|
| scap_t * | scap_open_live (char *error, int32_t *rc) |
| | Start a live event capture. More...
|
| |
| scap_t * | scap_open_offline (const char *fname, char *error, int32_t *rc) |
| | Start an event capture from file. More...
|
| |
| scap_t * | scap_open_offline_fd (int fd, char *error, int32_t *rc) |
| | Start an event capture from an already opened file descriptor. More...
|
| |
| scap_t * | scap_open (scap_open_args args, char *error, int32_t *rc) |
| | Advanced function to start a capture. More...
|
| |
| void | scap_close (scap_t *handle) |
| | Close a capture handle. More...
|
| |
| scap_os_platform | scap_get_os_platform (scap_t *handle) |
| | Retrieve the OS platform for the given capture handle. More...
|
| |
| const char * | scap_getlasterr (scap_t *handle) |
| | Return a string with the last error that happened on the given capture. More...
|
| |
| uint64_t | scap_max_buf_used (scap_t *handle) |
| | returns the maximum amount of memory used by any driver queue More...
|
| |
| int32_t | scap_next (scap_t *handle, OUT scap_evt **pevent, OUT uint16_t *pcpuid) |
| | Get the next event from the from the given capture instance. More...
|
| |
| uint32_t | scap_event_getlen (scap_evt *e) |
| | Get the length of an event. More...
|
| |
| uint64_t | scap_event_get_ts (scap_evt *e) |
| | Get the timestamp of an event. More...
|
| |
| uint64_t | scap_event_get_num (scap_t *handle) |
| | Get the number of events that have been captured from the given capture instance. More...
|
| |
| void | scap_event_reset_count (scap_t *handle) |
| | Reset the event count to 0. More...
|
| |
| const struct ppm_event_info * | scap_event_getinfo (scap_evt *e) |
| | Return the meta-information describing the given event. More...
|
| |
| uint32_t | scap_event_get_dump_flags (scap_t *handle) |
| | Return the dump flags for the last event received from this handle. More...
|
| |
| int64_t | scap_get_readfile_offset (scap_t *handle) |
| | Return the current offset in the file opened by scap_open_offline(), or -1 if this is a live capture. More...
|
| |
| scap_dumper_t * | scap_dump_open (scap_t *handle, const char *fname, compression_mode compress, bool skip_proc_scan) |
| | Open a trace file for writing. More...
|
| |
| scap_dumper_t * | scap_dump_open_fd (scap_t *handle, int fd, compression_mode compress, bool skip_proc_scan) |
| | Open a trace file for writing, using the provided fd. More...
|
| |
| void | scap_dump_close (scap_dumper_t *d) |
| | Close a trace file. More...
|
| |
| int64_t | scap_dump_get_offset (scap_dumper_t *d) |
| | Return the current size of a trace file. More...
|
| |
| int64_t | scap_dump_ftell (scap_dumper_t *d) |
| | Return the position for the next write to a trace file. This uses gztell, while scap_dump_get_offset uses gzoffset. More...
|
| |
| void | scap_dump_flush (scap_dumper_t *d) |
| | Flush all pending output into the file. More...
|
| |
| int32_t | scap_number_of_bytes_to_write (scap_evt *e, uint16_t cpuid, int32_t *bytes) |
| | Tell how many bytes would be written (a dry run of scap_dump) More...
|
| |
| int32_t | scap_dump (scap_t *handle, scap_dumper_t *d, scap_evt *e, uint16_t cpuid, uint32_t flags) |
| | Write an event to a trace file. More...
|
| |
| scap_threadinfo * | scap_get_proc_table (scap_t *handle) |
| | Get the process list for the given capture instance. More...
|
| |
| int32_t | scap_get_stats (scap_t *handle, OUT scap_stats *stats) |
| | Return the capture statistics for the given capture handle. More...
|
| |
| int32_t | scap_stop_capture (scap_t *handle) |
| | This function can be used to temporarily interrupt event capture. More...
|
| |
| int32_t | scap_start_capture (scap_t *handle) |
| | Start capture the events, if it was stopped with scap_stop_capture. More...
|
| |
| scap_addrlist * | scap_get_ifaddr_list (scap_t *handle) |
| | Return the list of the the user interfaces of the machine from which the events are being captured. More...
|
| |
| scap_userlist * | scap_get_user_list (scap_t *handle) |
| | Return the machine user and group lists. More...
|
| |
| const struct ppm_event_info * | scap_get_event_info_table () |
| | Retrieve the table with the description of every event type that the capture driver supports. More...
|
| |
| const struct ppm_syscall_desc * | scap_get_syscall_info_table () |
| | Retrieve the table with the description of system call that the capture driver supports. More...
|
| |
| const scap_machine_info * | scap_get_machine_info (scap_t *handle) |
| | Get generic machine information. More...
|
| |
| int32_t | scap_set_snaplen (scap_t *handle, uint32_t snaplen) |
| | Set the capture snaplen, i.e. the maximum size an event parameter can reach before the driver starts truncating it. More...
|
| |
| int32_t | scap_clear_eventmask (scap_t *handle) |
| | Clear the event mask: no events will be passed to sysdig. More...
|
| |
| int32_t | scap_set_eventmask (scap_t *handle, uint32_t event_id) |
| | Set the event into the eventmask so that sysdig-based apps can receive the event. Useful for offloading operations such as evt.type=open. More...
|
| |
| int32_t | scap_unset_eventmask (scap_t *handle, uint32_t event_id) |
| | Unset the event into the eventmask so that sysdig-based apps can no longer receive the event. It is the opposite of scap_set_eventmask. More...
|
| |
| const char * | scap_get_host_root () |
| | Get the root directory of the system. This usually changes if sysdig runs in a container, so that all the information for the host can be correctly extracted. More...
|
| |
| struct ppm_proclist_info * | scap_get_threadlist (scap_t *handle) |
| | Get the process list. More...
|
| |
| const char * | scap_get_bpf_probe_from_env () |
| |
| bool | scap_get_bpf_enabled (scap_t *handle) |
| |
| int32_t | scap_suppress_events_comm (scap_t *handle, const char *comm) |
| | stop returning events for all subsequently spawned processes with the provided comm, as well as their children. This includes fork()/clone()ed processes that might later exec to a different comm. More...
|
| |
| bool | scap_check_suppressed_tid (scap_t *handle, int64_t tid) |
| | return whether the provided tid is currently being suppressed. More...
|
| |
| uint32_t | scap_get_ndevs (scap_t *handle) |
| |
| int32_t | scap_readbuf (scap_t *handle, uint32_t cpuid, OUT char **buf, OUT uint32_t *len) |
| |
| struct scap_threadinfo * | scap_proc_get (scap_t *handle, int64_t tid, bool scan_sockets) |
| |
| bool | scap_is_thread_alive (scap_t *handle, int64_t pid, int64_t tid, const char *comm) |
| |
| int32_t | scap_getpid_global (scap_t *handle, int64_t *pid) |
| |
| struct scap_threadinfo * | scap_proc_alloc (scap_t *handle) |
| |
| void | scap_proc_free (scap_t *handle, struct scap_threadinfo *procinfo) |
| |
| void | scap_dev_delete (scap_t *handle, scap_mountinfo *dev) |
| |
| int32_t | scap_stop_dropping_mode (scap_t *handle) |
| |
| int32_t | scap_start_dropping_mode (scap_t *handle, uint32_t sampling_ratio) |
| |
| int32_t | scap_enable_dynamic_snaplen (scap_t *handle) |
| |
| int32_t | scap_disable_dynamic_snaplen (scap_t *handle) |
| |
| void | scap_proc_free_table (scap_t *handle) |
| |
| void | scap_free_device_table (scap_t *handle) |
| |
| void | scap_refresh_iflist (scap_t *handle) |
| |
| void | scap_refresh_proc_table (scap_t *handle) |
| |
| void | scap_set_refresh_proc_table_when_saving (scap_t *handle, bool refresh) |
| |
| uint64_t | scap_ftell (scap_t *handle) |
| |
| void | scap_fseek (scap_t *handle, uint64_t off) |
| |
| int32_t | scap_enable_tracers_capture (scap_t *handle) |
| |
| int32_t | scap_enable_page_faults (scap_t *handle) |
| |
| uint64_t | scap_get_unexpected_block_readsize (scap_t *handle) |
| |
| int32_t | scap_proc_add (scap_t *handle, uint64_t tid, scap_threadinfo *tinfo) |
| |
| int32_t | scap_fd_add (scap_t *handle, scap_threadinfo *tinfo, uint64_t fd, scap_fdinfo *fdinfo) |
| |
| scap_dumper_t * | scap_memory_dump_open (scap_t *handle, uint8_t *targetbuf, uint64_t targetbufsize) |
| |
| uint8_t * | scap_get_memorydumper_curpos (scap_dumper_t *d) |
| |
| int32_t | scap_write_proc_fds (scap_t *handle, struct scap_threadinfo *tinfo, scap_dumper_t *d) |
| |
| int32_t | scap_write_proclist_header (scap_t *handle, scap_dumper_t *d, uint32_t totlen) |
| |
| int32_t | scap_write_proclist_trailer (scap_t *handle, scap_dumper_t *d, uint32_t totlen) |
| |
| int32_t | scap_write_proclist_entry (scap_t *handle, scap_dumper_t *d, struct scap_threadinfo *tinfo, uint32_t len) |
| |
| int32_t | scap_write_proclist_entry_bufs (scap_t *handle, scap_dumper_t *d, struct scap_threadinfo *tinfo, uint32_t len, const char *comm, const char *exe, const char *exepath, const struct iovec *args, int argscnt, const struct iovec *envs, int envscnt, const char *cwd, const struct iovec *cgroups, int cgroupscnt, const char *root) |
| |
| int32_t | scap_enable_simpledriver_mode (scap_t *handle) |
| |
| int32_t | scap_get_n_tracepoint_hit (scap_t *handle, long *ret) |
| |
| int32_t | scap_set_fullcapture_port_range (scap_t *handle, uint16_t range_start, uint16_t range_end) |
| |
| int32_t | scap_set_statsd_port (scap_t *handle, uint16_t port) |
| |
|
| uint64_t | scap_stats::n_evts |
| | Total number of events that were received by the driver. More...
|
| |
| uint64_t | scap_stats::n_drops |
| | Number of dropped events. More...
|
| |
| uint64_t | scap_stats::n_drops_buffer |
| | Number of dropped events caused by full buffer. More...
|
| |
| uint64_t | scap_stats::n_drops_pf |
| | Number of dropped events caused by invalid memory access. More...
|
| |
| uint64_t | scap_stats::n_drops_bug |
| | Number of dropped events caused by an invalid condition in the kernel instrumentation. More...
|
| |
| uint64_t | scap_stats::n_preemptions |
| | Number of preemptions. More...
|
| |
| uint64_t | scap_stats::n_suppressed |
| | Number of events skipped due to the tid being in a set of suppressed tids. More...
|
| |
| uint64_t | scap_stats::n_tids_suppressed |
| | Number of threads currently being suppressed. More...
|
| |
| const char * | evt_param_info::name |
| | The event name. More...
|
| |
| uint32_t | evt_param_info::type |
| | The event type. See the ppm_event_type enum in driver/ppm_events_public.h. More...
|
| |
| uint32_t | evt_param_info::len |
| | The event total length. More...
|
| |
| char * | evt_param_info::val |
| | The event data. More...
|
| |
| int64_t | scap_fdinfo::fd |
| | The FD number, which uniquely identifies this file descriptor. More...
|
| |
| uint64_t | scap_fdinfo::ino |
| | For unix sockets, the inode. More...
|
| |
| scap_fd_type | scap_fdinfo::type |
| | This file descriptor's type. More...
|
| |
| uint32_t scap_fdinfo::sip |
| | Source IP. More...
|
| |
| uint32_t scap_fdinfo::dip |
| | Destination IP. More...
|
| |
| uint16_t scap_fdinfo::sport |
| | Source port. More...
|
| |
| uint16_t scap_fdinfo::dport |
| | Destination port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| struct { |
| uint32_t scap_fdinfo::sip |
| | Source IP. More...
|
| |
| uint32_t scap_fdinfo::dip |
| | Destination IP. More...
|
| |
| uint16_t scap_fdinfo::sport |
| | Source port. More...
|
| |
| uint16_t scap_fdinfo::dport |
| | Destination port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| } scap_fdinfo::ipv4info |
| | Information specific to IPv4 sockets. More...
|
| |
| uint32_t scap_fdinfo::sip [4] |
| | Source IP. More...
|
| |
| uint32_t scap_fdinfo::dip [4] |
| | Destination IP. More...
|
| |
| uint16_t scap_fdinfo::sport |
| | Source Port. More...
|
| |
| uint16_t scap_fdinfo::dport |
| | Destination Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| struct { |
| uint32_t scap_fdinfo::sip [4] |
| | Source IP. More...
|
| |
| uint32_t scap_fdinfo::dip [4] |
| | Destination IP. More...
|
| |
| uint16_t scap_fdinfo::sport |
| | Source Port. More...
|
| |
| uint16_t scap_fdinfo::dport |
| | Destination Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| } scap_fdinfo::ipv6info |
| | Information specific to IPv6 sockets. More...
|
| |
| uint32_t scap_fdinfo::ip |
| | Local IP. More...
|
| |
| uint16_t scap_fdinfo::port |
| | Local Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| struct { |
| uint32_t scap_fdinfo::ip |
| | Local IP. More...
|
| |
| uint16_t scap_fdinfo::port |
| | Local Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| } scap_fdinfo::ipv4serverinfo |
| | Information specific to IPv4 server sockets, e.g. sockets used for bind(). More...
|
| |
| uint32_t scap_fdinfo::ip [4] |
| | Local IP. More...
|
| |
| uint16_t scap_fdinfo::port |
| | Local Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| struct { |
| uint32_t scap_fdinfo::ip [4] |
| | Local IP. More...
|
| |
| uint16_t scap_fdinfo::port |
| | Local Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| } scap_fdinfo::ipv6serverinfo |
| | Information specific to IPv6 server sockets, e.g. sockets used for bind(). More...
|
| |
| uint64_t scap_fdinfo::source |
| | Source socket endpoint. More...
|
| |
| uint64_t scap_fdinfo::destination |
| | Destination socket endpoint. More...
|
| |
| char scap_fdinfo::fname [SCAP_MAX_PATH_SIZE] |
| | Name associated to this unix socket. More...
|
| |
| struct { |
| uint64_t scap_fdinfo::source |
| | Source socket endpoint. More...
|
| |
| uint64_t scap_fdinfo::destination |
| | Destination socket endpoint. More...
|
| |
| char scap_fdinfo::fname [SCAP_MAX_PATH_SIZE] |
| | Name associated to this unix socket. More...
|
| |
| } scap_fdinfo::unix_socket_info |
| | Information specific to unix sockets. More...
|
| |
| uint32_t scap_fdinfo::open_flags |
| | Flags associated with the file. More...
|
| |
| char scap_fdinfo::fname [SCAP_MAX_PATH_SIZE] |
| | Name associated to this file. More...
|
| |
| uint32_t scap_fdinfo::mount_id |
| | The id of the vfs mount the file is in until we find dev major:minor. More...
|
| |
| uint32_t scap_fdinfo::dev |
| | Major/minor number of the device containing this file. More...
|
| |
| struct { |
| uint32_t scap_fdinfo::open_flags |
| | Flags associated with the file. More...
|
| |
| char scap_fdinfo::fname [SCAP_MAX_PATH_SIZE] |
| | Name associated to this file. More...
|
| |
| uint32_t scap_fdinfo::mount_id |
| | The id of the vfs mount the file is in until we find dev major:minor. More...
|
| |
| uint32_t scap_fdinfo::dev |
| | Major/minor number of the device containing this file. More...
|
| |
| } scap_fdinfo::regularinfo |
| | Information specific to regular files. More...
|
| |
| char scap_fdinfo::fname [SCAP_MAX_PATH_SIZE] |
| | The name for file system FDs. More...
|
| |
| union { |
| struct { |
| uint32_t scap_fdinfo::sip |
| | Source IP. More...
|
| |
| uint32_t scap_fdinfo::dip |
| | Destination IP. More...
|
| |
| uint16_t scap_fdinfo::sport |
| | Source port. More...
|
| |
| uint16_t scap_fdinfo::dport |
| | Destination port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| } scap_fdinfo::ipv4info |
| | Information specific to IPv4 sockets. More...
|
| |
| struct { |
| uint32_t scap_fdinfo::sip [4] |
| | Source IP. More...
|
| |
| uint32_t scap_fdinfo::dip [4] |
| | Destination IP. More...
|
| |
| uint16_t scap_fdinfo::sport |
| | Source Port. More...
|
| |
| uint16_t scap_fdinfo::dport |
| | Destination Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| } scap_fdinfo::ipv6info |
| | Information specific to IPv6 sockets. More...
|
| |
| struct { |
| uint32_t scap_fdinfo::ip |
| | Local IP. More...
|
| |
| uint16_t scap_fdinfo::port |
| | Local Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| } scap_fdinfo::ipv4serverinfo |
| | Information specific to IPv4 server sockets, e.g. sockets used for bind(). More...
|
| |
| struct { |
| uint32_t scap_fdinfo::ip [4] |
| | Local IP. More...
|
| |
| uint16_t scap_fdinfo::port |
| | Local Port. More...
|
| |
| uint8_t scap_fdinfo::l4proto |
| | Transport protocol. See scap_l4_proto. More...
|
| |
| } scap_fdinfo::ipv6serverinfo |
| | Information specific to IPv6 server sockets, e.g. sockets used for bind(). More...
|
| |
| struct { |
| uint64_t scap_fdinfo::source |
| | Source socket endpoint. More...
|
| |
| uint64_t scap_fdinfo::destination |
| | Destination socket endpoint. More...
|
| |
| char scap_fdinfo::fname [SCAP_MAX_PATH_SIZE] |
| | Name associated to this unix socket. More...
|
| |
| } scap_fdinfo::unix_socket_info |
| | Information specific to unix sockets. More...
|
| |
| struct { |
| uint32_t scap_fdinfo::open_flags |
| | Flags associated with the file. More...
|
| |
| char scap_fdinfo::fname [SCAP_MAX_PATH_SIZE] |
| | Name associated to this file. More...
|
| |
| uint32_t scap_fdinfo::mount_id |
| | The id of the vfs mount the file is in until we find dev major:minor. More...
|
| |
| uint32_t scap_fdinfo::dev |
| | Major/minor number of the device containing this file. More...
|
| |
| } scap_fdinfo::regularinfo |
| | Information specific to regular files. More...
|
| |
| char scap_fdinfo::fname [SCAP_MAX_PATH_SIZE] |
| | The name for file system FDs. More...
|
| |
| } | scap_fdinfo::info |
| |
| UT_hash_handle | scap_fdinfo::hh |
| | makes this structure hashable More...
|
| |
| uint64_t | scap_threadinfo::tid |
| | The thread/task id. More...
|
| |
| uint64_t | scap_threadinfo::pid |
| | The id of the process containing this thread. In single thread processes, this is equal to tid. More...
|
| |
| uint64_t | scap_threadinfo::ptid |
| | The id of the thread that created this thread. More...
|
| |
| uint64_t | scap_threadinfo::sid |
| | The session id of the process containing this thread. More...
|
| |
| uint64_t | scap_threadinfo::vpgid |
| | The process group of this thread, as seen from its current pid namespace. More...
|
| |
| char | scap_threadinfo::comm [SCAP_MAX_PATH_SIZE+1] |
| | Command name (e.g. "top") More...
|
| |
| char | scap_threadinfo::exe [SCAP_MAX_PATH_SIZE+1] |
| | argv0 More...
|
| |
| char | scap_threadinfo::exepath [SCAP_MAX_PATH_SIZE+1] |
| | full executable path More...
|
| |
| char | scap_threadinfo::args [SCAP_MAX_ARGS_SIZE+1] |
| | Command line arguments (e.g. "-d1") More...
|
| |
| uint16_t | scap_threadinfo::args_len |
| | Command line arguments length. More...
|
| |
| char | scap_threadinfo::env [SCAP_MAX_ENV_SIZE+1] |
| | Environment. More...
|
| |
| uint16_t | scap_threadinfo::env_len |
| | Environment length. More...
|
| |
| char | scap_threadinfo::cwd [SCAP_MAX_PATH_SIZE+1] |
| | The current working directory. More...
|
| |
| int64_t | scap_threadinfo::fdlimit |
| | The maximum number of files this thread is allowed to open. More...
|
| |
| uint32_t | scap_threadinfo::flags |
| | the process flags. More...
|
| |
| uint32_t | scap_threadinfo::uid |
| | user id More...
|
| |
| uint32_t | scap_threadinfo::gid |
| | group id More...
|
| |
| uint32_t | scap_threadinfo::vmsize_kb |
| | total virtual memory (as kb) More...
|
| |
| uint32_t | scap_threadinfo::vmrss_kb |
| | resident non-swapped memory (as kb) More...
|
| |
| uint32_t | scap_threadinfo::vmswap_kb |
| | swapped memory (as kb) More...
|
| |
| uint64_t | scap_threadinfo::pfmajor |
| | number of major page faults since start More...
|
| |
| uint64_t | scap_threadinfo::pfminor |
| | number of minor page faults since start More...
|
| |
| int64_t | scap_threadinfo::vtid |
| |
| int64_t | scap_threadinfo::vpid |
| |
| char | scap_threadinfo::cgroups [SCAP_MAX_CGROUPS_SIZE] |
| |
| uint16_t | scap_threadinfo::cgroups_len |
| |
| char | scap_threadinfo::root [SCAP_MAX_PATH_SIZE+1] |
| |
| int | scap_threadinfo::filtered_out |
| | nonzero if this entry should not be saved to file More...
|
| |
| scap_fdinfo * | scap_threadinfo::fdlist |
| | The fd table for this process. More...
|
| |
| uint64_t | scap_threadinfo::clone_ts |
| |
| int32_t | scap_threadinfo::tty |
| |
| int32_t | scap_threadinfo::loginuid |
| | loginuid (auid) More...
|
| |
| UT_hash_handle | scap_threadinfo::hh |
| | makes this structure hashable More...
|
| |
| uint64_t | scap_mountinfo::mount_id |
| | mount id from /proc/self/mountinfo More...
|
| |
| uint32_t | scap_mountinfo::dev |
| | device number More...
|
| |
| UT_hash_handle | scap_mountinfo::hh |
| | makes this structure hashable More...
|
| |
| scap_mode_t | scap_open_args::mode |
| |
| int | scap_open_args::fd |
| |
| const char * | scap_open_args::fname |
| | The name of the file to open. NULL for live captures. More...
|
| |
| proc_entry_callback | scap_open_args::proc_callback |
| | Callback to be invoked for each thread/fd that is extracted from /proc, or NULL if no callback is needed. More...
|
| |
| void * | scap_open_args::proc_callback_context |
| | Opaque pointer that will be included in the calls to proc_callback. Ignored if proc_callback is NULL. More...
|
| |
| bool | scap_open_args::import_users |
| | true if the user list should be created when opening the capture. More...
|
| |
| uint64_t | scap_open_args::start_offset |
| | Used to start reading a capture file from an arbitrary offset. This is leveraged when opening merged files. More...
|
| |
| const char * | scap_open_args::bpf_probe |
| | The name of the BPF probe to open. If NULL, the kernel driver will be used. More...
|
| |
| const char * | scap_open_args::suppressed_comms [SCAP_MAX_SUPPRESSED_COMMS] |
| | A list of processes (comm) for which no. More...
|
| |
| bool | scap_open_args::udig |
| | If true, UDIG will be used for event capture. Otherwise, the kernel driver will be used. More...
|
| |
| uint32_t | _scap_machine_info::num_cpus |
| | Number of processors. More...
|
| |
| uint64_t | _scap_machine_info::memory_size_bytes |
| | Physical memory size. More...
|
| |
| uint64_t | _scap_machine_info::max_pid |
| | Highest PID number on this machine. More...
|
| |
| char | _scap_machine_info::hostname [128] |
| | The machine hostname. More...
|
| |
| uint64_t | _scap_machine_info::reserved1 |
| | reserved for future use More...
|
| |
| uint64_t | _scap_machine_info::reserved2 |
| | reserved for future use More...
|
| |
| uint64_t | _scap_machine_info::reserved3 |
| | reserved for future use More...
|
| |
| uint64_t | _scap_machine_info::reserved4 |
| | reserved for future use More...
|
| |
| uint16_t | scap_ifinfo_ipv4::type |
| | Interface type. More...
|
| |
| uint16_t | scap_ifinfo_ipv4::ifnamelen |
| |
| uint32_t | scap_ifinfo_ipv4::addr |
| | Interface address. More...
|
| |
| uint32_t | scap_ifinfo_ipv4::netmask |
| | Interface netmask. More...
|
| |
| uint32_t | scap_ifinfo_ipv4::bcast |
| | Interface broadcast address. More...
|
| |
| uint64_t | scap_ifinfo_ipv4::linkspeed |
| | Interface link speed. More...
|
| |
| char | scap_ifinfo_ipv4::ifname [SCAP_MAX_PATH_SIZE] |
| | interface name (e.g. "eth0") More...
|
| |
| uint16_t | scap_ifinfo_ipv4_nolinkspeed::type |
| |
| uint16_t | scap_ifinfo_ipv4_nolinkspeed::ifnamelen |
| |
| uint32_t | scap_ifinfo_ipv4_nolinkspeed::addr |
| |
| uint32_t | scap_ifinfo_ipv4_nolinkspeed::netmask |
| |
| uint32_t | scap_ifinfo_ipv4_nolinkspeed::bcast |
| |
| char | scap_ifinfo_ipv4_nolinkspeed::ifname [SCAP_MAX_PATH_SIZE] |
| |
| uint16_t | scap_ifinfo_ipv6::type |
| |
| uint16_t | scap_ifinfo_ipv6::ifnamelen |
| |
| char | scap_ifinfo_ipv6::addr [SCAP_IPV6_ADDR_LEN] |
| | Interface address. More...
|
| |
| char | scap_ifinfo_ipv6::netmask [SCAP_IPV6_ADDR_LEN] |
| | Interface netmask. More...
|
| |
| char | scap_ifinfo_ipv6::bcast [SCAP_IPV6_ADDR_LEN] |
| | Interface broadcast address. More...
|
| |
| uint64_t | scap_ifinfo_ipv6::linkspeed |
| | Interface link speed. More...
|
| |
| char | scap_ifinfo_ipv6::ifname [SCAP_MAX_PATH_SIZE] |
| | interface name (e.g. "eth0") More...
|
| |
| uint16_t | scap_ifinfo_ipv6_nolinkspeed::type |
| |
| uint16_t | scap_ifinfo_ipv6_nolinkspeed::ifnamelen |
| |
| char | scap_ifinfo_ipv6_nolinkspeed::addr [SCAP_IPV6_ADDR_LEN] |
| |
| char | scap_ifinfo_ipv6_nolinkspeed::netmask [SCAP_IPV6_ADDR_LEN] |
| |
| char | scap_ifinfo_ipv6_nolinkspeed::bcast [SCAP_IPV6_ADDR_LEN] |
| |
| char | scap_ifinfo_ipv6_nolinkspeed::ifname [SCAP_MAX_PATH_SIZE] |
| |
| uint32_t | scap_addrlist::n_v4_addrs |
| | Number of IPv4 addresses. More...
|
| |
| uint32_t | scap_addrlist::n_v6_addrs |
| | Number of IPv6 addresses. More...
|
| |
| uint32_t | scap_addrlist::totlen |
| | For internal use. More...
|
| |
| scap_ifinfo_ipv4 * | scap_addrlist::v4list |
| | List of IPv4 Addresses. More...
|
| |
| scap_ifinfo_ipv6 * | scap_addrlist::v6list |
| | List of IPv6 Addresses. More...
|
| |
| uint32_t | scap_userinfo::uid |
| | User ID. More...
|
| |
| uint32_t | scap_userinfo::gid |
| | Group ID. More...
|
| |
| char | scap_userinfo::name [MAX_CREDENTIALS_STR_LEN] |
| | Username. More...
|
| |
| char | scap_userinfo::homedir [SCAP_MAX_PATH_SIZE] |
| | Home directory. More...
|
| |
| char | scap_userinfo::shell [SCAP_MAX_PATH_SIZE] |
| | Shell program. More...
|
| |
| uint32_t | scap_groupinfo::gid |
| | Group ID. More...
|
| |
| char | scap_groupinfo::name [MAX_CREDENTIALS_STR_LEN] |
| | Group name. More...
|
| |
| uint32_t | scap_userlist::nusers |
| | Number of users. More...
|
| |
| uint32_t | scap_userlist::ngroups |
| | Number of groups. More...
|
| |
| uint32_t | scap_userlist::totsavelen |
| | For internal use. More...
|
| |
| scap_userinfo * | scap_userlist::users |
| | User list. More...
|
| |
| scap_groupinfo * | scap_userlist::groups |
| | Group list. More...
|
| |
| enum ppm_event_category | ppm_syscall_desc::category |
| |
| enum ppm_event_flags | ppm_syscall_desc::flags |
| |
| char * | ppm_syscall_desc::name |
| |
| volatile uint64_t | udig_ring_buffer_status::m_buffer_lock |
| |
| volatile int | udig_ring_buffer_status::m_initialized |
| |
| volatile int | udig_ring_buffer_status::m_capturing_pid |
| |
| volatile int | udig_ring_buffer_status::m_stopped |
| |
| volatile struct timespec | udig_ring_buffer_status::m_last_print_time |
| |
| struct udig_consumer_t | udig_ring_buffer_status::m_consumer |
| |
