Documentation
¶
Index ¶
- Constants
- func Buffer(p unsafe.Pointer) *byte
- func Context(p unsafe.Pointer) unsafe.Pointer
- func CopyToBuffer(p unsafe.Pointer, b []byte) uint32
- func CopyToBufferAt(p unsafe.Pointer, b []byte, pos uint32) uint32
- func Free(p unsafe.Pointer)
- func MakeBuffer(p unsafe.Pointer, s uint32)
- func NewStateContainer() unsafe.Pointer
- func NextBatch(plgState unsafe.Pointer, openState unsafe.Pointer, data **byte, ...) int32
- func RegisterAsyncExtractors(pluginState unsafe.Pointer, asyncExtractorInfo unsafe.Pointer, ...) int32
- func SetContext(p unsafe.Pointer, ctx unsafe.Pointer)
- type FieldEntry
- type NextFunc
- type PluginExtractStrFunc
- type PluginExtractU64Func
Constants ¶
const ( ScapSuccess int32 = 0 ScapFailure int32 = 1 ScapTimeout int32 = -1 ScapIllegalInput int32 = 3 ScapNotFound int32 = 4 ScapInputTooSmall int32 = 5 ScapEOF int32 = 6 ScapUnexpectedBlock int32 = 7 ScapVersionMismatch int32 = 8 ScapNotSupported int32 = 9 )
SCAP return types
const ( TypeSourcePlugin uint32 = 1 TypeExtractorPlugin uint32 = 2 )
Plugin types
const ( ParamTypeNone uint32 = 0 ParamTypeInt8 uint32 = 1 ParamTypeInt16 uint32 = 2 ParamTypeInt32 uint32 = 3 ParamTypeInt64 uint32 = 4 ParamTypeUintT8 uint32 = 5 ParamTypeUint16 uint32 = 6 ParamTypeUint32 uint32 = 7 ParamTypeUint64 uint32 = 8 ParamTypeCharBuf uint32 = 9 // A printable buffer of bytes, NULL terminated ParamTypeByteBuf uint32 = 10 // A raw buffer of bytes not suitable for printing ParamTypeErrno uint32 = 11 // this is an INT64, but will be interpreted as an error code ParamTypeSockaddr uint32 = 12 // A sockaddr structure, 1byte family + data ParamTypeSocktuple uint32 = 13 // A sockaddr tuple,1byte family + 12byte data + 12byte data ParamTypeFd uint32 = 14 // An fd, 64bit ParamTypePid uint32 = 15 // A pid/tid, 64bit ParamTypeFdlist uint32 = 16 // A list of fds, 16bit count + count * (64bit fd + 16bit flags) ParamTypeFspath uint32 = 17 // A string containing a relative or absolute file system path, null terminated ParamTypeSyscallId uint32 = 18 // A 16bit system call ID. Can be used as a key for the g_syscall_info_table table. ParamTypeSigYype uint32 = 19 // An 8bit signal number ParamTypeRelTime uint32 = 20 // A relative time. Seconds * 10^9 + nanoseconds. 64bit. ParamTypeAbsTime uint32 = 21 // An absolute time interval. Seconds from epoch * 10^9 + nanoseconds. 64bit. ParamTypePort uint32 = 22 // A TCP/UDP prt. 2 bytes. ParamTypeL4Proto uint32 = 23 // A 1 byte IP protocol type. ParamTypeSockfamily uint32 = 24 // A 1 byte socket family. ParamTypeBool uint32 = 25 // A boolean value, 4 bytes. ParamTypeIpv4Addr uint32 = 26 // A 4 byte raw IPv4 address. ParamTypeDyn uint32 = 27 // Type can vary depending on the context. Used for filter fields like evt.rawarg. ParamTypeFlags8 uint32 = 28 // this is an UINT8, but will be interpreted as 8 bit flags. ParamTypeFlags16 uint32 = 29 // this is an UINT16, but will be interpreted as 16 bit flags. ParamTypeFlags32 uint32 = 30 // this is an UINT32, but will be interpreted as 32 bit flags. ParamTypeUid uint32 = 31 // this is an UINT32, MAX_UINT32 will be interpreted as no value. ParamTypeGid uint32 = 32 // this is an UINT32, MAX_UINT32 will be interpreted as no value. ParamTypeDouble uint32 = 33 // this is a double precision floating point number. ParamTypeSigSet uint32 = 34 // sigset_t. I only store the lower UINT32 of it ParamTypeCharBufArray uint32 = 35 // Pointer to an array of strings, exported by the user events decoder. 64bit. For internal use only. ParamTypeCharBufPairArray uint32 = 36 // Pointer to an array of string pairs, exported by the user events decoder. 64bit. For internal use only. ParamTypeIpv4Net uint32 = 37 // An IPv4 network. ParamTypeIpv6Addr uint32 = 38 // A 16 byte raw IPv6 address. ParamTypeIpv6Net uint32 = 39 // An IPv6 network. ParamTypeIpAddr uint32 = 40 // Either an IPv4 or IPv6 address. The length indicates which one it is. ParamTypeIpNet uint32 = 41 // Either an IPv4 or IPv6 network. The length indicates which one it is. ParamTypeMode uint32 = 42 // a 32 bit bitmask to represent file modes. ParamTypeFsRelPath uint32 = 43 // A path relative to a dirfd. ParamTypeMax uint32 = 44 // array size )
const MaxEvtSize uint32 = 65635
const MaxNextBufSize uint32 = 4 * 1024 * 1024
Variables ¶
This section is empty.
Functions ¶
func Buffer ¶
Buffer returns a pointer to the first element of the C buffer belonging to p, if any, assuming p is a state container created with NewStateContainer().
func Context ¶
Context returns a pointer to Go allocated memory, if any, previously assigned into p with SetContext(), assuming p is a state container created with NewStateContainer().
func CopyToBuffer ¶
CopyToBuffer copies bytes from a b into the C buffer belonging to p, assuming p is a state container created with NewStateContainer().
The buffer must be previously created with MakeBuffer(). It returns the number of bytes copied, which will be the minimum of the buffer's size and len(b).
func Free ¶
Free disposes of any C and Go memory assigned to p and finally free P, assuming p is a state container created with NewStateContainer().
func MakeBuffer ¶
MakeBuffer allocates a C buffer of size s into p, assuming p is a state container created with NewStateContainer().
If p contains a previously allocated buffer, it will be freed before creating the new one. Also, passing a zero size allows freeing a previously allocated buffer, if any.
func NewStateContainer ¶
NewStateContainer returns an opaque pointer to a memory container that may be safely passed back and forth to sinsp.
A state container can allocate a byte buffer (sharable to C memory) and reference a Go pointer (suitable for a Go context). Both are persisted in memory until manually freed. A state container must be manually freed by using Free(). It can be either used as the state of a source plugin or an open state of the source plugin.
func NextBatch ¶
func NextBatch(plgState unsafe.Pointer, openState unsafe.Pointer, data **byte, datalen *uint32, nextf NextFunc) int32
NextBatch is an helper function to be used within plugin_next_batch.
func RegisterAsyncExtractors ¶
func RegisterAsyncExtractors( pluginState unsafe.Pointer, asyncExtractorInfo unsafe.Pointer, strExtractorFunc PluginExtractStrFunc, u64ExtractorFunc PluginExtractU64Func, ) int32
RegisterAsyncExtractors is a helper function to be used within plugin_register_async_extractor.
Intended usage as in the following example:
//export plugin_extract_str
func plugin_extract_str(pluginState unsafe.Pointer, evtnum uint64, id uint32, arg *byte, data *byte, datalen uint32) unsafe.Pointer {
...
}
//export plugin_register_async_extractor
func plugin_register_async_extractor(pluginState unsafe.Pointer, asyncExtractorInfo unsafe.Pointer) int32 {
return sinsp.RegisterAsyncExtractors(pluginState, asyncExtractorInfo, plugin_extract_str)
}
func SetContext ¶
SetContext sets the given reference ctx (a pointer to a Go allocated memory) into p, assuming p is a state container created with NewStateContainer().
A previously set reference, if any, is removed from p, making it suitable for garbage collecting.
Types ¶
type FieldEntry ¶
type FieldEntry struct {
Type string `json:"type"`
ID uint32 `json: "ID"`
Name string `json:"name"`
Display string `json:"display"`
Desc string `json:"desc"`
Properties string `json:"properties"`
}
FieldEntry represents a single field entry that an extractor plugin can expose. Should be used when implementing plugin_get_fields().
type NextFunc ¶
type NextFunc func(plgState unsafe.Pointer, openState unsafe.Pointer, data *[]byte, ts *uint64) int32
NextFunc is the function type required by NextBatch().
Source Files