helpers

package
v0.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetFamilyFromRawAddr 

func GetFamilyFromRawAddr(addr map[string]string) (string, error)

func GetIPFromRawAddr 

func GetIPFromRawAddr(addr map[string]string) (string, error)

func GetPacketMetadata added in v0.17.2 

func GetPacketMetadata(
	event trace.Event,
	argName string) (
	trace.PacketMetadata,
	error)

GetPacketMetadata converts json to PacketMetadata

func GetPathFromRawAddr 

func GetPathFromRawAddr(addr map[string]string) (string, error)

func GetPortFromRawAddr 

func GetPortFromRawAddr(addr map[string]string) (string, error)

func GetProtoDNSByName 

func GetProtoDNSByName(
	event trace.Event,
	argName string,
) (
	trace.ProtoDNS, error,
)

GetProtoDNSByName converts json to ProtoDNS

func GetProtoHTTPByName 

func GetProtoHTTPByName(
	event trace.Event,
	argName string,
) (
	trace.ProtoHTTP, error,
)

func GetProtoICMPByName 

func GetProtoICMPByName(
	event trace.Event, argName string) (
	trace.ProtoICMP, error)

GetProtoICMPByName converts json to ProtoICMP

func GetProtoICMPv6ByName 

func GetProtoICMPv6ByName(
	event trace.Event,
	argName string) (
	trace.ProtoICMPv6,
	error)

GetProtoICMPv6ByName converts json to ProtoICMPv6

func GetProtoIPv4ByName 

func GetProtoIPv4ByName(
	event trace.Event,
	argName string) (
	trace.ProtoIPv4,
	error)

GetProtoIPv4ByName converts json to ProtoIPv4

func GetProtoIPv6ByName 

func GetProtoIPv6ByName(
	event trace.Event,
	argName string) (
	trace.ProtoIPv6,
	error)

GetProtoIPv6ByName converts json to ProtoIPv6

func GetProtoTCPByName 

func GetProtoTCPByName(
	event trace.Event, argName string) (
	trace.ProtoTCP, error)

GetProtoTCPByName converts json to ProtoTCP

func GetProtoUDPByName 

func GetProtoUDPByName(
	event trace.Event, argName string) (
	trace.ProtoUDP, error)

GetProtoUDPByName converts json to ProtoUDP

func GetRawAddrArgumentByName 

func GetRawAddrArgumentByName(event trace.Event, argName string) (map[string]string, error)

GetRawAddrArgumentByName returns map[string]string of addr argument

func GetTrackerArgumentByName 

func GetTrackerArgumentByName(event trace.Event, argName string, opts GetArgOps) (trace.Argument, error)

GetTrackerArgumentByName fetches the argument in event with `Name` that matches argName

func GetTrackerBytesSliceArgumentByName 

func GetTrackerBytesSliceArgumentByName(event trace.Event, argName string) ([]byte, error)

GetTrackerBytesSliceArgumentByName gets the argument matching the "argName" given from the event "argv" field, casted as []byte.

func GetTrackerHookedSymbolDataArgumentByName 

func GetTrackerHookedSymbolDataArgumentByName(event trace.Event, argName string) ([]trace.HookedSymbolData, error)

GetTrackerHookedSymbolDataArgumentByName returns []trace.HookedSymbolData of hooked symbols for arg

func GetTrackerIntArgumentByName 

func GetTrackerIntArgumentByName(event trace.Event, argName string) (int, error)

GetTrackerIntArgumentByName gets the argument matching the "argName" given from the event "argv" field, casted as int.

func GetTrackerSliceStringArgumentByName 

func GetTrackerSliceStringArgumentByName(event trace.Event, argName string) ([]string, error)

GetTrackerSliceStringArgumentByName gets the argument matching the "argName" given from the event "argv" field, casted as []string.

func GetTrackerStringArgumentByName 

func GetTrackerStringArgumentByName(event trace.Event, argName string) (string, error)

GetTrackerStringArgumentByName gets the argument matching the "argName" given from the event "argv" field, casted as string.

func IsElf 

func IsElf(bytesArray []byte) bool

IsElf checks if the file starts with an ELF magic.

func IsFileRead 

func IsFileRead(flags string) bool

IsFileRead returns whether the passed file permissions string contains o_rdonly or o_rdwr

func IsFileWrite 

func IsFileWrite(flags string) bool

IsFileWrite returns whether the passed file permissions string contains o_wronly or o_rdwr

func IsInternetFamily 

func IsInternetFamily(addr map[string]string) (bool, error)

func IsMemoryPath 

func IsMemoryPath(pathname string) bool

IsMemoryPath checks if a given file path is located under "memfd", "/run/shm/" or "/dev/shm/".

func IsUnixFamily 

func IsUnixFamily(addr map[string]string) (bool, error)

Types

type GetArgOps 

type GetArgOps struct {
	DefaultArgs bool // Receive default args value (value equals 'nil'). If set to false, will return error if arg not initialized.
}

GetArgOps represents options for arguments getters

type ProcessTreeDS added in v0.17.2 

type ProcessTreeDS struct {
	// contains filtered or unexported fields
}

ProcessTreeDS is an envelope to the process tree datasource API, to make it intuitive and easy to use.

func GetProcessTreeDataSource added in v0.17.2 

func GetProcessTreeDataSource(ctx detect.SignatureContext) (*ProcessTreeDS, error)

GetProcessTreeDataSource init a datasource envelopment instance using the context all signatures are initialized with. This is the recommended way to initialize an instance, as it simpler to use.

func InitProcessTreeDS added in v0.17.2 

func InitProcessTreeDS(ds detect.DataSource) *ProcessTreeDS

InitProcessTreeDS init a datasource envelopment instance with the process tree datasource.

func (*ProcessTreeDS) GetEventProcessInfo added in v0.17.2 

func (ptds *ProcessTreeDS) GetEventProcessInfo(eventObj *trace.Event) (
	*datasource.TimeRelevantInfo[datasource.ProcessInfo], error,
)

GetEventProcessInfo get the information of the process emitting the current event

func (*ProcessTreeDS) GetEventProcessLineage added in v0.17.2 

func (ptds *ProcessTreeDS) GetEventProcessLineage(
	eventObj *trace.Event,
	maxDepth int,
) (*datasource.ProcessLineage, error)

GetEventProcessLineage get the process lineage information of the process emitting the current event.

func (*ProcessTreeDS) GetEventThreadInfo added in v0.17.2 

func (ptds *ProcessTreeDS) GetEventThreadInfo(eventObj *trace.Event) (
	*datasource.TimeRelevantInfo[datasource.ThreadInfo], error,
)

GetEventThreadInfo get the information of the thread emitting the current event

func (*ProcessTreeDS) GetProcessInfo added in v0.17.2 

func (ptds *ProcessTreeDS) GetProcessInfo(processKey datasource.ProcKey) (
	*datasource.TimeRelevantInfo[datasource.ProcessInfo], error,
)

GetProcessInfo query the datasource for the information of a specific process.

func (*ProcessTreeDS) GetProcessLineage added in v0.17.2 

func (ptds *ProcessTreeDS) GetProcessLineage(lineageKey datasource.LineageKey) (
	*datasource.ProcessLineage, error,
)

GetProcessLineage query the datasource for the information of the process lineage of a specific process.

func (*ProcessTreeDS) GetThreadInfo added in v0.17.2 

func (ptds *ProcessTreeDS) GetThreadInfo(threadKey datasource.ThreadKey) (
	*datasource.TimeRelevantInfo[datasource.ThreadInfo], error,
)

GetThreadInfo query the datasource for the information of a specific thread.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.