github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/pkg/ebpftracer/events/events.go (about) 1 package events 2 3 const ( 4 Sys32Undefined ID = 0xfffffff - 1 // u32 overflows are compiler implementation dependent. 5 Undefined ID = 0xfffffff 6 Unsupported ID = 10000 7 ) 8 9 type ID uint32 10 11 // NOTE: Events should match defined values in ebpf code. 12 13 // Common events (used by all architectures). 14 const ( 15 NetPacketBase ID = iota + 700 16 NetPacketIPBase 17 NetPacketTCPBase 18 NetPacketUDPBase 19 NetPacketICMPBase 20 NetPacketICMPv6Base 21 NetPacketDNSBase 22 NetPacketHTTPBase 23 NetPacketSOCKS5Base 24 NetPacketCapture 25 NetCaptureBase 26 NetFlowBase 27 MaxNetID // network base events go ABOVE this item 28 SysEnter 29 SysExit 30 SchedProcessFork 31 SchedProcessExec 32 SchedProcessExit 33 SchedSwitch 34 DoExit 35 CapCapable 36 VfsWrite 37 VfsWritev 38 VfsRead 39 VfsReadv 40 MemProtAlert 41 CommitCreds 42 SwitchTaskNS 43 MagicWrite 44 CgroupAttachTask 45 CgroupMkdir 46 CgroupRmdir 47 SecurityBprmCheck 48 SecurityFileOpen 49 SecurityInodeUnlink 50 SecuritySocketCreate 51 SecuritySocketListen 52 SecuritySocketConnect 53 SecuritySocketAccept 54 SecuritySocketBind 55 SecuritySocketSetsockopt 56 SecuritySbMount 57 SecurityBPF 58 SecurityBPFMap 59 SecurityKernelReadFile 60 SecurityInodeMknod 61 SecurityPostReadFile 62 SecurityInodeSymlinkEventId 63 SecurityMmapFile 64 SecurityFileMprotect 65 SocketDup 66 HiddenInodes 67 KernelWrite 68 ProcCreate 69 KprobeAttach 70 CallUsermodeHelper 71 DirtyPipeSplice 72 DebugfsCreateFile 73 PrintSyscallTable 74 DebugfsCreateDir 75 DeviceAdd 76 RegisterChrdev 77 SharedObjectLoaded 78 DoInitModule 79 SocketAccept 80 LoadElfPhdrs 81 HookedProcFops 82 PrintNetSeqOps 83 TaskRename 84 SecurityInodeRename 85 DoSigaction 86 BpfAttach 87 KallsymsLookupName 88 DoMmap 89 PrintMemDump 90 VfsUtimes 91 DoTruncate 92 FileModification 93 InotifyWatch 94 SecurityBpfProg 95 ProcessExecuteFailed 96 SecurityPathNotify 97 HiddenKernelModuleSeeker 98 ModuleLoad 99 ModuleFree 100 SockSetState 101 MaxCommonID 102 ProcessOomKilled 103 TtyOpen 104 ) 105 106 // Events originated from user-space 107 const ( 108 NetPacketIPv4 ID = iota + 2000 109 NetPacketIPv6 110 NetPacketTCP 111 NetPacketUDP 112 NetPacketICMP 113 NetPacketICMPv6 114 NetPacketDNS 115 NetPacketDNSRequest 116 NetPacketDNSResponse 117 NetPacketHTTP 118 NetPacketHTTPRequest 119 NetPacketHTTPResponse 120 MaxUserNetID 121 InitNamespaces 122 ContainerCreate 123 ContainerRemove 124 ExistingContainer 125 HookedSyscalls 126 HookedSeqOps 127 SymbolsLoaded 128 SymbolsCollision 129 HiddenKernelModule 130 MaxUserSpace 131 ) 132 133 // Capture meta-events 134 const ( 135 CaptureFileWrite ID = iota + 4000 136 CaptureExec 137 CaptureModule 138 CaptureMem 139 CapturePcap 140 CaptureNetPacket 141 CaptureBpf 142 CaptureFileRead 143 ) 144 145 // Special events for stats aggregations and metrics. 146 const ( 147 TrackSyscallStats ID = iota + 4100 148 ) 149 150 // Signal meta-events 151 const ( 152 SignalCgroupMkdir ID = iota + 5000 153 SignalCgroupRmdir 154 SignalSchedProcessFork 155 SignalSchedProcessExec 156 SignalSchedProcessExit 157 ) 158 159 // Signature events 160 const ( 161 StartSignatureID ID = 6000 162 MaxSignatureID ID = 6999 163 ) 164 165 const ( 166 TestEvent ID = 9999 167 )