github.com/DataDog/datadog-agent/pkg/security/secl@v0.55.0-devel.0.20240517055856-10c4965fea94/model/consts_common.go (about) 1 // Unless explicitly stated otherwise all files in this repository are licensed 2 // under the Apache License Version 2.0. 3 // This product includes software developed at Datadog (https://www.datadoghq.com/). 4 // Copyright 2016-present Datadog, Inc. 5 6 // Package model holds model related files 7 package model 8 9 import ( 10 "crypto/sha256" 11 "fmt" 12 "math" 13 "math/bits" 14 "sort" 15 "strings" 16 "sync" 17 "syscall" 18 19 "github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval" 20 "github.com/DataDog/datadog-agent/pkg/security/secl/model/usersession" 21 22 lru "github.com/hashicorp/golang-lru/v2" 23 ) 24 25 const ( 26 // MaxSegmentLength defines the maximum length of each segment of a path 27 MaxSegmentLength = 255 28 29 // MaxPathDepth defines the maximum depth of a path 30 // see pkg/security/ebpf/c/dentry_resolver.h: DR_MAX_TAIL_CALL * DR_MAX_ITERATION_DEPTH 31 MaxPathDepth = 1363 32 33 // MaxBpfObjName defines the maximum length of a Bpf object name 34 MaxBpfObjName = 16 35 36 // PathSuffix defines the suffix used for path fields 37 PathSuffix = ".path" 38 39 // NameSuffix defines the suffix used for name fields 40 NameSuffix = ".name" 41 42 // ContainerIDLen defines the length of a container ID 43 ContainerIDLen = sha256.Size * 2 44 45 // MaxSymlinks maximum symlinks captured 46 MaxSymlinks = 2 47 48 // MaxTracedCgroupsCount hard limit for the count of traced cgroups 49 MaxTracedCgroupsCount = 128 50 ) 51 52 const ( 53 // EventFlagsAsync async event 54 EventFlagsAsync = 1 << iota 55 56 // EventFlagsSavedByAD saved by ad 57 EventFlagsSavedByAD 58 59 // EventFlagsActivityDumpSample an AD sample 60 EventFlagsActivityDumpSample 61 62 // EventFlagsSecurityProfileInProfile true if the event was found in a profile 63 EventFlagsSecurityProfileInProfile 64 65 // EventFlagsAnomalyDetectionEvent true if the event is marked as being an anomaly 66 EventFlagsAnomalyDetectionEvent 67 68 // EventFlagsHasActiveActivityDump true if the event has an active activity dump associated to it 69 EventFlagsHasActiveActivityDump 70 ) 71 72 var ( 73 // vmConstants is the list of protection flags for a virtual memory segment 74 // generate_constants:Virtual Memory flags,Virtual Memory flags define the protection of a virtual memory segment. 75 vmConstants = map[string]uint64{ 76 "VM_NONE": 0x0, 77 "VM_READ": 0x1, 78 "VM_WRITE": 0x2, 79 "VM_EXEC": 0x4, 80 "VM_SHARED": 0x8, 81 "VM_MAYREAD": 0x00000010, 82 "VM_MAYWRITE": 0x00000020, 83 "VM_MAYEXEC": 0x00000040, 84 "VM_MAYSHARE": 0x00000080, 85 "VM_GROWSDOWN": 0x00000100, /* general info on the segment */ 86 "VM_UFFD_MISSING": 0x00000200, /* missing pages tracking */ 87 "VM_PFNMAP": 0x00000400, /* Page-ranges managed without "struct page", just pure PFN */ 88 "VM_UFFD_WP": 0x00001000, /* wrprotect pages tracking */ 89 "VM_LOCKED": 0x00002000, 90 "VM_IO": 0x00004000, /* Memory mapped I/O or similar */ 91 "VM_SEQ_READ": 0x00008000, /* App will access data sequentially */ 92 "VM_RAND_READ": 0x00010000, /* App will not benefit from clustered reads */ 93 "VM_DONTCOPY": 0x00020000, /* Do not copy this vma on fork */ 94 "VM_DONTEXPAND": 0x00040000, /* Cannot expand with mremap() */ 95 "VM_LOCKONFAULT": 0x00080000, /* Lock the pages covered when they are faulted in */ 96 "VM_ACCOUNT": 0x00100000, /* Is a VM accounted object */ 97 "VM_NORESERVE": 0x00200000, /* should the VM suppress accounting */ 98 "VM_HUGETLB": 0x00400000, /* Huge TLB Page VM */ 99 "VM_SYNC": 0x00800000, /* Synchronous page faults */ 100 "VM_ARCH_1": 0x01000000, /* Architecture-specific flag */ 101 "VM_WIPEONFORK": 0x02000000, /* Wipe VMA contents in child. */ 102 "VM_DONTDUMP": 0x04000000, /* Do not include in the core dump */ 103 "VM_SOFTDIRTY": 0x08000000, /* Not soft dirty clean area */ 104 "VM_MIXEDMAP": 0x10000000, /* Can contain "struct page" and pure PFN pages */ 105 "VM_HUGEPAGE": 0x20000000, /* MADV_HUGEPAGE marked this vma */ 106 "VM_NOHUGEPAGE": 0x40000000, /* MADV_NOHUGEPAGE marked this vma */ 107 "VM_MERGEABLE": 0x80000000, /* KSM may merge identical pages */ 108 } 109 110 // BPFCmdConstants is the list of BPF commands 111 // generate_constants:BPF commands,BPF commands are used to specify a command to a bpf syscall. 112 BPFCmdConstants = map[string]BPFCmd{ 113 "BPF_MAP_CREATE": BpfMapCreateCmd, 114 "BPF_MAP_LOOKUP_ELEM": BpfMapLookupElemCmd, 115 "BPF_MAP_UPDATE_ELEM": BpfMapUpdateElemCmd, 116 "BPF_MAP_DELETE_ELEM": BpfMapDeleteElemCmd, 117 "BPF_MAP_GET_NEXT_KEY": BpfMapGetNextKeyCmd, 118 "BPF_PROG_LOAD": BpfProgLoadCmd, 119 "BPF_OBJ_PIN": BpfObjPinCmd, 120 "BPF_OBJ_GET": BpfObjGetCmd, 121 "BPF_PROG_ATTACH": BpfProgAttachCmd, 122 "BPF_PROG_DETACH": BpfProgDetachCmd, 123 "BPF_PROG_TEST_RUN": BpfProgTestRunCmd, 124 "BPF_PROG_RUN": BpfProgTestRunCmd, 125 "BPF_PROG_GET_NEXT_ID": BpfProgGetNextIDCmd, 126 "BPF_MAP_GET_NEXT_ID": BpfMapGetNextIDCmd, 127 "BPF_PROG_GET_FD_BY_ID": BpfProgGetFdByIDCmd, 128 "BPF_MAP_GET_FD_BY_ID": BpfMapGetFdByIDCmd, 129 "BPF_OBJ_GET_INFO_BY_FD": BpfObjGetInfoByFdCmd, 130 "BPF_PROG_QUERY": BpfProgQueryCmd, 131 "BPF_RAW_TRACEPOINT_OPEN": BpfRawTracepointOpenCmd, 132 "BPF_BTF_LOAD": BpfBtfLoadCmd, 133 "BPF_BTF_GET_FD_BY_ID": BpfBtfGetFdByIDCmd, 134 "BPF_TASK_FD_QUERY": BpfTaskFdQueryCmd, 135 "BPF_MAP_LOOKUP_AND_DELETE_ELEM": BpfMapLookupAndDeleteElemCmd, 136 "BPF_MAP_FREEZE": BpfMapFreezeCmd, 137 "BPF_BTF_GET_NEXT_ID": BpfBtfGetNextIDCmd, 138 "BPF_MAP_LOOKUP_BATCH": BpfMapLookupBatchCmd, 139 "BPF_MAP_LOOKUP_AND_DELETE_BATCH": BpfMapLookupAndDeleteBatchCmd, 140 "BPF_MAP_UPDATE_BATCH": BpfMapUpdateBatchCmd, 141 "BPF_MAP_DELETE_BATCH": BpfMapDeleteBatchCmd, 142 "BPF_LINK_CREATE": BpfLinkCreateCmd, 143 "BPF_LINK_UPDATE": BpfLinkUpdateCmd, 144 "BPF_LINK_GET_FD_BY_ID": BpfLinkGetFdByIDCmd, 145 "BPF_LINK_GET_NEXT_ID": BpfLinkGetNextIDCmd, 146 "BPF_ENABLE_STATS": BpfEnableStatsCmd, 147 "BPF_ITER_CREATE": BpfIterCreateCmd, 148 "BPF_LINK_DETACH": BpfLinkDetachCmd, 149 "BPF_PROG_BIND_MAP": BpfProgBindMapCmd, 150 } 151 152 // BPFHelperFuncConstants is the list of BPF helper func constants 153 // generate_constants:BPF helper functions,BPF helper functions are the supported BPF helper functions. 154 BPFHelperFuncConstants = map[string]BPFHelperFunc{ 155 "BPF_UNSPEC": BpfUnspec, 156 "BPF_MAP_LOOKUP_ELEM": BpfMapLookupElem, 157 "BPF_MAP_UPDATE_ELEM": BpfMapUpdateElem, 158 "BPF_MAP_DELETE_ELEM": BpfMapDeleteElem, 159 "BPF_PROBE_READ": BpfProbeRead, 160 "BPF_KTIME_GET_NS": BpfKtimeGetNs, 161 "BPF_TRACE_PRINTK": BpfTracePrintk, 162 "BPF_GET_PRANDOM_U32": BpfGetPrandomU32, 163 "BPF_GET_SMP_PROCESSOR_ID": BpfGetSmpProcessorID, 164 "BPF_SKB_STORE_BYTES": BpfSkbStoreBytes, 165 "BPF_L3_CSUM_REPLACE": BpfL3CsumReplace, 166 "BPF_L4_CSUM_REPLACE": BpfL4CsumReplace, 167 "BPF_TAIL_CALL": BpfTailCall, 168 "BPF_CLONE_REDIRECT": BpfCloneRedirect, 169 "BPF_GET_CURRENT_PID_TGID": BpfGetCurrentPidTgid, 170 "BPF_GET_CURRENT_UID_GID": BpfGetCurrentUIDGid, 171 "BPF_GET_CURRENT_COMM": BpfGetCurrentComm, 172 "BPF_GET_CGROUP_CLASSID": BpfGetCgroupClassid, 173 "BPF_SKB_VLAN_PUSH": BpfSkbVlanPush, 174 "BPF_SKB_VLAN_POP": BpfSkbVlanPop, 175 "BPF_SKB_GET_TUNNEL_KEY": BpfSkbGetTunnelKey, 176 "BPF_SKB_SET_TUNNEL_KEY": BpfSkbSetTunnelKey, 177 "BPF_PERF_EVENT_READ": BpfPerfEventRead, 178 "BPF_REDIRECT": BpfRedirect, 179 "BPF_GET_ROUTE_REALM": BpfGetRouteRealm, 180 "BPF_PERF_EVENT_OUTPUT": BpfPerfEventOutput, 181 "BPF_SKB_LOAD_BYTES": BpfSkbLoadBytes, 182 "BPF_GET_STACKID": BpfGetStackid, 183 "BPF_CSUM_DIFF": BpfCsumDiff, 184 "BPF_SKB_GET_TUNNEL_OPT": BpfSkbGetTunnelOpt, 185 "BPF_SKB_SET_TUNNEL_OPT": BpfSkbSetTunnelOpt, 186 "BPF_SKB_CHANGE_PROTO": BpfSkbChangeProto, 187 "BPF_SKB_CHANGE_TYPE": BpfSkbChangeType, 188 "BPF_SKB_UNDER_CGROUP": BpfSkbUnderCgroup, 189 "BPF_GET_HASH_RECALC": BpfGetHashRecalc, 190 "BPF_GET_CURRENT_TASK": BpfGetCurrentTask, 191 "BPF_PROBE_WRITE_USER": BpfProbeWriteUser, 192 "BPF_CURRENT_TASK_UNDER_CGROUP": BpfCurrentTaskUnderCgroup, 193 "BPF_SKB_CHANGE_TAIL": BpfSkbChangeTail, 194 "BPF_SKB_PULL_DATA": BpfSkbPullData, 195 "BPF_CSUM_UPDATE": BpfCsumUpdate, 196 "BPF_SET_HASH_INVALID": BpfSetHashInvalid, 197 "BPF_GET_NUMA_NODE_ID": BpfGetNumaNodeID, 198 "BPF_SKB_CHANGE_HEAD": BpfSkbChangeHead, 199 "BPF_XDP_ADJUST_HEAD": BpfXdpAdjustHead, 200 "BPF_PROBE_READ_STR": BpfProbeReadStr, 201 "BPF_GET_SOCKET_COOKIE": BpfGetSocketCookie, 202 "BPF_GET_SOCKET_UID": BpfGetSocketUID, 203 "BPF_SET_HASH": BpfSetHash, 204 "BPF_SETSOCKOPT": BpfSetsockopt, 205 "BPF_SKB_ADJUST_ROOM": BpfSkbAdjustRoom, 206 "BPF_REDIRECT_MAP": BpfRedirectMap, 207 "BPF_SK_REDIRECT_MAP": BpfSkRedirectMap, 208 "BPF_SOCK_MAP_UPDATE": BpfSockMapUpdate, 209 "BPF_XDP_ADJUST_META": BpfXdpAdjustMeta, 210 "BPF_PERF_EVENT_READ_VALUE": BpfPerfEventReadValue, 211 "BPF_PERF_PROG_READ_VALUE": BpfPerfProgReadValue, 212 "BPF_GETSOCKOPT": BpfGetsockopt, 213 "BPF_OVERRIDE_RETURN": BpfOverrideReturn, 214 "BPF_SOCK_OPS_CB_FLAGS_SET": BpfSockOpsCbFlagsSet, 215 "BPF_MSG_REDIRECT_MAP": BpfMsgRedirectMap, 216 "BPF_MSG_APPLY_BYTES": BpfMsgApplyBytes, 217 "BPF_MSG_CORK_BYTES": BpfMsgCorkBytes, 218 "BPF_MSG_PULL_DATA": BpfMsgPullData, 219 "BPF_BIND": BpfBind, 220 "BPF_XDP_ADJUST_TAIL": BpfXdpAdjustTail, 221 "BPF_SKB_GET_XFRM_STATE": BpfSkbGetXfrmState, 222 "BPF_GET_STACK": BpfGetStack, 223 "BPF_SKB_LOAD_BYTES_RELATIVE": BpfSkbLoadBytesRelative, 224 "BPF_FIB_LOOKUP": BpfFibLookup, 225 "BPF_SOCK_HASH_UPDATE": BpfSockHashUpdate, 226 "BPF_MSG_REDIRECT_HASH": BpfMsgRedirectHash, 227 "BPF_SK_REDIRECT_HASH": BpfSkRedirectHash, 228 "BPF_LWT_PUSH_ENCAP": BpfLwtPushEncap, 229 "BPF_LWT_SEG6_STORE_BYTES": BpfLwtSeg6StoreBytes, 230 "BPF_LWT_SEG6_ADJUST_SRH": BpfLwtSeg6AdjustSrh, 231 "BPF_LWT_SEG6_ACTION": BpfLwtSeg6Action, 232 "BPF_RC_REPEAT": BpfRcRepeat, 233 "BPF_RC_KEYDOWN": BpfRcKeydown, 234 "BPF_SKB_CGROUP_ID": BpfSkbCgroupID, 235 "BPF_GET_CURRENT_CGROUP_ID": BpfGetCurrentCgroupID, 236 "BPF_GET_LOCAL_STORAGE": BpfGetLocalStorage, 237 "BPF_SK_SELECT_REUSEPORT": BpfSkSelectReuseport, 238 "BPF_SKB_ANCESTOR_CGROUP_ID": BpfSkbAncestorCgroupID, 239 "BPF_SK_LOOKUP_TCP": BpfSkLookupTCP, 240 "BPF_SK_LOOKUP_UDP": BpfSkLookupUDP, 241 "BPF_SK_RELEASE": BpfSkRelease, 242 "BPF_MAP_PUSH_ELEM": BpfMapPushElem, 243 "BPF_MAP_POP_ELEM": BpfMapPopElem, 244 "BPF_MAP_PEEK_ELEM": BpfMapPeekElem, 245 "BPF_MSG_PUSH_DATA": BpfMsgPushData, 246 "BPF_MSG_POP_DATA": BpfMsgPopData, 247 "BPF_RC_POINTER_REL": BpfRcPointerRel, 248 "BPF_SPIN_LOCK": BpfSpinLock, 249 "BPF_SPIN_UNLOCK": BpfSpinUnlock, 250 "BPF_SK_FULLSOCK": BpfSkFullsock, 251 "BPF_TCP_SOCK": BpfTCPSock, 252 "BPF_SKB_ECN_SET_CE": BpfSkbEcnSetCe, 253 "BPF_GET_LISTENER_SOCK": BpfGetListenerSock, 254 "BPF_SKC_LOOKUP_TCP": BpfSkcLookupTCP, 255 "BPF_TCP_CHECK_SYNCOOKIE": BpfTCPCheckSyncookie, 256 "BPF_SYSCTL_GET_NAME": BpfSysctlGetName, 257 "BPF_SYSCTL_GET_CURRENT_VALUE": BpfSysctlGetCurrentValue, 258 "BPF_SYSCTL_GET_NEW_VALUE": BpfSysctlGetNewValue, 259 "BPF_SYSCTL_SET_NEW_VALUE": BpfSysctlSetNewValue, 260 "BPF_STRTOL": BpfStrtol, 261 "BPF_STRTOUL": BpfStrtoul, 262 "BPF_SK_STORAGE_GET": BpfSkStorageGet, 263 "BPF_SK_STORAGE_DELETE": BpfSkStorageDelete, 264 "BPF_SEND_SIGNAL": BpfSendSignal, 265 "BPF_TCP_GEN_SYNCOOKIE": BpfTCPGenSyncookie, 266 "BPF_SKB_OUTPUT": BpfSkbOutput, 267 "BPF_PROBE_READ_USER": BpfProbeReadUser, 268 "BPF_PROBE_READ_KERNEL": BpfProbeReadKernel, 269 "BPF_PROBE_READ_USER_STR": BpfProbeReadUserStr, 270 "BPF_PROBE_READ_KERNEL_STR": BpfProbeReadKernelStr, 271 "BPF_TCP_SEND_ACK": BpfTCPSendAck, 272 "BPF_SEND_SIGNAL_THREAD": BpfSendSignalThread, 273 "BPF_JIFFIES64": BpfJiffies64, 274 "BPF_READ_BRANCH_RECORDS": BpfReadBranchRecords, 275 "BPF_GET_NS_CURRENT_PID_TGID": BpfGetNsCurrentPidTgid, 276 "BPF_XDP_OUTPUT": BpfXdpOutput, 277 "BPF_GET_NETNS_COOKIE": BpfGetNetnsCookie, 278 "BPF_GET_CURRENT_ANCESTOR_CGROUP_ID": BpfGetCurrentAncestorCgroupID, 279 "BPF_SK_ASSIGN": BpfSkAssign, 280 "BPF_KTIME_GET_BOOT_NS": BpfKtimeGetBootNs, 281 "BPF_SEQ_PRINTF": BpfSeqPrintf, 282 "BPF_SEQ_WRITE": BpfSeqWrite, 283 "BPF_SK_CGROUP_ID": BpfSkCgroupID, 284 "BPF_SK_ANCESTOR_CGROUP_ID": BpfSkAncestorCgroupID, 285 "BPF_RINGBUF_OUTPUT": BpfRingbufOutput, 286 "BPF_RINGBUF_RESERVE": BpfRingbufReserve, 287 "BPF_RINGBUF_SUBMIT": BpfRingbufSubmit, 288 "BPF_RINGBUF_DISCARD": BpfRingbufDiscard, 289 "BPF_RINGBUF_QUERY": BpfRingbufQuery, 290 "BPF_CSUM_LEVEL": BpfCsumLevel, 291 "BPF_SKC_TO_TCP6_SOCK": BpfSkcToTCP6Sock, 292 "BPF_SKC_TO_TCP_SOCK": BpfSkcToTCPSock, 293 "BPF_SKC_TO_TCP_TIMEWAIT_SOCK": BpfSkcToTCPTimewaitSock, 294 "BPF_SKC_TO_TCP_REQUEST_SOCK": BpfSkcToTCPRequestSock, 295 "BPF_SKC_TO_UDP6_SOCK": BpfSkcToUDP6Sock, 296 "BPF_GET_TASK_STACK": BpfGetTaskStack, 297 "BPF_LOAD_HDR_OPT": BpfLoadHdrOpt, 298 "BPF_STORE_HDR_OPT": BpfStoreHdrOpt, 299 "BPF_RESERVE_HDR_OPT": BpfReserveHdrOpt, 300 "BPF_INODE_STORAGE_GET": BpfInodeStorageGet, 301 "BPF_INODE_STORAGE_DELETE": BpfInodeStorageDelete, 302 "BPF_D_PATH": BpfDPath, 303 "BPF_COPY_FROM_USER": BpfCopyFromUser, 304 "BPF_SNPRINTF_BTF": BpfSnprintfBtf, 305 "BPF_SEQ_PRINTF_BTF": BpfSeqPrintfBtf, 306 "BPF_SKB_CGROUP_CLASSID": BpfSkbCgroupClassid, 307 "BPF_REDIRECT_NEIGH": BpfRedirectNeigh, 308 "BPF_PER_CPU_PTR": BpfPerCPUPtr, 309 "BPF_THIS_CPU_PTR": BpfThisCPUPtr, 310 "BPF_REDIRECT_PEER": BpfRedirectPeer, 311 "BPF_TASK_STORAGE_GET": BpfTaskStorageGet, 312 "BPF_TASK_STORAGE_DELETE": BpfTaskStorageDelete, 313 "BPF_GET_CURRENT_TASK_BTF": BpfGetCurrentTaskBtf, 314 "BPF_BPRM_OPTS_SET": BpfBprmOptsSet, 315 "BPF_KTIME_GET_COARSE_NS": BpfKtimeGetCoarseNs, 316 "BPF_IMA_INODE_HASH": BpfImaInodeHash, 317 "BPF_SOCK_FROM_FILE": BpfSockFromFile, 318 "BPF_CHECK_MTU": BpfCheckMtu, 319 "BPF_FOR_EACH_MAP_ELEM": BpfForEachMapElem, 320 "BPF_SNPRINTF": BpfSnprintf, 321 } 322 323 // BPFMapTypeConstants is the list of BPF map type constants 324 // generate_constants:BPF map types,BPF map types are the supported eBPF map types. 325 BPFMapTypeConstants = map[string]BPFMapType{ 326 "BPF_MAP_TYPE_UNSPEC": BpfMapTypeUnspec, 327 "BPF_MAP_TYPE_HASH": BpfMapTypeHash, 328 "BPF_MAP_TYPE_ARRAY": BpfMapTypeArray, 329 "BPF_MAP_TYPE_PROG_ARRAY": BpfMapTypeProgArray, 330 "BPF_MAP_TYPE_PERF_EVENT_ARRAY": BpfMapTypePerfEventArray, 331 "BPF_MAP_TYPE_PERCPU_HASH": BpfMapTypePercpuHash, 332 "BPF_MAP_TYPE_PERCPU_ARRAY": BpfMapTypePercpuArray, 333 "BPF_MAP_TYPE_STACK_TRACE": BpfMapTypeStackTrace, 334 "BPF_MAP_TYPE_CGROUP_ARRAY": BpfMapTypeCgroupArray, 335 "BPF_MAP_TYPE_LRU_HASH": BpfMapTypeLruHash, 336 "BPF_MAP_TYPE_LRU_PERCPU_HASH": BpfMapTypeLruPercpuHash, 337 "BPF_MAP_TYPE_LPM_TRIE": BpfMapTypeLpmTrie, 338 "BPF_MAP_TYPE_ARRAY_OF_MAPS": BpfMapTypeArrayOfMaps, 339 "BPF_MAP_TYPE_HASH_OF_MAPS": BpfMapTypeHashOfMaps, 340 "BPF_MAP_TYPE_DEVMAP": BpfMapTypeDevmap, 341 "BPF_MAP_TYPE_SOCKMAP": BpfMapTypeSockmap, 342 "BPF_MAP_TYPE_CPUMAP": BpfMapTypeCPUmap, 343 "BPF_MAP_TYPE_XSKMAP": BpfMapTypeXskmap, 344 "BPF_MAP_TYPE_SOCKHASH": BpfMapTypeSockhash, 345 "BPF_MAP_TYPE_CGROUP_STORAGE": BpfMapTypeCgroupStorage, 346 "BPF_MAP_TYPE_REUSEPORT_SOCKARRAY": BpfMapTypeReuseportSockarray, 347 "BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE": BpfMapTypePercpuCgroupStorage, 348 "BPF_MAP_TYPE_QUEUE": BpfMapTypeQueue, 349 "BPF_MAP_TYPE_STACK": BpfMapTypeStack, 350 "BPF_MAP_TYPE_SK_STORAGE": BpfMapTypeSkStorage, 351 "BPF_MAP_TYPE_DEVMAP_HASH": BpfMapTypeDevmapHash, 352 "BPF_MAP_TYPE_STRUCT_OPS": BpfMapTypeStructOps, 353 "BPF_MAP_TYPE_RINGBUF": BpfMapTypeRingbuf, 354 "BPF_MAP_TYPE_INODE_STORAGE": BpfMapTypeInodeStorage, 355 "BPF_MAP_TYPE_TASK_STORAGE": BpfMapTypeTaskStorage, 356 } 357 358 // BPFProgramTypeConstants is the list of BPF program type constants 359 // generate_constants:BPF program types,BPF program types are the supported eBPF program types. 360 BPFProgramTypeConstants = map[string]BPFProgramType{ 361 "BPF_PROG_TYPE_UNSPEC": BpfProgTypeUnspec, 362 "BPF_PROG_TYPE_SOCKET_FILTER": BpfProgTypeSocketFilter, 363 "BPF_PROG_TYPE_KPROBE": BpfProgTypeKprobe, 364 "BPF_PROG_TYPE_SCHED_CLS": BpfProgTypeSchedCls, 365 "BPF_PROG_TYPE_SCHED_ACT": BpfProgTypeSchedAct, 366 "BPF_PROG_TYPE_TRACEPOINT": BpfProgTypeTracepoint, 367 "BPF_PROG_TYPE_XDP": BpfProgTypeXdp, 368 "BPF_PROG_TYPE_PERF_EVENT": BpfProgTypePerfEvent, 369 "BPF_PROG_TYPE_CGROUP_SKB": BpfProgTypeCgroupSkb, 370 "BPF_PROG_TYPE_CGROUP_SOCK": BpfProgTypeCgroupSock, 371 "BPF_PROG_TYPE_LWT_IN": BpfProgTypeLwtIn, 372 "BPF_PROG_TYPE_LWT_OUT": BpfProgTypeLwtOut, 373 "BPF_PROG_TYPE_LWT_XMIT": BpfProgTypeLwtXmit, 374 "BPF_PROG_TYPE_SOCK_OPS": BpfProgTypeSockOps, 375 "BPF_PROG_TYPE_SK_SKB": BpfProgTypeSkSkb, 376 "BPF_PROG_TYPE_CGROUP_DEVICE": BpfProgTypeCgroupDevice, 377 "BPF_PROG_TYPE_SK_MSG": BpfProgTypeSkMsg, 378 "BPF_PROG_TYPE_RAW_TRACEPOINT": BpfProgTypeRawTracepoint, 379 "BPF_PROG_TYPE_CGROUP_SOCK_ADDR": BpfProgTypeCgroupSockAddr, 380 "BPF_PROG_TYPE_LWT_SEG6LOCAL": BpfProgTypeLwtSeg6local, 381 "BPF_PROG_TYPE_LIRC_MODE2": BpfProgTypeLircMode2, 382 "BPF_PROG_TYPE_SK_REUSEPORT": BpfProgTypeSkReuseport, 383 "BPF_PROG_TYPE_FLOW_DISSECTOR": BpfProgTypeFlowDissector, 384 "BPF_PROG_TYPE_CGROUP_SYSCTL": BpfProgTypeCgroupSysctl, 385 "BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE": BpfProgTypeRawTracepointWritable, 386 "BPF_PROG_TYPE_CGROUP_SOCKOPT": BpfProgTypeCgroupSockopt, 387 "BPF_PROG_TYPE_TRACING": BpfProgTypeTracing, 388 "BPF_PROG_TYPE_STRUCT_OPS": BpfProgTypeStructOps, 389 "BPF_PROG_TYPE_EXT": BpfProgTypeExt, 390 "BPF_PROG_TYPE_LSM": BpfProgTypeLsm, 391 "BPF_PROG_TYPE_SK_LOOKUP": BpfProgTypeSkLookup, 392 } 393 394 // BPFAttachTypeConstants is the list of BPF attach type constants 395 // generate_constants:BPF attach types,BPF attach types are the supported eBPF program attach types. 396 BPFAttachTypeConstants = map[string]BPFAttachType{ 397 "BPF_CGROUP_INET_INGRESS": BpfCgroupInetIngress, 398 "BPF_CGROUP_INET_EGRESS": BpfCgroupInetEgress, 399 "BPF_CGROUP_INET_SOCK_CREATE": BpfCgroupInetSockCreate, 400 "BPF_CGROUP_SOCK_OPS": BpfCgroupSockOps, 401 "BPF_SK_SKB_STREAM_PARSER": BpfSkSkbStreamParser, 402 "BPF_SK_SKB_STREAM_VERDICT": BpfSkSkbStreamVerdict, 403 "BPF_CGROUP_DEVICE": BpfCgroupDevice, 404 "BPF_SK_MSG_VERDICT": BpfSkMsgVerdict, 405 "BPF_CGROUP_INET4_BIND": BpfCgroupInet4Bind, 406 "BPF_CGROUP_INET6_BIND": BpfCgroupInet6Bind, 407 "BPF_CGROUP_INET4_CONNECT": BpfCgroupInet4Connect, 408 "BPF_CGROUP_INET6_CONNECT": BpfCgroupInet6Connect, 409 "BPF_CGROUP_INET4_POST_BIND": BpfCgroupInet4PostBind, 410 "BPF_CGROUP_INET6_POST_BIND": BpfCgroupInet6PostBind, 411 "BPF_CGROUP_UDP4_SENDMSG": BpfCgroupUDP4Sendmsg, 412 "BPF_CGROUP_UDP6_SENDMSG": BpfCgroupUDP6Sendmsg, 413 "BPF_LIRC_MODE2": BpfLircMode2, 414 "BPF_FLOW_DISSECTOR": BpfFlowDissector, 415 "BPF_CGROUP_SYSCTL": BpfCgroupSysctl, 416 "BPF_CGROUP_UDP4_RECVMSG": BpfCgroupUDP4Recvmsg, 417 "BPF_CGROUP_UDP6_RECVMSG": BpfCgroupUDP6Recvmsg, 418 "BPF_CGROUP_GETSOCKOPT": BpfCgroupGetsockopt, 419 "BPF_CGROUP_SETSOCKOPT": BpfCgroupSetsockopt, 420 "BPF_TRACE_RAW_TP": BpfTraceRawTp, 421 "BPF_TRACE_FENTRY": BpfTraceFentry, 422 "BPF_TRACE_FEXIT": BpfTraceFexit, 423 "BPF_MODIFY_RETURN": BpfModifyReturn, 424 "BPF_LSM_MAC": BpfLsmMac, 425 "BPF_TRACE_ITER": BpfTraceIter, 426 "BPF_CGROUP_INET4_GETPEERNAME": BpfCgroupInet4Getpeername, 427 "BPF_CGROUP_INET6_GETPEERNAME": BpfCgroupInet6Getpeername, 428 "BPF_CGROUP_INET4_GETSOCKNAME": BpfCgroupInet4Getsockname, 429 "BPF_CGROUP_INET6_GETSOCKNAME": BpfCgroupInet6Getsockname, 430 "BPF_XDP_DEVMAP": BpfXdpDevmap, 431 "BPF_CGROUP_INET_SOCK_RELEASE": BpfCgroupInetSockRelease, 432 "BPF_XDP_CPUMAP": BpfXdpCPUmap, 433 "BPF_SK_LOOKUP": BpfSkLookup, 434 "BPF_XDP": BpfXdp, 435 "BPF_SK_SKB_VERDICT": BpfSkSkbVerdict, 436 } 437 438 // PipeBufFlagConstants is the list of pipe buffer flags 439 // generate_constants:Pipe buffer flags,Pipe buffer flags are the supported flags for a pipe buffer. 440 PipeBufFlagConstants = map[string]PipeBufFlag{ 441 "PIPE_BUF_FLAG_LRU": PipeBufFlagLRU, 442 "PIPE_BUF_FLAG_ATOMIC": PipeBufFlagAtomic, 443 "PIPE_BUF_FLAG_GIFT": PipeBufFlagGift, 444 "PIPE_BUF_FLAG_PACKET": PipeBufFlagPacket, 445 "PIPE_BUF_FLAG_CAN_MERGE": PipeBufFlagCanMerge, 446 "PIPE_BUF_FLAG_WHOLE": PipeBufFlagWhole, 447 "PIPE_BUF_FLAG_LOSS": PipeBufFlagLoss, 448 } 449 450 // DNSQTypeConstants see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml 451 // generate_constants:DNS qtypes,DNS qtypes are the supported DNS query types. 452 DNSQTypeConstants = map[string]int{ 453 "None": 0, 454 "A": 1, 455 "NS": 2, 456 "MD": 3, 457 "MF": 4, 458 "CNAME": 5, 459 "SOA": 6, 460 "MB": 7, 461 "MG": 8, 462 "MR": 9, 463 "NULL": 10, 464 "PTR": 12, 465 "HINFO": 13, 466 "MINFO": 14, 467 "MX": 15, 468 "TXT": 16, 469 "RP": 17, 470 "AFSDB": 18, 471 "X25": 19, 472 "ISDN": 20, 473 "RT": 21, 474 "NSAPPTR": 23, 475 "SIG": 24, 476 "KEY": 25, 477 "PX": 26, 478 "GPOS": 27, 479 "AAAA": 28, 480 "LOC": 29, 481 "NXT": 30, 482 "EID": 31, 483 "NIMLOC": 32, 484 "SRV": 33, 485 "ATMA": 34, 486 "NAPTR": 35, 487 "KX": 36, 488 "CERT": 37, 489 "DNAME": 39, 490 "OPT": 41, 491 "APL": 42, 492 "DS": 43, 493 "SSHFP": 44, 494 "RRSIG": 46, 495 "NSEC": 47, 496 "DNSKEY": 48, 497 "DHCID": 49, 498 "NSEC3": 50, 499 "NSEC3PARAM": 51, 500 "TLSA": 52, 501 "SMIMEA": 53, 502 "HIP": 55, 503 "NINFO": 56, 504 "RKEY": 57, 505 "TALINK": 58, 506 "CDS": 59, 507 "CDNSKEY": 60, 508 "OPENPGPKEY": 61, 509 "CSYNC": 62, 510 "ZONEMD": 63, 511 "SVCB": 64, 512 "HTTPS": 65, 513 "SPF": 99, 514 "UINFO": 100, 515 "UID": 101, 516 "GID": 102, 517 "UNSPEC": 103, 518 "NID": 104, 519 "L32": 105, 520 "L64": 106, 521 "LP": 107, 522 "EUI48": 108, 523 "EUI64": 109, 524 "URI": 256, 525 "CAA": 257, 526 "AVC": 258, 527 "TKEY": 249, 528 "TSIG": 250, 529 "IXFR": 251, 530 "AXFR": 252, 531 "MAILB": 253, 532 "MAILA": 254, 533 "ANY": 255, 534 "TA": 32768, 535 "DLV": 32769, 536 "Reserved": 65535, 537 } 538 539 // DNSQClassConstants see https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml 540 // generate_constants:DNS qclasses,DNS qclasses are the supported DNS query classes. 541 DNSQClassConstants = map[string]int{ 542 "CLASS_INET": 1, 543 "CLASS_CSNET": 2, 544 "CLASS_CHAOS": 3, 545 "CLASS_HESIOD": 4, 546 "CLASS_NONE": 254, 547 "CLASS_ANY": 255, 548 } 549 550 // BooleanConstants holds the evaluator for boolean constants 551 // generate_constants:Boolean constants,Boolean constants are the supported boolean constants. 552 BooleanConstants = map[string]interface{}{ 553 // boolean 554 "true": &eval.BoolEvaluator{Value: true}, 555 "false": &eval.BoolEvaluator{Value: false}, 556 } 557 558 // seclConstants are constants supported in runtime security agent rules 559 seclConstants = map[string]interface{}{} 560 561 // L3ProtocolConstants is the list of supported L3 protocols 562 // generate_constants:L3 protocols,L3 protocols are the supported Layer 3 protocols. 563 L3ProtocolConstants = map[string]L3Protocol{ 564 "ETH_P_LOOP": EthPLOOP, 565 "ETH_P_PUP": EthPPUP, 566 "ETH_P_PUPAT": EthPPUPAT, 567 "ETH_P_TSN": EthPTSN, 568 "ETH_P_IP": EthPIP, 569 "ETH_P_X25": EthPX25, 570 "ETH_P_ARP": EthPARP, 571 "ETH_P_BPQ": EthPBPQ, 572 "ETH_P_IEEEPUP": EthPIEEEPUP, 573 "ETH_P_IEEEPUPAT": EthPIEEEPUPAT, 574 "ETH_P_BATMAN": EthPBATMAN, 575 "ETH_P_DEC": EthPDEC, 576 "ETH_P_DNADL": EthPDNADL, 577 "ETH_P_DNARC": EthPDNARC, 578 "ETH_P_DNART": EthPDNART, 579 "ETH_P_LAT": EthPLAT, 580 "ETH_P_DIAG": EthPDIAG, 581 "ETH_P_CUST": EthPCUST, 582 "ETH_P_SCA": EthPSCA, 583 "ETH_P_TEB": EthPTEB, 584 "ETH_P_RARP": EthPRARP, 585 "ETH_P_ATALK": EthPATALK, 586 "ETH_P_AARP": EthPAARP, 587 "ETH_P_8021_Q": EthP8021Q, 588 "ETH_P_ERSPAN": EthPERSPAN, 589 "ETH_P_IPX": EthPIPX, 590 "ETH_P_IPV6": EthPIPV6, 591 "ETH_P_PAUSE": EthPPAUSE, 592 "ETH_P_SLOW": EthPSLOW, 593 "ETH_P_WCCP": EthPWCCP, 594 "ETH_P_MPLSUC": EthPMPLSUC, 595 "ETH_P_MPLSMC": EthPMPLSMC, 596 "ETH_P_ATMMPOA": EthPATMMPOA, 597 "ETH_P_PPPDISC": EthPPPPDISC, 598 "ETH_P_PPPSES": EthPPPPSES, 599 "ETH_P__LINK_CTL": EthPLinkCTL, 600 "ETH_P_ATMFATE": EthPATMFATE, 601 "ETH_P_PAE": EthPPAE, 602 "ETH_P_AOE": EthPAOE, 603 "ETH_P_8021_AD": EthP8021AD, 604 "ETH_P_802_EX1": EthP802EX1, 605 "ETH_P_TIPC": EthPTIPC, 606 "ETH_P_MACSEC": EthPMACSEC, 607 "ETH_P_8021_AH": EthP8021AH, 608 "ETH_P_MVRP": EthPMVRP, 609 "ETH_P_1588": EthP1588, 610 "ETH_P_NCSI": EthPNCSI, 611 "ETH_P_PRP": EthPPRP, 612 "ETH_P_FCOE": EthPFCOE, 613 "ETH_P_IBOE": EthPIBOE, 614 "ETH_P_TDLS": EthPTDLS, 615 "ETH_P_FIP": EthPFIP, 616 "ETH_P_80221": EthP80221, 617 "ETH_P_HSR": EthPHSR, 618 "ETH_P_NSH": EthPNSH, 619 "ETH_P_LOOPBACK": EthPLOOPBACK, 620 "ETH_P_QINQ1": EthPQINQ1, 621 "ETH_P_QINQ2": EthPQINQ2, 622 "ETH_P_QINQ3": EthPQINQ3, 623 "ETH_P_EDSA": EthPEDSA, 624 "ETH_P_IFE": EthPIFE, 625 "ETH_P_AFIUCV": EthPAFIUCV, 626 "ETH_P_8023_MIN": EthP8023MIN, 627 "ETH_P_IPV6_HOP_BY_HOP": EthPIPV6HopByHop, 628 "ETH_P_8023": EthP8023, 629 "ETH_P_AX25": EthPAX25, 630 "ETH_P_ALL": EthPALL, 631 "ETH_P_8022": EthP8022, 632 "ETH_P_SNAP": EthPSNAP, 633 "ETH_P_DDCMP": EthPDDCMP, 634 "ETH_P_WANPPP": EthPWANPPP, 635 "ETH_P_PPPMP": EthPPPPMP, 636 "ETH_P_LOCALTALK": EthPLOCALTALK, 637 "ETH_P_CAN": EthPCAN, 638 "ETH_P_CANFD": EthPCANFD, 639 "ETH_P_PPPTALK": EthPPPPTALK, 640 "ETH_P_TR8022": EthPTR8022, 641 "ETH_P_MOBITEX": EthPMOBITEX, 642 "ETH_P_CONTROL": EthPCONTROL, 643 "ETH_P_IRDA": EthPIRDA, 644 "ETH_P_ECONET": EthPECONET, 645 "ETH_P_HDLC": EthPHDLC, 646 "ETH_P_ARCNET": EthPARCNET, 647 "ETH_P_DSA": EthPDSA, 648 "ETH_P_TRAILER": EthPTRAILER, 649 "ETH_P_PHONET": EthPPHONET, 650 "ETH_P_IEEE802154": EthPIEEE802154, 651 "ETH_P_CAIF": EthPCAIF, 652 "ETH_P_XDSA": EthPXDSA, 653 "ETH_P_MAP": EthPMAP, 654 } 655 656 // L4ProtocolConstants is the list of supported L4 protocols 657 // generate_constants:L4 protocols,L4 protocols are the supported Layer 4 protocols. 658 L4ProtocolConstants = map[string]L4Protocol{ 659 "IP_PROTO_IP": IPProtoIP, 660 "IP_PROTO_ICMP": IPProtoICMP, 661 "IP_PROTO_IGMP": IPProtoIGMP, 662 "IP_PROTO_IPIP": IPProtoIPIP, 663 "IP_PROTO_TCP": IPProtoTCP, 664 "IP_PROTO_EGP": IPProtoEGP, 665 "IP_PROTO_IGP": IPProtoIGP, 666 "IP_PROTO_PUP": IPProtoPUP, 667 "IP_PROTO_UDP": IPProtoUDP, 668 "IP_PROTO_IDP": IPProtoIDP, 669 "IP_PROTO_TP": IPProtoTP, 670 "IP_PROTO_DCCP": IPProtoDCCP, 671 "IP_PROTO_IPV6": IPProtoIPV6, 672 "IP_PROTO_RSVP": IPProtoRSVP, 673 "IP_PROTO_GRE": IPProtoGRE, 674 "IP_PROTO_ESP": IPProtoESP, 675 "IP_PROTO_AH": IPProtoAH, 676 "IP_PROTO_ICMPV6": IPProtoICMPV6, 677 "IP_PROTO_MTP": IPProtoMTP, 678 "IP_PROTO_BEETPH": IPProtoBEETPH, 679 "IP_PROTO_ENCAP": IPProtoENCAP, 680 "IP_PROTO_PIM": IPProtoPIM, 681 "IP_PROTO_COMP": IPProtoCOMP, 682 "IP_PROTO_SCTP": IPProtoSCTP, 683 "IP_PROTO_UDPLITE": IPProtoUDPLITE, 684 "IP_PROTO_MPLS": IPProtoMPLS, 685 "IP_PROTO_RAW": IPProtoRAW, 686 } 687 688 // exitCauseConstants is the list of supported Exit causes 689 exitCauseConstants = map[string]ExitCause{ 690 "EXITED": ExitExited, 691 "COREDUMPED": ExitCoreDumped, 692 "SIGNALED": ExitSignaled, 693 } 694 ) 695 696 var ( 697 openFlagsStrings = map[int]string{} 698 fileModeStrings = map[int]string{} 699 inodeModeStrings = map[int]string{} 700 unlinkFlagsStrings = map[int]string{} 701 kernelCapabilitiesStrings = map[uint64]string{} 702 bpfCmdStrings = map[uint32]string{} 703 bpfHelperFuncStrings = map[uint32]string{} 704 bpfMapTypeStrings = map[uint32]string{} 705 bpfProgramTypeStrings = map[uint32]string{} 706 bpfAttachTypeStrings = map[uint32]string{} 707 ptraceFlagsStrings = map[uint32]string{} 708 vmStrings = map[uint64]string{} 709 protStrings = map[uint64]string{} 710 mmapFlagStrings = map[uint64]string{} 711 signalStrings = map[int]string{} 712 pipeBufFlagStrings = map[int]string{} 713 dnsQTypeStrings = map[uint32]string{} 714 dnsQClassStrings = map[uint32]string{} 715 l3ProtocolStrings = map[L3Protocol]string{} 716 l4ProtocolStrings = map[L4Protocol]string{} 717 addressFamilyStrings = map[uint16]string{} 718 exitCauseStrings = map[ExitCause]string{} 719 ) 720 721 // File flags 722 const ( 723 LowerLayer = 1 << iota 724 UpperLayer 725 ) 726 727 func initOpenConstants() { 728 for k, v := range openFlagsConstants { 729 seclConstants[k] = &eval.IntEvaluator{Value: v} 730 } 731 732 for k, v := range openFlagsConstants { 733 openFlagsStrings[v] = k 734 } 735 } 736 737 func initFileModeConstants() { 738 for k, v := range fileModeConstants { 739 seclConstants[k] = &eval.IntEvaluator{Value: v} 740 fileModeStrings[v] = k 741 } 742 } 743 744 func initInodeModeConstants() { 745 for k, v := range inodeModeConstants { 746 seclConstants[k] = &eval.IntEvaluator{Value: v} 747 inodeModeStrings[v] = k 748 } 749 } 750 751 func initUnlinkConstanst() { 752 for k, v := range unlinkFlagsConstants { 753 seclConstants[k] = &eval.IntEvaluator{Value: v} 754 unlinkFlagsStrings[v] = k 755 } 756 } 757 758 func initErrorConstants() { 759 for k, v := range errorConstants { 760 seclConstants[k] = &eval.IntEvaluator{Value: v} 761 } 762 } 763 764 func initKernelCapabilityConstants() { 765 for k, v := range KernelCapabilityConstants { 766 if bits.UintSize == 64 || v < math.MaxInt32 { 767 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 768 } 769 kernelCapabilitiesStrings[v] = k 770 } 771 } 772 773 func initBPFCmdConstants() { 774 for k, v := range BPFCmdConstants { 775 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 776 bpfCmdStrings[uint32(v)] = k 777 } 778 } 779 780 func initBPFHelperFuncConstants() { 781 for k, v := range BPFHelperFuncConstants { 782 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 783 bpfHelperFuncStrings[uint32(v)] = k 784 } 785 } 786 787 func initBPFMapTypeConstants() { 788 for k, v := range BPFMapTypeConstants { 789 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 790 bpfMapTypeStrings[uint32(v)] = k 791 } 792 } 793 794 func initBPFProgramTypeConstants() { 795 for k, v := range BPFProgramTypeConstants { 796 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 797 bpfProgramTypeStrings[uint32(v)] = k 798 } 799 } 800 801 func initBPFAttachTypeConstants() { 802 for k, v := range BPFAttachTypeConstants { 803 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 804 bpfAttachTypeStrings[uint32(v)] = k 805 } 806 } 807 808 func initPtraceConstants() { 809 for k, v := range ptraceArchConstants { 810 ptraceConstants[k] = v 811 } 812 813 for k, v := range ptraceConstants { 814 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 815 } 816 817 for k, v := range ptraceConstants { 818 ptraceFlagsStrings[v] = k 819 } 820 } 821 822 func initVMConstants() { 823 for k, v := range vmConstants { 824 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 825 } 826 827 for k, v := range vmConstants { 828 vmStrings[v] = k 829 } 830 } 831 832 func initProtConstansts() { 833 for k, v := range protConstants { 834 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 835 } 836 837 for k, v := range protConstants { 838 protStrings[v] = k 839 } 840 } 841 842 func initMMapFlagsConstants() { 843 for k, v := range mmapFlagArchConstants { 844 mmapFlagConstants[k] = v 845 } 846 847 for k, v := range mmapFlagConstants { 848 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 849 } 850 851 for k, v := range mmapFlagConstants { 852 mmapFlagStrings[v] = k 853 } 854 } 855 856 func initSignalConstants() { 857 for k, v := range SignalConstants { 858 seclConstants[k] = &eval.IntEvaluator{Value: v} 859 } 860 861 for k, v := range SignalConstants { 862 signalStrings[v] = k 863 } 864 } 865 866 func initPipeBufFlagConstants() { 867 for k, v := range PipeBufFlagConstants { 868 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 869 pipeBufFlagStrings[int(v)] = k 870 } 871 } 872 873 func initDNSQClassConstants() { 874 for k, v := range DNSQClassConstants { 875 seclConstants[k] = &eval.IntEvaluator{Value: v} 876 dnsQClassStrings[uint32(v)] = k 877 } 878 } 879 880 func initDNSQTypeConstants() { 881 for k, v := range DNSQTypeConstants { 882 seclConstants[k] = &eval.IntEvaluator{Value: v} 883 dnsQTypeStrings[uint32(v)] = k 884 } 885 } 886 887 func initL3ProtocolConstants() { 888 for k, v := range L3ProtocolConstants { 889 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 890 l3ProtocolStrings[v] = k 891 } 892 } 893 894 func initL4ProtocolConstants() { 895 for k, v := range L4ProtocolConstants { 896 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 897 l4ProtocolStrings[v] = k 898 } 899 } 900 901 func initAddressFamilyConstants() { 902 for k, v := range addressFamilyConstants { 903 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 904 } 905 906 for k, v := range addressFamilyConstants { 907 addressFamilyStrings[v] = k 908 } 909 } 910 911 func initExitCauseConstants() { 912 for k, v := range exitCauseConstants { 913 seclConstants[k] = &eval.IntEvaluator{Value: int(v)} 914 exitCauseStrings[v] = k 915 } 916 } 917 918 func initBPFMapNamesConstants() { 919 seclConstants["CWS_MAP_NAMES"] = &eval.StringArrayEvaluator{Values: bpfMapNames} 920 } 921 922 func initBoolConstants() { 923 for k, v := range BooleanConstants { 924 seclConstants[k] = v 925 } 926 } 927 928 func initConstants() { 929 initBoolConstants() 930 initErrorConstants() 931 initOpenConstants() 932 initFileModeConstants() 933 initInodeModeConstants() 934 initUnlinkConstanst() 935 initKernelCapabilityConstants() 936 initBPFCmdConstants() 937 initBPFHelperFuncConstants() 938 initBPFMapTypeConstants() 939 initBPFProgramTypeConstants() 940 initBPFAttachTypeConstants() 941 initPtraceConstants() 942 initVMConstants() 943 initProtConstansts() 944 initMMapFlagsConstants() 945 initSignalConstants() 946 initPipeBufFlagConstants() 947 initDNSQClassConstants() 948 initDNSQTypeConstants() 949 initL3ProtocolConstants() 950 initL4ProtocolConstants() 951 initAddressFamilyConstants() 952 initExitCauseConstants() 953 initBPFMapNamesConstants() 954 usersession.InitUserSessionTypes() 955 } 956 957 func bitmaskToStringArray(bitmask int, intToStrMap map[int]string) []string { 958 var strs []string 959 var result int 960 961 for v, s := range intToStrMap { 962 if v == 0 { 963 continue 964 } 965 966 if bitmask&v == v { 967 strs = append(strs, s) 968 result |= v 969 } 970 } 971 972 if result != bitmask { 973 strs = append(strs, fmt.Sprintf("%d", bitmask&^result)) 974 } 975 976 sort.Strings(strs) 977 return strs 978 } 979 980 func bitmaskToString(bitmask int, intToStrMap map[int]string) string { 981 return strings.Join(bitmaskToStringArray(bitmask, intToStrMap), " | ") 982 } 983 984 func bitmaskU64ToStringArray(bitmask uint64, intToStrMap map[uint64]string) []string { 985 var strs []string 986 var result uint64 987 988 for v, s := range intToStrMap { 989 if v == 0 { 990 continue 991 } 992 993 if bitmask&v == v { 994 strs = append(strs, s) 995 result |= v 996 } 997 } 998 999 if result != bitmask { 1000 strs = append(strs, fmt.Sprintf("%d", bitmask&^result)) 1001 } 1002 1003 sort.Strings(strs) 1004 return strs 1005 } 1006 1007 func bitmaskU64ToString(bitmask uint64, intToStrMap map[uint64]string) string { 1008 return strings.Join(bitmaskU64ToStringArray(bitmask, intToStrMap), " | ") 1009 } 1010 1011 // OpenFlags represents an open flags bitmask value 1012 type OpenFlags int 1013 1014 func (f OpenFlags) String() string { 1015 return strings.Join(f.StringArray(), " | ") 1016 } 1017 1018 // StringArray returns the open flags as an array of strings 1019 func (f OpenFlags) StringArray() []string { 1020 // open flags are actually composed of 2 sets of flags 1021 // the lowest 2 bits manage the read/write access modes 1022 readWriteBits := int(f) & 0b11 1023 // the other bits manage the general purpose flags (like O_CLOEXEC, or O_TRUNC) 1024 flagsBits := int(f) & ^0b11 1025 1026 // in order to default to O_RDONLY even if other bits are set we convert 1027 // both bitmask separately 1028 readWrite := bitmaskToStringArray(readWriteBits, openFlagsStrings) 1029 flags := bitmaskToStringArray(flagsBits, openFlagsStrings) 1030 1031 if len(readWrite) == 0 { 1032 readWrite = []string{openFlagsStrings[syscall.O_RDONLY]} 1033 } 1034 1035 if len(flags) == 0 { 1036 return readWrite 1037 } 1038 1039 return append(readWrite, flags...) 1040 } 1041 1042 // FileMode represents a file mode bitmask value 1043 type FileMode int 1044 1045 func (m FileMode) String() string { 1046 return bitmaskToString(int(m), fileModeStrings) 1047 } 1048 1049 // InodeMode represents an inode mode bitmask value 1050 type InodeMode int 1051 1052 func (m InodeMode) String() string { 1053 return bitmaskToString(int(m), inodeModeStrings) 1054 } 1055 1056 // UnlinkFlags represents an unlink flags bitmask value 1057 type UnlinkFlags int 1058 1059 func (f UnlinkFlags) String() string { 1060 return bitmaskToString(int(f), unlinkFlagsStrings) 1061 } 1062 1063 // StringArray returns the unlink flags as an array of strings 1064 func (f UnlinkFlags) StringArray() []string { 1065 return bitmaskToStringArray(int(f), unlinkFlagsStrings) 1066 } 1067 1068 // RetValError represents a syscall return error value 1069 type RetValError int 1070 1071 func (f RetValError) String() string { 1072 v := int(f) 1073 if v < 0 { 1074 return syscall.Errno(-v).Error() 1075 } 1076 return "" 1077 } 1078 1079 var capsStringArrayCache *lru.Cache[KernelCapability, []string] 1080 1081 var constantsInitialized sync.Once 1082 1083 // SECLConstants returns the constants supported in runtime security agent rules, 1084 // initializing these constants during the first call 1085 func SECLConstants() map[string]interface{} { 1086 constantsInitialized.Do(func() { 1087 initConstants() 1088 }) 1089 return seclConstants 1090 } 1091 1092 func init() { 1093 capsStringArrayCache, _ = lru.New[KernelCapability, []string](4) 1094 } 1095 1096 // KernelCapability represents a kernel capability bitmask value 1097 type KernelCapability uint64 1098 1099 func (kc KernelCapability) String() string { 1100 return bitmaskU64ToString(uint64(kc), kernelCapabilitiesStrings) 1101 } 1102 1103 // StringArray returns the kernel capabilities as an array of strings 1104 func (kc KernelCapability) StringArray() []string { 1105 if kc == 0 { 1106 return nil 1107 } 1108 if value, ok := capsStringArrayCache.Get(kc); ok { 1109 return value 1110 } 1111 computed := bitmaskU64ToStringArray(uint64(kc), kernelCapabilitiesStrings) 1112 capsStringArrayCache.Add(kc, computed) 1113 return computed 1114 } 1115 1116 // BPFCmd represents a BPF command 1117 type BPFCmd uint64 1118 1119 func (cmd BPFCmd) String() string { 1120 return bpfCmdStrings[uint32(cmd)] 1121 } 1122 1123 const ( 1124 // BpfMapCreateCmd command 1125 BpfMapCreateCmd BPFCmd = iota 1126 // BpfMapLookupElemCmd command 1127 BpfMapLookupElemCmd 1128 // BpfMapUpdateElemCmd command 1129 BpfMapUpdateElemCmd 1130 // BpfMapDeleteElemCmd command 1131 BpfMapDeleteElemCmd 1132 // BpfMapGetNextKeyCmd command 1133 BpfMapGetNextKeyCmd 1134 // BpfProgLoadCmd command 1135 BpfProgLoadCmd 1136 // BpfObjPinCmd command 1137 BpfObjPinCmd 1138 // BpfObjGetCmd command 1139 BpfObjGetCmd 1140 // BpfProgAttachCmd command 1141 BpfProgAttachCmd 1142 // BpfProgDetachCmd command 1143 BpfProgDetachCmd 1144 // BpfProgTestRunCmd command 1145 BpfProgTestRunCmd 1146 // BpfProgGetNextIDCmd command 1147 BpfProgGetNextIDCmd 1148 // BpfMapGetNextIDCmd command 1149 BpfMapGetNextIDCmd 1150 // BpfProgGetFdByIDCmd command 1151 BpfProgGetFdByIDCmd 1152 // BpfMapGetFdByIDCmd command 1153 BpfMapGetFdByIDCmd 1154 // BpfObjGetInfoByFdCmd command 1155 BpfObjGetInfoByFdCmd 1156 // BpfProgQueryCmd command 1157 BpfProgQueryCmd 1158 // BpfRawTracepointOpenCmd command 1159 BpfRawTracepointOpenCmd 1160 // BpfBtfLoadCmd command 1161 BpfBtfLoadCmd 1162 // BpfBtfGetFdByIDCmd command 1163 BpfBtfGetFdByIDCmd 1164 // BpfTaskFdQueryCmd command 1165 BpfTaskFdQueryCmd 1166 // BpfMapLookupAndDeleteElemCmd command 1167 BpfMapLookupAndDeleteElemCmd 1168 // BpfMapFreezeCmd command 1169 BpfMapFreezeCmd 1170 // BpfBtfGetNextIDCmd command 1171 BpfBtfGetNextIDCmd 1172 // BpfMapLookupBatchCmd command 1173 BpfMapLookupBatchCmd 1174 // BpfMapLookupAndDeleteBatchCmd command 1175 BpfMapLookupAndDeleteBatchCmd 1176 // BpfMapUpdateBatchCmd command 1177 BpfMapUpdateBatchCmd 1178 // BpfMapDeleteBatchCmd command 1179 BpfMapDeleteBatchCmd 1180 // BpfLinkCreateCmd command 1181 BpfLinkCreateCmd 1182 // BpfLinkUpdateCmd command 1183 BpfLinkUpdateCmd 1184 // BpfLinkGetFdByIDCmd command 1185 BpfLinkGetFdByIDCmd 1186 // BpfLinkGetNextIDCmd command 1187 BpfLinkGetNextIDCmd 1188 // BpfEnableStatsCmd command 1189 BpfEnableStatsCmd 1190 // BpfIterCreateCmd command 1191 BpfIterCreateCmd 1192 // BpfLinkDetachCmd command 1193 BpfLinkDetachCmd 1194 // BpfProgBindMapCmd command 1195 BpfProgBindMapCmd 1196 ) 1197 1198 // BPFHelperFunc represents a BPF helper function 1199 type BPFHelperFunc uint32 1200 1201 func (f BPFHelperFunc) String() string { 1202 return bpfHelperFuncStrings[uint32(f)] 1203 } 1204 1205 // StringifyHelpersList returns a string list representation of a list of helpers 1206 func StringifyHelpersList(input []uint32) []string { 1207 helpers := make([]string, len(input)) 1208 for i, helper := range input { 1209 helpers[i] = BPFHelperFunc(helper).String() 1210 } 1211 return helpers 1212 } 1213 1214 const ( 1215 // BpfUnspec helper function 1216 BpfUnspec BPFHelperFunc = iota 1217 // BpfMapLookupElem helper function 1218 BpfMapLookupElem 1219 // BpfMapUpdateElem helper function 1220 BpfMapUpdateElem 1221 // BpfMapDeleteElem helper function 1222 BpfMapDeleteElem 1223 // BpfProbeRead helper function 1224 BpfProbeRead 1225 // BpfKtimeGetNs helper function 1226 BpfKtimeGetNs 1227 // BpfTracePrintk helper function 1228 BpfTracePrintk 1229 // BpfGetPrandomU32 helper function 1230 BpfGetPrandomU32 1231 // BpfGetSmpProcessorID helper function 1232 BpfGetSmpProcessorID 1233 // BpfSkbStoreBytes helper function 1234 BpfSkbStoreBytes 1235 // BpfL3CsumReplace helper function 1236 BpfL3CsumReplace 1237 // BpfL4CsumReplace helper function 1238 BpfL4CsumReplace 1239 // BpfTailCall helper function 1240 BpfTailCall 1241 // BpfCloneRedirect helper function 1242 BpfCloneRedirect 1243 // BpfGetCurrentPidTgid helper function 1244 BpfGetCurrentPidTgid 1245 // BpfGetCurrentUIDGid helper function 1246 BpfGetCurrentUIDGid 1247 // BpfGetCurrentComm helper function 1248 BpfGetCurrentComm 1249 // BpfGetCgroupClassid helper function 1250 BpfGetCgroupClassid 1251 // BpfSkbVlanPush helper function 1252 BpfSkbVlanPush 1253 // BpfSkbVlanPop helper function 1254 BpfSkbVlanPop 1255 // BpfSkbGetTunnelKey helper function 1256 BpfSkbGetTunnelKey 1257 // BpfSkbSetTunnelKey helper function 1258 BpfSkbSetTunnelKey 1259 // BpfPerfEventRead helper function 1260 BpfPerfEventRead 1261 // BpfRedirect helper function 1262 BpfRedirect 1263 // BpfGetRouteRealm helper function 1264 BpfGetRouteRealm 1265 // BpfPerfEventOutput helper function 1266 BpfPerfEventOutput 1267 // BpfSkbLoadBytes helper function 1268 BpfSkbLoadBytes 1269 // BpfGetStackid helper function 1270 BpfGetStackid 1271 // BpfCsumDiff helper function 1272 BpfCsumDiff 1273 // BpfSkbGetTunnelOpt helper function 1274 BpfSkbGetTunnelOpt 1275 // BpfSkbSetTunnelOpt helper function 1276 BpfSkbSetTunnelOpt 1277 // BpfSkbChangeProto helper function 1278 BpfSkbChangeProto 1279 // BpfSkbChangeType helper function 1280 BpfSkbChangeType 1281 // BpfSkbUnderCgroup helper function 1282 BpfSkbUnderCgroup 1283 // BpfGetHashRecalc helper function 1284 BpfGetHashRecalc 1285 // BpfGetCurrentTask helper function 1286 BpfGetCurrentTask 1287 // BpfProbeWriteUser helper function 1288 BpfProbeWriteUser 1289 // BpfCurrentTaskUnderCgroup helper function 1290 BpfCurrentTaskUnderCgroup 1291 // BpfSkbChangeTail helper function 1292 BpfSkbChangeTail 1293 // BpfSkbPullData helper function 1294 BpfSkbPullData 1295 // BpfCsumUpdate helper function 1296 BpfCsumUpdate 1297 // BpfSetHashInvalid helper function 1298 BpfSetHashInvalid 1299 // BpfGetNumaNodeID helper function 1300 BpfGetNumaNodeID 1301 // BpfSkbChangeHead helper function 1302 BpfSkbChangeHead 1303 // BpfXdpAdjustHead helper function 1304 BpfXdpAdjustHead 1305 // BpfProbeReadStr helper function 1306 BpfProbeReadStr 1307 // BpfGetSocketCookie helper function 1308 BpfGetSocketCookie 1309 // BpfGetSocketUID helper function 1310 BpfGetSocketUID 1311 // BpfSetHash helper function 1312 BpfSetHash 1313 // BpfSetsockopt helper function 1314 BpfSetsockopt 1315 // BpfSkbAdjustRoom helper function 1316 BpfSkbAdjustRoom 1317 // BpfRedirectMap helper function 1318 BpfRedirectMap 1319 // BpfSkRedirectMap helper function 1320 BpfSkRedirectMap 1321 // BpfSockMapUpdate helper function 1322 BpfSockMapUpdate 1323 // BpfXdpAdjustMeta helper function 1324 BpfXdpAdjustMeta 1325 // BpfPerfEventReadValue helper function 1326 BpfPerfEventReadValue 1327 // BpfPerfProgReadValue helper function 1328 BpfPerfProgReadValue 1329 // BpfGetsockopt helper function 1330 BpfGetsockopt 1331 // BpfOverrideReturn helper function 1332 BpfOverrideReturn 1333 // BpfSockOpsCbFlagsSet helper function 1334 BpfSockOpsCbFlagsSet 1335 // BpfMsgRedirectMap helper function 1336 BpfMsgRedirectMap 1337 // BpfMsgApplyBytes helper function 1338 BpfMsgApplyBytes 1339 // BpfMsgCorkBytes helper function 1340 BpfMsgCorkBytes 1341 // BpfMsgPullData helper function 1342 BpfMsgPullData 1343 // BpfBind helper function 1344 BpfBind 1345 // BpfXdpAdjustTail helper function 1346 BpfXdpAdjustTail 1347 // BpfSkbGetXfrmState helper function 1348 BpfSkbGetXfrmState 1349 // BpfGetStack helper function 1350 BpfGetStack 1351 // BpfSkbLoadBytesRelative helper function 1352 BpfSkbLoadBytesRelative 1353 // BpfFibLookup helper function 1354 BpfFibLookup 1355 // BpfSockHashUpdate helper function 1356 BpfSockHashUpdate 1357 // BpfMsgRedirectHash helper function 1358 BpfMsgRedirectHash 1359 // BpfSkRedirectHash helper function 1360 BpfSkRedirectHash 1361 // BpfLwtPushEncap helper function 1362 BpfLwtPushEncap 1363 // BpfLwtSeg6StoreBytes helper function 1364 BpfLwtSeg6StoreBytes 1365 // BpfLwtSeg6AdjustSrh helper function 1366 BpfLwtSeg6AdjustSrh 1367 // BpfLwtSeg6Action helper function 1368 BpfLwtSeg6Action 1369 // BpfRcRepeat helper function 1370 BpfRcRepeat 1371 // BpfRcKeydown helper function 1372 BpfRcKeydown 1373 // BpfSkbCgroupID helper function 1374 BpfSkbCgroupID 1375 // BpfGetCurrentCgroupID helper function 1376 BpfGetCurrentCgroupID 1377 // BpfGetLocalStorage helper function 1378 BpfGetLocalStorage 1379 // BpfSkSelectReuseport helper function 1380 BpfSkSelectReuseport 1381 // BpfSkbAncestorCgroupID helper function 1382 BpfSkbAncestorCgroupID 1383 // BpfSkLookupTCP helper function 1384 BpfSkLookupTCP 1385 // BpfSkLookupUDP helper function 1386 BpfSkLookupUDP 1387 // BpfSkRelease helper function 1388 BpfSkRelease 1389 // BpfMapPushElem helper function 1390 BpfMapPushElem 1391 // BpfMapPopElem helper function 1392 BpfMapPopElem 1393 // BpfMapPeekElem helper function 1394 BpfMapPeekElem 1395 // BpfMsgPushData helper function 1396 BpfMsgPushData 1397 // BpfMsgPopData helper function 1398 BpfMsgPopData 1399 // BpfRcPointerRel helper function 1400 BpfRcPointerRel 1401 // BpfSpinLock helper function 1402 BpfSpinLock 1403 // BpfSpinUnlock helper function 1404 BpfSpinUnlock 1405 // BpfSkFullsock helper function 1406 BpfSkFullsock 1407 // BpfTCPSock helper function 1408 BpfTCPSock 1409 // BpfSkbEcnSetCe helper function 1410 BpfSkbEcnSetCe 1411 // BpfGetListenerSock helper function 1412 BpfGetListenerSock 1413 // BpfSkcLookupTCP helper function 1414 BpfSkcLookupTCP 1415 // BpfTCPCheckSyncookie helper function 1416 BpfTCPCheckSyncookie 1417 // BpfSysctlGetName helper function 1418 BpfSysctlGetName 1419 // BpfSysctlGetCurrentValue helper function 1420 BpfSysctlGetCurrentValue 1421 // BpfSysctlGetNewValue helper function 1422 BpfSysctlGetNewValue 1423 // BpfSysctlSetNewValue helper function 1424 BpfSysctlSetNewValue 1425 // BpfStrtol helper function 1426 BpfStrtol 1427 // BpfStrtoul helper function 1428 BpfStrtoul 1429 // BpfSkStorageGet helper function 1430 BpfSkStorageGet 1431 // BpfSkStorageDelete helper function 1432 BpfSkStorageDelete 1433 // BpfSendSignal helper function 1434 BpfSendSignal 1435 // BpfTCPGenSyncookie helper function 1436 BpfTCPGenSyncookie 1437 // BpfSkbOutput helper function 1438 BpfSkbOutput 1439 // BpfProbeReadUser helper function 1440 BpfProbeReadUser 1441 // BpfProbeReadKernel helper function 1442 BpfProbeReadKernel 1443 // BpfProbeReadUserStr helper function 1444 BpfProbeReadUserStr 1445 // BpfProbeReadKernelStr helper function 1446 BpfProbeReadKernelStr 1447 // BpfTCPSendAck helper function 1448 BpfTCPSendAck 1449 // BpfSendSignalThread helper function 1450 BpfSendSignalThread 1451 // BpfJiffies64 helper function 1452 BpfJiffies64 1453 // BpfReadBranchRecords helper function 1454 BpfReadBranchRecords 1455 // BpfGetNsCurrentPidTgid helper function 1456 BpfGetNsCurrentPidTgid 1457 // BpfXdpOutput helper function 1458 BpfXdpOutput 1459 // BpfGetNetnsCookie helper function 1460 BpfGetNetnsCookie 1461 // BpfGetCurrentAncestorCgroupID helper function 1462 BpfGetCurrentAncestorCgroupID 1463 // BpfSkAssign helper function 1464 BpfSkAssign 1465 // BpfKtimeGetBootNs helper function 1466 BpfKtimeGetBootNs 1467 // BpfSeqPrintf helper function 1468 BpfSeqPrintf 1469 // BpfSeqWrite helper function 1470 BpfSeqWrite 1471 // BpfSkCgroupID helper function 1472 BpfSkCgroupID 1473 // BpfSkAncestorCgroupID helper function 1474 BpfSkAncestorCgroupID 1475 // BpfRingbufOutput helper function 1476 BpfRingbufOutput 1477 // BpfRingbufReserve helper function 1478 BpfRingbufReserve 1479 // BpfRingbufSubmit helper function 1480 BpfRingbufSubmit 1481 // BpfRingbufDiscard helper function 1482 BpfRingbufDiscard 1483 // BpfRingbufQuery helper function 1484 BpfRingbufQuery 1485 // BpfCsumLevel helper function 1486 BpfCsumLevel 1487 // BpfSkcToTCP6Sock helper function 1488 BpfSkcToTCP6Sock 1489 // BpfSkcToTCPSock helper function 1490 BpfSkcToTCPSock 1491 // BpfSkcToTCPTimewaitSock helper function 1492 BpfSkcToTCPTimewaitSock 1493 // BpfSkcToTCPRequestSock helper function 1494 BpfSkcToTCPRequestSock 1495 // BpfSkcToUDP6Sock helper function 1496 BpfSkcToUDP6Sock 1497 // BpfGetTaskStack helper function 1498 BpfGetTaskStack 1499 // BpfLoadHdrOpt helper function 1500 BpfLoadHdrOpt 1501 // BpfStoreHdrOpt helper function 1502 BpfStoreHdrOpt 1503 // BpfReserveHdrOpt helper function 1504 BpfReserveHdrOpt 1505 // BpfInodeStorageGet helper function 1506 BpfInodeStorageGet 1507 // BpfInodeStorageDelete helper function 1508 BpfInodeStorageDelete 1509 // BpfDPath helper function 1510 BpfDPath 1511 // BpfCopyFromUser helper function 1512 BpfCopyFromUser 1513 // BpfSnprintfBtf helper function 1514 BpfSnprintfBtf 1515 // BpfSeqPrintfBtf helper function 1516 BpfSeqPrintfBtf 1517 // BpfSkbCgroupClassid helper function 1518 BpfSkbCgroupClassid 1519 // BpfRedirectNeigh helper function 1520 BpfRedirectNeigh 1521 // BpfPerCPUPtr helper function 1522 BpfPerCPUPtr 1523 // BpfThisCPUPtr helper function 1524 BpfThisCPUPtr 1525 // BpfRedirectPeer helper function 1526 BpfRedirectPeer 1527 // BpfTaskStorageGet helper function 1528 BpfTaskStorageGet 1529 // BpfTaskStorageDelete helper function 1530 BpfTaskStorageDelete 1531 // BpfGetCurrentTaskBtf helper function 1532 BpfGetCurrentTaskBtf 1533 // BpfBprmOptsSet helper function 1534 BpfBprmOptsSet 1535 // BpfKtimeGetCoarseNs helper function 1536 BpfKtimeGetCoarseNs 1537 // BpfImaInodeHash helper function 1538 BpfImaInodeHash 1539 // BpfSockFromFile helper function 1540 BpfSockFromFile 1541 // BpfCheckMtu helper function 1542 BpfCheckMtu 1543 // BpfForEachMapElem helper function 1544 BpfForEachMapElem 1545 // BpfSnprintf helper function 1546 BpfSnprintf 1547 ) 1548 1549 // BPFMapType is used to define map type constants 1550 type BPFMapType uint32 1551 1552 func (t BPFMapType) String() string { 1553 return bpfMapTypeStrings[uint32(t)] 1554 } 1555 1556 const ( 1557 // BpfMapTypeUnspec map type 1558 BpfMapTypeUnspec BPFMapType = iota 1559 // BpfMapTypeHash map type 1560 BpfMapTypeHash 1561 // BpfMapTypeArray map type 1562 BpfMapTypeArray 1563 // BpfMapTypeProgArray map type 1564 BpfMapTypeProgArray 1565 // BpfMapTypePerfEventArray map type 1566 BpfMapTypePerfEventArray 1567 // BpfMapTypePercpuHash map type 1568 BpfMapTypePercpuHash 1569 // BpfMapTypePercpuArray map type 1570 BpfMapTypePercpuArray 1571 // BpfMapTypeStackTrace map type 1572 BpfMapTypeStackTrace 1573 // BpfMapTypeCgroupArray map type 1574 BpfMapTypeCgroupArray 1575 // BpfMapTypeLruHash map type 1576 BpfMapTypeLruHash 1577 // BpfMapTypeLruPercpuHash map type 1578 BpfMapTypeLruPercpuHash 1579 // BpfMapTypeLpmTrie map type 1580 BpfMapTypeLpmTrie 1581 // BpfMapTypeArrayOfMaps map type 1582 BpfMapTypeArrayOfMaps 1583 // BpfMapTypeHashOfMaps map type 1584 BpfMapTypeHashOfMaps 1585 // BpfMapTypeDevmap map type 1586 BpfMapTypeDevmap 1587 // BpfMapTypeSockmap map type 1588 BpfMapTypeSockmap 1589 // BpfMapTypeCPUmap map type 1590 BpfMapTypeCPUmap 1591 // BpfMapTypeXskmap map type 1592 BpfMapTypeXskmap 1593 // BpfMapTypeSockhash map type 1594 BpfMapTypeSockhash 1595 // BpfMapTypeCgroupStorage map type 1596 BpfMapTypeCgroupStorage 1597 // BpfMapTypeReuseportSockarray map type 1598 BpfMapTypeReuseportSockarray 1599 // BpfMapTypePercpuCgroupStorage map type 1600 BpfMapTypePercpuCgroupStorage 1601 // BpfMapTypeQueue map type 1602 BpfMapTypeQueue 1603 // BpfMapTypeStack map type 1604 BpfMapTypeStack 1605 // BpfMapTypeSkStorage map type 1606 BpfMapTypeSkStorage 1607 // BpfMapTypeDevmapHash map type 1608 BpfMapTypeDevmapHash 1609 // BpfMapTypeStructOps map type 1610 BpfMapTypeStructOps 1611 // BpfMapTypeRingbuf map type 1612 BpfMapTypeRingbuf 1613 // BpfMapTypeInodeStorage map type 1614 BpfMapTypeInodeStorage 1615 // BpfMapTypeTaskStorage map type 1616 BpfMapTypeTaskStorage 1617 ) 1618 1619 // BPFProgramType is used to define program type constants 1620 type BPFProgramType uint32 1621 1622 func (t BPFProgramType) String() string { 1623 return bpfProgramTypeStrings[uint32(t)] 1624 } 1625 1626 const ( 1627 // BpfProgTypeUnspec program type 1628 BpfProgTypeUnspec BPFProgramType = iota 1629 // BpfProgTypeSocketFilter program type 1630 BpfProgTypeSocketFilter 1631 // BpfProgTypeKprobe program type 1632 BpfProgTypeKprobe 1633 // BpfProgTypeSchedCls program type 1634 BpfProgTypeSchedCls 1635 // BpfProgTypeSchedAct program type 1636 BpfProgTypeSchedAct 1637 // BpfProgTypeTracepoint program type 1638 BpfProgTypeTracepoint 1639 // BpfProgTypeXdp program type 1640 BpfProgTypeXdp 1641 // BpfProgTypePerfEvent program type 1642 BpfProgTypePerfEvent 1643 // BpfProgTypeCgroupSkb program type 1644 BpfProgTypeCgroupSkb 1645 // BpfProgTypeCgroupSock program type 1646 BpfProgTypeCgroupSock 1647 // BpfProgTypeLwtIn program type 1648 BpfProgTypeLwtIn 1649 // BpfProgTypeLwtOut program type 1650 BpfProgTypeLwtOut 1651 // BpfProgTypeLwtXmit program type 1652 BpfProgTypeLwtXmit 1653 // BpfProgTypeSockOps program type 1654 BpfProgTypeSockOps 1655 // BpfProgTypeSkSkb program type 1656 BpfProgTypeSkSkb 1657 // BpfProgTypeCgroupDevice program type 1658 BpfProgTypeCgroupDevice 1659 // BpfProgTypeSkMsg program type 1660 BpfProgTypeSkMsg 1661 // BpfProgTypeRawTracepoint program type 1662 BpfProgTypeRawTracepoint 1663 // BpfProgTypeCgroupSockAddr program type 1664 BpfProgTypeCgroupSockAddr 1665 // BpfProgTypeLwtSeg6local program type 1666 BpfProgTypeLwtSeg6local 1667 // BpfProgTypeLircMode2 program type 1668 BpfProgTypeLircMode2 1669 // BpfProgTypeSkReuseport program type 1670 BpfProgTypeSkReuseport 1671 // BpfProgTypeFlowDissector program type 1672 BpfProgTypeFlowDissector 1673 // BpfProgTypeCgroupSysctl program type 1674 BpfProgTypeCgroupSysctl 1675 // BpfProgTypeRawTracepointWritable program type 1676 BpfProgTypeRawTracepointWritable 1677 // BpfProgTypeCgroupSockopt program type 1678 BpfProgTypeCgroupSockopt 1679 // BpfProgTypeTracing program type 1680 BpfProgTypeTracing 1681 // BpfProgTypeStructOps program type 1682 BpfProgTypeStructOps 1683 // BpfProgTypeExt program type 1684 BpfProgTypeExt 1685 // BpfProgTypeLsm program type 1686 BpfProgTypeLsm 1687 // BpfProgTypeSkLookup program type 1688 BpfProgTypeSkLookup 1689 ) 1690 1691 // BPFAttachType is used to define attach type constants 1692 type BPFAttachType uint32 1693 1694 func (t BPFAttachType) String() string { 1695 return bpfAttachTypeStrings[uint32(t)] 1696 } 1697 1698 const ( 1699 // BpfCgroupInetIngress attach type 1700 BpfCgroupInetIngress BPFAttachType = iota + 1 1701 // BpfCgroupInetEgress attach type 1702 BpfCgroupInetEgress 1703 // BpfCgroupInetSockCreate attach type 1704 BpfCgroupInetSockCreate 1705 // BpfCgroupSockOps attach type 1706 BpfCgroupSockOps 1707 // BpfSkSkbStreamParser attach type 1708 BpfSkSkbStreamParser 1709 // BpfSkSkbStreamVerdict attach type 1710 BpfSkSkbStreamVerdict 1711 // BpfCgroupDevice attach type 1712 BpfCgroupDevice 1713 // BpfSkMsgVerdict attach type 1714 BpfSkMsgVerdict 1715 // BpfCgroupInet4Bind attach type 1716 BpfCgroupInet4Bind 1717 // BpfCgroupInet6Bind attach type 1718 BpfCgroupInet6Bind 1719 // BpfCgroupInet4Connect attach type 1720 BpfCgroupInet4Connect 1721 // BpfCgroupInet6Connect attach type 1722 BpfCgroupInet6Connect 1723 // BpfCgroupInet4PostBind attach type 1724 BpfCgroupInet4PostBind 1725 // BpfCgroupInet6PostBind attach type 1726 BpfCgroupInet6PostBind 1727 // BpfCgroupUDP4Sendmsg attach type 1728 BpfCgroupUDP4Sendmsg 1729 // BpfCgroupUDP6Sendmsg attach type 1730 BpfCgroupUDP6Sendmsg 1731 // BpfLircMode2 attach type 1732 BpfLircMode2 1733 // BpfFlowDissector attach type 1734 BpfFlowDissector 1735 // BpfCgroupSysctl attach type 1736 BpfCgroupSysctl 1737 // BpfCgroupUDP4Recvmsg attach type 1738 BpfCgroupUDP4Recvmsg 1739 // BpfCgroupUDP6Recvmsg attach type 1740 BpfCgroupUDP6Recvmsg 1741 // BpfCgroupGetsockopt attach type 1742 BpfCgroupGetsockopt 1743 // BpfCgroupSetsockopt attach type 1744 BpfCgroupSetsockopt 1745 // BpfTraceRawTp attach type 1746 BpfTraceRawTp 1747 // BpfTraceFentry attach type 1748 BpfTraceFentry 1749 // BpfTraceFexit attach type 1750 BpfTraceFexit 1751 // BpfModifyReturn attach type 1752 BpfModifyReturn 1753 // BpfLsmMac attach type 1754 BpfLsmMac 1755 // BpfTraceIter attach type 1756 BpfTraceIter 1757 // BpfCgroupInet4Getpeername attach type 1758 BpfCgroupInet4Getpeername 1759 // BpfCgroupInet6Getpeername attach type 1760 BpfCgroupInet6Getpeername 1761 // BpfCgroupInet4Getsockname attach type 1762 BpfCgroupInet4Getsockname 1763 // BpfCgroupInet6Getsockname attach type 1764 BpfCgroupInet6Getsockname 1765 // BpfXdpDevmap attach type 1766 BpfXdpDevmap 1767 // BpfCgroupInetSockRelease attach type 1768 BpfCgroupInetSockRelease 1769 // BpfXdpCPUmap attach type 1770 BpfXdpCPUmap 1771 // BpfSkLookup attach type 1772 BpfSkLookup 1773 // BpfXdp attach type 1774 BpfXdp 1775 // BpfSkSkbVerdict attach type 1776 BpfSkSkbVerdict 1777 ) 1778 1779 // PTraceRequest represents a ptrace request value 1780 type PTraceRequest uint32 1781 1782 func (f PTraceRequest) String() string { 1783 for val, str := range ptraceFlagsStrings { 1784 if val == uint32(f) { 1785 return str 1786 } 1787 } 1788 return fmt.Sprintf("%d", f) 1789 } 1790 1791 // VMFlag represents a VM_* bitmask value 1792 type VMFlag uint64 1793 1794 func (vmf VMFlag) String() string { 1795 return bitmaskU64ToString(uint64(vmf), vmStrings) 1796 } 1797 1798 // Protection represents a virtual memory protection bitmask value 1799 type Protection uint64 1800 1801 func (p Protection) String() string { 1802 return bitmaskU64ToString(uint64(p), protStrings) 1803 } 1804 1805 // MMapFlag represents a mmap flag value 1806 type MMapFlag uint64 1807 1808 func (mmf MMapFlag) String() string { 1809 return bitmaskU64ToString(uint64(mmf), mmapFlagStrings) 1810 } 1811 1812 // Signal represents a type of unix signal (ie, SIGKILL, SIGSTOP etc) 1813 type Signal int 1814 1815 func (sig Signal) String() string { 1816 return signalStrings[int(sig)] 1817 } 1818 1819 // PipeBufFlag represents a pipe buffer flag 1820 type PipeBufFlag int 1821 1822 func (pbf PipeBufFlag) String() string { 1823 return bitmaskToString(int(pbf), pipeBufFlagStrings) 1824 } 1825 1826 // AddressFamily represents a family address (AF_INET, AF_INET6, AF_UNIX etc) 1827 type AddressFamily int 1828 1829 func (af AddressFamily) String() string { 1830 return addressFamilyStrings[uint16(af)] 1831 } 1832 1833 const ( 1834 // PipeBufFlagLRU pipe buffer flag 1835 PipeBufFlagLRU PipeBufFlag = 0x1 /* page is on the LRU */ 1836 // PipeBufFlagAtomic pipe buffer flag 1837 PipeBufFlagAtomic PipeBufFlag = 0x2 /* was atomically mapped */ 1838 // PipeBufFlagGift pipe buffer flag 1839 PipeBufFlagGift PipeBufFlag = 0x4 /* page is a gift */ 1840 // PipeBufFlagPacket pipe buffer flag 1841 PipeBufFlagPacket PipeBufFlag = 0x8 /* read() as a packet */ 1842 // PipeBufFlagCanMerge pipe buffer flag 1843 PipeBufFlagCanMerge PipeBufFlag = 0x10 /* can merge buffers */ 1844 // PipeBufFlagWhole pipe buffer flag 1845 PipeBufFlagWhole PipeBufFlag = 0x20 /* read() must return entire buffer or error */ 1846 // PipeBufFlagLoss pipe buffer flag 1847 PipeBufFlagLoss PipeBufFlag = 0x40 /* Message loss happened after this buffer */ 1848 ) 1849 1850 // QClass is used to declare the qclass field of a DNS request 1851 type QClass uint32 1852 1853 func (qc QClass) String() string { 1854 if val, ok := dnsQClassStrings[uint32(qc)]; ok { 1855 return val 1856 } 1857 return fmt.Sprintf("qclass(%d)", qc) 1858 } 1859 1860 // QType is used to declare the qtype field of a DNS request 1861 type QType uint32 1862 1863 func (qt QType) String() string { 1864 if val, ok := dnsQTypeStrings[uint32(qt)]; ok { 1865 return val 1866 } 1867 return fmt.Sprintf("qtype(%d)", qt) 1868 } 1869 1870 // L3Protocol Network protocols 1871 type L3Protocol uint16 1872 1873 func (proto L3Protocol) String() string { 1874 return l3ProtocolStrings[proto] 1875 } 1876 1877 const ( 1878 // EthPLOOP Ethernet Loopback packet 1879 EthPLOOP L3Protocol = 0x0060 1880 // EthPPUP Xerox PUP packet 1881 EthPPUP L3Protocol = 0x0200 1882 // EthPPUPAT Xerox PUP Addr Trans packet 1883 EthPPUPAT L3Protocol = 0x0201 1884 // EthPTSN TSN (IEEE 1722) packet 1885 EthPTSN L3Protocol = 0x22F0 1886 // EthPIP Internet Protocol packet 1887 EthPIP L3Protocol = 0x0800 1888 // EthPX25 CCITT X.25 1889 EthPX25 L3Protocol = 0x0805 1890 // EthPARP Address Resolution packet 1891 EthPARP L3Protocol = 0x0806 1892 // EthPBPQ G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] 1893 EthPBPQ L3Protocol = 0x08FF 1894 // EthPIEEEPUP Xerox IEEE802.3 PUP packet 1895 EthPIEEEPUP L3Protocol = 0x0a00 1896 // EthPIEEEPUPAT Xerox IEEE802.3 PUP Addr Trans packet 1897 EthPIEEEPUPAT L3Protocol = 0x0a01 1898 // EthPBATMAN B.A.T.M.A.N.-Advanced packet [ NOT AN OFFICIALLY REGISTERED ID ] 1899 EthPBATMAN L3Protocol = 0x4305 1900 // EthPDEC DEC Assigned proto 1901 EthPDEC L3Protocol = 0x6000 1902 // EthPDNADL DEC DNA Dump/Load 1903 EthPDNADL L3Protocol = 0x6001 1904 // EthPDNARC DEC DNA Remote Console 1905 EthPDNARC L3Protocol = 0x6002 1906 // EthPDNART DEC DNA Routing 1907 EthPDNART L3Protocol = 0x6003 1908 // EthPLAT DEC LAT 1909 EthPLAT L3Protocol = 0x6004 1910 // EthPDIAG DEC Diagnostics 1911 EthPDIAG L3Protocol = 0x6005 1912 // EthPCUST DEC Customer use 1913 EthPCUST L3Protocol = 0x6006 1914 // EthPSCA DEC Systems Comms Arch 1915 EthPSCA L3Protocol = 0x6007 1916 // EthPTEB Trans Ether Bridging 1917 EthPTEB L3Protocol = 0x6558 1918 // EthPRARP Reverse Addr Res packet 1919 EthPRARP L3Protocol = 0x8035 1920 // EthPATALK Appletalk DDP 1921 EthPATALK L3Protocol = 0x809B 1922 // EthPAARP Appletalk AARP 1923 EthPAARP L3Protocol = 0x80F3 1924 // EthP8021Q 802.1Q VLAN Extended Header 1925 EthP8021Q L3Protocol = 0x8100 1926 // EthPERSPAN ERSPAN type II 1927 EthPERSPAN L3Protocol = 0x88BE 1928 // EthPIPX IPX over DIX 1929 EthPIPX L3Protocol = 0x8137 1930 // EthPIPV6 IPv6 over bluebook 1931 EthPIPV6 L3Protocol = 0x86DD 1932 // EthPPAUSE IEEE Pause frames. See 802.3 31B 1933 EthPPAUSE L3Protocol = 0x8808 1934 // EthPSLOW Slow Protocol. See 802.3ad 43B 1935 EthPSLOW L3Protocol = 0x8809 1936 // EthPWCCP Web-cache coordination protocol defined in draft-wilson-wrec-wccp-v2-00.txt 1937 EthPWCCP L3Protocol = 0x883E 1938 // EthPMPLSUC MPLS Unicast traffic 1939 EthPMPLSUC L3Protocol = 0x8847 1940 // EthPMPLSMC MPLS Multicast traffic 1941 EthPMPLSMC L3Protocol = 0x8848 1942 // EthPATMMPOA MultiProtocol Over ATM 1943 EthPATMMPOA L3Protocol = 0x884c 1944 // EthPPPPDISC PPPoE discovery messages 1945 EthPPPPDISC L3Protocol = 0x8863 1946 // EthPPPPSES PPPoE session messages 1947 EthPPPPSES L3Protocol = 0x8864 1948 // EthPLinkCTL HPNA, wlan link local tunnel 1949 EthPLinkCTL L3Protocol = 0x886c 1950 // EthPATMFATE Frame-based ATM Transport over Ethernet 1951 EthPATMFATE L3Protocol = 0x8884 1952 // EthPPAE Port Access Entity (IEEE 802.1X) 1953 EthPPAE L3Protocol = 0x888E 1954 // EthPAOE ATA over Ethernet 1955 EthPAOE L3Protocol = 0x88A2 1956 // EthP8021AD 802.1ad Service VLAN 1957 EthP8021AD L3Protocol = 0x88A8 1958 // EthP802EX1 802.1 Local Experimental 1. 1959 EthP802EX1 L3Protocol = 0x88B5 1960 // EthPTIPC TIPC 1961 EthPTIPC L3Protocol = 0x88CA 1962 // EthPMACSEC 802.1ae MACsec 1963 EthPMACSEC L3Protocol = 0x88E5 1964 // EthP8021AH 802.1ah Backbone Service Tag 1965 EthP8021AH L3Protocol = 0x88E7 1966 // EthPMVRP 802.1Q MVRP 1967 EthPMVRP L3Protocol = 0x88F5 1968 // EthP1588 IEEE 1588 Timesync 1969 EthP1588 L3Protocol = 0x88F7 1970 // EthPNCSI NCSI protocol 1971 EthPNCSI L3Protocol = 0x88F8 1972 // EthPPRP IEC 62439-3 PRP/HSRv0 1973 EthPPRP L3Protocol = 0x88FB 1974 // EthPFCOE Fibre Channel over Ethernet 1975 EthPFCOE L3Protocol = 0x8906 1976 // EthPIBOE Infiniband over Ethernet 1977 EthPIBOE L3Protocol = 0x8915 1978 // EthPTDLS TDLS 1979 EthPTDLS L3Protocol = 0x890D 1980 // EthPFIP FCoE Initialization Protocol 1981 EthPFIP L3Protocol = 0x8914 1982 // EthP80221 IEEE 802.21 Media Independent Handover Protocol 1983 EthP80221 L3Protocol = 0x8917 1984 // EthPHSR IEC 62439-3 HSRv1 1985 EthPHSR L3Protocol = 0x892F 1986 // EthPNSH Network Service Header 1987 EthPNSH L3Protocol = 0x894F 1988 // EthPLOOPBACK Ethernet loopback packet, per IEEE 802.3 1989 EthPLOOPBACK L3Protocol = 0x9000 1990 // EthPQINQ1 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] 1991 EthPQINQ1 L3Protocol = 0x9100 1992 // EthPQINQ2 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] 1993 EthPQINQ2 L3Protocol = 0x9200 1994 // EthPQINQ3 deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] 1995 EthPQINQ3 L3Protocol = 0x9300 1996 // EthPEDSA Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] 1997 EthPEDSA L3Protocol = 0xDADA 1998 // EthPIFE ForCES inter-FE LFB type 1999 EthPIFE L3Protocol = 0xED3E 2000 // EthPAFIUCV IBM afiucv [ NOT AN OFFICIALLY REGISTERED ID ] 2001 EthPAFIUCV L3Protocol = 0xFBFB 2002 // EthP8023MIN If the value in the ethernet type is less than this value then the frame is Ethernet II. Else it is 802.3 2003 EthP8023MIN L3Protocol = 0x0600 2004 // EthPIPV6HopByHop IPv6 Hop by hop option 2005 EthPIPV6HopByHop L3Protocol = 0x000 2006 // EthP8023 Dummy type for 802.3 frames 2007 EthP8023 L3Protocol = 0x0001 2008 // EthPAX25 Dummy protocol id for AX.25 2009 EthPAX25 L3Protocol = 0x0002 2010 // EthPALL Every packet (be careful!!!) 2011 EthPALL L3Protocol = 0x0003 2012 // EthP8022 802.2 frames 2013 EthP8022 L3Protocol = 0x0004 2014 // EthPSNAP Internal only 2015 EthPSNAP L3Protocol = 0x0005 2016 // EthPDDCMP DEC DDCMP: Internal only 2017 EthPDDCMP L3Protocol = 0x0006 2018 // EthPWANPPP Dummy type for WAN PPP frames*/ 2019 EthPWANPPP L3Protocol = 0x0007 2020 // EthPPPPMP Dummy type for PPP MP frames 2021 EthPPPPMP L3Protocol = 0x0008 2022 // EthPLOCALTALK Localtalk pseudo type 2023 EthPLOCALTALK L3Protocol = 0x0009 2024 // EthPCAN CAN: Controller Area Network 2025 EthPCAN L3Protocol = 0x000C 2026 // EthPCANFD CANFD: CAN flexible data rate*/ 2027 EthPCANFD L3Protocol = 0x000D 2028 // EthPPPPTALK Dummy type for Atalk over PPP*/ 2029 EthPPPPTALK L3Protocol = 0x0010 2030 // EthPTR8022 802.2 frames 2031 EthPTR8022 L3Protocol = 0x0011 2032 // EthPMOBITEX Mobitex (kaz@cafe.net) 2033 EthPMOBITEX L3Protocol = 0x0015 2034 // EthPCONTROL Card specific control frames 2035 EthPCONTROL L3Protocol = 0x0016 2036 // EthPIRDA Linux-IrDA 2037 EthPIRDA L3Protocol = 0x0017 2038 // EthPECONET Acorn Econet 2039 EthPECONET L3Protocol = 0x0018 2040 // EthPHDLC HDLC frames 2041 EthPHDLC L3Protocol = 0x0019 2042 // EthPARCNET 1A for ArcNet :-) 2043 EthPARCNET L3Protocol = 0x001A 2044 // EthPDSA Distributed Switch Arch. 2045 EthPDSA L3Protocol = 0x001B 2046 // EthPTRAILER Trailer switch tagging 2047 EthPTRAILER L3Protocol = 0x001C 2048 // EthPPHONET Nokia Phonet frames 2049 EthPPHONET L3Protocol = 0x00F5 2050 // EthPIEEE802154 IEEE802.15.4 frame 2051 EthPIEEE802154 L3Protocol = 0x00F6 2052 // EthPCAIF ST-Ericsson CAIF protocol 2053 EthPCAIF L3Protocol = 0x00F7 2054 // EthPXDSA Multiplexed DSA protocol 2055 EthPXDSA L3Protocol = 0x00F8 2056 // EthPMAP Qualcomm multiplexing and aggregation protocol 2057 EthPMAP L3Protocol = 0x00F9 2058 ) 2059 2060 // L4Protocol transport protocols 2061 type L4Protocol uint16 2062 2063 func (proto L4Protocol) String() string { 2064 return l4ProtocolStrings[proto] 2065 } 2066 2067 const ( 2068 // IPProtoIP Dummy protocol for TCP 2069 IPProtoIP L4Protocol = 0 2070 // IPProtoICMP Internet Control Message Protocol (IPv4) 2071 IPProtoICMP L4Protocol = 1 2072 // IPProtoIGMP Internet Group Management Protocol 2073 IPProtoIGMP L4Protocol = 2 2074 // IPProtoIPIP IPIP tunnels (older KA9Q tunnels use 94) 2075 IPProtoIPIP L4Protocol = 4 2076 // IPProtoTCP Transmission Control Protocol 2077 IPProtoTCP L4Protocol = 6 2078 // IPProtoEGP Exterior Gateway Protocol 2079 IPProtoEGP L4Protocol = 8 2080 // IPProtoIGP Interior Gateway Protocol (any private interior gateway (used by Cisco for their IGRP)) 2081 IPProtoIGP L4Protocol = 9 2082 // IPProtoPUP PUP protocol 2083 IPProtoPUP L4Protocol = 12 2084 // IPProtoUDP User Datagram Protocol 2085 IPProtoUDP L4Protocol = 17 2086 // IPProtoIDP XNS IDP protocol 2087 IPProtoIDP L4Protocol = 22 2088 // IPProtoTP SO Transport Protocol Class 4 2089 IPProtoTP L4Protocol = 29 2090 // IPProtoDCCP Datagram Congestion Control Protocol 2091 IPProtoDCCP L4Protocol = 33 2092 // IPProtoIPV6 IPv6-in-IPv4 tunnelling 2093 IPProtoIPV6 L4Protocol = 41 2094 // IPProtoRSVP RSVP Protocol 2095 IPProtoRSVP L4Protocol = 46 2096 // IPProtoGRE Cisco GRE tunnels (rfc 1701,1702) 2097 IPProtoGRE L4Protocol = 47 2098 // IPProtoESP Encapsulation Security Payload protocol 2099 IPProtoESP L4Protocol = 50 2100 // IPProtoAH Authentication Header protocol 2101 IPProtoAH L4Protocol = 51 2102 // IPProtoICMPV6 Internet Control Message Protocol (IPv6) 2103 IPProtoICMPV6 L4Protocol = 58 2104 // IPProtoMTP Multicast Transport Protocol 2105 IPProtoMTP L4Protocol = 92 2106 // IPProtoBEETPH IP option pseudo header for BEET 2107 IPProtoBEETPH L4Protocol = 94 2108 // IPProtoENCAP Encapsulation Header 2109 IPProtoENCAP L4Protocol = 98 2110 // IPProtoPIM Protocol Independent Multicast 2111 IPProtoPIM L4Protocol = 103 2112 // IPProtoCOMP Compression Header Protocol 2113 IPProtoCOMP L4Protocol = 108 2114 // IPProtoSCTP Stream Control Transport Protocol 2115 IPProtoSCTP L4Protocol = 132 2116 // IPProtoUDPLITE UDP-Lite (RFC 3828) 2117 IPProtoUDPLITE L4Protocol = 136 2118 // IPProtoMPLS MPLS in IP (RFC 4023) 2119 IPProtoMPLS L4Protocol = 137 2120 // IPProtoRAW Raw IP packets 2121 IPProtoRAW L4Protocol = 255 2122 ) 2123 2124 // ExitCause represents the cause of a process termination 2125 type ExitCause uint32 2126 2127 func (cause ExitCause) String() string { 2128 return exitCauseStrings[cause] 2129 } 2130 2131 const ( 2132 // ExitExited Process exited normally 2133 ExitExited ExitCause = iota 2134 // ExitCoreDumped Process was terminated with a coredump signal 2135 ExitCoreDumped 2136 // ExitSignaled Process was terminated with a signal other than a coredump 2137 ExitSignaled 2138 )