notify

package
Version: v0.0.0-...-ffdf440 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 12, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AllFModes

func AllFModes() []string

AllFModes returns all available fmodes as string values.

func Run

func Run(ctx context.Context, config *Config, eventCh chan<- *Event)

Run starts compiling eBPF code and then notifying of file updates.

Types

type Config

type Config struct {
	ExclComms        []string
	InclFModes       FMode
	InclPathPrefixes []string
	InclFullNames    []string
	InclExts         []string
	InclMntPaths     []string
	MaxMntDepth      int
	MaxDirDepth      int
	BpfDebug         uint
	Quit             bool
	Log              *zap.Logger
}

Config configures parameters to filter what to be notified.

func (*Config) SetModesFromString

func (c *Config) SetModesFromString(inclFModes []string) error

SetModesFromString sets InclFModes field using string representation.

type Event

type Event struct {
	EvtType       EventType
	Pid           uint32
	Comm          string
	MntPath       string
	PathFromMount string
	Name          string
	FMode         FMode
}

Event tells the details of notification.

type EventType

type EventType uint64

EventType is an event type eBPF notfies.

const (
	EventTypeClose EventType = 0x1 << iota
	EventTypeUnlink
	EventTypeRenameSrc
	EventTypeRenameDest
	EventTypeChmod
	EventTypeChown
	EventTypeSync
	EventTypeSyncfs
	EventTypeFsync
	EventTypeTruncate
	EventTypeLink
	EventTypeSymlink
)

Event type to be notified.

type FMode

type FMode uint32

FMode corresponds to Linux kernel's f_mode, which tells what operation can perform for an open file.

const (
	FModeRead FMode = 0x1 << iota
	FModeWrite
	FModeLseek
	FModePread
	FModePwrite
	FModeExec
	FModeNdelay
	FModeExcl
	FModeWriteIoctl
	FMode32bithash
	FMode64bithash
)

FMode for closing files.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL