array if nothing is missing.

func (*KernelConfig) Exists 

func (k *KernelConfig) Exists(option KernelConfigOption) bool

Exists will return true if a given KernelConfigOption was found in provided KernelConfig and it will return false if the KernelConfigOption is not set (# XXXXX is not set)

Examples: kernelConfig.Exists(helpers.CONFIG_BPF) kernelConfig.Exists(helpers.CONFIG_BPF_PRELOAD) kernelConfig.Exists(helpers.CONFIG_HZ)

func (*KernelConfig) ExistsValue 

func (k *KernelConfig) ExistsValue(option KernelConfigOption, value interface{}) bool

ExistsValue will return true if a given KernelConfigOption was found in provided KernelConfig AND its value is the same as the one provided by KernelConfigOptionValue

func (*KernelConfig) GetKernelConfigFilePath 

func (k *KernelConfig) GetKernelConfigFilePath() string

GetKernelConfigFilePath gives the kconfig file chosen by InitKernelConfig during initialization

func (*KernelConfig) GetValue 

func (k *KernelConfig) GetValue(option KernelConfigOption) KernelConfigOptionValue

GetValue will return a KernelConfigOptionValue for a given KernelConfigOption when this is a BUILTIN or a MODULE

func (*KernelConfig) GetValueString 

func (k *KernelConfig) GetValueString(option KernelConfigOption) (string, error)

GetValueString will return a KernelConfigOptionValue for a given KernelConfigOption when this is actually a string

func (*KernelConfig) LoadKernelConfig 

func (k *KernelConfig) LoadKernelConfig() error

LoadKernelConfig will (re)read kconfig file (likely after AddCustomKernelConfig was called)

type KernelConfigOption 

type KernelConfigOption uint32

KernelConfigOption is an abstraction of the key in key=value syntax of the kernel config file 

const (
	CONFIG_BPF KernelConfigOption = iota + 1
	CONFIG_BPF_SYSCALL
	CONFIG_HAVE_EBPF_JIT
	CONFIG_BPF_JIT
	CONFIG_BPF_JIT_ALWAYS_ON
	CONFIG_CGROUPS
	CONFIG_CGROUP_BPF
	CONFIG_CGROUP_NET_CLASSID
	CONFIG_SOCK_CGROUP_DATA
	CONFIG_BPF_EVENTS
	CONFIG_KPROBE_EVENTS
	CONFIG_UPROBE_EVENTS
	CONFIG_TRACING
	CONFIG_FTRACE_SYSCALLS
	CONFIG_FUNCTION_ERROR_INJECTION
	CONFIG_BPF_KPROBE_OVERRIDE
	CONFIG_NET
	CONFIG_XDP_SOCKETS
	CONFIG_LWTUNNEL_BPF
	CONFIG_NET_ACT_BPF
	CONFIG_NET_CLS_BPF
	CONFIG_NET_CLS_ACT
	CONFIG_NET_SCH_INGRESS
	CONFIG_XFRM
	CONFIG_IP_ROUTE_CLASSID
	CONFIG_IPV6_SEG6_BPF
	CONFIG_BPF_LIRC_MODE2
	CONFIG_BPF_STREAM_PARSER
	CONFIG_NETFILTER_XT_MATCH_BPF
	CONFIG_BPFILTER
	CONFIG_BPFILTER_UMH
	CONFIG_TEST_BPF
	CONFIG_HZ
	CONFIG_DEBUG_INFO_BTF
	CONFIG_DEBUG_INFO_BTF_MODULES
	CONFIG_BPF_LSM
	CONFIG_BPF_PRELOAD
	CONFIG_BPF_PRELOAD_UMD
	CUSTOM_OPTION_START KernelConfigOption = 1000
)

func (KernelConfigOption) String 

func (k KernelConfigOption) String() string

type KernelConfigOptionValue 

type KernelConfigOptionValue uint8

KernelConfigOptionValue is an abstraction of the value in key=value syntax of kernel config file 

const (
	UNDEFINED KernelConfigOptionValue = iota
	BUILTIN
	MODULE
	STRING
	ANY
)

func (KernelConfigOptionValue) String 

func (k KernelConfigOptionValue) String() string

type KernelSymbol 

type KernelSymbol struct {
	Name    string
	Type    string
	Address uint64
	Owner   string
}

type KernelSymbolTable 

type KernelSymbolTable struct {
	// contains filtered or unexported fields
}

func NewKernelSymbolsMap 

func NewKernelSymbolsMap() (*KernelSymbolTable, error)

NewKernelSymbolsMap initiates the kernel symbol map by parsing the /proc/kallsyms file. * each line contains the symbol's address, segment type, name, module owner (which can be empty in case the symbol is owned by the system) * Note: the key of the map is the symbol owner and the symbol name (with undercase between them)

func (*KernelSymbolTable) GetSymbolByAddr 

func (k *KernelSymbolTable) GetSymbolByAddr(addr uint64) (*KernelSymbol, error)

GetSymbolByAddr returns a symbol by a given address

func (*KernelSymbolTable) GetSymbolByName 

func (k *KernelSymbolTable) GetSymbolByName(owner string, name string) (*KernelSymbol, error)

GetSymbolByName returns a symbol by a given name and owner

func (*KernelSymbolTable) TextSegmentContains 

func (k *KernelSymbolTable) TextSegmentContains(addr uint64) (bool, error)

TextSegmentContains checks if a given address is in the kernel text segment by comparing it to the kernel text segment address boundaries

type KernelVersionComparison 

type KernelVersionComparison int
const (
	KernelVersionInvalid KernelVersionComparison = iota - 1
	KernelVersionEqual
	KernelVersionOlder
	KernelVersionNewer
)

func CompareKernelRelease 

func CompareKernelRelease(base, given string) (KernelVersionComparison, error)

CompareKernelRelease will compare two given kernel version/release strings and returns a KernelVersionComparison constant that shows the relationship of the given kernel version to the base. For example CompareKernelRelease("5.8.1", "4.12.3") == KernelVersionOlder because 4.12.3 is older than 5.8.1

It also returns an error incase of a malformed kernel version.

Consumers should use the constants defined in this package for checking the results: KernelVersionOlder, KernelVersionEqual, KernelVersionNewer

Examples of $(uname -r):

5.11.0-31-generic (ubuntu) 4.18.0-305.12.1.el8_4.x86_64 (alma) 4.18.0-338.el8.x86_64 (stream8) 4.18.0-305.7.1.el8_4.centos.x86_64 (centos) 4.18.0-305.7.1.el8_4.centos.plus.x86_64 (centos + plus repo) 5.13.13-arch1-1 (archlinux)

type LockdownMode 

type LockdownMode int32
const (
	NOVALUE LockdownMode = iota
	NONE
	INTEGRITY
	CONFIDENTIALITY
)

func Lockdown 

func Lockdown() (LockdownMode, error)

func (LockdownMode) String 

func (l LockdownMode) String() string

type MmapFlagArgument added in v0.4.5 

type MmapFlagArgument struct {
	// contains filtered or unexported fields
}
var (
	MapShared         MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapPrivate        MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapSharedValidate MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapType           MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapFixed          MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapAnonymous      MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapPopulate       MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapNonblock       MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapStack          MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapHugetlb        MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapSync           MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapFixedNoreplace MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapGrowsdown      MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapDenywrite      MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapExecutable     MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapLocked         MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapNoreserve      MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapFile           MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapHuge2MB        MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapHuge1GB        MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
	MapSYNC           MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
)
var (
	Map32bit MmapFlagArgument = MmapFlagArgument{/* contains filtered or unexported fields */}
)

func ParseMmapFlags added in v0.4.5 

func ParseMmapFlags(rawValue uint64) MmapFlagArgument

ParseMmapFlags parses the `flags` bitmask argument of the `mmap` syscall http://man7.org/linux/man-pages/man2/mmap.2.html https://elixir.bootlin.com/linux/v5.5.3/source/include/uapi/asm-generic/mman-common.h#L19

func (MmapFlagArgument) String added in v0.4.5 

func (mf MmapFlagArgument) String() string

func (MmapFlagArgument) Value added in v0.4.5 

func (mf MmapFlagArgument) Value() uint64

type MmapProtArgument 

type MmapProtArgument struct {
	// contains filtered or unexported fields
}
var (
	PROT_READ      MmapProtArgument = MmapProtArgument{/* contains filtered or unexported fields */}
	PROT_WRITE     MmapProtArgument = MmapProtArgument{/* contains filtered or unexported fields */}
	PROT_EXEC      MmapProtArgument = MmapProtArgument{/* contains filtered or unexported fields */}
	PROT_SEM       MmapProtArgument = MmapProtArgument{/* contains filtered or unexported fields */}
	PROT_NONE      MmapProtArgument = MmapProtArgument{/* contains filtered or unexported fields */}
	PROT_GROWSDOWN MmapProtArgument = MmapProtArgument{/* contains filtered or unexported fields */}
	PROT_GROWSUP   MmapProtArgument = MmapProtArgument{/* contains filtered or unexported fields */}
)

func ParseMmapProt 

func ParseMmapProt(rawValue uint64) MmapProtArgument

ParseMmapProt parses the `prot` bitmask argument of the `mmap` syscall http://man7.org/linux/man-pages/man2/mmap.2.html https://elixir.bootlin.com/linux/v5.5.3/source/include/uapi/asm-generic/mman-common.h#L10

func (MmapProtArgument) String 

func (p MmapProtArgument) String() string

func (MmapProtArgument) Value 

func (p MmapProtArgument) Value() uint64

type OSInfo 

type OSInfo struct {
	// contains filtered or unexported fields
}

OSInfo object contains all OS relevant information

OSRelease is relevant to examples such as: 1) OSInfo.OSReleaseInfo[helpers.OS_KERNEL_RELEASE] => will provide $(uname -r) string 2) if OSInfo.GetReleaseID() == helpers.UBUNTU => {} will allow running code in specific distribution

func GetOSInfo 

func GetOSInfo() (*OSInfo, error)

GetOSInfo creates a OSInfo object and runs discoverOSDistro() on its creation

func (*OSInfo) CompareOSBaseKernelRelease 

func (btfi *OSInfo) CompareOSBaseKernelRelease(version string) (KernelVersionComparison, error)

CompareOSBaseKernelRelease will compare a given kernel version/release string to the current running version and returns a KernelVersionComparison constant that shows the relationship of the given kernel version to the running kernel.

For example, if the running kernel is 5.18.0 and pass "4.3.2", the result would be KernelVersionOlder because 4.3.2 is older than the running kernel

Consumers should use the constants defined in this package for checking the results: KernelVersionOlder, KernelVersionEqual, KernelVersionNewer

func (*OSInfo) GetOSReleaseAllFieldValues 

func (btfi *OSInfo) GetOSReleaseAllFieldValues() map[OSReleaseField]string

GetOSReleaseAllFieldValues allows user to dump, as strings, the existing OSReleaseField's and its values

func (*OSInfo) GetOSReleaseFieldValue 

func (btfi *OSInfo) GetOSReleaseFieldValue(value OSReleaseField) string

GetOSReleaseFieldValue provides access to internal OSInfo OSReleaseField's

func (*OSInfo) GetOSReleaseFilePath 

func (btfi *OSInfo) GetOSReleaseFilePath() string

GetOSReleaseFilePath provides the path for the used os-release file as it might not necessarily be /etc/os-release, depending on the environment variable

func (*OSInfo) GetOSReleaseID 

func (btfi *OSInfo) GetOSReleaseID() OSReleaseID

GetOSReleaseID provides the ID of current Linux distribution

type OSReleaseField 

type OSReleaseField uint32
const (
	OS_NAME OSReleaseField = iota + 0
	OS_ID
	OS_ID_LIKE
	OS_PRETTY_NAME
	OS_VARIANT
	OS_VARIANT_ID
	OS_VERSION
	OS_VERSION_ID
	OS_VERSION_CODENAME
	OS_BUILD_ID
	OS_IMAGE_ID
	OS_IMAGE_VERSION
	// not part of default os-release:
	OS_KERNEL_RELEASE
	OS_ARCH
)

func (OSReleaseField) String 

func (o OSReleaseField) String() string

type OSReleaseID 

type OSReleaseID uint32
const (
	UBUNTU OSReleaseID = iota + 1
	FEDORA
	ARCH
	DEBIAN
	CENTOS
	STREAM
	ALMA
)

func (OSReleaseID) String 

func (o OSReleaseID) String() string

type OpenFlagArgument 

type OpenFlagArgument struct {
	// contains filtered or unexported fields
}
var (
	// These values are copied from uapi/asm-generic/fcntl.h
	O_ACCMODE   OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_RDONLY    OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_WRONLY    OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_RDWR      OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_CREAT     OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_EXCL      OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_NOCTTY    OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_TRUNC     OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_APPEND    OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_NONBLOCK  OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_DSYNC     OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_SYNC      OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	FASYNC      OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_DIRECT    OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_LARGEFILE OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_DIRECTORY OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_NOFOLLOW  OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_NOATIME   OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_CLOEXEC   OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_PATH      OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
	O_TMPFILE   OpenFlagArgument = OpenFlagArgument{/* contains filtered or unexported fields */}
)

func ParseOpenFlagArgument 

func ParseOpenFlagArgument(rawValue uint64) (OpenFlagArgument, error)

ParseOpenFlagArgument parses the `flags` bitmask argument of the `open` syscall http://man7.org/linux/man-pages/man2/open.2.html https://elixir.bootlin.com/linux/v5.5.3/source/include/uapi/asm-generic/fcntl.h

func (OpenFlagArgument) String 

func (o OpenFlagArgument) String() string

func (OpenFlagArgument) Value 

func (o OpenFlagArgument) Value() uint64

type PrctlOptionArgument 

type PrctlOptionArgument uint64
const (
	PR_SET_PDEATHSIG PrctlOptionArgument = iota + 1
	PR_GET_PDEATHSIG
	PR_GET_DUMPABLE
	PR_SET_DUMPABLE
	PR_GET_UNALIGN
	PR_SET_UNALIGN
	PR_GET_KEEPCAPS
	PR_SET_KEEPCAPS
	PR_GET_FPEMU
	PR_SET_FPEMU
	PR_GET_FPEXC
	PR_SET_FPEXC
	PR_GET_TIMING
	PR_SET_TIMING
	PR_SET_NAME
	PR_GET_NAME
	PR_GET_ENDIAN
	PR_SET_ENDIAN
	PR_GET_SECCOMP
	PR_SET_SECCOMP
	PR_CAPBSET_READ
	PR_CAPBSET_DROP
	PR_GET_TSC
	PR_SET_TSC
	PR_GET_SECUREBITS
	PR_SET_SECUREBITS
	PR_SET_TIMERSLACK
	PR_GET_TIMERSLACK
	PR_TASK_PERF_EVENTS_DISABLE
	PR_TASK_PERF_EVENTS_ENABLE
	PR_MCE_KILL
	PR_MCE_KILL_GET
	PR_SET_MM
	PR_SET_CHILD_SUBREAPER
	PR_GET_CHILD_SUBREAPER
	PR_SET_NO_NEW_PRIVS
	PR_GET_NO_NEW_PRIVS
	PR_GET_TID_ADDRESS
	PR_SET_THP_DISABLE
	PR_GET_THP_DISABLE
	PR_MPX_ENABLE_MANAGEMENT
	PR_MPX_DISABLE_MANAGEMENT
	PR_SET_FP_MODE
	PR_GET_FP_MODE
	PR_CAP_AMBIENT
	PR_SVE_SET_VL
	PR_SVE_GET_VL
	PR_GET_SPECULATION_CTRL
	PR_SET_SPECULATION_CTRL
	PR_PAC_RESET_KEYS
	PR_SET_TAGGED_ADDR_CTRL
	PR_GET_TAGGED_ADDR_CTRL
)

func ParsePrctlOption 

func ParsePrctlOption(rawValue uint64) (PrctlOptionArgument, error)

ParsePrctlOption parses the `option` argument of the `prctl` syscall http://man7.org/linux/man-pages/man2/prctl.2.html

func (PrctlOptionArgument) String 

func (p PrctlOptionArgument) String() string

func (PrctlOptionArgument) Value 

func (p PrctlOptionArgument) Value() uint64

type PtraceRequestArgument 

type PtraceRequestArgument uint64
var (
	PTRACE_TRACEME              PtraceRequestArgument = 0
	PTRACE_PEEKTEXT             PtraceRequestArgument = 1
	PTRACE_PEEKDATA             PtraceRequestArgument = 2
	PTRACE_PEEKUSER             PtraceRequestArgument = 3
	PTRACE_POKETEXT             PtraceRequestArgument = 4
	PTRACE_POKEDATA             PtraceRequestArgument = 5
	PTRACE_POKEUSER             PtraceRequestArgument = 6
	PTRACE_CONT                 PtraceRequestArgument = 7
	PTRACE_KILL                 PtraceRequestArgument = 8
	PTRACE_SINGLESTEP           PtraceRequestArgument = 9
	PTRACE_GETREGS              PtraceRequestArgument = 12
	PTRACE_SETREGS              PtraceRequestArgument = 13
	PTRACE_GETFPREGS            PtraceRequestArgument = 14
	PTRACE_SETFPREGS            PtraceRequestArgument = 15
	PTRACE_ATTACH               PtraceRequestArgument = 16
	PTRACE_DETACH               PtraceRequestArgument = 17
	PTRACE_GETFPXREGS           PtraceRequestArgument = 18
	PTRACE_SETFPXREGS           PtraceRequestArgument = 19
	PTRACE_SYSCALL              PtraceRequestArgument = 24
	PTRACE_SETOPTIONS           PtraceRequestArgument = 0x4200
	PTRACE_GETEVENTMSG          PtraceRequestArgument = 0x4201
	PTRACE_GETSIGINFO           PtraceRequestArgument = 0x4202
	PTRACE_SETSIGINFO           PtraceRequestArgument = 0x4203
	PTRACE_GETREGSET            PtraceRequestArgument = 0x4204
	PTRACE_SETREGSET            PtraceRequestArgument = 0x4205
	PTRACE_SEIZE                PtraceRequestArgument = 0x4206
	PTRACE_INTERRUPT            PtraceRequestArgument = 0x4207
	PTRACE_LISTEN               PtraceRequestArgument = 0x4208
	PTRACE_PEEKSIGINFO          PtraceRequestArgument = 0x4209
	PTRACE_GETSIGMASK           PtraceRequestArgument = 0x420a
	PTRACE_SETSIGMASK           PtraceRequestArgument = 0x420b
	PTRACE_SECCOMP_GET_FILTER   PtraceRequestArgument = 0x420c
	PTRACE_SECCOMP_GET_METADATA PtraceRequestArgument = 0x420d
	PTRACE_GET_SYSCALL_INFO     PtraceRequestArgument = 0x420e
)

func ParsePtraceRequestArgument 

func ParsePtraceRequestArgument(rawValue uint64) (PtraceRequestArgument, error)

func (PtraceRequestArgument) String 

func (p PtraceRequestArgument) String() string

func (PtraceRequestArgument) Value 

func (p PtraceRequestArgument) Value() uint64

type SocketDomainArgument 

type SocketDomainArgument uint64
const (
	AF_UNSPEC SocketDomainArgument = iota
	AF_UNIX
	AF_INET
	AF_AX25
	AF_IPX
	AF_APPLETALK
	AF_NETROM
	AF_BRIDGE
	AF_ATMPVC
	AF_X25
	AF_INET6
	AF_ROSE
	AF_DECnet
	AF_NETBEUI
	AF_SECURITY
	AF_KEY
	AF_NETLINK
	AF_PACKET
	AF_ASH
	AF_ECONET
	AF_ATMSVC
	AF_RDS
	AF_SNA
	AF_IRDA
	AF_PPPOX
	AF_WANPIPE
	AF_LLC
	AF_IB
	AF_MPLS
	AF_CAN
	AF_TIPC
	AF_BLUETOOTH
	AF_IUCV
	AF_RXRPC
	AF_ISDN
	AF_PHONET
	AF_IEEE802154
	AF_CAIF
	AF_ALG
	AF_NFC
	AF_VSOCK
	AF_KCM
	AF_QIPCRTR
	AF_SMC
	AF_XDP
)

func ParseSocketDomainArgument 

func ParseSocketDomainArgument(rawValue uint64) (SocketDomainArgument, error)

func (SocketDomainArgument) String 

func (s SocketDomainArgument) String() string

String parses the `domain` bitmask argument of the `socket` syscall http://man7.org/linux/man-pages/man2/socket.2.html

func (SocketDomainArgument) Value 

func (s SocketDomainArgument) Value() uint64

type SocketLevelArgument 

type SocketLevelArgument uint64
const (
	SOL_SOCKET   SocketLevelArgument = unix.SOL_SOCKET
	SOL_AAL      SocketLevelArgument = unix.SOL_AAL
	SOL_ALG      SocketLevelArgument = unix.SOL_ALG
	SOL_ATM      SocketLevelArgument = unix.SOL_ATM
	SOL_CAIF     SocketLevelArgument = unix.SOL_CAIF
	SOL_CAN_BASE SocketLevelArgument = unix.SOL_CAN_BASE
	SOL_CAN_RAW  SocketLevelArgument = unix.SOL_CAN_RAW
	SOL_DCCP     SocketLevelArgument = unix.SOL_DCCP
	SOL_DECNET   SocketLevelArgument = unix.SOL_DECNET
	SOL_ICMPV6   SocketLevelArgument = unix.SOL_ICMPV6
	SOL_IP       SocketLevelArgument = unix.SOL_IP
	SOL_IPV6     SocketLevelArgument = unix.SOL_IPV6
	SOL_IRDA     SocketLevelArgument = unix.SOL_IRDA
	SOL_IUCV     SocketLevelArgument = unix.SOL_IUCV
	SOL_KCM      SocketLevelArgument = unix.SOL_KCM
	SOL_LLC      SocketLevelArgument = unix.SOL_LLC
	SOL_NETBEUI  SocketLevelArgument = unix.SOL_NETBEUI
	SOL_NETLINK  SocketLevelArgument = unix.SOL_NETLINK
	SOL_NFC      SocketLevelArgument = unix.SOL_NFC
	SOL_PACKET   SocketLevelArgument = unix.SOL_PACKET
	SOL_PNPIPE   SocketLevelArgument = unix.SOL_PNPIPE
	SOL_PPPOL2TP SocketLevelArgument = unix.SOL_PPPOL2TP
	SOL_RAW      SocketLevelArgument = unix.SOL_RAW
	SOL_RDS      SocketLevelArgument = unix.SOL_RDS
	SOL_RXRPC    SocketLevelArgument = unix.SOL_RXRPC
	SOL_TCP      SocketLevelArgument = unix.SOL_TCP
	SOL_TIPC     SocketLevelArgument = unix.SOL_TIPC
	SOL_TLS      SocketLevelArgument = unix.SOL_TLS
	SOL_X25      SocketLevelArgument = unix.SOL_X25
	SOL_XDP      SocketLevelArgument = unix.SOL_XDP

	// The following are newer, so aren't included in the unix package
	SOL_MCTCP SocketLevelArgument = 284
	SOL_MCTP  SocketLevelArgument = 285
	SOL_SMC   SocketLevelArgument = 286
)

func ParseSocketLevel 

func ParseSocketLevel(rawValue uint64) (SocketLevelArgument, error)

ParseSocketLevel parses the `level` argument of the `setsockopt` and `getsockopt` syscalls. https://man7.org/linux/man-pages/man2/setsockopt.2.html https://elixir.bootlin.com/linux/latest/source/include/linux/socket.h

func (SocketLevelArgument) String 

func (socketLevel SocketLevelArgument) String() string

func (SocketLevelArgument) Value 

func (socketLevel SocketLevelArgument) Value() uint64

type SocketOptionArgument 

type SocketOptionArgument struct {
	// contains filtered or unexported fields
}

func ParseGetSocketOption 

func ParseGetSocketOption(rawValue uint64) (SocketOptionArgument, error)

ParseGetSocketOption parses the `optname` argument of the `getsockopt` syscall. https://man7.org/linux/man-pages/man2/getsockopt.2.html https://elixir.bootlin.com/linux/latest/source/include/uapi/asm-generic/socket.h

func ParseSetSocketOption 

func ParseSetSocketOption(rawValue uint64) (SocketOptionArgument, error)

ParseSetSocketOption parses the `optname` argument of the `setsockopt` syscall. https://man7.org/linux/man-pages/man2/setsockopt.2.html https://elixir.bootlin.com/linux/latest/source/include/uapi/asm-generic/socket.h

func (SocketOptionArgument) String 

func (socketOption SocketOptionArgument) String() string

func (SocketOptionArgument) Value 

func (socketOption SocketOptionArgument) Value() uint64

type SocketTypeArgument 

type SocketTypeArgument struct {
	// contains filtered or unexported fields
}
var (
	SOCK_STREAM    SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
	SOCK_DGRAM     SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
	SOCK_RAW       SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
	SOCK_RDM       SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
	SOCK_SEQPACKET SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
	SOCK_DCCP      SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
	SOCK_PACKET    SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
	SOCK_NONBLOCK  SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
	SOCK_CLOEXEC   SocketTypeArgument = SocketTypeArgument{/* contains filtered or unexported fields */}
)

func ParseSocketType 

func ParseSocketType(rawValue uint64) (SocketTypeArgument, error)

ParseSocketType parses the `type` bitmask argument of the `socket` syscall http://man7.org/linux/man-pages/man2/socket.2.html

func (SocketTypeArgument) String 

func (s SocketTypeArgument) String() string

func (SocketTypeArgument) Value 

func (s SocketTypeArgument) Value() uint64

type SystemFunctionArgument 

type SystemFunctionArgument interface {
	fmt.Stringer
	Value() uint64
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.