diff --git a/api/v1beta1/datasource.pb.go b/api/v1beta1/datasource.pb.go index 42e20e51348f..a6c2eee660bf 100644 --- a/api/v1beta1/datasource.pb.go +++ b/api/v1beta1/datasource.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.29.0 +// protoc-gen-go v1.28.1 +// protoc v4.23.4 // source: api/v1beta1/datasource.proto package v1beta1 @@ -34,9 +34,11 @@ type WriteDataSourceRequest struct { func (x *WriteDataSourceRequest) Reset() { *x = WriteDataSourceRequest{} - mi := &file_api_v1beta1_datasource_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_datasource_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *WriteDataSourceRequest) String() string { @@ -47,7 +49,7 @@ func (*WriteDataSourceRequest) ProtoMessage() {} func (x *WriteDataSourceRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_datasource_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -98,9 +100,11 @@ type WriteDataSourceResponse struct { func (x *WriteDataSourceResponse) Reset() { *x = WriteDataSourceResponse{} - mi := &file_api_v1beta1_datasource_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_datasource_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *WriteDataSourceResponse) String() string { @@ -111,7 +115,7 @@ func (*WriteDataSourceResponse) ProtoMessage() {} func (x *WriteDataSourceResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_datasource_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -177,7 +181,7 @@ func file_api_v1beta1_datasource_proto_rawDescGZIP() []byte { } var file_api_v1beta1_datasource_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_api_v1beta1_datasource_proto_goTypes = []any{ +var file_api_v1beta1_datasource_proto_goTypes = []interface{}{ (*WriteDataSourceRequest)(nil), // 0: tracee.v1beta1.WriteDataSourceRequest (*WriteDataSourceResponse)(nil), // 1: tracee.v1beta1.WriteDataSourceResponse (*structpb.Value)(nil), // 2: google.protobuf.Value @@ -201,6 +205,32 @@ func file_api_v1beta1_datasource_proto_init() { if File_api_v1beta1_datasource_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_api_v1beta1_datasource_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteDataSourceRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_datasource_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WriteDataSourceResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/v1beta1/datasource_grpc.pb.go b/api/v1beta1/datasource_grpc.pb.go index 2bf7e0ca58a8..5d7c64d218da 100644 --- a/api/v1beta1/datasource_grpc.pb.go +++ b/api/v1beta1/datasource_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.2.0 +// - protoc v4.23.4 // source: api/v1beta1/datasource.proto package v1beta1 @@ -15,20 +15,15 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 - -const ( - DataSourceService_Write_FullMethodName = "/tracee.v1beta1.DataSourceService/Write" - DataSourceService_WriteStream_FullMethodName = "/tracee.v1beta1.DataSourceService/WriteStream" -) +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 // DataSourceServiceClient is the client API for DataSourceService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type DataSourceServiceClient interface { Write(ctx context.Context, in *WriteDataSourceRequest, opts ...grpc.CallOption) (*WriteDataSourceResponse, error) - WriteStream(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[WriteDataSourceRequest, WriteDataSourceResponse], error) + WriteStream(ctx context.Context, opts ...grpc.CallOption) (DataSourceService_WriteStreamClient, error) } type dataSourceServiceClient struct { @@ -40,52 +35,68 @@ func NewDataSourceServiceClient(cc grpc.ClientConnInterface) DataSourceServiceCl } func (c *dataSourceServiceClient) Write(ctx context.Context, in *WriteDataSourceRequest, opts ...grpc.CallOption) (*WriteDataSourceResponse, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(WriteDataSourceResponse) - err := c.cc.Invoke(ctx, DataSourceService_Write_FullMethodName, in, out, cOpts...) + err := c.cc.Invoke(ctx, "/tracee.v1beta1.DataSourceService/Write", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *dataSourceServiceClient) WriteStream(ctx context.Context, opts ...grpc.CallOption) (grpc.ClientStreamingClient[WriteDataSourceRequest, WriteDataSourceResponse], error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - stream, err := c.cc.NewStream(ctx, &DataSourceService_ServiceDesc.Streams[0], DataSourceService_WriteStream_FullMethodName, cOpts...) +func (c *dataSourceServiceClient) WriteStream(ctx context.Context, opts ...grpc.CallOption) (DataSourceService_WriteStreamClient, error) { + stream, err := c.cc.NewStream(ctx, &DataSourceService_ServiceDesc.Streams[0], "/tracee.v1beta1.DataSourceService/WriteStream", opts...) if err != nil { return nil, err } - x := &grpc.GenericClientStream[WriteDataSourceRequest, WriteDataSourceResponse]{ClientStream: stream} + x := &dataSourceServiceWriteStreamClient{stream} return x, nil } -// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type DataSourceService_WriteStreamClient = grpc.ClientStreamingClient[WriteDataSourceRequest, WriteDataSourceResponse] +type DataSourceService_WriteStreamClient interface { + Send(*WriteDataSourceRequest) error + CloseAndRecv() (*WriteDataSourceResponse, error) + grpc.ClientStream +} + +type dataSourceServiceWriteStreamClient struct { + grpc.ClientStream +} + +func (x *dataSourceServiceWriteStreamClient) Send(m *WriteDataSourceRequest) error { + return x.ClientStream.SendMsg(m) +} + +func (x *dataSourceServiceWriteStreamClient) CloseAndRecv() (*WriteDataSourceResponse, error) { + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + m := new(WriteDataSourceResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} // DataSourceServiceServer is the server API for DataSourceService service. // All implementations must embed UnimplementedDataSourceServiceServer -// for forward compatibility. +// for forward compatibility type DataSourceServiceServer interface { Write(context.Context, *WriteDataSourceRequest) (*WriteDataSourceResponse, error) - WriteStream(grpc.ClientStreamingServer[WriteDataSourceRequest, WriteDataSourceResponse]) error + WriteStream(DataSourceService_WriteStreamServer) error mustEmbedUnimplementedDataSourceServiceServer() } -// UnimplementedDataSourceServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedDataSourceServiceServer struct{} +// UnimplementedDataSourceServiceServer must be embedded to have forward compatible implementations. +type UnimplementedDataSourceServiceServer struct { +} func (UnimplementedDataSourceServiceServer) Write(context.Context, *WriteDataSourceRequest) (*WriteDataSourceResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Write not implemented") } -func (UnimplementedDataSourceServiceServer) WriteStream(grpc.ClientStreamingServer[WriteDataSourceRequest, WriteDataSourceResponse]) error { +func (UnimplementedDataSourceServiceServer) WriteStream(DataSourceService_WriteStreamServer) error { return status.Errorf(codes.Unimplemented, "method WriteStream not implemented") } func (UnimplementedDataSourceServiceServer) mustEmbedUnimplementedDataSourceServiceServer() {} -func (UnimplementedDataSourceServiceServer) testEmbeddedByValue() {} // UnsafeDataSourceServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to DataSourceServiceServer will @@ -95,13 +106,6 @@ type UnsafeDataSourceServiceServer interface { } func RegisterDataSourceServiceServer(s grpc.ServiceRegistrar, srv DataSourceServiceServer) { - // If the following call panics, it indicates UnimplementedDataSourceServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&DataSourceService_ServiceDesc, srv) } @@ -115,7 +119,7 @@ func _DataSourceService_Write_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: DataSourceService_Write_FullMethodName, + FullMethod: "/tracee.v1beta1.DataSourceService/Write", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(DataSourceServiceServer).Write(ctx, req.(*WriteDataSourceRequest)) @@ -124,11 +128,30 @@ func _DataSourceService_Write_Handler(srv interface{}, ctx context.Context, dec } func _DataSourceService_WriteStream_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(DataSourceServiceServer).WriteStream(&grpc.GenericServerStream[WriteDataSourceRequest, WriteDataSourceResponse]{ServerStream: stream}) + return srv.(DataSourceServiceServer).WriteStream(&dataSourceServiceWriteStreamServer{stream}) +} + +type DataSourceService_WriteStreamServer interface { + SendAndClose(*WriteDataSourceResponse) error + Recv() (*WriteDataSourceRequest, error) + grpc.ServerStream +} + +type dataSourceServiceWriteStreamServer struct { + grpc.ServerStream +} + +func (x *dataSourceServiceWriteStreamServer) SendAndClose(m *WriteDataSourceResponse) error { + return x.ServerStream.SendMsg(m) } -// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type DataSourceService_WriteStreamServer = grpc.ClientStreamingServer[WriteDataSourceRequest, WriteDataSourceResponse] +func (x *dataSourceServiceWriteStreamServer) Recv() (*WriteDataSourceRequest, error) { + m := new(WriteDataSourceRequest) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} // DataSourceService_ServiceDesc is the grpc.ServiceDesc for DataSourceService service. // It's only intended for direct use with grpc.RegisterService, diff --git a/api/v1beta1/definition.pb.go b/api/v1beta1/definition.pb.go index 88d9ec57c8bd..b9bc165f8fba 100644 --- a/api/v1beta1/definition.pb.go +++ b/api/v1beta1/definition.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.29.0 +// protoc-gen-go v1.28.1 +// protoc v4.23.4 // source: api/v1beta1/definition.proto package v1beta1 @@ -31,9 +31,11 @@ type EventField struct { func (x *EventField) Reset() { *x = EventField{} - mi := &file_api_v1beta1_definition_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_definition_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *EventField) String() string { @@ -44,7 +46,7 @@ func (*EventField) ProtoMessage() {} func (x *EventField) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_definition_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -88,9 +90,11 @@ type EventDefinition struct { func (x *EventDefinition) Reset() { *x = EventDefinition{} - mi := &file_api_v1beta1_definition_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_definition_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *EventDefinition) String() string { @@ -101,7 +105,7 @@ func (*EventDefinition) ProtoMessage() {} func (x *EventDefinition) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_definition_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -170,9 +174,11 @@ type Version struct { func (x *Version) Reset() { *x = Version{} - mi := &file_api_v1beta1_definition_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_definition_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Version) String() string { @@ -183,7 +189,7 @@ func (*Version) ProtoMessage() {} func (x *Version) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_definition_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -265,7 +271,7 @@ func file_api_v1beta1_definition_proto_rawDescGZIP() []byte { } var file_api_v1beta1_definition_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_api_v1beta1_definition_proto_goTypes = []any{ +var file_api_v1beta1_definition_proto_goTypes = []interface{}{ (*EventField)(nil), // 0: tracee.v1beta1.EventField (*EventDefinition)(nil), // 1: tracee.v1beta1.EventDefinition (*Version)(nil), // 2: tracee.v1beta1.Version @@ -285,6 +291,44 @@ func file_api_v1beta1_definition_proto_init() { if File_api_v1beta1_definition_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_api_v1beta1_definition_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EventField); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_definition_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EventDefinition); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_definition_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Version); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/v1beta1/diagnostic.pb.go b/api/v1beta1/diagnostic.pb.go index d690cab9087a..91a0c3c78742 100644 --- a/api/v1beta1/diagnostic.pb.go +++ b/api/v1beta1/diagnostic.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.29.0 +// protoc-gen-go v1.28.1 +// protoc v4.23.4 // source: api/v1beta1/diagnostic.proto package v1beta1 @@ -89,9 +89,11 @@ type GetMetricsRequest struct { func (x *GetMetricsRequest) Reset() { *x = GetMetricsRequest{} - mi := &file_api_v1beta1_diagnostic_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_diagnostic_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GetMetricsRequest) String() string { @@ -102,7 +104,7 @@ func (*GetMetricsRequest) ProtoMessage() {} func (x *GetMetricsRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_diagnostic_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -136,9 +138,11 @@ type GetMetricsResponse struct { func (x *GetMetricsResponse) Reset() { *x = GetMetricsResponse{} - mi := &file_api_v1beta1_diagnostic_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_diagnostic_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GetMetricsResponse) String() string { @@ -149,7 +153,7 @@ func (*GetMetricsResponse) ProtoMessage() {} func (x *GetMetricsResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_diagnostic_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -248,9 +252,11 @@ type BPFEventStats struct { func (x *BPFEventStats) Reset() { *x = BPFEventStats{} - mi := &file_api_v1beta1_diagnostic_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_diagnostic_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *BPFEventStats) String() string { @@ -261,7 +267,7 @@ func (*BPFEventStats) ProtoMessage() {} func (x *BPFEventStats) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_diagnostic_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -321,9 +327,11 @@ type ChangeLogLevelRequest struct { func (x *ChangeLogLevelRequest) Reset() { *x = ChangeLogLevelRequest{} - mi := &file_api_v1beta1_diagnostic_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_diagnostic_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *ChangeLogLevelRequest) String() string { @@ -334,7 +342,7 @@ func (*ChangeLogLevelRequest) ProtoMessage() {} func (x *ChangeLogLevelRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_diagnostic_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -364,9 +372,11 @@ type ChangeLogLevelResponse struct { func (x *ChangeLogLevelResponse) Reset() { *x = ChangeLogLevelResponse{} - mi := &file_api_v1beta1_diagnostic_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_diagnostic_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *ChangeLogLevelResponse) String() string { @@ -377,7 +387,7 @@ func (*ChangeLogLevelResponse) ProtoMessage() {} func (x *ChangeLogLevelResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_diagnostic_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -400,9 +410,11 @@ type GetStacktraceRequest struct { func (x *GetStacktraceRequest) Reset() { *x = GetStacktraceRequest{} - mi := &file_api_v1beta1_diagnostic_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_diagnostic_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GetStacktraceRequest) String() string { @@ -413,7 +425,7 @@ func (*GetStacktraceRequest) ProtoMessage() {} func (x *GetStacktraceRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_diagnostic_proto_msgTypes[5] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -438,9 +450,11 @@ type GetStacktraceResponse struct { func (x *GetStacktraceResponse) Reset() { *x = GetStacktraceResponse{} - mi := &file_api_v1beta1_diagnostic_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_diagnostic_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GetStacktraceResponse) String() string { @@ -451,7 +465,7 @@ func (*GetStacktraceResponse) ProtoMessage() {} func (x *GetStacktraceResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_diagnostic_proto_msgTypes[6] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -573,7 +587,7 @@ func file_api_v1beta1_diagnostic_proto_rawDescGZIP() []byte { var file_api_v1beta1_diagnostic_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_api_v1beta1_diagnostic_proto_msgTypes = make([]protoimpl.MessageInfo, 7) -var file_api_v1beta1_diagnostic_proto_goTypes = []any{ +var file_api_v1beta1_diagnostic_proto_goTypes = []interface{}{ (LogLevel)(0), // 0: tracee.v1beta1.LogLevel (*GetMetricsRequest)(nil), // 1: tracee.v1beta1.GetMetricsRequest (*GetMetricsResponse)(nil), // 2: tracee.v1beta1.GetMetricsResponse @@ -607,6 +621,92 @@ func file_api_v1beta1_diagnostic_proto_init() { return } file_api_v1beta1_event_proto_init() + if !protoimpl.UnsafeEnabled { + file_api_v1beta1_diagnostic_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetMetricsRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_diagnostic_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetMetricsResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_diagnostic_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*BPFEventStats); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_diagnostic_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ChangeLogLevelRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_diagnostic_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ChangeLogLevelResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_diagnostic_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetStacktraceRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_diagnostic_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetStacktraceResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/v1beta1/diagnostic_grpc.pb.go b/api/v1beta1/diagnostic_grpc.pb.go index d957d5bf7e14..59c078d3b47a 100644 --- a/api/v1beta1/diagnostic_grpc.pb.go +++ b/api/v1beta1/diagnostic_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.2.0 +// - protoc v4.23.4 // source: api/v1beta1/diagnostic.proto package v1beta1 @@ -15,14 +15,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 - -const ( - DiagnosticService_GetMetrics_FullMethodName = "/tracee.v1beta1.DiagnosticService/GetMetrics" - DiagnosticService_ChangeLogLevel_FullMethodName = "/tracee.v1beta1.DiagnosticService/ChangeLogLevel" - DiagnosticService_GetStacktrace_FullMethodName = "/tracee.v1beta1.DiagnosticService/GetStacktrace" -) +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 // DiagnosticServiceClient is the client API for DiagnosticService service. // @@ -42,9 +36,8 @@ func NewDiagnosticServiceClient(cc grpc.ClientConnInterface) DiagnosticServiceCl } func (c *diagnosticServiceClient) GetMetrics(ctx context.Context, in *GetMetricsRequest, opts ...grpc.CallOption) (*GetMetricsResponse, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetMetricsResponse) - err := c.cc.Invoke(ctx, DiagnosticService_GetMetrics_FullMethodName, in, out, cOpts...) + err := c.cc.Invoke(ctx, "/tracee.v1beta1.DiagnosticService/GetMetrics", in, out, opts...) if err != nil { return nil, err } @@ -52,9 +45,8 @@ func (c *diagnosticServiceClient) GetMetrics(ctx context.Context, in *GetMetrics } func (c *diagnosticServiceClient) ChangeLogLevel(ctx context.Context, in *ChangeLogLevelRequest, opts ...grpc.CallOption) (*ChangeLogLevelResponse, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(ChangeLogLevelResponse) - err := c.cc.Invoke(ctx, DiagnosticService_ChangeLogLevel_FullMethodName, in, out, cOpts...) + err := c.cc.Invoke(ctx, "/tracee.v1beta1.DiagnosticService/ChangeLogLevel", in, out, opts...) if err != nil { return nil, err } @@ -62,9 +54,8 @@ func (c *diagnosticServiceClient) ChangeLogLevel(ctx context.Context, in *Change } func (c *diagnosticServiceClient) GetStacktrace(ctx context.Context, in *GetStacktraceRequest, opts ...grpc.CallOption) (*GetStacktraceResponse, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetStacktraceResponse) - err := c.cc.Invoke(ctx, DiagnosticService_GetStacktrace_FullMethodName, in, out, cOpts...) + err := c.cc.Invoke(ctx, "/tracee.v1beta1.DiagnosticService/GetStacktrace", in, out, opts...) if err != nil { return nil, err } @@ -73,7 +64,7 @@ func (c *diagnosticServiceClient) GetStacktrace(ctx context.Context, in *GetStac // DiagnosticServiceServer is the server API for DiagnosticService service. // All implementations must embed UnimplementedDiagnosticServiceServer -// for forward compatibility. +// for forward compatibility type DiagnosticServiceServer interface { GetMetrics(context.Context, *GetMetricsRequest) (*GetMetricsResponse, error) ChangeLogLevel(context.Context, *ChangeLogLevelRequest) (*ChangeLogLevelResponse, error) @@ -81,12 +72,9 @@ type DiagnosticServiceServer interface { mustEmbedUnimplementedDiagnosticServiceServer() } -// UnimplementedDiagnosticServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedDiagnosticServiceServer struct{} +// UnimplementedDiagnosticServiceServer must be embedded to have forward compatible implementations. +type UnimplementedDiagnosticServiceServer struct { +} func (UnimplementedDiagnosticServiceServer) GetMetrics(context.Context, *GetMetricsRequest) (*GetMetricsResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetMetrics not implemented") @@ -98,7 +86,6 @@ func (UnimplementedDiagnosticServiceServer) GetStacktrace(context.Context, *GetS return nil, status.Errorf(codes.Unimplemented, "method GetStacktrace not implemented") } func (UnimplementedDiagnosticServiceServer) mustEmbedUnimplementedDiagnosticServiceServer() {} -func (UnimplementedDiagnosticServiceServer) testEmbeddedByValue() {} // UnsafeDiagnosticServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to DiagnosticServiceServer will @@ -108,13 +95,6 @@ type UnsafeDiagnosticServiceServer interface { } func RegisterDiagnosticServiceServer(s grpc.ServiceRegistrar, srv DiagnosticServiceServer) { - // If the following call panics, it indicates UnimplementedDiagnosticServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&DiagnosticService_ServiceDesc, srv) } @@ -128,7 +108,7 @@ func _DiagnosticService_GetMetrics_Handler(srv interface{}, ctx context.Context, } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: DiagnosticService_GetMetrics_FullMethodName, + FullMethod: "/tracee.v1beta1.DiagnosticService/GetMetrics", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(DiagnosticServiceServer).GetMetrics(ctx, req.(*GetMetricsRequest)) @@ -146,7 +126,7 @@ func _DiagnosticService_ChangeLogLevel_Handler(srv interface{}, ctx context.Cont } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: DiagnosticService_ChangeLogLevel_FullMethodName, + FullMethod: "/tracee.v1beta1.DiagnosticService/ChangeLogLevel", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(DiagnosticServiceServer).ChangeLogLevel(ctx, req.(*ChangeLogLevelRequest)) @@ -164,7 +144,7 @@ func _DiagnosticService_GetStacktrace_Handler(srv interface{}, ctx context.Conte } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: DiagnosticService_GetStacktrace_FullMethodName, + FullMethod: "/tracee.v1beta1.DiagnosticService/GetStacktrace", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(DiagnosticServiceServer).GetStacktrace(ctx, req.(*GetStacktraceRequest)) diff --git a/api/v1beta1/event.pb.go b/api/v1beta1/event.pb.go index c20d0495faf3..f16237927164 100644 --- a/api/v1beta1/event.pb.go +++ b/api/v1beta1/event.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.29.0 +// protoc-gen-go v1.28.1 +// protoc v4.23.4 // source: api/v1beta1/event.proto package v1beta1 @@ -568,6 +568,9 @@ const ( EventId_chmod_common EventId = 1090 EventId_security_sb_umount EventId = 1091 EventId_security_task_prctl EventId = 1092 + EventId_io_uring_create EventId = 1093 + EventId_io_issue_sqe EventId = 1094 + EventId_io_write EventId = 1095 // Events originated from user-space EventId_net_packet_ipv4 EventId = 2000 EventId_net_packet_ipv6 EventId = 2001 @@ -1141,6 +1144,9 @@ var ( 1090: "chmod_common", 1091: "security_sb_umount", 1092: "security_task_prctl", + 1093: "io_uring_create", + 1094: "io_issue_sqe", + 1095: "io_write", 2000: "net_packet_ipv4", 2001: "net_packet_ipv6", 2002: "net_packet_tcp", @@ -1710,6 +1716,9 @@ var ( "chmod_common": 1090, "security_sb_umount": 1091, "security_task_prctl": 1092, + "io_uring_create": 1093, + "io_issue_sqe": 1094, + "io_write": 1095, "net_packet_ipv4": 2000, "net_packet_ipv6": 2001, "net_packet_tcp": 2002, @@ -1784,9 +1793,11 @@ type Event struct { func (x *Event) Reset() { *x = Event{} - mi := &file_api_v1beta1_event_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Event) String() string { @@ -1797,7 +1808,7 @@ func (*Event) ProtoMessage() {} func (x *Event) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1878,9 +1889,11 @@ type Policies struct { func (x *Policies) Reset() { *x = Policies{} - mi := &file_api_v1beta1_event_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Policies) String() string { @@ -1891,7 +1904,7 @@ func (*Policies) ProtoMessage() {} func (x *Policies) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1925,9 +1938,11 @@ type Workload struct { func (x *Workload) Reset() { *x = Workload{} - mi := &file_api_v1beta1_event_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Workload) String() string { @@ -1938,7 +1953,7 @@ func (*Workload) ProtoMessage() {} func (x *Workload) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1990,9 +2005,11 @@ type Process struct { func (x *Process) Reset() { *x = Process{} - mi := &file_api_v1beta1_event_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Process) String() string { @@ -2003,7 +2020,7 @@ func (*Process) ProtoMessage() {} func (x *Process) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2077,9 +2094,11 @@ type Executable struct { func (x *Executable) Reset() { *x = Executable{} - mi := &file_api_v1beta1_event_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Executable) String() string { @@ -2090,7 +2109,7 @@ func (*Executable) ProtoMessage() {} func (x *Executable) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2122,9 +2141,11 @@ type User struct { func (x *User) Reset() { *x = User{} - mi := &file_api_v1beta1_event_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *User) String() string { @@ -2135,7 +2156,7 @@ func (*User) ProtoMessage() {} func (x *User) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[5] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2174,9 +2195,11 @@ type Thread struct { func (x *Thread) Reset() { *x = Thread{} - mi := &file_api_v1beta1_event_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Thread) String() string { @@ -2187,7 +2210,7 @@ func (*Thread) ProtoMessage() {} func (x *Thread) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[6] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2268,9 +2291,11 @@ type UserStackTrace struct { func (x *UserStackTrace) Reset() { *x = UserStackTrace{} - mi := &file_api_v1beta1_event_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *UserStackTrace) String() string { @@ -2281,7 +2306,7 @@ func (*UserStackTrace) ProtoMessage() {} func (x *UserStackTrace) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[7] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2314,9 +2339,11 @@ type StackAddress struct { func (x *StackAddress) Reset() { *x = StackAddress{} - mi := &file_api_v1beta1_event_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *StackAddress) String() string { @@ -2327,7 +2354,7 @@ func (*StackAddress) ProtoMessage() {} func (x *StackAddress) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[8] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2369,9 +2396,11 @@ type Container struct { func (x *Container) Reset() { *x = Container{} - mi := &file_api_v1beta1_event_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Container) String() string { @@ -2382,7 +2411,7 @@ func (*Container) ProtoMessage() {} func (x *Container) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[9] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2437,9 +2466,11 @@ type ContainerImage struct { func (x *ContainerImage) Reset() { *x = ContainerImage{} - mi := &file_api_v1beta1_event_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *ContainerImage) String() string { @@ -2450,7 +2481,7 @@ func (*ContainerImage) ProtoMessage() {} func (x *ContainerImage) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[10] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2497,9 +2528,11 @@ type K8S struct { func (x *K8S) Reset() { *x = K8S{} - mi := &file_api_v1beta1_event_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *K8S) String() string { @@ -2510,7 +2543,7 @@ func (*K8S) ProtoMessage() {} func (x *K8S) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[11] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2551,9 +2584,11 @@ type Pod struct { func (x *Pod) Reset() { *x = Pod{} - mi := &file_api_v1beta1_event_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Pod) String() string { @@ -2564,7 +2599,7 @@ func (*Pod) ProtoMessage() {} func (x *Pod) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[12] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2610,9 +2645,11 @@ type K8SNamespace struct { func (x *K8SNamespace) Reset() { *x = K8SNamespace{} - mi := &file_api_v1beta1_event_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *K8SNamespace) String() string { @@ -2623,7 +2660,7 @@ func (*K8SNamespace) ProtoMessage() {} func (x *K8SNamespace) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[13] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2658,9 +2695,11 @@ type DetectedFrom struct { func (x *DetectedFrom) Reset() { *x = DetectedFrom{} - mi := &file_api_v1beta1_event_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DetectedFrom) String() string { @@ -2671,7 +2710,7 @@ func (*DetectedFrom) ProtoMessage() {} func (x *DetectedFrom) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_proto_msgTypes[14] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2881,7 +2920,7 @@ var file_api_v1beta1_event_proto_rawDesc = []byte{ 0x72, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x74, 0x72, 0x61, 0x63, 0x65, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x52, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, - 0x2a, 0xbb, 0x4d, 0x0a, 0x07, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x0f, 0x0a, 0x0b, + 0x2a, 0xf3, 0x4d, 0x0a, 0x07, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x75, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x72, 0x65, 0x61, 0x64, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x77, 0x72, 0x69, 0x74, 0x65, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x6f, 0x70, 0x65, 0x6e, 0x10, 0x03, 0x12, 0x09, 0x0a, 0x05, @@ -3460,51 +3499,54 @@ var file_api_v1beta1_event_proto_rawDesc = []byte{ 0x6e, 0x10, 0xc2, 0x08, 0x12, 0x17, 0x0a, 0x12, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x73, 0x62, 0x5f, 0x75, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x10, 0xc3, 0x08, 0x12, 0x18, 0x0a, 0x13, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x70, - 0x72, 0x63, 0x74, 0x6c, 0x10, 0xc4, 0x08, 0x12, 0x14, 0x0a, 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x70, - 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x69, 0x70, 0x76, 0x34, 0x10, 0xd0, 0x0f, 0x12, 0x14, 0x0a, - 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x69, 0x70, 0x76, 0x36, - 0x10, 0xd1, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, - 0x74, 0x5f, 0x74, 0x63, 0x70, 0x10, 0xd2, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x6e, 0x65, 0x74, 0x5f, - 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x75, 0x64, 0x70, 0x10, 0xd3, 0x0f, 0x12, 0x14, 0x0a, - 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x69, 0x63, 0x6d, 0x70, - 0x10, 0xd4, 0x0f, 0x12, 0x16, 0x0a, 0x11, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, - 0x74, 0x5f, 0x69, 0x63, 0x6d, 0x70, 0x76, 0x36, 0x10, 0xd5, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x6e, - 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x64, 0x6e, 0x73, 0x10, 0xd6, 0x0f, - 0x12, 0x1b, 0x0a, 0x16, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x64, - 0x6e, 0x73, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x10, 0xd7, 0x0f, 0x12, 0x1c, 0x0a, - 0x17, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x64, 0x6e, 0x73, 0x5f, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x10, 0xd8, 0x0f, 0x12, 0x14, 0x0a, 0x0f, 0x6e, - 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x10, 0xd9, - 0x0f, 0x12, 0x1c, 0x0a, 0x17, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, - 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x10, 0xda, 0x0f, 0x12, - 0x1d, 0x0a, 0x18, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x68, 0x74, - 0x74, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x10, 0xdb, 0x0f, 0x12, 0x11, - 0x0a, 0x0c, 0x6e, 0x65, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x65, 0x6e, 0x64, 0x10, 0xdc, - 0x0f, 0x12, 0x17, 0x0a, 0x12, 0x6e, 0x65, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x74, 0x63, - 0x70, 0x5f, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x10, 0xdd, 0x0f, 0x12, 0x15, 0x0a, 0x10, 0x6e, 0x65, - 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x65, 0x6e, 0x64, 0x10, 0xde, - 0x0f, 0x12, 0x14, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, 0x65, - 0x74, 0x5f, 0x69, 0x64, 0x10, 0xdf, 0x0f, 0x12, 0x14, 0x0a, 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x74, - 0x63, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x10, 0xe0, 0x0f, 0x12, 0x14, 0x0a, - 0x0f, 0x69, 0x6e, 0x69, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, - 0x10, 0xe1, 0x0f, 0x12, 0x15, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x10, 0xe2, 0x0f, 0x12, 0x15, 0x0a, 0x10, 0x63, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x10, 0xe3, - 0x0f, 0x12, 0x17, 0x0a, 0x12, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x10, 0xe4, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x68, 0x6f, - 0x6f, 0x6b, 0x65, 0x64, 0x5f, 0x73, 0x79, 0x73, 0x63, 0x61, 0x6c, 0x6c, 0x10, 0xe5, 0x0f, 0x12, - 0x13, 0x0a, 0x0e, 0x68, 0x6f, 0x6f, 0x6b, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x71, 0x5f, 0x6f, 0x70, - 0x73, 0x10, 0xe6, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x73, 0x5f, - 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x10, 0xe7, 0x0f, 0x12, 0x16, 0x0a, 0x11, 0x73, 0x79, 0x6d, - 0x62, 0x6f, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6c, 0x6c, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0xe8, - 0x0f, 0x12, 0x19, 0x0a, 0x14, 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x5f, 0x6b, 0x65, 0x72, 0x6e, - 0x65, 0x6c, 0x5f, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x10, 0xe9, 0x0f, 0x12, 0x10, 0x0a, 0x0b, - 0x66, 0x74, 0x72, 0x61, 0x63, 0x65, 0x5f, 0x68, 0x6f, 0x6f, 0x6b, 0x10, 0xea, 0x0f, 0x22, 0x06, - 0x08, 0xdc, 0x0b, 0x10, 0xcf, 0x0f, 0x22, 0x06, 0x08, 0xb8, 0x17, 0x10, 0x9f, 0x1f, 0x42, 0x2b, - 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x2f, 0x61, 0x71, 0x75, 0x61, - 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x61, 0x63, 0x65, 0x65, 0x2f, - 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x72, 0x63, 0x74, 0x6c, 0x10, 0xc4, 0x08, 0x12, 0x14, 0x0a, 0x0f, 0x69, 0x6f, 0x5f, 0x75, 0x72, + 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x10, 0xc5, 0x08, 0x12, 0x11, 0x0a, + 0x0c, 0x69, 0x6f, 0x5f, 0x69, 0x73, 0x73, 0x75, 0x65, 0x5f, 0x73, 0x71, 0x65, 0x10, 0xc6, 0x08, + 0x12, 0x0d, 0x0a, 0x08, 0x69, 0x6f, 0x5f, 0x77, 0x72, 0x69, 0x74, 0x65, 0x10, 0xc7, 0x08, 0x12, + 0x14, 0x0a, 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x69, 0x70, + 0x76, 0x34, 0x10, 0xd0, 0x0f, 0x12, 0x14, 0x0a, 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x69, 0x70, 0x76, 0x36, 0x10, 0xd1, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x6e, + 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x74, 0x63, 0x70, 0x10, 0xd2, 0x0f, + 0x12, 0x13, 0x0a, 0x0e, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x75, + 0x64, 0x70, 0x10, 0xd3, 0x0f, 0x12, 0x14, 0x0a, 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x69, 0x63, 0x6d, 0x70, 0x10, 0xd4, 0x0f, 0x12, 0x16, 0x0a, 0x11, 0x6e, + 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x69, 0x63, 0x6d, 0x70, 0x76, 0x36, + 0x10, 0xd5, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, + 0x74, 0x5f, 0x64, 0x6e, 0x73, 0x10, 0xd6, 0x0f, 0x12, 0x1b, 0x0a, 0x16, 0x6e, 0x65, 0x74, 0x5f, + 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x64, 0x6e, 0x73, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x10, 0xd7, 0x0f, 0x12, 0x1c, 0x0a, 0x17, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x64, 0x6e, 0x73, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x10, 0xd8, 0x0f, 0x12, 0x14, 0x0a, 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, + 0x74, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x10, 0xd9, 0x0f, 0x12, 0x1c, 0x0a, 0x17, 0x6e, 0x65, 0x74, + 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x10, 0xda, 0x0f, 0x12, 0x1d, 0x0a, 0x18, 0x6e, 0x65, 0x74, 0x5f, 0x70, + 0x61, 0x63, 0x6b, 0x65, 0x74, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x10, 0xdb, 0x0f, 0x12, 0x11, 0x0a, 0x0c, 0x6e, 0x65, 0x74, 0x5f, 0x66, 0x6c, + 0x6f, 0x77, 0x5f, 0x65, 0x6e, 0x64, 0x10, 0xdc, 0x0f, 0x12, 0x17, 0x0a, 0x12, 0x6e, 0x65, 0x74, + 0x5f, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x10, + 0xdd, 0x0f, 0x12, 0x15, 0x0a, 0x10, 0x6e, 0x65, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x74, + 0x63, 0x70, 0x5f, 0x65, 0x6e, 0x64, 0x10, 0xde, 0x0f, 0x12, 0x14, 0x0a, 0x0f, 0x6d, 0x61, 0x78, + 0x5f, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x10, 0xdf, 0x0f, 0x12, + 0x14, 0x0a, 0x0f, 0x6e, 0x65, 0x74, 0x5f, 0x74, 0x63, 0x70, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, + 0x63, 0x74, 0x10, 0xe0, 0x0f, 0x12, 0x14, 0x0a, 0x0f, 0x69, 0x6e, 0x69, 0x74, 0x5f, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x10, 0xe1, 0x0f, 0x12, 0x15, 0x0a, 0x10, 0x63, + 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x5f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x10, + 0xe2, 0x0f, 0x12, 0x15, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x5f, + 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x10, 0xe3, 0x0f, 0x12, 0x17, 0x0a, 0x12, 0x65, 0x78, 0x69, + 0x73, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x10, + 0xe4, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x68, 0x6f, 0x6f, 0x6b, 0x65, 0x64, 0x5f, 0x73, 0x79, 0x73, + 0x63, 0x61, 0x6c, 0x6c, 0x10, 0xe5, 0x0f, 0x12, 0x13, 0x0a, 0x0e, 0x68, 0x6f, 0x6f, 0x6b, 0x65, + 0x64, 0x5f, 0x73, 0x65, 0x71, 0x5f, 0x6f, 0x70, 0x73, 0x10, 0xe6, 0x0f, 0x12, 0x13, 0x0a, 0x0e, + 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x73, 0x5f, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x10, 0xe7, + 0x0f, 0x12, 0x16, 0x0a, 0x11, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x73, 0x5f, 0x63, 0x6f, 0x6c, + 0x6c, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x10, 0xe8, 0x0f, 0x12, 0x19, 0x0a, 0x14, 0x68, 0x69, 0x64, + 0x64, 0x65, 0x6e, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x6d, 0x6f, 0x64, 0x75, 0x6c, + 0x65, 0x10, 0xe9, 0x0f, 0x12, 0x10, 0x0a, 0x0b, 0x66, 0x74, 0x72, 0x61, 0x63, 0x65, 0x5f, 0x68, + 0x6f, 0x6f, 0x6b, 0x10, 0xea, 0x0f, 0x22, 0x06, 0x08, 0xdc, 0x0b, 0x10, 0xcf, 0x0f, 0x22, 0x06, + 0x08, 0xb8, 0x17, 0x10, 0x9f, 0x1f, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x2f, 0x61, 0x71, 0x75, 0x61, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, + 0x2f, 0x74, 0x72, 0x61, 0x63, 0x65, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x62, 0x65, + 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -3521,7 +3563,7 @@ func file_api_v1beta1_event_proto_rawDescGZIP() []byte { var file_api_v1beta1_event_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_api_v1beta1_event_proto_msgTypes = make([]protoimpl.MessageInfo, 16) -var file_api_v1beta1_event_proto_goTypes = []any{ +var file_api_v1beta1_event_proto_goTypes = []interface{}{ (EventId)(0), // 0: tracee.v1beta1.EventId (*Event)(nil), // 1: tracee.v1beta1.Event (*Policies)(nil), // 2: tracee.v1beta1.Policies @@ -3589,10 +3631,192 @@ func file_api_v1beta1_event_proto_init() { } file_api_v1beta1_event_data_proto_init() file_api_v1beta1_threat_proto_init() - file_api_v1beta1_event_proto_msgTypes[0].OneofWrappers = []any{} - file_api_v1beta1_event_proto_msgTypes[2].OneofWrappers = []any{} - file_api_v1beta1_event_proto_msgTypes[3].OneofWrappers = []any{} - file_api_v1beta1_event_proto_msgTypes[6].OneofWrappers = []any{} + if !protoimpl.UnsafeEnabled { + file_api_v1beta1_event_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Event); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Policies); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Workload); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Process); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Executable); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*User); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Thread); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UserStackTrace); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*StackAddress); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Container); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ContainerImage); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*K8S); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Pod); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*K8SNamespace); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DetectedFrom); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_api_v1beta1_event_proto_msgTypes[0].OneofWrappers = []interface{}{} + file_api_v1beta1_event_proto_msgTypes[2].OneofWrappers = []interface{}{} + file_api_v1beta1_event_proto_msgTypes[3].OneofWrappers = []interface{}{} + file_api_v1beta1_event_proto_msgTypes[6].OneofWrappers = []interface{}{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/v1beta1/event.proto b/api/v1beta1/event.proto index fe6ce5ef20c7..6890c6af8ab0 100644 --- a/api/v1beta1/event.proto +++ b/api/v1beta1/event.proto @@ -555,6 +555,9 @@ enum EventId { chmod_common = 1090; security_sb_umount = 1091; security_task_prctl = 1092; + io_uring_create = 1093; + io_issue_sqe = 1094; + io_write = 1095; // Events originated from user-space net_packet_ipv4 = 2000; diff --git a/api/v1beta1/event_data.pb.go b/api/v1beta1/event_data.pb.go index 9e5498422fc1..fee90d48eb51 100644 --- a/api/v1beta1/event_data.pb.go +++ b/api/v1beta1/event_data.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.29.0 +// protoc-gen-go v1.28.1 +// protoc v4.23.4 // source: api/v1beta1/event_data.proto package v1beta1 @@ -328,9 +328,11 @@ type EventValue struct { func (x *EventValue) Reset() { *x = EventValue{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *EventValue) String() string { @@ -341,7 +343,7 @@ func (*EventValue) ProtoMessage() {} func (x *EventValue) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -761,9 +763,11 @@ type StringArray struct { func (x *StringArray) Reset() { *x = StringArray{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *StringArray) String() string { @@ -774,7 +778,7 @@ func (*StringArray) ProtoMessage() {} func (x *StringArray) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -806,9 +810,11 @@ type Int32Array struct { func (x *Int32Array) Reset() { *x = Int32Array{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Int32Array) String() string { @@ -819,7 +825,7 @@ func (*Int32Array) ProtoMessage() {} func (x *Int32Array) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -851,9 +857,11 @@ type UInt64Array struct { func (x *UInt64Array) Reset() { *x = UInt64Array{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *UInt64Array) String() string { @@ -864,7 +872,7 @@ func (*UInt64Array) ProtoMessage() {} func (x *UInt64Array) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -910,9 +918,11 @@ type Credentials struct { func (x *Credentials) Reset() { *x = Credentials{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Credentials) String() string { @@ -923,7 +933,7 @@ func (*Credentials) ProtoMessage() {} func (x *Credentials) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1053,9 +1063,11 @@ type Timespec struct { func (x *Timespec) Reset() { *x = Timespec{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Timespec) String() string { @@ -1066,7 +1078,7 @@ func (*Timespec) ProtoMessage() {} func (x *Timespec) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[5] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1105,9 +1117,11 @@ type SockAddr struct { func (x *SockAddr) Reset() { *x = SockAddr{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *SockAddr) String() string { @@ -1118,7 +1132,7 @@ func (*SockAddr) ProtoMessage() {} func (x *SockAddr) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[6] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1199,9 +1213,11 @@ type HookedSyscalls struct { func (x *HookedSyscalls) Reset() { *x = HookedSyscalls{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *HookedSyscalls) String() string { @@ -1212,7 +1228,7 @@ func (*HookedSyscalls) ProtoMessage() {} func (x *HookedSyscalls) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[7] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1245,9 +1261,11 @@ type HookedSymbolData struct { func (x *HookedSymbolData) Reset() { *x = HookedSymbolData{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *HookedSymbolData) String() string { @@ -1258,7 +1276,7 @@ func (*HookedSymbolData) ProtoMessage() {} func (x *HookedSymbolData) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[8] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1297,9 +1315,11 @@ type HookedSeqOps struct { func (x *HookedSeqOps) Reset() { *x = HookedSeqOps{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *HookedSeqOps) String() string { @@ -1310,7 +1330,7 @@ func (*HookedSeqOps) ProtoMessage() {} func (x *HookedSeqOps) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[9] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1353,9 +1373,11 @@ type IPv4 struct { func (x *IPv4) Reset() { *x = IPv4{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *IPv4) String() string { @@ -1366,7 +1388,7 @@ func (*IPv4) ProtoMessage() {} func (x *IPv4) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[10] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1482,9 +1504,11 @@ type IPv6 struct { func (x *IPv6) Reset() { *x = IPv6{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *IPv6) String() string { @@ -1495,7 +1519,7 @@ func (*IPv6) ProtoMessage() {} func (x *IPv6) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[11] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1592,9 +1616,11 @@ type TCP struct { func (x *TCP) Reset() { *x = TCP{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *TCP) String() string { @@ -1605,7 +1631,7 @@ func (*TCP) ProtoMessage() {} func (x *TCP) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[12] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1752,9 +1778,11 @@ type UDP struct { func (x *UDP) Reset() { *x = UDP{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *UDP) String() string { @@ -1765,7 +1793,7 @@ func (*UDP) ProtoMessage() {} func (x *UDP) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[13] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1821,9 +1849,11 @@ type ICMP struct { func (x *ICMP) Reset() { *x = ICMP{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *ICMP) String() string { @@ -1834,7 +1864,7 @@ func (*ICMP) ProtoMessage() {} func (x *ICMP) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[14] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1888,9 +1918,11 @@ type ICMPv6 struct { func (x *ICMPv6) Reset() { *x = ICMPv6{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *ICMPv6) String() string { @@ -1901,7 +1933,7 @@ func (*ICMPv6) ProtoMessage() {} func (x *ICMPv6) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[15] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1940,9 +1972,11 @@ type DnsQuestions struct { func (x *DnsQuestions) Reset() { *x = DnsQuestions{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DnsQuestions) String() string { @@ -1953,7 +1987,7 @@ func (*DnsQuestions) ProtoMessage() {} func (x *DnsQuestions) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[16] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1985,9 +2019,11 @@ type DnsResponses struct { func (x *DnsResponses) Reset() { *x = DnsResponses{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DnsResponses) String() string { @@ -1998,7 +2034,7 @@ func (*DnsResponses) ProtoMessage() {} func (x *DnsResponses) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[17] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2046,9 +2082,11 @@ type DNS struct { func (x *DNS) Reset() { *x = DNS{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DNS) String() string { @@ -2059,7 +2097,7 @@ func (*DNS) ProtoMessage() {} func (x *DNS) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[18] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2205,9 +2243,11 @@ type DNSQuestion struct { func (x *DNSQuestion) Reset() { *x = DNSQuestion{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DNSQuestion) String() string { @@ -2218,7 +2258,7 @@ func (*DNSQuestion) ProtoMessage() {} func (x *DNSQuestion) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[19] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2278,9 +2318,11 @@ type DNSResourceRecord struct { func (x *DNSResourceRecord) Reset() { *x = DNSResourceRecord{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DNSResourceRecord) String() string { @@ -2291,7 +2333,7 @@ func (*DNSResourceRecord) ProtoMessage() {} func (x *DNSResourceRecord) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[20] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2427,9 +2469,11 @@ type DNSSOA struct { func (x *DNSSOA) Reset() { *x = DNSSOA{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DNSSOA) String() string { @@ -2440,7 +2484,7 @@ func (*DNSSOA) ProtoMessage() {} func (x *DNSSOA) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[21] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2517,9 +2561,11 @@ type DNSSRV struct { func (x *DNSSRV) Reset() { *x = DNSSRV{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[22] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[22] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DNSSRV) String() string { @@ -2530,7 +2576,7 @@ func (*DNSSRV) ProtoMessage() {} func (x *DNSSRV) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[22] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2584,9 +2630,11 @@ type DNSMX struct { func (x *DNSMX) Reset() { *x = DNSMX{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[23] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[23] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DNSMX) String() string { @@ -2597,7 +2645,7 @@ func (*DNSMX) ProtoMessage() {} func (x *DNSMX) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[23] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2638,9 +2686,11 @@ type DNSURI struct { func (x *DNSURI) Reset() { *x = DNSURI{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[24] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[24] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DNSURI) String() string { @@ -2651,7 +2701,7 @@ func (*DNSURI) ProtoMessage() {} func (x *DNSURI) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[24] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2698,9 +2748,11 @@ type DNSOPT struct { func (x *DNSOPT) Reset() { *x = DNSOPT{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[25] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[25] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DNSOPT) String() string { @@ -2711,7 +2763,7 @@ func (*DNSOPT) ProtoMessage() {} func (x *DNSOPT) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[25] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2758,9 +2810,11 @@ type HTTP struct { func (x *HTTP) Reset() { *x = HTTP{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[26] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[26] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *HTTP) String() string { @@ -2771,7 +2825,7 @@ func (*HTTP) ProtoMessage() {} func (x *HTTP) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[26] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2864,9 +2918,11 @@ type HTTPRequest struct { func (x *HTTPRequest) Reset() { *x = HTTPRequest{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[27] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[27] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *HTTPRequest) String() string { @@ -2877,7 +2933,7 @@ func (*HTTPRequest) ProtoMessage() {} func (x *HTTPRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[27] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2948,9 +3004,11 @@ type HTTPResponse struct { func (x *HTTPResponse) Reset() { *x = HTTPResponse{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[28] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[28] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *HTTPResponse) String() string { @@ -2961,7 +3019,7 @@ func (*HTTPResponse) ProtoMessage() {} func (x *HTTPResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[28] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3021,9 +3079,11 @@ type HttpHeader struct { func (x *HttpHeader) Reset() { *x = HttpHeader{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[29] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[29] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *HttpHeader) String() string { @@ -3034,7 +3094,7 @@ func (*HttpHeader) ProtoMessage() {} func (x *HttpHeader) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[29] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3073,9 +3133,11 @@ type PacketMetadata struct { func (x *PacketMetadata) Reset() { *x = PacketMetadata{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[30] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[30] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *PacketMetadata) String() string { @@ -3086,7 +3148,7 @@ func (*PacketMetadata) ProtoMessage() {} func (x *PacketMetadata) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[30] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3169,9 +3231,11 @@ type DnsQueryData struct { func (x *DnsQueryData) Reset() { *x = DnsQueryData{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[31] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[31] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DnsQueryData) String() string { @@ -3182,7 +3246,7 @@ func (*DnsQueryData) ProtoMessage() {} func (x *DnsQueryData) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[31] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3230,9 +3294,11 @@ type DnsAnswer struct { func (x *DnsAnswer) Reset() { *x = DnsAnswer{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[32] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[32] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DnsAnswer) String() string { @@ -3243,7 +3309,7 @@ func (*DnsAnswer) ProtoMessage() {} func (x *DnsAnswer) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[32] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3290,9 +3356,11 @@ type DnsResponseData struct { func (x *DnsResponseData) Reset() { *x = DnsResponseData{} - mi := &file_api_v1beta1_event_data_proto_msgTypes[33] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_event_data_proto_msgTypes[33] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DnsResponseData) String() string { @@ -3303,7 +3371,7 @@ func (*DnsResponseData) ProtoMessage() {} func (x *DnsResponseData) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_event_data_proto_msgTypes[33] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3898,7 +3966,7 @@ func file_api_v1beta1_event_data_proto_rawDescGZIP() []byte { var file_api_v1beta1_event_data_proto_enumTypes = make([]protoimpl.EnumInfo, 3) var file_api_v1beta1_event_data_proto_msgTypes = make([]protoimpl.MessageInfo, 38) -var file_api_v1beta1_event_data_proto_goTypes = []any{ +var file_api_v1beta1_event_data_proto_goTypes = []interface{}{ (SaFamilyT)(0), // 0: tracee.v1beta1.sa_family_t (Capability)(0), // 1: tracee.v1beta1.Capability (PacketDirection)(0), // 2: tracee.v1beta1.PacketDirection @@ -4019,7 +4087,417 @@ func file_api_v1beta1_event_data_proto_init() { if File_api_v1beta1_event_data_proto != nil { return } - file_api_v1beta1_event_data_proto_msgTypes[0].OneofWrappers = []any{ + if !protoimpl.UnsafeEnabled { + file_api_v1beta1_event_data_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EventValue); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*StringArray); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Int32Array); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UInt64Array); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Credentials); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Timespec); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SockAddr); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HookedSyscalls); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HookedSymbolData); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HookedSeqOps); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IPv4); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IPv6); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TCP); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UDP); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ICMP); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ICMPv6); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DnsQuestions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DnsResponses); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DNS); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DNSQuestion); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DNSResourceRecord); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DNSSOA); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DNSSRV); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DNSMX); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DNSURI); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DNSOPT); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTP); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HttpHeader); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PacketMetadata); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DnsQueryData); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DnsAnswer); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_event_data_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DnsResponseData); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_api_v1beta1_event_data_proto_msgTypes[0].OneofWrappers = []interface{}{ (*EventValue_Int32)(nil), (*EventValue_Int64)(nil), (*EventValue_UInt32)(nil), diff --git a/api/v1beta1/threat.pb.go b/api/v1beta1/threat.pb.go index d2b5180ceb67..e6f6dc6eba2c 100644 --- a/api/v1beta1/threat.pb.go +++ b/api/v1beta1/threat.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.29.0 +// protoc-gen-go v1.28.1 +// protoc v4.23.4 // source: api/v1beta1/threat.proto package v1beta1 @@ -89,9 +89,11 @@ type Threat struct { func (x *Threat) Reset() { *x = Threat{} - mi := &file_api_v1beta1_threat_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_threat_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Threat) String() string { @@ -102,7 +104,7 @@ func (*Threat) ProtoMessage() {} func (x *Threat) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_threat_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -163,9 +165,11 @@ type Mitre struct { func (x *Mitre) Reset() { *x = Mitre{} - mi := &file_api_v1beta1_threat_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_threat_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Mitre) String() string { @@ -176,7 +180,7 @@ func (*Mitre) ProtoMessage() {} func (x *Mitre) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_threat_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -215,9 +219,11 @@ type MitreTactic struct { func (x *MitreTactic) Reset() { *x = MitreTactic{} - mi := &file_api_v1beta1_threat_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_threat_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *MitreTactic) String() string { @@ -228,7 +234,7 @@ func (*MitreTactic) ProtoMessage() {} func (x *MitreTactic) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_threat_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -261,9 +267,11 @@ type MitreTechnique struct { func (x *MitreTechnique) Reset() { *x = MitreTechnique{} - mi := &file_api_v1beta1_threat_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_threat_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *MitreTechnique) String() string { @@ -274,7 +282,7 @@ func (*MitreTechnique) ProtoMessage() {} func (x *MitreTechnique) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_threat_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -365,7 +373,7 @@ func file_api_v1beta1_threat_proto_rawDescGZIP() []byte { var file_api_v1beta1_threat_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_api_v1beta1_threat_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_api_v1beta1_threat_proto_goTypes = []any{ +var file_api_v1beta1_threat_proto_goTypes = []interface{}{ (Severity)(0), // 0: tracee.v1beta1.Severity (*Threat)(nil), // 1: tracee.v1beta1.Threat (*Mitre)(nil), // 2: tracee.v1beta1.Mitre @@ -391,6 +399,56 @@ func file_api_v1beta1_threat_proto_init() { if File_api_v1beta1_threat_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_api_v1beta1_threat_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Threat); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_threat_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Mitre); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_threat_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MitreTactic); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_threat_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MitreTechnique); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/v1beta1/tracee.pb.go b/api/v1beta1/tracee.pb.go index 04a399119e23..9e2c8b9737eb 100644 --- a/api/v1beta1/tracee.pb.go +++ b/api/v1beta1/tracee.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.29.0 +// protoc-gen-go v1.28.1 +// protoc v4.23.4 // source: api/v1beta1/tracee.proto package v1beta1 @@ -29,9 +29,11 @@ type GetVersionRequest struct { func (x *GetVersionRequest) Reset() { *x = GetVersionRequest{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GetVersionRequest) String() string { @@ -42,7 +44,7 @@ func (*GetVersionRequest) ProtoMessage() {} func (x *GetVersionRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -67,9 +69,11 @@ type GetVersionResponse struct { func (x *GetVersionResponse) Reset() { *x = GetVersionResponse{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GetVersionResponse) String() string { @@ -80,7 +84,7 @@ func (*GetVersionResponse) ProtoMessage() {} func (x *GetVersionResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -112,9 +116,11 @@ type GetEventDefinitionsRequest struct { func (x *GetEventDefinitionsRequest) Reset() { *x = GetEventDefinitionsRequest{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GetEventDefinitionsRequest) String() string { @@ -125,7 +131,7 @@ func (*GetEventDefinitionsRequest) ProtoMessage() {} func (x *GetEventDefinitionsRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -157,9 +163,11 @@ type GetEventDefinitionsResponse struct { func (x *GetEventDefinitionsResponse) Reset() { *x = GetEventDefinitionsResponse{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *GetEventDefinitionsResponse) String() string { @@ -170,7 +178,7 @@ func (*GetEventDefinitionsResponse) ProtoMessage() {} func (x *GetEventDefinitionsResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -202,9 +210,11 @@ type EnableEventRequest struct { func (x *EnableEventRequest) Reset() { *x = EnableEventRequest{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *EnableEventRequest) String() string { @@ -215,7 +225,7 @@ func (*EnableEventRequest) ProtoMessage() {} func (x *EnableEventRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -245,9 +255,11 @@ type EnableEventResponse struct { func (x *EnableEventResponse) Reset() { *x = EnableEventResponse{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *EnableEventResponse) String() string { @@ -258,7 +270,7 @@ func (*EnableEventResponse) ProtoMessage() {} func (x *EnableEventResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[5] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -283,9 +295,11 @@ type DisableEventRequest struct { func (x *DisableEventRequest) Reset() { *x = DisableEventRequest{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DisableEventRequest) String() string { @@ -296,7 +310,7 @@ func (*DisableEventRequest) ProtoMessage() {} func (x *DisableEventRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[6] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -326,9 +340,11 @@ type DisableEventResponse struct { func (x *DisableEventResponse) Reset() { *x = DisableEventResponse{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DisableEventResponse) String() string { @@ -339,7 +355,7 @@ func (*DisableEventResponse) ProtoMessage() {} func (x *DisableEventResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[7] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -365,9 +381,11 @@ type StreamEventsRequest struct { func (x *StreamEventsRequest) Reset() { *x = StreamEventsRequest{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *StreamEventsRequest) String() string { @@ -378,7 +396,7 @@ func (*StreamEventsRequest) ProtoMessage() {} func (x *StreamEventsRequest) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[8] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -417,9 +435,11 @@ type StreamEventsResponse struct { func (x *StreamEventsResponse) Reset() { *x = StreamEventsResponse{} - mi := &file_api_v1beta1_tracee_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_api_v1beta1_tracee_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *StreamEventsResponse) String() string { @@ -430,7 +450,7 @@ func (*StreamEventsResponse) ProtoMessage() {} func (x *StreamEventsResponse) ProtoReflect() protoreflect.Message { mi := &file_api_v1beta1_tracee_proto_msgTypes[9] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -546,7 +566,7 @@ func file_api_v1beta1_tracee_proto_rawDescGZIP() []byte { } var file_api_v1beta1_tracee_proto_msgTypes = make([]protoimpl.MessageInfo, 10) -var file_api_v1beta1_tracee_proto_goTypes = []any{ +var file_api_v1beta1_tracee_proto_goTypes = []interface{}{ (*GetVersionRequest)(nil), // 0: tracee.v1beta1.GetVersionRequest (*GetVersionResponse)(nil), // 1: tracee.v1beta1.GetVersionResponse (*GetEventDefinitionsRequest)(nil), // 2: tracee.v1beta1.GetEventDefinitionsRequest @@ -589,6 +609,128 @@ func file_api_v1beta1_tracee_proto_init() { } file_api_v1beta1_event_proto_init() file_api_v1beta1_definition_proto_init() + if !protoimpl.UnsafeEnabled { + file_api_v1beta1_tracee_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetVersionRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetVersionResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetEventDefinitionsRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetEventDefinitionsResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EnableEventRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EnableEventResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DisableEventRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DisableEventResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*StreamEventsRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_api_v1beta1_tracee_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*StreamEventsResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/v1beta1/tracee_grpc.pb.go b/api/v1beta1/tracee_grpc.pb.go index b36c0d72ab5c..2c0fda8598a9 100644 --- a/api/v1beta1/tracee_grpc.pb.go +++ b/api/v1beta1/tracee_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.2.0 +// - protoc v4.23.4 // source: api/v1beta1/tracee.proto package v1beta1 @@ -15,23 +15,15 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 - -const ( - TraceeService_GetEventDefinitions_FullMethodName = "/tracee.v1beta1.TraceeService/GetEventDefinitions" - TraceeService_StreamEvents_FullMethodName = "/tracee.v1beta1.TraceeService/StreamEvents" - TraceeService_EnableEvent_FullMethodName = "/tracee.v1beta1.TraceeService/EnableEvent" - TraceeService_DisableEvent_FullMethodName = "/tracee.v1beta1.TraceeService/DisableEvent" - TraceeService_GetVersion_FullMethodName = "/tracee.v1beta1.TraceeService/GetVersion" -) +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 // TraceeServiceClient is the client API for TraceeService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type TraceeServiceClient interface { GetEventDefinitions(ctx context.Context, in *GetEventDefinitionsRequest, opts ...grpc.CallOption) (*GetEventDefinitionsResponse, error) - StreamEvents(ctx context.Context, in *StreamEventsRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[StreamEventsResponse], error) + StreamEvents(ctx context.Context, in *StreamEventsRequest, opts ...grpc.CallOption) (TraceeService_StreamEventsClient, error) EnableEvent(ctx context.Context, in *EnableEventRequest, opts ...grpc.CallOption) (*EnableEventResponse, error) DisableEvent(ctx context.Context, in *DisableEventRequest, opts ...grpc.CallOption) (*DisableEventResponse, error) GetVersion(ctx context.Context, in *GetVersionRequest, opts ...grpc.CallOption) (*GetVersionResponse, error) @@ -46,22 +38,20 @@ func NewTraceeServiceClient(cc grpc.ClientConnInterface) TraceeServiceClient { } func (c *traceeServiceClient) GetEventDefinitions(ctx context.Context, in *GetEventDefinitionsRequest, opts ...grpc.CallOption) (*GetEventDefinitionsResponse, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetEventDefinitionsResponse) - err := c.cc.Invoke(ctx, TraceeService_GetEventDefinitions_FullMethodName, in, out, cOpts...) + err := c.cc.Invoke(ctx, "/tracee.v1beta1.TraceeService/GetEventDefinitions", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *traceeServiceClient) StreamEvents(ctx context.Context, in *StreamEventsRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[StreamEventsResponse], error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - stream, err := c.cc.NewStream(ctx, &TraceeService_ServiceDesc.Streams[0], TraceeService_StreamEvents_FullMethodName, cOpts...) +func (c *traceeServiceClient) StreamEvents(ctx context.Context, in *StreamEventsRequest, opts ...grpc.CallOption) (TraceeService_StreamEventsClient, error) { + stream, err := c.cc.NewStream(ctx, &TraceeService_ServiceDesc.Streams[0], "/tracee.v1beta1.TraceeService/StreamEvents", opts...) if err != nil { return nil, err } - x := &grpc.GenericClientStream[StreamEventsRequest, StreamEventsResponse]{ClientStream: stream} + x := &traceeServiceStreamEventsClient{stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -71,13 +61,26 @@ func (c *traceeServiceClient) StreamEvents(ctx context.Context, in *StreamEvents return x, nil } -// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type TraceeService_StreamEventsClient = grpc.ServerStreamingClient[StreamEventsResponse] +type TraceeService_StreamEventsClient interface { + Recv() (*StreamEventsResponse, error) + grpc.ClientStream +} + +type traceeServiceStreamEventsClient struct { + grpc.ClientStream +} + +func (x *traceeServiceStreamEventsClient) Recv() (*StreamEventsResponse, error) { + m := new(StreamEventsResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} func (c *traceeServiceClient) EnableEvent(ctx context.Context, in *EnableEventRequest, opts ...grpc.CallOption) (*EnableEventResponse, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(EnableEventResponse) - err := c.cc.Invoke(ctx, TraceeService_EnableEvent_FullMethodName, in, out, cOpts...) + err := c.cc.Invoke(ctx, "/tracee.v1beta1.TraceeService/EnableEvent", in, out, opts...) if err != nil { return nil, err } @@ -85,9 +88,8 @@ func (c *traceeServiceClient) EnableEvent(ctx context.Context, in *EnableEventRe } func (c *traceeServiceClient) DisableEvent(ctx context.Context, in *DisableEventRequest, opts ...grpc.CallOption) (*DisableEventResponse, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(DisableEventResponse) - err := c.cc.Invoke(ctx, TraceeService_DisableEvent_FullMethodName, in, out, cOpts...) + err := c.cc.Invoke(ctx, "/tracee.v1beta1.TraceeService/DisableEvent", in, out, opts...) if err != nil { return nil, err } @@ -95,9 +97,8 @@ func (c *traceeServiceClient) DisableEvent(ctx context.Context, in *DisableEvent } func (c *traceeServiceClient) GetVersion(ctx context.Context, in *GetVersionRequest, opts ...grpc.CallOption) (*GetVersionResponse, error) { - cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetVersionResponse) - err := c.cc.Invoke(ctx, TraceeService_GetVersion_FullMethodName, in, out, cOpts...) + err := c.cc.Invoke(ctx, "/tracee.v1beta1.TraceeService/GetVersion", in, out, opts...) if err != nil { return nil, err } @@ -106,27 +107,24 @@ func (c *traceeServiceClient) GetVersion(ctx context.Context, in *GetVersionRequ // TraceeServiceServer is the server API for TraceeService service. // All implementations must embed UnimplementedTraceeServiceServer -// for forward compatibility. +// for forward compatibility type TraceeServiceServer interface { GetEventDefinitions(context.Context, *GetEventDefinitionsRequest) (*GetEventDefinitionsResponse, error) - StreamEvents(*StreamEventsRequest, grpc.ServerStreamingServer[StreamEventsResponse]) error + StreamEvents(*StreamEventsRequest, TraceeService_StreamEventsServer) error EnableEvent(context.Context, *EnableEventRequest) (*EnableEventResponse, error) DisableEvent(context.Context, *DisableEventRequest) (*DisableEventResponse, error) GetVersion(context.Context, *GetVersionRequest) (*GetVersionResponse, error) mustEmbedUnimplementedTraceeServiceServer() } -// UnimplementedTraceeServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedTraceeServiceServer struct{} +// UnimplementedTraceeServiceServer must be embedded to have forward compatible implementations. +type UnimplementedTraceeServiceServer struct { +} func (UnimplementedTraceeServiceServer) GetEventDefinitions(context.Context, *GetEventDefinitionsRequest) (*GetEventDefinitionsResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetEventDefinitions not implemented") } -func (UnimplementedTraceeServiceServer) StreamEvents(*StreamEventsRequest, grpc.ServerStreamingServer[StreamEventsResponse]) error { +func (UnimplementedTraceeServiceServer) StreamEvents(*StreamEventsRequest, TraceeService_StreamEventsServer) error { return status.Errorf(codes.Unimplemented, "method StreamEvents not implemented") } func (UnimplementedTraceeServiceServer) EnableEvent(context.Context, *EnableEventRequest) (*EnableEventResponse, error) { @@ -139,7 +137,6 @@ func (UnimplementedTraceeServiceServer) GetVersion(context.Context, *GetVersionR return nil, status.Errorf(codes.Unimplemented, "method GetVersion not implemented") } func (UnimplementedTraceeServiceServer) mustEmbedUnimplementedTraceeServiceServer() {} -func (UnimplementedTraceeServiceServer) testEmbeddedByValue() {} // UnsafeTraceeServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to TraceeServiceServer will @@ -149,13 +146,6 @@ type UnsafeTraceeServiceServer interface { } func RegisterTraceeServiceServer(s grpc.ServiceRegistrar, srv TraceeServiceServer) { - // If the following call panics, it indicates UnimplementedTraceeServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&TraceeService_ServiceDesc, srv) } @@ -169,7 +159,7 @@ func _TraceeService_GetEventDefinitions_Handler(srv interface{}, ctx context.Con } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: TraceeService_GetEventDefinitions_FullMethodName, + FullMethod: "/tracee.v1beta1.TraceeService/GetEventDefinitions", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TraceeServiceServer).GetEventDefinitions(ctx, req.(*GetEventDefinitionsRequest)) @@ -182,11 +172,21 @@ func _TraceeService_StreamEvents_Handler(srv interface{}, stream grpc.ServerStre if err := stream.RecvMsg(m); err != nil { return err } - return srv.(TraceeServiceServer).StreamEvents(m, &grpc.GenericServerStream[StreamEventsRequest, StreamEventsResponse]{ServerStream: stream}) + return srv.(TraceeServiceServer).StreamEvents(m, &traceeServiceStreamEventsServer{stream}) +} + +type TraceeService_StreamEventsServer interface { + Send(*StreamEventsResponse) error + grpc.ServerStream +} + +type traceeServiceStreamEventsServer struct { + grpc.ServerStream } -// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. -type TraceeService_StreamEventsServer = grpc.ServerStreamingServer[StreamEventsResponse] +func (x *traceeServiceStreamEventsServer) Send(m *StreamEventsResponse) error { + return x.ServerStream.SendMsg(m) +} func _TraceeService_EnableEvent_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(EnableEventRequest) @@ -198,7 +198,7 @@ func _TraceeService_EnableEvent_Handler(srv interface{}, ctx context.Context, de } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: TraceeService_EnableEvent_FullMethodName, + FullMethod: "/tracee.v1beta1.TraceeService/EnableEvent", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TraceeServiceServer).EnableEvent(ctx, req.(*EnableEventRequest)) @@ -216,7 +216,7 @@ func _TraceeService_DisableEvent_Handler(srv interface{}, ctx context.Context, d } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: TraceeService_DisableEvent_FullMethodName, + FullMethod: "/tracee.v1beta1.TraceeService/DisableEvent", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TraceeServiceServer).DisableEvent(ctx, req.(*DisableEventRequest)) @@ -234,7 +234,7 @@ func _TraceeService_GetVersion_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: TraceeService_GetVersion_FullMethodName, + FullMethod: "/tracee.v1beta1.TraceeService/GetVersion", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(TraceeServiceServer).GetVersion(ctx, req.(*GetVersionRequest)) diff --git a/docs/docs/events/builtin/man/misc/io_issue_sqe.md b/docs/docs/events/builtin/man/misc/io_issue_sqe.md new file mode 100644 index 000000000000..7349115b27e4 --- /dev/null +++ b/docs/docs/events/builtin/man/misc/io_issue_sqe.md @@ -0,0 +1,78 @@ +--- +title: TRACEE-IO-ISSUE-SQE +section: 1 +header: Tracee Event Manual +--- + +## NAME + +**io_issue_sqe** - io_uring submission queue entry issuance monitoring + +## DESCRIPTION + +Triggered when an io_uring submission queue entry (SQE) is issued for processing by the kernel. This event captures the moment when io_uring requests are dispatched for execution, providing detailed information about the operation type, target file, and execution context. + +This event is crucial for understanding io_uring I/O patterns and tracking asynchronous operations as they transition from submission to execution. It captures the file being operated on, the operation type (read, write, fsync, etc.), and whether the operation is running in a dedicated kernel polling thread (SQPOLL mode) or an asynchronous worker context. + +## EVENT SETS + +**io_uring** + +## DATA FIELDS + +**path** (*string*) +: The path of the file being operated on + +**device** (*uint32*) +: The device identifier where the file resides + +**inode** (*uint64*) +: The inode number of the file on the device + +**opcode** (*uint8*) +: The io_uring operation code (IORING_OP_READ, IORING_OP_WRITE, IORING_OP_WRITEV, etc.) + +**user_data** (*uint64*) +: User-supplied data that will be echoed back in the completion event, used for tracking requests + +**flags** (*uint32*) +: Request flags (e.g., REQ_F_FIXED_FILE, REQ_F_LINK, REQ_F_CLEAR_POLLIN) + +**sq_thread** (*bool*) +: Whether the operation is being issued from a kernel submission queue polling thread (SQPOLL mode) + +**sq_thread_id** (*uint32*) +: Thread ID of the submitting thread (useful for correlating async operations with their origin) + +## DEPENDENCIES + +**Kernel Probe:** + +- io_uring_create (raw tracepoint, required): Required for capturing ring context +- io_issue_sqe (kprobe, required): Kernel function for issuing SQEs (kernels v5.5+) +- __io_submit_sqe (kprobe, fallback): Alternative probe for older kernels (v5.1-v5.4) + +**Kernel Version Requirements:** + +- Linux kernel 5.1+ for io_uring support +- io_issue_sqe function available in kernel 5.5+, fallback for 5.1-5.4 + +## USE CASES + +- **Performance monitoring**: Track io_uring operation dispatch patterns and latency + +- **Security monitoring**: Detect suspicious asynchronous I/O patterns or operations on sensitive files + +- **I/O pattern analysis**: Understand application I/O behavior through io_uring + +- **Debugging**: Correlate submission queue entries with their completion and file operations + +- **Audit logging**: Track all asynchronous file operations for compliance + +## RELATED EVENTS + +- **io_uring_create**: io_uring ring creation that enables these operations +- **io_write**: Actual write operations performed via io_uring +- **vfs_write**: Traditional synchronous write operations +- **security_file_open**: File open operations that may precede io_uring operations + diff --git a/docs/docs/events/builtin/man/misc/io_uring_create.md b/docs/docs/events/builtin/man/misc/io_uring_create.md new file mode 100644 index 000000000000..5448b8f08b03 --- /dev/null +++ b/docs/docs/events/builtin/man/misc/io_uring_create.md @@ -0,0 +1,67 @@ +--- +title: TRACEE-IO-URING-CREATE +section: 1 +header: Tracee Event Manual +--- + +## NAME + +**io_uring_create** - io_uring ring creation monitoring + +## DESCRIPTION + +Triggered when a new io_uring ring is created in the Linux kernel. io_uring is a high-performance asynchronous I/O interface introduced in Linux kernel 5.1 that enables applications to submit and complete I/O operations with minimal overhead. + +This event captures the creation of io_uring instances, including submission queue (SQ) and completion queue (CQ) sizes, configuration flags, and whether kernel-side polling (SQPOLL) is enabled. The event provides critical context for understanding how applications use io_uring for asynchronous operations. + +## EVENT SETS + +**io_uring** + +## DATA FIELDS + +**ctx** (*pointer*) +: Kernel pointer to the io_ring_ctx structure representing the ring context + +**sq_entries** (*uint32*) +: Number of submission queue entries allocated for the ring + +**cq_entries** (*uint32*) +: Number of completion queue entries allocated for the ring + +**flags** (*uint32*) +: Configuration flags used when creating the io_uring instance (e.g., IORING_SETUP_SQPOLL, IORING_SETUP_IOPOLL) + +**polling** (*bool*) +: Whether kernel-side polling thread (SQPOLL) is enabled for this ring + +## DEPENDENCIES + +**Kernel Probe:** + +- io_uring_create (raw tracepoint, required): Kernel tracepoint for io_uring ring creation (kernels v5.5+) +- io_sq_offload_start + io_sq_offload_start (kprobe + kretprobe, fallback): Alternative probes for older kernels (v5.1-v5.4) + +**Kernel Version Requirements:** + +- Linux kernel 5.1+ for io_uring support +- Tracepoint available in kernel 5.5+, fallback probes for 5.1-5.4 + +## USE CASES + +- **Performance monitoring**: Track io_uring usage patterns and ring configurations + +- **Security monitoring**: Detect suspicious io_uring usage that may indicate exploit attempts + +- **Application analysis**: Understand how applications configure io_uring for I/O operations + +- **Capacity planning**: Monitor io_uring resource allocation across the system + +- **Debugging**: Correlate io_uring ring creation with subsequent I/O operations + +## RELATED EVENTS + +- **io_issue_sqe**: io_uring submission queue entry issuance +- **io_write**: io_uring write operations +- **vfs_write**: Traditional VFS write operations for comparison + diff --git a/docs/docs/events/builtin/man/misc/io_write.md b/docs/docs/events/builtin/man/misc/io_write.md new file mode 100644 index 000000000000..b39ebe956e68 --- /dev/null +++ b/docs/docs/events/builtin/man/misc/io_write.md @@ -0,0 +1,79 @@ +--- +title: TRACEE-IO-WRITE +section: 1 +header: Tracee Event Manual +--- + +## NAME + +**io_write** - io_uring write operation monitoring + +## DESCRIPTION + +Triggered when a write operation is performed through the io_uring asynchronous I/O interface. This event captures write operations submitted via io_uring, providing detailed information about the file being written, the buffer location, write size, and position within the file. + +Unlike traditional synchronous writes (vfs_write), io_uring writes are performed asynchronously, often in kernel worker threads or dedicated polling threads. This event properly attributes the write to the original submitting process, even when the actual write is performed by an io_uring worker thread, making it valuable for security monitoring and performance analysis. + +## EVENT SETS + +**io_uring** + +## DATA FIELDS + +**path** (*string*) +: The path of the file being written to + +**pos** (*int64*) +: The file position offset where the write operation starts + +**buf** (*pointer*) +: Pointer to the user-space buffer containing data to be written + +**len** (*uint32*) +: The number of bytes to be written + +**worker_host_tid** (*uint32*) +: The thread ID of the original submitting thread (important for tracking async operations back to their origin) + +**device** (*uint32*) +: The device identifier where the file resides + +**inode** (*uint64*) +: The inode number of the file on the device + +## DEPENDENCIES + +**Kernel Probe:** + +- io_uring_create (raw tracepoint, required): Required for capturing ring context +- io_uring_queue_async_work (raw tracepoint, required): Required for tracking async worker context +- io_write (kprobe + kretprobe, required): Kernel function for io_uring write operations (kernels v5.5+) +- __io_submit_sqe (kprobe, fallback): Alternative probe for older kernels (v5.1-v5.4) + +**Kernel Version Requirements:** + +- Linux kernel 5.1+ for io_uring support +- io_write function available in kernel 5.5+, fallback for 5.1-5.4 + +## USE CASES + +- **Security monitoring**: Track file modifications performed through io_uring to detect suspicious write patterns + +- **Data integrity monitoring**: Monitor writes to sensitive files or directories + +- **Performance analysis**: Analyze io_uring write patterns and their efficiency + +- **Application behavior analysis**: Understand how applications use io_uring for asynchronous writes + +- **Compliance auditing**: Track all file modifications including those via io_uring + +- **Threat detection**: Detect malicious file writes that attempt to evade traditional monitoring + +## RELATED EVENTS + +- **io_uring_create**: io_uring ring creation that enables these operations +- **io_issue_sqe**: Submission queue entry issuance that initiates the write +- **vfs_write**: Traditional synchronous write operations +- **file_modification**: File modification detection events +- **security_file_open**: File open operations that may precede writes + diff --git a/docs/man/io_issue_sqe.1 b/docs/man/io_issue_sqe.1 new file mode 100644 index 000000000000..c208f6ba97b0 --- /dev/null +++ b/docs/man/io_issue_sqe.1 @@ -0,0 +1,94 @@ +.\" Automatically generated by Pandoc 3.2 +.\" +.TH "TRACEE\-IO\-ISSUE\-SQE" "1" "" "" "Tracee Event Manual" +.SS NAME +\f[B]io_issue_sqe\f[R] \- io_uring submission queue entry issuance +monitoring +.SS DESCRIPTION +Triggered when an io_uring submission queue entry (SQE) is issued for +processing by the kernel. +This event captures the moment when io_uring requests are dispatched for +execution, providing detailed information about the operation type, +target file, and execution context. +.PP +This event is crucial for understanding io_uring I/O patterns and +tracking asynchronous operations as they transition from submission to +execution. +It captures the file being operated on, the operation type (read, write, +fsync, etc.), and whether the operation is running in a dedicated kernel +polling thread (SQPOLL mode) or an asynchronous worker context. +.SS EVENT SETS +\f[B]io_uring\f[R] +.SS DATA FIELDS +.TP +\f[B]path\f[R] (\f[I]string\f[R]) +The path of the file being operated on +.TP +\f[B]device\f[R] (\f[I]uint32\f[R]) +The device identifier where the file resides +.TP +\f[B]inode\f[R] (\f[I]uint64\f[R]) +The inode number of the file on the device +.TP +\f[B]opcode\f[R] (\f[I]uint8\f[R]) +The io_uring operation code (IORING_OP_READ, IORING_OP_WRITE, +IORING_OP_WRITEV, etc.) +.TP +\f[B]user_data\f[R] (\f[I]uint64\f[R]) +User\-supplied data that will be echoed back in the completion event, +used for tracking requests +.TP +\f[B]flags\f[R] (\f[I]uint32\f[R]) +Request flags (e.g., REQ_F_FIXED_FILE, REQ_F_LINK, REQ_F_CLEAR_POLLIN) +.TP +\f[B]sq_thread\f[R] (\f[I]bool\f[R]) +Whether the operation is being issued from a kernel submission queue +polling thread (SQPOLL mode) +.TP +\f[B]sq_thread_id\f[R] (\f[I]uint32\f[R]) +Thread ID of the submitting thread (useful for correlating async +operations with their origin) +.SS DEPENDENCIES +\f[B]Kernel Probe:\f[R] +.IP \[bu] 2 +io_uring_create (raw tracepoint, required): Required for capturing ring +context +.IP \[bu] 2 +io_issue_sqe (kprobe, required): Kernel function for issuing SQEs +(kernels v5.5+) +.IP \[bu] 2 +__io_submit_sqe (kprobe, fallback): Alternative probe for older kernels +(v5.1\-v5.4) +.PP +\f[B]Kernel Version Requirements:\f[R] +.IP \[bu] 2 +Linux kernel 5.1+ for io_uring support +.IP \[bu] 2 +io_issue_sqe function available in kernel 5.5+, fallback for 5.1\-5.4 +.SS USE CASES +.IP \[bu] 2 +\f[B]Performance monitoring\f[R]: Track io_uring operation dispatch +patterns and latency +.IP \[bu] 2 +\f[B]Security monitoring\f[R]: Detect suspicious asynchronous I/O +patterns or operations on sensitive files +.IP \[bu] 2 +\f[B]I/O pattern analysis\f[R]: Understand application I/O behavior +through io_uring +.IP \[bu] 2 +\f[B]Debugging\f[R]: Correlate submission queue entries with their +completion and file operations +.IP \[bu] 2 +\f[B]Audit logging\f[R]: Track all asynchronous file operations for +compliance +.SS RELATED EVENTS +.IP \[bu] 2 +\f[B]io_uring_create\f[R]: io_uring ring creation that enables these +operations +.IP \[bu] 2 +\f[B]io_write\f[R]: Actual write operations performed via io_uring +.IP \[bu] 2 +\f[B]vfs_write\f[R]: Traditional synchronous write operations +.IP \[bu] 2 +\f[B]security_file_open\f[R]: File open operations that may precede +io_uring operations diff --git a/docs/man/io_uring_create.1 b/docs/man/io_uring_create.1 new file mode 100644 index 000000000000..2ee22168f6ac --- /dev/null +++ b/docs/man/io_uring_create.1 @@ -0,0 +1,73 @@ +.\" Automatically generated by Pandoc 3.2 +.\" +.TH "TRACEE\-IO\-URING\-CREATE" "1" "" "" "Tracee Event Manual" +.SS NAME +\f[B]io_uring_create\f[R] \- io_uring ring creation monitoring +.SS DESCRIPTION +Triggered when a new io_uring ring is created in the Linux kernel. +io_uring is a high\-performance asynchronous I/O interface introduced in +Linux kernel 5.1 that enables applications to submit and complete I/O +operations with minimal overhead. +.PP +This event captures the creation of io_uring instances, including +submission queue (SQ) and completion queue (CQ) sizes, configuration +flags, and whether kernel\-side polling (SQPOLL) is enabled. +The event provides critical context for understanding how applications +use io_uring for asynchronous operations. +.SS EVENT SETS +\f[B]io_uring\f[R] +.SS DATA FIELDS +.TP +\f[B]ctx\f[R] (\f[I]pointer\f[R]) +Kernel pointer to the io_ring_ctx structure representing the ring +context +.TP +\f[B]sq_entries\f[R] (\f[I]uint32\f[R]) +Number of submission queue entries allocated for the ring +.TP +\f[B]cq_entries\f[R] (\f[I]uint32\f[R]) +Number of completion queue entries allocated for the ring +.TP +\f[B]flags\f[R] (\f[I]uint32\f[R]) +Configuration flags used when creating the io_uring instance (e.g., +IORING_SETUP_SQPOLL, IORING_SETUP_IOPOLL) +.TP +\f[B]polling\f[R] (\f[I]bool\f[R]) +Whether kernel\-side polling thread (SQPOLL) is enabled for this ring +.SS DEPENDENCIES +\f[B]Kernel Probe:\f[R] +.IP \[bu] 2 +io_uring_create (raw tracepoint, required): Kernel tracepoint for +io_uring ring creation (kernels v5.5+) +.IP \[bu] 2 +io_sq_offload_start + io_sq_offload_start (kprobe + kretprobe, +fallback): Alternative probes for older kernels (v5.1\-v5.4) +.PP +\f[B]Kernel Version Requirements:\f[R] +.IP \[bu] 2 +Linux kernel 5.1+ for io_uring support +.IP \[bu] 2 +Tracepoint available in kernel 5.5+, fallback probes for 5.1\-5.4 +.SS USE CASES +.IP \[bu] 2 +\f[B]Performance monitoring\f[R]: Track io_uring usage patterns and ring +configurations +.IP \[bu] 2 +\f[B]Security monitoring\f[R]: Detect suspicious io_uring usage that may +indicate exploit attempts +.IP \[bu] 2 +\f[B]Application analysis\f[R]: Understand how applications configure +io_uring for I/O operations +.IP \[bu] 2 +\f[B]Capacity planning\f[R]: Monitor io_uring resource allocation across +the system +.IP \[bu] 2 +\f[B]Debugging\f[R]: Correlate io_uring ring creation with subsequent +I/O operations +.SS RELATED EVENTS +.IP \[bu] 2 +\f[B]io_issue_sqe\f[R]: io_uring submission queue entry issuance +.IP \[bu] 2 +\f[B]io_write\f[R]: io_uring write operations +.IP \[bu] 2 +\f[B]vfs_write\f[R]: Traditional VFS write operations for comparison diff --git a/docs/man/io_write.1 b/docs/man/io_write.1 new file mode 100644 index 000000000000..762bfb5267d1 --- /dev/null +++ b/docs/man/io_write.1 @@ -0,0 +1,97 @@ +.\" Automatically generated by Pandoc 3.2 +.\" +.TH "TRACEE\-IO\-WRITE" "1" "" "" "Tracee Event Manual" +.SS NAME +\f[B]io_write\f[R] \- io_uring write operation monitoring +.SS DESCRIPTION +Triggered when a write operation is performed through the io_uring +asynchronous I/O interface. +This event captures write operations submitted via io_uring, providing +detailed information about the file being written, the buffer location, +write size, and position within the file. +.PP +Unlike traditional synchronous writes (vfs_write), io_uring writes are +performed asynchronously, often in kernel worker threads or dedicated +polling threads. +This event properly attributes the write to the original submitting +process, even when the actual write is performed by an io_uring worker +thread, making it valuable for security monitoring and performance +analysis. +.SS EVENT SETS +\f[B]io_uring\f[R] +.SS DATA FIELDS +.TP +\f[B]path\f[R] (\f[I]string\f[R]) +The path of the file being written to +.TP +\f[B]pos\f[R] (\f[I]int64\f[R]) +The file position offset where the write operation starts +.TP +\f[B]buf\f[R] (\f[I]pointer\f[R]) +Pointer to the user\-space buffer containing data to be written +.TP +\f[B]len\f[R] (\f[I]uint32\f[R]) +The number of bytes to be written +.TP +\f[B]worker_host_tid\f[R] (\f[I]uint32\f[R]) +The thread ID of the original submitting thread (important for tracking +async operations back to their origin) +.TP +\f[B]device\f[R] (\f[I]uint32\f[R]) +The device identifier where the file resides +.TP +\f[B]inode\f[R] (\f[I]uint64\f[R]) +The inode number of the file on the device +.SS DEPENDENCIES +\f[B]Kernel Probe:\f[R] +.IP \[bu] 2 +io_uring_create (raw tracepoint, required): Required for capturing ring +context +.IP \[bu] 2 +io_uring_queue_async_work (raw tracepoint, required): Required for +tracking async worker context +.IP \[bu] 2 +io_write (kprobe + kretprobe, required): Kernel function for io_uring +write operations (kernels v5.5+) +.IP \[bu] 2 +__io_submit_sqe (kprobe, fallback): Alternative probe for older kernels +(v5.1\-v5.4) +.PP +\f[B]Kernel Version Requirements:\f[R] +.IP \[bu] 2 +Linux kernel 5.1+ for io_uring support +.IP \[bu] 2 +io_write function available in kernel 5.5+, fallback for 5.1\-5.4 +.SS USE CASES +.IP \[bu] 2 +\f[B]Security monitoring\f[R]: Track file modifications performed +through io_uring to detect suspicious write patterns +.IP \[bu] 2 +\f[B]Data integrity monitoring\f[R]: Monitor writes to sensitive files +or directories +.IP \[bu] 2 +\f[B]Performance analysis\f[R]: Analyze io_uring write patterns and +their efficiency +.IP \[bu] 2 +\f[B]Application behavior analysis\f[R]: Understand how applications use +io_uring for asynchronous writes +.IP \[bu] 2 +\f[B]Compliance auditing\f[R]: Track all file modifications including +those via io_uring +.IP \[bu] 2 +\f[B]Threat detection\f[R]: Detect malicious file writes that attempt to +evade traditional monitoring +.SS RELATED EVENTS +.IP \[bu] 2 +\f[B]io_uring_create\f[R]: io_uring ring creation that enables these +operations +.IP \[bu] 2 +\f[B]io_issue_sqe\f[R]: Submission queue entry issuance that initiates +the write +.IP \[bu] 2 +\f[B]vfs_write\f[R]: Traditional synchronous write operations +.IP \[bu] 2 +\f[B]file_modification\f[R]: File modification detection events +.IP \[bu] 2 +\f[B]security_file_open\f[R]: File open operations that may precede +writes diff --git a/go.mod b/go.mod index 72e293305c52..9899fcce9800 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( k8s.io/apimachinery v0.32.4 k8s.io/client-go v0.32.1 k8s.io/cri-api v0.32.3 - kernel.org/pub/linux/libs/security/libcap/cap v1.2.76 + kernel.org/pub/linux/libs/security/libcap/cap v1.2.77 sigs.k8s.io/controller-runtime v0.20.4 ) @@ -169,9 +169,11 @@ require ( golang.org/x/sync v0.18.0 // indirect golang.org/x/text v0.31.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - kernel.org/pub/linux/libs/security/libcap/psx v1.2.76 // indirect + kernel.org/pub/linux/libs/security/libcap/psx v1.2.77 // indirect ) replace github.com/aquasecurity/tracee/api => ./api replace github.com/aquasecurity/tracee/common => ./common + +replace github.com/aquasecurity/libbpfgo => github.com/NDStrahilevitz/libbpfgo v0.2.4-libbpf-0.6.1.0.20251127121551-e33f78b201b9 diff --git a/go.sum b/go.sum index d40095c8744c..1d4c43a39faf 100644 --- a/go.sum +++ b/go.sum @@ -401,10 +401,10 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.12.3 h1:LS9NXqXhMoqNCplK1ApmVSfB4UnVLRDWRapB6EIlxE0= github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ= +github.com/NDStrahilevitz/libbpfgo v0.2.4-libbpf-0.6.1.0.20251127121551-e33f78b201b9 h1:4VIc2K9O4xP1TbvMdGU8QXCFy2IddeC9KbqUiOGKKtk= +github.com/NDStrahilevitz/libbpfgo v0.2.4-libbpf-0.6.1.0.20251127121551-e33f78b201b9/go.mod h1:d27C/wO3WmTODHjsfeJARkfM/+yVILRodS6zkRu0YKA= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1.0.20250826165200-6296a7fa0a45 h1:AjGH0Y/gMhFu73Jr37RoBsIAPiaT8Ufm6LptyEiX6rw= -github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1.0.20250826165200-6296a7fa0a45/go.mod h1:mKk/RxlMO0K2HqA4dGLBdfUsvwLYtNhPanHXFPYbw38= github.com/aquasecurity/tracee/types v0.0.0-20251124133010-e9e27afbf5b3 h1:7voC+8MZ3R3/yYBrGsQ/n4dU9yIh4ukqvyTb8MHaNA4= github.com/aquasecurity/tracee/types v0.0.0-20251124133010-e9e27afbf5b3/go.mod h1:xz2jCxstNfq/ETX4bc1AO/vT3lnIv3LFTUGLTNHVrhM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -1401,10 +1401,10 @@ k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJ k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -kernel.org/pub/linux/libs/security/libcap/cap v1.2.76 h1:mrdLPj8ujM6eIKGtd1PkkuCIodpFFDM42Cfm0YODkIM= -kernel.org/pub/linux/libs/security/libcap/cap v1.2.76/go.mod h1:7V2BQeHnVAQwhCnCPJ977giCeGDiywVewWF+8vkpPlc= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.76 h1:3DyzQ30OHt3wiOZVL1se2g1PAPJIU7+tMUyvfMUj1dY= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.76/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= +kernel.org/pub/linux/libs/security/libcap/cap v1.2.77 h1:iQtQTjFUOcTT19fI8sTCzYXsjeVs56et3D8AbKS2Uks= +kernel.org/pub/linux/libs/security/libcap/cap v1.2.77/go.mod h1:oV+IO8kGh0B7TxErbydDe2+BRmi9g/W0CkpVV+QBTJU= +kernel.org/pub/linux/libs/security/libcap/psx v1.2.77 h1:Z06sMOzc0GNCwp6efaVrIrz4ywGJ1v+DP0pjVkOfDuA= +kernel.org/pub/linux/libs/security/libcap/psx v1.2.77/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/pkg/ebpf/c/common/context.h b/pkg/ebpf/c/common/context.h index 3bbba512165a..df60388ae35a 100644 --- a/pkg/ebpf/c/common/context.h +++ b/pkg/ebpf/c/common/context.h @@ -11,6 +11,7 @@ // PROTOTYPES statfunc int init_task_context(task_context_t *, struct task_struct *, u32); +statfunc int init_event_context(event_context_t *, struct task_struct *, u32); statfunc void init_proc_info_scratch(u32, scratch_t *); statfunc proc_info_t *init_proc_info(u32, u32); statfunc void init_task_info_scratch(u32, scratch_t *); @@ -69,6 +70,23 @@ statfunc int init_task_context(task_context_t *tsk_ctx, struct task_struct *task return 0; } +statfunc int init_event_context(event_context_t *event_ctx, struct task_struct *task, u32 event_id) +{ + __builtin_memset(&event_ctx->task, 0, sizeof(event_ctx->task)); + + // get the minimal context required at this stage + // any other context will be initialized only if event is submitted + u64 id = bpf_get_current_pid_tgid(); + event_ctx->task.host_tid = id; + event_ctx->task.host_pid = id >> 32; + event_ctx->eventid = event_id; + event_ctx->ts = get_current_time_in_ns(); + event_ctx->processor_id = (u16) bpf_get_smp_processor_id(); + event_ctx->syscall = get_current_task_syscall_id(); + + return 0; +} + statfunc void init_proc_info_scratch(u32 pid, scratch_t *scratch) { __builtin_memset(&scratch->proc_info, 0, sizeof(proc_info_t)); @@ -133,19 +151,13 @@ statfunc int init_program_data(program_data_t *p, void *ctx, u32 event_id) reset_event_args_buf(p->event); - p->event->task = (struct task_struct *) bpf_get_current_task(); + struct task_struct *current_task_struct = (struct task_struct *) bpf_get_current_task(); + p->event->task = current_task_struct; - __builtin_memset(&p->event->context.task, 0, sizeof(p->event->context.task)); - - // get the minimal context required at this stage - // any other context will be initialized only if event is submitted - u64 id = bpf_get_current_pid_tgid(); - p->event->context.task.host_tid = id; - p->event->context.task.host_pid = id >> 32; - p->event->context.eventid = event_id; - p->event->context.ts = get_current_time_in_ns(); - p->event->context.processor_id = (u16) bpf_get_smp_processor_id(); - p->event->context.syscall = get_current_task_syscall_id(); + init_event_context(&p->event->context, current_task_struct, event_id); + if (event_id == IO_WRITE) { + bpf_printk("io_write: init_event_context; eventid: %d\n", p->event->context.eventid); + } u32 host_pid = p->event->context.task.host_pid; p->proc_info = bpf_map_lookup_elem(&proc_info_map, &host_pid); diff --git a/pkg/ebpf/c/common/filtering.h b/pkg/ebpf/c/common/filtering.h index 740be8530755..a624e4d942f0 100644 --- a/pkg/ebpf/c/common/filtering.h +++ b/pkg/ebpf/c/common/filtering.h @@ -457,6 +457,11 @@ statfunc u64 match_data_filters(program_data_t *p, u8 index) statfunc bool evaluate_scope_filters(program_data_t *p) { u64 matched_policies = match_scope_filters(p); + if (p->event->context.eventid == IO_WRITE) { + bpf_printk("io_write: matched_policies: %llu\n", matched_policies); + bpf_printk("io_write: p->event->context.matched_policies: %llu\n", + p->event->context.matched_policies); + } p->event->context.matched_policies &= matched_policies; return p->event->context.matched_policies != 0; } diff --git a/pkg/ebpf/c/maps.h b/pkg/ebpf/c/maps.h index 63866970851c..8f40ec946c76 100644 --- a/pkg/ebpf/c/maps.h +++ b/pkg/ebpf/c/maps.h @@ -395,6 +395,32 @@ struct elf_files_map { typedef struct elf_files_map elf_files_map_t; +// +// io_uring context maps +// io_uring operations happen in the context of kernel threads, not user threads +// so we need to store the originating userspace task context for each io_uring operation +// + +// store real contexts of io_uring polling operations +struct io_uring_poll_context_map { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __uint(max_entries, 1024); + __type(key, u32); + __type(value, event_context_t); +} io_uring_poll_context_map SEC(".maps"); + +typedef struct io_uring_poll_context_map io_uring_poll_context_map_t; + +// store real contexts of io_uring worker operations +struct io_uring_worker_context_map { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __uint(max_entries, 1024); + __type(key, u32); + __type(value, event_context_t); +} io_uring_worker_context_map SEC(".maps"); + +typedef struct io_uring_worker_context_map io_uring_worker_context_map_t; + // // versioned maps (map of maps) // diff --git a/pkg/ebpf/c/tracee.bpf.c b/pkg/ebpf/c/tracee.bpf.c index e511ef608c5f..56e5727e3e15 100644 --- a/pkg/ebpf/c/tracee.bpf.c +++ b/pkg/ebpf/c/tracee.bpf.c @@ -3482,6 +3482,79 @@ statfunc int do_vfs_write_magic_return(struct pt_regs *ctx, bool is_buf) return events_perf_submit(&p, bytes_written); } +statfunc int do_io_write_enter(struct pt_regs *ctx, u32 event_id) +{ + args_t args = {}; + args.args[0] = PT_REGS_PARM1(ctx); + args.args[1] = PT_REGS_PARM2(ctx); + args.args[2] = PT_REGS_PARM3(ctx); + args.args[3] = PT_REGS_PARM4(ctx); + args.args[4] = PT_REGS_PARM5(ctx); + args.args[5] = PT_REGS_PARM6(ctx); + + return save_args(&args, event_id); +} + +statfunc int do_io_write_magic_return(struct pt_regs *ctx) +{ + // WIP? + args_t saved_args; + if (load_args(&saved_args, MAGIC_WRITE) != 0) { + // missed entry or not traced + return 0; + } + del_args(MAGIC_WRITE); + + program_data_t p = {}; + if (!init_program_data(&p, ctx, MAGIC_WRITE)) + return 0; + + if (!evaluate_scope_filters(&p)) + return 0; + + loff_t start_pos; + io_data_t io_data; + file_info_t file_info; + + struct file *file = (struct file *) saved_args.args[0]; + file_info.pathname_p = get_path_str_cached(file); + + io_data.is_buf = false; // io_write is not a buffer + io_data.ptr = (void *) saved_args.args[1]; + io_data.len = (unsigned long) saved_args.args[2]; + loff_t *pos = (loff_t *) saved_args.args[3]; + + // Extract device id, inode number, and pos (offset) + file_info.id.device = get_dev_from_file(file); + file_info.id.inode = get_inode_nr_from_file(file); + bpf_probe_read(&start_pos, sizeof(off_t), pos); + + bool char_dev = (start_pos == 0); + u32 io_bytes_amount = PT_REGS_RC(ctx); + + // Calculate write start offset + if (start_pos != 0) + start_pos -= io_bytes_amount; + + u32 header_bytes = FILE_MAGIC_HDR_SIZE; + if (header_bytes > io_bytes_amount) + header_bytes = io_bytes_amount; + + u8 header[FILE_MAGIC_HDR_SIZE]; + __builtin_memset(&header, 0, sizeof(header)); + + save_str_to_buf(&(p.event->args_buf), file_info.pathname_p, 0); + + fill_file_header(header, io_data); + + save_bytes_to_buf(&(p.event->args_buf), header, header_bytes, 1); + save_to_submit_buf(&(p.event->args_buf), &file_info.id.device, sizeof(dev_t), 2); + save_to_submit_buf(&(p.event->args_buf), &file_info.id.inode, sizeof(unsigned long), 3); + + // Submit magic_write event + return events_perf_submit(&p, io_bytes_amount); +} + SEC("kprobe/vfs_write") int BPF_KPROBE(vfs_write_magic_enter) { @@ -3500,6 +3573,12 @@ int BPF_KPROBE(kernel_write_magic_enter) return do_vfs_write_magic_enter(ctx); } +SEC("kprobe/io_write") +int BPF_KPROBE(io_write_magic_enter) +{ + return do_io_write_enter(ctx, MAGIC_WRITE); +} + SEC("kretprobe/vfs_write") int BPF_KPROBE(vfs_write_magic_return) { @@ -3518,6 +3597,567 @@ int BPF_KPROBE(kernel_write_magic_return) return do_vfs_write_magic_return(ctx, true); } +SEC("kretprobe/io_write") +int BPF_KPROBE(io_write_magic_return) +{ + return do_io_write_magic_return(ctx); +} + +statfunc int common_submit_io_write(program_data_t *p, + struct io_kiocb *req, + struct kiocb *kiocb, + u32 host_tid, + void *buf, + u32 len, + int ret) +{ + bpf_printk( + "=== common_submit_io_write: CALLED host_tid=%d len=%d ret=%d ===\n", host_tid, len, ret); + // get write position + // (reusing io_kiocb struct flavors to get the correct data for the current kernel version) + loff_t ki_pos = kiocb->ki_pos; + u32 bytes_done = 0; + if (bpf_core_field_exists(req->cqe)) { // Version >= v5.19 + struct io_cqe cqe = BPF_CORE_READ(req, cqe); + bytes_done = cqe.res; + } else { // Version >= v5.10 + struct io_kiocb___older_v6 *req_55 = (void *) req; + if (bpf_core_field_exists(req_55->result)) { // Version >= v5.3 + bytes_done = BPF_CORE_READ(req_55, result); + } else { // Version >= v5.1 + bytes_done = BPF_CORE_READ(req_55, error); + } + } + loff_t pos = ki_pos - bytes_done; + + // get file info + struct file *file = kiocb->ki_filp; + file_info_t file_info = get_file_info(file); + + save_str_to_buf(&p->event->args_buf, file_info.pathname_p, 0); + save_to_submit_buf(&p->event->args_buf, &pos, sizeof(loff_t), 1); + save_to_submit_buf(&p->event->args_buf, &buf, sizeof(void *), 2); + save_to_submit_buf(&p->event->args_buf, &len, sizeof(u32), 3); + save_to_submit_buf(&p->event->args_buf, &host_tid, sizeof(u32), 4); + save_to_submit_buf(&p->event->args_buf, &file_info.id.device, sizeof(dev_t), 5); + save_to_submit_buf(&p->event->args_buf, &file_info.id.inode, sizeof(unsigned long), 6); + + bpf_printk("=== common_submit_io_write: calling events_perf_submit ===\n"); + int submit_ret = events_perf_submit(p, 0); + bpf_printk("=== common_submit_io_write: events_perf_submit ret=%d ===\n", submit_ret); + return submit_ret; +} + +SEC("kprobe/io_write") +int BPF_KPROBE(trace_io_write) +{ + return do_io_write_enter(ctx, IO_WRITE); +} + +SEC("kretprobe/io_write") +int BPF_KPROBE(trace_ret_io_write) +{ + args_t saved_args; + if (load_args(&saved_args, IO_WRITE) != 0) { + // missed entry or not traced + return 0; + } + + // short circuit - write operation wasn't successful + int ret = PT_REGS_RC(ctx); + if (ret < 0) { + del_args(IO_WRITE); + return 0; + } + bpf_printk("io_write ret: %d\n", ret); + + program_data_t p = {}; + if (!init_program_data(&p, ctx, IO_WRITE)) { + del_args(IO_WRITE); + return 0; + } + bpf_printk("io_write: init_program_data success\n"); + + // get real task info from io_uring_worker_context_map before evaluating scope filters + struct io_kiocb *req = (struct io_kiocb *) saved_args.args[0]; + event_context_t *real_ctx = bpf_map_lookup_elem(&io_uring_worker_context_map, &req); + if (real_ctx != NULL) { + // copy task context fields explicitly as to not overwrite other fields + // EXCLUDE eventid, matched_policies, and policies_version + p.event->context.processor_id = real_ctx->processor_id; + p.event->context.syscall = real_ctx->syscall; + p.event->context.retval = real_ctx->retval; + p.event->context.stack_id = real_ctx->stack_id; + p.event->context.task = real_ctx->task; + p.event->context.ts = real_ctx->ts; + + bpf_map_delete_elem(&io_uring_worker_context_map, &req); + } + + bpf_printk("io_write: get real task info success; eventid: %d\n", p.event->context.eventid); + + // now we can evaluate scope filters + if (!evaluate_scope_filters(&p)) { + del_args(IO_WRITE); + return 0; + } + + bpf_printk("io_write: evaluate scope filters success\n"); + // get write info from req + struct io_rw *rw = NULL; + struct kiocb kiocb; + u64 addr; + void *buf; + u32 len; + if (bpf_core_field_exists(req->cmd)) { // Version >= v6 + struct io_cmd_data io_cmd = BPF_CORE_READ(req, cmd); + rw = (struct io_rw *) &io_cmd; + kiocb = BPF_CORE_READ(rw, kiocb); + + addr = BPF_CORE_READ(rw, addr); + buf = (void *) addr; + len = BPF_CORE_READ(rw, len); + } else { + struct io_kiocb___older_v6 *req_55 = (void *) req; + if (bpf_core_field_exists(req_55->connect)) { // Version >= v5.5 + rw = &req_55->rw; + kiocb = BPF_CORE_READ(rw, kiocb); + + addr = BPF_CORE_READ(rw, addr); + buf = (void *) addr; + len = BPF_CORE_READ(rw, len); + } else { // Version >= v5.1 + struct io_kiocb___older_v55 *req_51 = (void *) req_55; + kiocb = BPF_CORE_READ(req_51, rw); + struct sqe_submit submit = BPF_CORE_READ(req_51, submit); + const struct io_uring_sqe *sqe = submit.sqe; + + addr = BPF_CORE_READ(sqe, addr); + buf = (void *) addr; + len = BPF_CORE_READ(sqe, len); + } + } + + // TODO: Need to understand how io submits work now. + u32 host_tid = p.task_info->context.host_tid; + int submit = common_submit_io_write(&p, req, &kiocb, host_tid, buf, len, ret); + if (submit != 0) { + bpf_printk("io_write: common_submit_io_write failed\n"); + del_args(IO_WRITE); + return submit; + } + + // TODO: don't del if passing to send_bin + del_args(IO_WRITE); + // return do_file_io_operation(ctx, IO_WRITE, TAIL_IO_WRITE, false, false); + + return 0; +} + +SEC("kprobe/__io_submit_sqe") +int BPF_KPROBE(trace__io_submit_sqe_io_write) +{ + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write START (kernel 5.1-5.4) ===\n"); + program_data_t p = {}; + if (!init_program_data(&p, ctx, IO_WRITE)) { + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write init_program_data failed ===\n"); + return 0; + } + + struct io_kiocb___older_v55 *req = (struct io_kiocb___older_v55 *) PT_REGS_PARM2(ctx); + + if (!bpf_core_field_exists(req->submit)) { // Version >= v5.5 + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write req->submit NOT exists (v5.5+), " + "skipping ===\n"); + // this case handled by the tracepoints io_issue_sqe probe and io_write probe + return 0; + } + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write req->submit exists (v5.1-5.4) ===\n"); + + // get real task info from uring_worker_ctx_map + event_context_t *real_ctx = bpf_map_lookup_elem(&io_uring_worker_context_map, &req); + if (real_ctx != NULL) { + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write found real_ctx in map ===\n"); + p.event->context = *real_ctx; + } else { + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write real_ctx NOT in map ===\n"); + } + + // now we can evaluate scope filters + if (!evaluate_scope_filters(&p)) { + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write scope filter FAILED ===\n"); + return 0; + } + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write scope filter PASSED ===\n"); + + u32 host_tid = p.task_info->context.host_tid; + struct sqe_submit submit = BPF_CORE_READ(req, submit); + + // get write info from req + struct kiocb kiocb = BPF_CORE_READ(req, rw); + const struct io_uring_sqe *sqe = submit.sqe; + u64 addr = BPF_CORE_READ(sqe, addr); + void *buf = (void *) addr; + u32 len = BPF_CORE_READ(sqe, len); + + // submit io_write + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write calling common_submit_io_write ===\n"); + int ret = common_submit_io_write(&p, (struct io_kiocb *) req, &kiocb, host_tid, buf, len, 0); + bpf_printk("=== FALLBACK: trace__io_submit_sqe_io_write common_submit_io_write ret=%d ===\n", + ret); + + return ret; +} + +SEC("kretprobe/io_write_tail") +int BPF_KPROBE(trace_ret_io_write_tail) +{ + return capture_file_write(ctx, IO_WRITE, false); +} + +statfunc int common_io_uring_create( + program_data_t *p, struct io_ring_ctx *io_uring_ctx, u32 sq_entries, u32 cq_entries, u32 flags) +{ + bpf_printk("=== common_io_uring_create: CALLED sq_entries=%d cq_entries=%d flags=%d ===\n", + sq_entries, + cq_entries, + flags); + // getting the task_struct of the kernel thread if polling is used on this ring. + struct task_struct *thread = NULL; + if (!bpf_core_field_exists(io_uring_ctx->sq_data)) { // Version <= v5.9 + struct io_ring_ctx___older_v59 *io_uring_ctx_51 = (void *) io_uring_ctx; + thread = BPF_CORE_READ(io_uring_ctx_51, sqo_thread); + } else { + struct io_sq_data *sq_data = BPF_CORE_READ(io_uring_ctx, sq_data); + if (sq_data != NULL) { + thread = BPF_CORE_READ(sq_data, thread); + } + } + + // update uring_poll_ctx_map with real task info + bool polling = false; + u32 host_tid = p->task_info->context.host_tid; + if (thread != NULL) { + polling = true; + host_tid = BPF_CORE_READ(thread, pid); + } + bpf_map_update_elem(&io_uring_poll_context_map, &host_tid, &p->event->context, BPF_ANY); + + save_to_submit_buf(&p->event->args_buf, &io_uring_ctx, sizeof(struct io_ring_ctx *), 0); + save_to_submit_buf(&p->event->args_buf, &sq_entries, sizeof(u32), 1); + save_to_submit_buf(&p->event->args_buf, &cq_entries, sizeof(u32), 2); + save_to_submit_buf(&p->event->args_buf, &flags, sizeof(u32), 3); + save_to_submit_buf(&p->event->args_buf, &polling, sizeof(bool), 4); + + return events_perf_submit(p, IO_URING_CREATE); +} + +SEC("raw_tracepoint/io_uring_create") +int tracepoint__io_uring__io_uring_create(struct bpf_raw_tracepoint_args *ctx) +{ + bpf_printk("tracepoint__io_uring__io_uring_create: start\n"); + program_data_t p = {}; + if (!init_program_data(&p, ctx, IO_URING_CREATE)) + return 0; + + if (!evaluate_scope_filters(&p)) + return 0; + + // this tracepoint was introduced in kernel v5.5. + // for older kernels, we use the io_sq_offload_start probe. + + struct io_ring_ctx *io_uring_ctx = (struct io_ring_ctx *) ctx->args[1]; + u32 sq_entries = ctx->args[2]; + u32 cq_entries = ctx->args[3]; + u32 flags = ctx->args[4]; + + return common_io_uring_create(&p, io_uring_ctx, sq_entries, cq_entries, flags); +} + +// Fallback probes for kernels 5.1-5.4 that don't have io_uring_create tracepoint +// Hook __x64_sys_io_uring_setup syscall which wraps io_uring_create +SEC("kprobe/__x64_sys_io_uring_setup") +int trace_io_uring_setup(struct pt_regs *ctx) +{ + bpf_printk("=== FALLBACK SYSCALL: trace_io_uring_setup ENTRY (kernel 5.1-5.4) ===\n"); + args_t args = {}; + args.args[0] = PT_REGS_PARM1(ctx); // u32 entries + args.args[1] = PT_REGS_PARM2(ctx); // struct io_uring_params *params + + int ret = save_args(&args, IO_URING_CREATE); + bpf_printk("=== FALLBACK SYSCALL: trace_io_uring_setup saved args, ret=%d ===\n", ret); + return ret; +} + +SEC("kretprobe/__x64_sys_io_uring_setup") +int BPF_KPROBE(trace_ret_io_uring_setup) +{ + bpf_printk("=== FALLBACK SYSCALL: trace_ret_io_uring_setup RETURN (kernel 5.1-5.4) ===\n"); + args_t saved_args; + if (load_args(&saved_args, IO_URING_CREATE) != 0) { + bpf_printk("=== FALLBACK SYSCALL: trace_ret_io_uring_setup failed to load args ===\n"); + // missed entry or not traced + return 0; + } + del_args(IO_URING_CREATE); + bpf_printk("=== FALLBACK SYSCALL: trace_ret_io_uring_setup loaded args successfully ===\n"); + + program_data_t p = {}; + if (!init_program_data(&p, ctx, IO_URING_CREATE)) + return 0; + + if (!evaluate_scope_filters(&p)) + return 0; + + // io_uring_setup returns a file descriptor on success, negative on error + int ret = PT_REGS_RC(ctx); + if (ret < 0) { + bpf_printk("=== FALLBACK SYSCALL: io_uring_setup failed with ret=%d ===\n", ret); + return 0; + } + + // io_uring_setup(u32 entries, struct io_uring_params *params) + // The function internally calls io_uring_create which creates the ctx + // We get the return value (struct io_ring_ctx *) from PT_REGS_RC for internal function + // But for io_uring_setup, it returns fd, and ctx is internal + // So we read params that was passed in + u32 entries = saved_args.args[0]; + struct io_uring_params *params = (struct io_uring_params *) saved_args.args[1]; + + if (params == NULL) { + bpf_printk("=== FALLBACK SYSCALL: params is NULL ===\n"); + return 0; + } + + u32 sq_entries = BPF_CORE_READ(params, sq_entries); + u32 cq_entries = BPF_CORE_READ(params, cq_entries); + // io_ring_ctx is not accessible from io_uring_setup return, so flags will be 0 + u32 flags = 0; + + // io_ring_ctx is created internally and not returned, so we pass NULL + struct io_ring_ctx *io_uring_ctx = NULL; + + bpf_printk("=== FALLBACK SYSCALL: calling common_io_uring_create sq=%d cq=%d ===\n", + sq_entries, + cq_entries); + int result = common_io_uring_create(&p, io_uring_ctx, sq_entries, cq_entries, flags); + bpf_printk("=== FALLBACK SYSCALL: common_io_uring_create ret=%d ===\n", result); + + return result; +} + +statfunc int +common_submit_io_issue_sqe(program_data_t *p, struct io_kiocb *req, u8 opcode, u64 *user_data) +{ + u32 flags = BPF_CORE_READ(req, flags); + struct io_ring_ctx *uring_ctx = BPF_CORE_READ(req, ctx); + u32 ctx_flags = BPF_CORE_READ(uring_ctx, flags); + bool sq_thread = ctx_flags & IORING_SETUP_SQPOLL; + struct file *file = BPF_CORE_READ(req, file); + if (file == NULL) { + // file is null in first invocation of io_issue_sqe. + // in the second invocation, file is valid, but context is of async worker. + // we take care of the context below. + return 0; + } + file_info_t file_info = get_file_info(file); + + u32 host_tid = p->task_info->context.host_tid; + + // submit event + save_str_to_buf(&p->event->args_buf, file_info.pathname_p, 0); + save_to_submit_buf(&p->event->args_buf, &file_info.id.device, sizeof(dev_t), 1); + save_to_submit_buf(&p->event->args_buf, &file_info.id.inode, sizeof(unsigned long), 2); + save_to_submit_buf(&p->event->args_buf, &opcode, sizeof(u8), 3); + save_to_submit_buf(&p->event->args_buf, user_data, sizeof(u64), 4); + save_to_submit_buf(&p->event->args_buf, &flags, sizeof(u32), 5); + save_to_submit_buf(&p->event->args_buf, &sq_thread, sizeof(bool), 6); + save_to_submit_buf(&p->event->args_buf, &host_tid, sizeof(u32), 7); + + return events_perf_submit(p, IO_ISSUE_SQE); +} + +SEC("kprobe/io_issue_sqe") +int BPF_KPROBE(trace_io_issue_sqe) +{ + struct io_kiocb___io_issue_sqe *req = (struct io_kiocb___io_issue_sqe *) PT_REGS_PARM1(ctx); + + // Only proceed if we have the modern io_kiocb structure (kernel 5.5+) + // This needs to check for a field that DOESN'T exist in the flavor struct + struct io_kiocb___older_v55 *req_old = (struct io_kiocb___older_v55 *) req; + if (bpf_core_field_exists(req_old->submit)) { + // Kernel 5.1-5.4: submit field exists, use the old probe instead + return 0; + } + + program_data_t p = {}; + if (!init_program_data(&p, ctx, IO_ISSUE_SQE)) + return 0; + + if (!evaluate_scope_filters(&p)) + return 0; + + // get real task info from io_uring_worker_context_map + event_context_t *real_ctx = bpf_map_lookup_elem(&io_uring_worker_context_map, &req); + if (real_ctx != NULL) { + p.event->context.processor_id = real_ctx->processor_id; + p.event->context.syscall = real_ctx->syscall; + p.event->context.retval = real_ctx->retval; + p.event->context.stack_id = real_ctx->stack_id; + p.event->context.task = real_ctx->task; + p.event->context.ts = real_ctx->ts; + // Explicitly exclude: eventid, matched_policies, policies_version + } + + // v5.1 - v5.4: handled in trace__io_submit_sqe + // v5.5 - v5.16: handled in trace_io_issue_sqe + // v5.17 - v6.6: handled in trace_ret_io_assign_file + // args: + // - opcode + // v5.1 - v5.4: req->submit.opcode + // v5.5 - v6.6: req->opcode + // - user_data + // v5.1 - v5.18: req->user_data + // v5.19 - v6.6: req->cqe.user_data + // - flags + // v5.1 - v6.6: req->flags + // - file + // v5.1 - v6.6: req->file + // - sq_thread + // v5.1 - v6.6: req->ctx->flags & IORING_SETUP_SQPOLL + + // v5.1 - v5.4: + // bpf_core_field_exists(req->submit) + // v5.19 - v6.6: + // bpf_core_field_exists(req->cqe) + + u8 opcode = BPF_CORE_READ(req, opcode); + u64 user_data; + if (bpf_core_field_exists(req->cqe)) { + struct io_cqe cqe = BPF_CORE_READ(req, cqe); + user_data = cqe.user_data; + } else { + user_data = BPF_CORE_READ(req, user_data); + } + + // submit event + return common_submit_io_issue_sqe(&p, (struct io_kiocb *) req, opcode, &user_data); +} + +// For versions < 5.5 +SEC("kprobe/__io_submit_sqe") +int BPF_KPROBE(trace__io_submit_sqe_issue_sqe) +{ + program_data_t p = {}; + if (!init_program_data(&p, ctx, IO_ISSUE_SQE)) + return 0; + + struct io_kiocb___older_v55 *req = (struct io_kiocb___older_v55 *) PT_REGS_PARM2(ctx); + + // get real task info from uring_worker_ctx_map + event_context_t *real_ctx = bpf_map_lookup_elem(&io_uring_worker_context_map, &req); + if (real_ctx != NULL) { + p.event->context = *real_ctx; + } + + // now we can evaluate scope filters + if (!evaluate_scope_filters(&p)) + return 0; + + u32 host_tid = p.task_info->context.host_tid; + struct sqe_submit submit = BPF_CORE_READ(req, submit); + + // v5.1 - v5.4: handled in trace__io_submit_sqe + // v5.5 - v5.16: handled in trace_io_issue_sqe + // v5.17 - v6.6: handled in trace_ret_io_assign_file + // args: + // - opcode + // v5.1 - v5.4: req->submit.opcode + // v5.5 - v6.6: req->opcode + // - user_data + // v5.1 - v5.18: req->user_data + // v5.19 - v6.6: req->cqe.user_data + // - flags + // v5.1 - v6.6: req->flags + // - file + // v5.1 - v6.6: req->file + // - sq_thread + // v5.1 - v6.6: req->ctx->flags & IORING_SETUP_SQPOLL + + // v5.1 - v5.4: + // bpf_core_field_exists(req->submit) + // v5.19 - v6.6: + // bpf_core_field_exists(req->cqe) + + // extract args for the event + u8 opcode = submit.opcode; + u64 user_data = BPF_CORE_READ(req, user_data); + + // submit io_issue_sqe + common_submit_io_issue_sqe(&p, (struct io_kiocb *) req, opcode, &user_data); + + // Do not corrupt the buffer for the io_write event + // reset_event_args_buf(p.event); + + return 0; +} + +SEC("raw_tracepoint/io_uring_queue_async_work") +int tracepoint__io_uring__io_uring_queue_async_work(struct bpf_raw_tracepoint_args *ctx) +{ + // We only need to capture and store the task context for later use by io_uring workers. + // We do NOT need to initialize a full program_data_t with event buffer, as we're not + // submitting an event here. Calling init_program_data() would reset the shared per-CPU + // event buffer, potentially corrupting events being processed by other probes on the same CPU. + + // Get current task IDs + u64 id = bpf_get_current_pid_tgid(); + u32 host_tid = id; + u32 host_pid = id >> 32; + + // Get task_info which has the full task context (cgroup, container, namespaces, etc.) + task_info_t *task_info = bpf_map_lookup_elem(&task_info_map, &host_tid); + if (task_info == NULL) { + return 0; + } + + // Start with the full context from task_info + event_context_t current_ctx = { + .processor_id = -1, .syscall = -1, .retval = -1, .stack_id = -1, .task = 0, .ts = 0}; + + // Override with poll context if available (for SQPOLL mode) + // In SQPOLL mode, the io_uring_create probe stores the submitting thread's context + // keyed by the polling thread's tid + event_context_t *real_ctx = bpf_map_lookup_elem(&io_uring_poll_context_map, &host_tid); + if (real_ctx != NULL) { + current_ctx = *real_ctx; + } else { + // only io_write uses this probe so we can hardcode the eventid + init_event_context(¤t_ctx, (struct task_struct *) bpf_get_current_task(), IO_WRITE); + } + + // Get the io_kiocb request pointer based on kernel version + // kernel versions v5.5 - v5.17: arg 2 + // kernel versions v5.18 - v5.19: arg 1 + // bpf_core_field_exists(req->msg) + // kernel versions v6.0 onwards: arg 0 + // bpf_core_field_exists(req->cmd) + struct io_kiocb___io_uring_queue_async_work *req; + if (bpf_core_field_exists(req->cmd)) { // Version >= v6.0 + req = (struct io_kiocb___io_uring_queue_async_work *) ctx->args[0]; + } else if (bpf_core_field_exists(req->msg)) { // Version >= v5.18 + req = (struct io_kiocb___io_uring_queue_async_work *) ctx->args[1]; + } else { // Version >= v5.5 + req = (struct io_kiocb___io_uring_queue_async_work *) ctx->args[2]; + } + + // Store the real task context for later use by io_uring worker probes + // The io_write probe will look this up using the req pointer + bpf_map_update_elem(&io_uring_worker_context_map, &req, ¤t_ctx, BPF_ANY); + + return 0; +} + // Used macro because of problem with verifier in NONCORE kinetic519 #define submit_mem_prot_alert_event(event, alert, addr, len, prot, previous_prot, file_info) \ { \ diff --git a/pkg/ebpf/c/tracee.h b/pkg/ebpf/c/tracee.h index 53d78240a2d7..cca49269c195 100644 --- a/pkg/ebpf/c/tracee.h +++ b/pkg/ebpf/c/tracee.h @@ -52,8 +52,6 @@ statfunc int arm_kprobe_handler(struct pt_regs *); statfunc u32 tail_call_send_bin(void *, program_data_t *, bin_args_t *, int); statfunc u32 send_bin_helper(void *, void *, int); -statfunc int submit_magic_write(program_data_t *, file_info_t *, io_data_t, u32); -statfunc bool should_submit_io_event(u32, program_data_t *); statfunc int do_file_io_operation(struct pt_regs *, u32, u32, bool, bool); statfunc void extract_vfs_ret_io_data(struct pt_regs *, args_t *, io_data_t *, bool); statfunc bool filter_file_write_capture(program_data_t *, struct file *, io_data_t, off_t); diff --git a/pkg/ebpf/c/types.h b/pkg/ebpf/c/types.h index e792bd164f7c..a68880349040 100644 --- a/pkg/ebpf/c/types.h +++ b/pkg/ebpf/c/types.h @@ -136,6 +136,9 @@ typedef struct event_context { X(CHMOD_COMMON, ) \ X(SECURITY_SB_UMOUNT, ) \ X(SECURITY_TASK_PRCTL, ) \ + X(IO_URING_CREATE, ) \ + X(IO_ISSUE_SQE, ) \ + X(IO_WRITE, ) \ // ... #define EVENT_ID_LIST_LAST \ @@ -201,6 +204,7 @@ typedef enum signal_event_id_e { X(TAIL_HIDDEN_KERNEL_MODULE_MOD_TREE, ) \ X(TAIL_HIDDEN_KERNEL_MODULE_NEW_MOD_ONLY, ) \ X(TAIL_HIDDEN_KERNEL_MODULE_MODTREE_LOOP, ) \ + X(TAIL_IO_WRITE, ) \ X(TAIL_FEATURES_FALLBACK, ) \ // ... diff --git a/pkg/ebpf/c/vmlinux.h b/pkg/ebpf/c/vmlinux.h index ec380df3f9e9..21c176039a1a 100644 --- a/pkg/ebpf/c/vmlinux.h +++ b/pkg/ebpf/c/vmlinux.h @@ -595,6 +595,8 @@ struct iov_iter { }; struct kiocb { + struct file *ki_filp; + loff_t ki_pos; }; struct file_operations { @@ -603,6 +605,56 @@ struct file_operations { long (*write_iter)(struct kiocb *, struct iov_iter *); }; +struct io_uring_params { + __u32 sq_entries; + __u32 cq_entries; +}; + +struct io_sq_data { + struct task_struct *thread; +}; + +struct io_ring_ctx { + unsigned int flags; + struct io_sq_data *sq_data; +}; + +struct io_cmd_data { + struct file *file; + /* each command gets 56 bytes of data */ + __u8 data[56]; +}; + +struct io_cqe { + __u64 user_data; + __s32 res; +}; + +struct io_kiocb { + union { + /* + * NOTE! Each of the io_kiocb union members has the file pointer + * as the first entry in their struct definition. So you can + * access the file pointer through any of the sub-structs, + * or directly as just 'file' in this struct. + */ + struct file *file; + struct io_cmd_data cmd; + }; + u8 opcode; + unsigned int flags; + struct io_cqe cqe; + struct io_ring_ctx *ctx; + void *async_data; +}; + +struct io_rw { + /* NOTE: kiocb has the file as the first member, so don't do it here */ + struct kiocb kiocb; + u64 addr; + u32 len; +}; + struct file { union { unsigned int f_iocb_flags; diff --git a/pkg/ebpf/c/vmlinux_flavors.h b/pkg/ebpf/c/vmlinux_flavors.h index 2723ff14401f..c4f899f4aec2 100644 --- a/pkg/ebpf/c/vmlinux_flavors.h +++ b/pkg/ebpf/c/vmlinux_flavors.h @@ -136,6 +136,70 @@ struct mm_struct___redhat { }; }; +struct io_ring_ctx___older_v59 { + struct task_struct *sqo_thread; +}; + +struct io_connect { +}; + +struct io_kiocb___older_v6 { + union { + struct file *file; + struct io_rw rw; + struct io_connect connect; + }; + u32 result; + u32 error; +}; + +struct io_uring_sqe { + __u64 addr; + __u32 len; +}; + +struct sqe_submit { + const struct io_uring_sqe *sqe; + u8 opcode; +}; + +struct io_kiocb___older_v55 { + union { + struct file *file; + struct kiocb rw; + }; + struct sqe_submit submit; + unsigned int flags; + u64 user_data; +}; + +// this flavor is a combination of variants +// of the io_kiocb struct, that will be +// used in io_issue_sqe probe. +struct io_kiocb___io_issue_sqe { + u8 opcode; + u64 user_data; + struct io_cqe cqe; + union { + u32 cflags; + int fd; + }; +}; + +struct io_msg { +}; + +// this flavor is a combination of variants +// of the io_kiocb struct, that will be +// used in io_uring_queue_async_work probe. +struct io_kiocb___io_uring_queue_async_work { + union { + struct file *file; + struct io_msg msg; + struct io_cmd_data cmd; + }; +}; + /////////////////// #pragma clang attribute pop diff --git a/pkg/ebpf/c/vmlinux_missing.h b/pkg/ebpf/c/vmlinux_missing.h index 65f22752b0a7..68f8ec4af8c5 100644 --- a/pkg/ebpf/c/vmlinux_missing.h +++ b/pkg/ebpf/c/vmlinux_missing.h @@ -96,6 +96,8 @@ enum perf_type_id { PERF_TYPE_MAX, /* non-ABI */ }; +#define IORING_SETUP_SQPOLL (1U << 1) /* SQ poll thread */ + /*=============================== ARCH SPECIFIC ===========================*/ #if defined(__TARGET_ARCH_x86) diff --git a/pkg/ebpf/probes/cgroup.go b/pkg/ebpf/probes/cgroup.go index 5427cd4b29fa..340658792a6c 100644 --- a/pkg/ebpf/probes/cgroup.go +++ b/pkg/ebpf/probes/cgroup.go @@ -123,3 +123,27 @@ func (p *CgroupProbe) detach(args ...interface{}) error { func (p *CgroupProbe) autoload(module *bpf.Module, autoload bool) error { return enableDisableAutoload(module, p.programName, autoload) } + +func (p *CgroupProbe) load(module *bpf.Module) (bool, error) { + prog, err := module.GetProgram(p.programName) + if err != nil { + return false, errfmt.WrapError(err) + } + + // Check if already loaded + if prog.FileDescriptor() > 0 { + return false, nil + } + + // Load and verify FD + _, err = prog.LoadCgroup(p.attachType) + if err != nil { + return false, errfmt.WrapError(err) + } + + if prog.FileDescriptor() <= 0 { + return false, errfmt.Errorf("program loaded but has no valid file descriptor") + } + + return true, nil +} diff --git a/pkg/ebpf/probes/lsm.go b/pkg/ebpf/probes/lsm.go index b0d3395da1a5..eade3015c1a0 100644 --- a/pkg/ebpf/probes/lsm.go +++ b/pkg/ebpf/probes/lsm.go @@ -104,3 +104,27 @@ func (p *LsmProgramProbe) detach(args ...interface{}) error { func (p *LsmProgramProbe) autoload(module *bpf.Module, autoload bool) error { return enableDisableAutoload(module, p.programName, autoload) } + +func (p *LsmProgramProbe) load(module *bpf.Module) (bool, error) { + prog, err := module.GetProgram(p.programName) + if err != nil { + return false, errfmt.WrapError(err) + } + + // Check if already loaded + if prog.FileDescriptor() > 0 { + return false, nil + } + + // Load and verify FD + _, err = prog.LoadLSM() + if err != nil { + return false, errfmt.WrapError(err) + } + + if prog.FileDescriptor() <= 0 { + return false, errfmt.Errorf("program loaded but has no valid file descriptor") + } + + return true, nil +} diff --git a/pkg/ebpf/probes/probe_group.go b/pkg/ebpf/probes/probe_group.go index 33e045f734e7..f8e9f1252eb5 100644 --- a/pkg/ebpf/probes/probe_group.go +++ b/pkg/ebpf/probes/probe_group.go @@ -124,6 +124,27 @@ func (p *ProbeGroup) IsProbeCompatible(handle Handle, env EnvironmentProvider) ( return false, errfmt.Errorf("probe handle (%d) does not exist", handle) } +// Load loads a probe's BPF program into the kernel if not already loaded. +// This is used for on-demand loading of fallback probes. +func (p *ProbeGroup) Load(handle Handle) error { + p.probesLock.Lock() + defer p.probesLock.Unlock() + + probe, ok := p.probes[handle] + if !ok { + return errfmt.Errorf("probe handle (%d) does not exist", handle) + } + + loaded, err := probe.load(p.module) + if err != nil { + return errfmt.WrapError(err) + } + if !loaded { + return nil + } + return nil +} + // Attach attaches a probe's program to its hook, by given handle. func (p *ProbeGroup) Attach(handle Handle, args ...interface{}) error { p.probesLock.Lock() @@ -338,6 +359,17 @@ func NewDefaultProbeGroup(module *bpf.Module, netEnabled bool, defaultAutoload b ChmodCommon: NewTraceProbe(KProbe, "chmod_common", "trace_chmod_common"), SecuritySbUmount: NewTraceProbe(KProbe, "security_sb_umount", "trace_security_sb_umount"), SecurityTaskPrctl: NewTraceProbe(KProbe, "security_task_prctl", "trace_security_task_prctl"), + IoUringCreate: NewTraceProbe(RawTracepoint, "io_uring:io_uring_create", "tracepoint__io_uring__io_uring_create"), + IoUringSetup: NewTraceProbe(SyscallEnter, "io_uring_setup", "trace_io_uring_setup"), + IoUringSetupRet: NewTraceProbe(SyscallExit, "io_uring_setup", "trace_ret_io_uring_setup"), + IoSubmitSqeIssueSqe: NewTraceProbe(KProbe, "__io_submit_sqe", "trace__io_submit_sqe_issue_sqe"), + IoSubmitSqeIoWrite: NewTraceProbe(KProbe, "__io_submit_sqe", "trace__io_submit_sqe_io_write"), + IoIssueSqe: NewTraceProbe(KProbe, "io_issue_sqe", "trace_io_issue_sqe"), + IoUringQueueAsyncWork: NewTraceProbe(RawTracepoint, "io_uring:io_uring_queue_async_work", "tracepoint__io_uring__io_uring_queue_async_work"), + IoWrite: NewTraceProbe(KProbe, "io_write", "trace_io_write"), + IoWriteRet: NewTraceProbe(KretProbe, "io_write", "trace_ret_io_write"), + IoWriteMagic: NewTraceProbe(KProbe, "io_write", "io_write_magic_enter"), + IoWriteMagicRet: NewTraceProbe(KretProbe, "io_write", "io_write_magic_return"), TestUnavailableHook: NewTraceProbe(KProbe, "non_existing_func", "empty_kprobe"), ExecTest: NewTraceProbe(RawTracepoint, "raw_syscalls:sched_process_exec", "tracepoint__exec_test"), diff --git a/pkg/ebpf/probes/probes.go b/pkg/ebpf/probes/probes.go index 4c3dc53875bf..f6f8b1634ad2 100644 --- a/pkg/ebpf/probes/probes.go +++ b/pkg/ebpf/probes/probes.go @@ -15,6 +15,8 @@ type Probe interface { detach(...interface{}) error // autoload sets the probe's ebpf program automatic attaching to its hook. autoload(module *bpf.Module, autoload bool) error + // load loads the probe's BPF program into the kernel if not already loaded. + load(module *bpf.Module) (bool, error) // true if loaded, false if already loaded // isCompatible checks if the probe is compatible with the given environment. isCompatible(env EnvironmentProvider) (bool, error) } @@ -167,6 +169,17 @@ const ( ChmodCommon SecuritySbUmount SecurityTaskPrctl + IoUringCreate + IoUringSetup // kprobe for io_uring_setup kernel function (fallback for 5.1-5.4) + IoUringSetupRet // kretprobe for io_uring_setup kernel function (fallback for 5.1-5.4) + IoSubmitSqeIssueSqe + IoSubmitSqeIoWrite + IoIssueSqe + IoUringQueueAsyncWork + IoWrite + IoWriteRet + IoWriteMagic + IoWriteMagicRet ) // Test probe handles diff --git a/pkg/ebpf/probes/trace.go b/pkg/ebpf/probes/trace.go index c54ee6ee7e2c..46b9123fffed 100644 --- a/pkg/ebpf/probes/trace.go +++ b/pkg/ebpf/probes/trace.go @@ -285,3 +285,44 @@ func (p *TraceProbe) detach(args ...interface{}) error { func (p *TraceProbe) autoload(module *bpf.Module, autoload bool) error { return enableDisableAutoload(module, p.programName, autoload) } + +func (p *TraceProbe) load(module *bpf.Module) (bool, error) { + prog, err := module.GetProgram(p.programName) + if err != nil { + return false, errfmt.WrapError(err) + } + + // Check if already loaded (has FD) + if prog.FileDescriptor() > 0 { + return false, nil // already loaded + } + + // Load the program into the kernel using the appropriate Load API based on probe type + switch p.probeType { + case KProbe, SyscallEnter: + _, err = prog.LoadKprobe() + case KretProbe, SyscallExit: + _, err = prog.LoadKprobe() + case Tracepoint: + _, err = prog.LoadTracepoint() + case RawTracepoint: + _, err = prog.LoadRawTracepoint() + case Fentry: + _, err = prog.LoadFentry() + case LSM: + _, err = prog.LoadLSM() + default: + return false, errfmt.Errorf("unsupported probe type for load: %v", p.probeType) + } + + if err != nil { + return false, errfmt.WrapError(err) + } + + // Verify the program now has a valid FD + if prog.FileDescriptor() <= 0 { + return false, errfmt.Errorf("program loaded but has no valid file descriptor") + } + + return true, nil +} diff --git a/pkg/ebpf/probes/uprobe.go b/pkg/ebpf/probes/uprobe.go index 4737c8f0d79a..fb3209fb81fb 100644 --- a/pkg/ebpf/probes/uprobe.go +++ b/pkg/ebpf/probes/uprobe.go @@ -135,6 +135,30 @@ func (p *FixedUprobe) autoload(module *bpf.Module, autoload bool) error { return enableDisableAutoload(module, p.programName, autoload) } +func (p *FixedUprobe) load(module *bpf.Module) (bool, error) { + prog, err := module.GetProgram(p.programName) + if err != nil { + return false, errfmt.WrapError(err) + } + + // Check if already loaded + if prog.FileDescriptor() > 0 { + return false, nil + } + + // Load and verify FD + _, err = prog.LoadUprobe() + if err != nil { + return false, errfmt.WrapError(err) + } + + if prog.FileDescriptor() <= 0 { + return false, errfmt.Errorf("program loaded but has no valid file descriptor") + } + + return true, nil +} + // attachToFileFixed attaches a FixedUprobe to a file - only supports UprobeEventSymbol func attachToFileFixed(p *FixedUprobe, module *bpf.Module, binaryPath string) ([]*bpf.BPFLink, error) { prog, err := module.GetProgram(p.GetProgramName()) diff --git a/pkg/ebpf/tracee.go b/pkg/ebpf/tracee.go index 388002ad8790..5003aadb9d11 100644 --- a/pkg/ebpf/tracee.go +++ b/pkg/ebpf/tracee.go @@ -1404,10 +1404,30 @@ func (t *Tracee) attachProbes() error { logger.Errorw("Got node from type not requested") return nil } - err := t.defaultProbes.Attach(probeNode.GetHandle(), t.cgroups, t.getKernelSymbols()) + + // Load and attach the probe with BPF capabilities elevated + err := capabilities.GetInstance().EBPF(func() error { + // Load the probe program into the kernel if not already loaded + // This is essential for fallback probes that weren't initially autoloaded + if err := t.defaultProbes.Load(probeNode.GetHandle()); err != nil { + // If the probe was already loaded there will be no error, so we can log as ERROR here + logger.Errorw("Load probe failed or not needed", "probe", probeNode.GetHandle(), "error", err) + return err + } + + // Attach the probe to its hook + if err := t.defaultProbes.Attach(probeNode.GetHandle(), t.cgroups, t.getKernelSymbols()); err != nil { + return err + } + + return nil + }) + if err != nil { + // Fail the probe node to prevent the event from being added return []dependencies.Action{dependencies.NewCancelNodeAddAction(err)} } + return nil }) diff --git a/pkg/events/core.go b/pkg/events/core.go index 6335d3be379b..97e3f3aedacf 100644 --- a/pkg/events/core.go +++ b/pkg/events/core.go @@ -163,6 +163,9 @@ const ( ChmodCommon SecuritySbUmount SecurityTaskPrctl + IoUringCreate + IoIssueSqe + IoWrite // MaxCommonID (1499) ) @@ -12353,6 +12356,8 @@ var CoreEvents = map[ID]Definition{ {handle: probes.VfsWriteVMagicRet, required: false}, {handle: probes.KernelWriteMagic, required: false}, {handle: probes.KernelWriteMagicRet, required: false}, + {handle: probes.IoWriteMagic, required: false}, + {handle: probes.IoWriteMagicRet, required: false}, }, }, }, @@ -14313,6 +14318,125 @@ var CoreEvents = map[ID]Definition{ {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "old_securebits"}}, }, }, + IoUringCreate: { + id: IoUringCreate, + id32Bit: Sys32Undefined, + name: "io_uring_create", + version: NewVersion(1, 0, 0), + sets: []string{ + "io_uring", + }, + dependencies: DependencyStrategy{ + primary: Dependencies{ + probes: []Probe{ + {handle: probes.IoUringCreate, required: true}, // exists in kernels v5.5 onwards + }, + }, + fallbacks: []Dependencies{ + { + // Strategy for v5.1 - v5.4: hook io_uring_setup kernel function + probes: []Probe{ + {handle: probes.IoUringSetup, required: true}, // kprobe to save args + {handle: probes.IoUringSetupRet, required: true}, // kretprobe to process + }, + }, + }, + }, + fields: []DataField{ + {DecodeAs: data.POINTER_T, ArgMeta: trace.ArgMeta{Type: "trace.Pointer", Name: "ctx"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "sq_entries"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "cq_entries"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "flags"}}, + {DecodeAs: data.BOOL_T, ArgMeta: trace.ArgMeta{Type: "bool", Name: "polling"}}, + }, + }, + IoIssueSqe: { + id: IoIssueSqe, + id32Bit: Sys32Undefined, + name: "io_issue_sqe", + version: NewVersion(1, 0, 0), + sets: []string{ + "io_uring", + }, + dependencies: DependencyStrategy{ + primary: Dependencies{ + // Strategy for v5.5+ + probes: []Probe{ + // io_uring_create probes, to get correct context for io_uring events + {handle: probes.IoUringCreate, required: true}, // exists in kernels v5.5 onwards + + {handle: probes.IoIssueSqe, required: true}, // exists in kernels v5.5 onwards + }, + }, + fallbacks: []Dependencies{ + { + // Strategy for v5.1 - v5.4 + probes: []Probe{ + // io_uring_setup kernel function to get correct context for io_uring events + {handle: probes.IoUringSetup, required: true}, + {handle: probes.IoUringSetupRet, required: true}, + // probes to tell if an io_uring task is being issued + {handle: probes.IoSubmitSqeIssueSqe, required: false}, // exists in kernels v5.1 - v5.4 + }, + }, + }, + }, + fields: []DataField{ + {DecodeAs: data.STR_T, ArgMeta: trace.ArgMeta{Type: "string", Name: "path"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "device"}}, + {DecodeAs: data.ULONG_T, ArgMeta: trace.ArgMeta{Type: "uint64", Name: "inode"}}, + {DecodeAs: data.U8_T, ArgMeta: trace.ArgMeta{Type: "uint8", Name: "opcode"}}, + {DecodeAs: data.ULONG_T, ArgMeta: trace.ArgMeta{Type: "uint64", Name: "user_data"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "flags"}}, + {DecodeAs: data.BOOL_T, ArgMeta: trace.ArgMeta{Type: "bool", Name: "sq_thread"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "sq_thread_id"}}, + }, + }, + IoWrite: { + id: IoWrite, + id32Bit: Sys32Undefined, + name: "io_write", + version: NewVersion(1, 0, 0), + sets: []string{ + "io_uring", + }, + dependencies: DependencyStrategy{ + primary: Dependencies{ + // Strategy for v5.5+ + probes: []Probe{ + // io_uring_create probes, to get correct context for io_uring events + {handle: probes.IoUringCreate, required: true}, + // get correct context if async + {handle: probes.IoUringQueueAsyncWork, required: true}, + + // submit io_write here + {handle: probes.IoWrite, required: true}, + {handle: probes.IoWriteRet, required: true}, + }, + }, + fallbacks: []Dependencies{ + { + // Strategy for v5.1 - v5.4: hook io_uring_setup for context + __io_submit_sqe for write + probes: []Probe{ + // io_uring_setup kernel function to get correct context for io_uring events + {handle: probes.IoUringSetup, required: true}, + {handle: probes.IoUringSetupRet, required: true}, + // submit io_write here - use __io_submit_sqe for older kernels + {handle: probes.IoSubmitSqeIoWrite, required: true}, + }, + }, + }, + }, + fields: []DataField{ + {DecodeAs: data.STR_T, ArgMeta: trace.ArgMeta{Type: "string", Name: "path"}}, + {DecodeAs: data.LONG_T, ArgMeta: trace.ArgMeta{Type: "int64", Name: "pos"}}, + {DecodeAs: data.POINTER_T, ArgMeta: trace.ArgMeta{Type: "trace.Pointer", Name: "buf"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "len"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "worker_host_tid"}}, + {DecodeAs: data.UINT_T, ArgMeta: trace.ArgMeta{Type: "uint32", Name: "device"}}, + {DecodeAs: data.ULONG_T, ArgMeta: trace.ArgMeta{Type: "uint64", Name: "inode"}}, + }, + }, // // Begin of Signal Events (Control Plane) // diff --git a/pkg/events/definition_dependencies.go b/pkg/events/definition_dependencies.go index 7ea4c0318c48..85e25b8940ef 100644 --- a/pkg/events/definition_dependencies.go +++ b/pkg/events/definition_dependencies.go @@ -196,6 +196,7 @@ const ( TailHiddenKernelModuleModTree TailHiddenKernelModuleNewModOnly TailHiddenKernelModuleModTreeLoop + TailIoWrite TailFeaturesFallback // Use the same index to make sure that the tailcall is reset maxTail ) diff --git a/pkg/events/parse_args.go b/pkg/events/parse_args.go index 4f00b02f5763..940c4a0d8661 100644 --- a/pkg/events/parse_args.go +++ b/pkg/events/parse_args.go @@ -249,6 +249,32 @@ func ParseArgsSlice(args []trace.Argument, eventID int) error { vmaFlagsArg.Value = parsers.ParseVmFlags(flags).String() } } + case IoUringCreate: + if flagsArg := GetArg(args, "flags"); flagsArg != nil { + if flags, isUint32 := flagsArg.Value.(uint32); isUint32 { + flagsParsed := parsers.ParseIoUringSetupFlags(uint64(flags)).String() + flagsArg.Type = "string" + flagsArg.Value = flagsParsed + } + } + case IoIssueSqe: + if opcodeArg := GetArg(args, "opcode"); opcodeArg != nil { + if opcode, isUint8 := opcodeArg.Value.(uint8); isUint8 { + opcodeParsed, err := parsers.ParseIoUringOp(uint64(opcode)) + if err != nil { + return errfmt.WrapError(err) + } + opcodeArg.Type = "string" + opcodeArg.Value = opcodeParsed.String() + } + } + if flagsArg := GetArg(args, "flags"); flagsArg != nil { + if flags, isUint32 := flagsArg.Value.(uint32); isUint32 { + flagsParsed := parsers.ParseIoUringRequestFlags(uint64(flags)).String() + flagsArg.Type = "string" + flagsArg.Value = flagsParsed + } + } } // Parse extended events (only available in extended builds) diff --git a/pkg/server/grpc/tracee.go b/pkg/server/grpc/tracee.go index eeec12b79e3c..cc97937bb43b 100644 --- a/pkg/server/grpc/tracee.go +++ b/pkg/server/grpc/tracee.go @@ -564,6 +564,9 @@ var EventTranslationTable = [events.MaxBuiltinID]pb.EventId{ events.ChmodCommon: pb.EventId_chmod_common, events.SecuritySbUmount: pb.EventId_security_sb_umount, events.SecurityTaskPrctl: pb.EventId_security_task_prctl, + events.IoUringCreate: pb.EventId_io_uring_create, + events.IoIssueSqe: pb.EventId_io_issue_sqe, + events.IoWrite: pb.EventId_io_write, // Events from user-space translation section events.NetPacketIPv4: pb.EventId_net_packet_ipv4, diff --git a/tests/e2e-inst-signatures/e2e-io_uring_events.go b/tests/e2e-inst-signatures/e2e-io_uring_events.go new file mode 100644 index 000000000000..cabd4197e189 --- /dev/null +++ b/tests/e2e-inst-signatures/e2e-io_uring_events.go @@ -0,0 +1,253 @@ +package main + +import ( + "errors" + "fmt" + + "github.com/aquasecurity/tracee/common/parsers" + "github.com/aquasecurity/tracee/types/detect" + "github.com/aquasecurity/tracee/types/protocol" + "github.com/aquasecurity/tracee/types/trace" +) + +type e2eIoUring struct { + cb detect.SignatureHandler + ioIssueSqe bool + ioWrite bool + ioUringCreate bool + device uint32 + inode uint64 +} + +func (sig *e2eIoUring) Init(ctx detect.SignatureContext) error { + sig.cb = ctx.Callback + return nil +} + +func (sig *e2eIoUring) GetMetadata() (detect.SignatureMetadata, error) { + return detect.SignatureMetadata{ + ID: "IO_URING_EVENTS", + EventName: "IO_URING_EVENTS", + Version: "0.1.0", + Name: "io_uring events Test", + Description: "Instrumentation events E2E Tests: io_uring events", + Tags: []string{"e2e", "instrumentation"}, + }, nil +} + +func (sig *e2eIoUring) GetSelectedEvents() ([]detect.SignatureEventSelector, error) { + return []detect.SignatureEventSelector{ + {Source: "tracee", Name: "io_write"}, + {Source: "tracee", Name: "io_issue_sqe"}, + {Source: "tracee", Name: "io_uring_create"}, + }, nil +} + +func (sig *e2eIoUring) OnEvent(event protocol.Event) error { + eventObj, ok := event.Payload.(trace.Event) + if !ok { + return errors.New("failed to cast event's payload") + } + + switch eventObj.EventName { + case "io_write": + err := sig.handleIoWrite(event) + if err != nil { + return err + } + sig.ioWrite = true + case "io_issue_sqe": + err := sig.handleIoIssueSqe(event) + if err != nil { + return err + } + sig.ioIssueSqe = true + case "io_uring_create": + err := sig.handleIoUringCreate(event) + if err != nil { + return err + } + sig.ioUringCreate = true + } + + if sig.ioWrite && sig.ioIssueSqe && sig.ioUringCreate { + m, _ := sig.GetMetadata() + sig.cb(&detect.Finding{ + SigMetadata: m, + Event: event, + Data: map[string]interface{}{}, + }) + } + + return nil +} + +func (sig *e2eIoUring) handleIoWrite(event protocol.Event) error { + eventObj, ok := event.Payload.(trace.Event) + if !ok { + return errors.New("failed to cast event's payload") + } + + // Validate path + path, err := eventObj.GetStringArgumentByName("path") + if err != nil { + return err + } + if path != "/tmp/io_uring_writev.txt" { + return fmt.Errorf("unexpected path: expected /tmp/io_uring_writev.txt, got %s", path) + } + + // Validate device matches io_issue_sqe + device, err := eventObj.GetIntArgumentByName("device") + if err != nil { + return err + } + if sig.device != 0 && uint32(device) != sig.device { + return fmt.Errorf("device mismatch: expected %d, got %d", sig.device, device) + } + + // Validate inode matches io_issue_sqe + inode, err := eventObj.GetIntArgumentByName("inode") + if err != nil { + return err + } + if sig.inode != 0 && uint64(inode) != sig.inode { + return fmt.Errorf("inode mismatch: expected %d, got %d", sig.inode, inode) + } + + // Validate pos + pos, err := eventObj.GetIntArgumentByName("pos") + if err != nil { + return err + } + if pos < 0 { + return fmt.Errorf("pos should not be negative: %d", pos) + } + + // Validate len + length, err := eventObj.GetIntArgumentByName("len") + if err != nil { + return err + } + if length <= 0 { + return fmt.Errorf("len should be positive: %d", length) + } + + // Validate buf pointer is set + buf, err := eventObj.GetUintArgumentByName("buf") + if err != nil { + return err + } + if buf == 0 { + return errors.New("buf pointer should not be null") + } + + // Validate worker_host_tid is set + workerTid, err := eventObj.GetIntArgumentByName("worker_host_tid") + if err != nil { + return err + } + if workerTid == 0 { + return errors.New("worker_host_tid should not be 0") + } + + return nil +} + +func (sig *e2eIoUring) handleIoIssueSqe(event protocol.Event) error { + eventObj, ok := event.Payload.(trace.Event) + if !ok { + return errors.New("failed to cast event's payload") + } + + // Validate path + path, err := eventObj.GetStringArgumentByName("path") + if err != nil { + return err + } + if path != "/tmp/io_uring_writev.txt" { + return fmt.Errorf("unexpected path: expected /tmp/io_uring_writev.txt, got %s", path) + } + + // Validate and store device + device, err := eventObj.GetIntArgumentByName("device") + if err != nil { + return err + } + if device == 0 { + return errors.New("device should not be 0") + } + sig.device = uint32(device) + + // Validate and store inode + inode, err := eventObj.GetIntArgumentByName("inode") + if err != nil { + return err + } + if inode == 0 { + return errors.New("inode should not be 0") + } + sig.inode = uint64(inode) + + // Validate opcode (IORING_OP_WRITEV = 1) + opcode, err := eventObj.GetIntArgumentByName("opcode") + if err != nil { + return err + } + if opcode != int(parsers.IORING_OP_WRITEV.Value()) { + return fmt.Errorf("unexpected opcode: expected 1 (IORING_OP_WRITEV), got %d", opcode) + } + + // Validate user_data is set + userData, err := eventObj.GetIntArgumentByName("user_data") + if err != nil { + return err + } + if userData == 0 { + return errors.New("user_data should not be 0") + } + + return nil +} + +func (sig *e2eIoUring) handleIoUringCreate(event protocol.Event) error { + eventObj, ok := event.Payload.(trace.Event) + if !ok { + return errors.New("failed to cast event's payload") + } + + // Validate sq_entries + sqEntries, err := eventObj.GetIntArgumentByName("sq_entries") + if err != nil { + return err + } + if sqEntries != 16 { + return fmt.Errorf("unexpected sq_entries: expected 16, got %d", sqEntries) + } + + // Validate cq_entries + cqEntries, err := eventObj.GetIntArgumentByName("cq_entries") + if err != nil { + return err + } + if cqEntries != 32 { + return fmt.Errorf("unexpected cq_entries: expected 32, got %d", cqEntries) + } + + // Validate ctx pointer is set + ctx, err := eventObj.GetUintArgumentByName("ctx") + if err != nil { + return err + } + if ctx == 0 { + return errors.New("ctx pointer should not be null") + } + + return nil +} + +func (sig *e2eIoUring) OnSignal(s detect.Signal) error { + return nil +} + +func (sig *e2eIoUring) Close() {} diff --git a/tests/e2e-inst-signatures/export.go b/tests/e2e-inst-signatures/export.go index d56ab69da11e..345be78b94d8 100644 --- a/tests/e2e-inst-signatures/export.go +++ b/tests/e2e-inst-signatures/export.go @@ -26,6 +26,7 @@ var ExportedSignatures = []detect.Signature{ &e2eStackPivot{}, &e2eLsm{}, &e2eSchedProcessExec{}, + &e2eIoUring{}, } var ExportedDataSources = []detect.DataSource{ diff --git a/tests/e2e-inst-signatures/scripts/io_uring.sh b/tests/e2e-inst-signatures/scripts/io_uring.sh new file mode 100755 index 000000000000..271f3c9ba784 --- /dev/null +++ b/tests/e2e-inst-signatures/scripts/io_uring.sh @@ -0,0 +1,21 @@ +#!/usr/bin/bash + +exit_err() { + echo -n "ERROR: " + echo "$@" + exit 1 +} + +# set vars +prog=io_uring_writev +dir=tests/e2e-inst-signatures/scripts +# test if prog was compiled and compile if not +if [[ ! -x $dir/$prog ]]; then + gcc $dir/$prog.c -o $dir/$prog || exit_err "could not compile $prog.c" + chmod +x $dir/$prog +fi +# run test +./$dir/$prog || exit_err "could not run $prog" + +# remove prog +rm -f $dir/$prog \ No newline at end of file diff --git a/tests/e2e-inst-signatures/scripts/io_uring_writev.c b/tests/e2e-inst-signatures/scripts/io_uring_writev.c new file mode 100644 index 000000000000..9ba9ea9a84ca --- /dev/null +++ b/tests/e2e-inst-signatures/scripts/io_uring_writev.c @@ -0,0 +1,358 @@ +/* + * this code is based on the very usefull and teaching repo: + * https://github.com/shuveb/loti-examples + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* If your compilation fails because the header file below is missing, + * your kernel is probably too old to support io_uring. + */ +#include + +#define QUEUE_DEPTH 10 +#define BLOCK_SZ 1024 + +/* This is x86 specific */ +#define read_barrier() __asm__ __volatile__("" ::: "memory") +#define write_barrier() __asm__ __volatile__("" ::: "memory") + +struct app_io_sq_ring { + unsigned *head; + unsigned *tail; + unsigned *ring_mask; + unsigned *ring_entries; + unsigned *flags; + unsigned *array; +}; + +struct app_io_cq_ring { + unsigned *head; + unsigned *tail; + unsigned *ring_mask; + unsigned *ring_entries; + struct io_uring_cqe *cqes; +}; + +struct submitter { + int ring_fd; + struct app_io_sq_ring sq_ring; + struct io_uring_sqe *sqes; + struct app_io_cq_ring cq_ring; +}; + +struct file_info { + int fd; + struct iovec iovecs[2]; +}; + +/* + * This code is written in the days when io_uring-related system calls are not + * part of standard C libraries. So, we roll our own system call wrapper + * functions. + */ +int io_uring_setup(unsigned entries, struct io_uring_params *p) +{ + return (int) syscall(__NR_io_uring_setup, entries, p); +} + +int io_uring_enter(int ring_fd, + unsigned int to_submit, + unsigned int min_complete, + unsigned int flags) +{ + return (int) syscall(__NR_io_uring_enter, ring_fd, to_submit, min_complete, flags, NULL); +} + +/* + * io_uring requires a lot of setup which looks pretty hairy, but isn't all + * that difficult to understand. Because of all this boilerplate code, + * io_uring's author has created liburing, which is relatively easy to use. + * However, you should take your time and understand this code. It is always + * good to know how it all works underneath. Apart from bragging rights, + * it does offer you a certain strange geeky peace. + */ +int app_setup_uring(struct submitter *s) +{ + void *sq_ptr, *cq_ptr; + + /* + * We need to pass in the io_uring_params structure to the io_uring_setup() + * call zeroed out. We could set any flags if we need to, but for this + * example, we don't. + */ + struct io_uring_params p = {0}; + s->ring_fd = io_uring_setup(QUEUE_DEPTH, &p); + if (s->ring_fd < 0) { + perror("io_uring_setup"); + return 1; + } + + /* + * io_uring communication happens via 2 shared kernel-user space ring buffers, + * which can be jointly mapped with a single mmap() call in recent kernels. + * While the completion queue is directly manipulated, the submission queue + * has an indirection array in between. We map that in as well. + */ + int sring_sz = p.sq_off.array + p.sq_entries * sizeof(unsigned); + int cring_sz = p.cq_off.cqes + p.cq_entries * sizeof(struct io_uring_cqe); + + /* In kernel version 5.4 and above, it is possible to map the submission and + * completion buffers with a single mmap() call. Rather than check for kernel + * versions, the recommended way is to just check the features field of the + * io_uring_params structure, which is a bit mask. If the + * IORING_FEAT_SINGLE_MMAP is set, then we can do away with the second mmap() + * call to map the completion ring. + */ + if (p.features & IORING_FEAT_SINGLE_MMAP) { + if (cring_sz > sring_sz) { + sring_sz = cring_sz; + } + cring_sz = sring_sz; + } + + /* Map in the submission and completion queue ring buffers. + * Older kernels only map in the submission queue, though. + */ + sq_ptr = mmap(0, + sring_sz, + PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_POPULATE, + s->ring_fd, + IORING_OFF_SQ_RING); + if (sq_ptr == MAP_FAILED) { + perror("mmap sring"); + return 1; + } + + if (p.features & IORING_FEAT_SINGLE_MMAP) { + cq_ptr = sq_ptr; + } else { + /* Map in the completion queue ring buffer in older kernels separately */ + cq_ptr = mmap(0, + cring_sz, + PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_POPULATE, + s->ring_fd, + IORING_OFF_CQ_RING); + if (cq_ptr == MAP_FAILED) { + perror("mmap cring"); + return 1; + } + } + + /* Save useful fields in a global app_io_sq_ring struct for later easy reference */ + s->sq_ring.head = sq_ptr + p.sq_off.head; + s->sq_ring.tail = sq_ptr + p.sq_off.tail; + s->sq_ring.ring_mask = sq_ptr + p.sq_off.ring_mask; + s->sq_ring.ring_entries = sq_ptr + p.sq_off.ring_entries; + s->sq_ring.flags = sq_ptr + p.sq_off.flags; + s->sq_ring.array = sq_ptr + p.sq_off.array; + + /* Map in the submission queue entries array */ + s->sqes = mmap(0, + p.sq_entries * sizeof(struct io_uring_sqe), + PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_POPULATE, + s->ring_fd, + IORING_OFF_SQES); + if (s->sqes == MAP_FAILED) { + perror("mmap"); + return 1; + } + + /* Save useful fields in a global app_io_cq_ring struct for later + * easy reference + */ + s->cq_ring.head = cq_ptr + p.cq_off.head; + s->cq_ring.tail = cq_ptr + p.cq_off.tail; + s->cq_ring.ring_mask = cq_ptr + p.cq_off.ring_mask; + s->cq_ring.ring_entries = cq_ptr + p.cq_off.ring_entries; + s->cq_ring.cqes = cq_ptr + p.cq_off.cqes; + + return 0; +} + +/* + * Output a string of characters of len length to stdout. + * We use buffered output here to be efficient, + * since we need to output character-by-character. + */ +void output_to_console(char *buf, int len) +{ + while (len--) { + fputc(*buf++, stdout); + } +} + +/* + * Read from completion queue. + * In this function, we read completion events from the completion queue, get + * the data buffer that will have the file data and print it to the console. + */ +int read_from_cq(struct submitter *s) +{ + /* + * Remember, this is a ring buffer. If head == tail, it means that the + * buffer is empty. + */ + read_barrier(); + unsigned head = *s->cq_ring.head; + while (head != *s->cq_ring.tail) { + /* Get the entry */ + int index = head & *s->cq_ring.ring_mask; + struct io_uring_cqe *cqe = &s->cq_ring.cqes[index]; + if (cqe->res < 0) { + fprintf(stderr, "Error: %s\n", strerror(abs(cqe->res))); + } + + struct file_info *fi = (struct file_info *) cqe->user_data; + + printf("fd: %d\n", fi->fd); + for (int i = 0; i < 2; i++) { + output_to_console(fi->iovecs[i].iov_base, fi->iovecs[i].iov_len); + } + printf("finish fd: %d\n", fi->fd); + + head++; + } + + *s->cq_ring.head = head; + write_barrier(); + + return 0; +} + +int prepare_file_info(char *file_path, struct file_info **fi, char *buf1, char *buf2) +{ + int file_fd = open(file_path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + if (file_fd < 0) { + perror("open"); + return 1; + } + + *fi = malloc(sizeof(struct file_info)); + if (fi == NULL) { + fprintf(stderr, "Unable to allocate memory\n"); + return 1; + } + (*fi)->fd = file_fd; + + (*fi)->iovecs[0].iov_base = (void *) buf1; + (*fi)->iovecs[0].iov_len = strlen(buf1); + + fprintf(stdout, "first iov buffer len: %ld\n", (*fi)->iovecs[0].iov_len); + + (*fi)->iovecs[1].iov_base = (void *) buf2; + (*fi)->iovecs[1].iov_len = strlen(buf2); + + fprintf(stdout, "second iov buffer len: %ld\n", (*fi)->iovecs[1].iov_len); + + return 0; +} + +int add_entry_to_sq(struct submitter *s, struct file_info *fi) +{ + unsigned tail = 0, next_tail = 0; + + /* Add our submission queue entry to the tail of the SQE ring buffer */ + next_tail = tail = *s->sq_ring.tail; + next_tail++; + int index = tail & *s->sq_ring.ring_mask; + read_barrier(); + + struct io_uring_sqe *sqe = &s->sqes[index]; + + sqe->fd = fi->fd; + sqe->flags = 0; + sqe->opcode = IORING_OP_WRITEV; + sqe->addr = (unsigned long) fi->iovecs; + sqe->len = 2; + sqe->off = 0; + sqe->user_data = (unsigned long long) fi; + s->sq_ring.array[index] = index; + tail = next_tail; + + /* Update the tail so the kernel can see it. */ + if (*s->sq_ring.tail != tail) { + *s->sq_ring.tail = tail; + write_barrier(); + } + + return 0; +} + +/* + * Submit to submission queue. + * In this function, we submit requests to the submission queue. You can submit + * many types of requests. Ours is going to be the readv() request, which we + * specify via IORING_OP_READV. + */ +int submit_file_to_sq(char *file_path, struct submitter *s, char *buf1, char *buf2) +{ + struct file_info *fi; + int ret = prepare_file_info(file_path, &fi, buf1, buf2); + if (ret != 0) { + return ret; + } + + ret = add_entry_to_sq(s, fi); + if (ret != 0) { + return ret; + } + + return 0; +} + +int main(int argc, char *argv[]) +{ + char buf1[] = "first line.\n"; + char buf2[] = "second and last line.\n"; + + struct submitter s = {0}; + if (app_setup_uring(&s)) { + fprintf(stderr, "Unable to setup uring!\n"); + return 1; + } + + printf("setup uring success\n"); + + if (submit_file_to_sq("/tmp/io_uring_writev.txt", &s, buf1, buf2)) { + fprintf(stderr, "Error reading file\n"); + return 1; + } + + /* + * Tell the kernel we have submitted events with the io_uring_enter() system + * call. We also pass in the IOURING_ENTER_GETEVENTS flag which causes the + * io_uring_enter() call to wait until min_complete events (the 3rd param) + * complete. + */ + int ret = io_uring_enter(s.ring_fd, 1, 1, IORING_ENTER_GETEVENTS); + if (ret < 0) { + perror("io_uring_enter"); + return 1; + } + + printf("io_uring_enter success\n"); + + ret = read_from_cq(&s); + if (ret != 0) { + perror("read_from_cq"); + return 1; + } + + printf("read_from_cq success\n"); + + return 0; +} \ No newline at end of file diff --git a/tests/e2e-inst-test-core.sh b/tests/e2e-inst-test-core.sh index 2411047d91f1..77cf48b62e07 100644 --- a/tests/e2e-inst-test-core.sh +++ b/tests/e2e-inst-test-core.sh @@ -33,6 +33,7 @@ INSTTESTS_CORE_AVAILABLE=" SET_FS_PWD SUSPICIOUS_SYSCALL_SOURCE STACK_PIVOT + IO_URING_EVENTS " # ============================================================================== diff --git a/tests/policies/inst/io_uring.yaml b/tests/policies/inst/io_uring.yaml new file mode 100644 index 000000000000..0b69da0b3675 --- /dev/null +++ b/tests/policies/inst/io_uring.yaml @@ -0,0 +1,11 @@ +apiVersion: tracee.aquasec.com/v1beta1 +kind: Policy +metadata: + name: io-uring-tests + annotations: + description: test tracee's io_uring events +spec: + scope: + - comm=io_uring_writev + rules: + - event: IO_URING_EVENTS