|
libscap
0.1.0.0
|
#include <scap.h>
Data Fields | |
| scap_mode_t | mode |
| int | fd |
| const char * | fname |
| The name of the file to open. NULL for live captures. More... | |
| proc_entry_callback | proc_callback |
| Callback to be invoked for each thread/fd that is extracted from /proc, or NULL if no callback is needed. More... | |
| void * | proc_callback_context |
| Opaque pointer that will be included in the calls to proc_callback. Ignored if proc_callback is NULL. More... | |
| bool | import_users |
| true if the user list should be created when opening the capture. More... | |
| uint64_t | start_offset |
| Used to start reading a capture file from an arbitrary offset. This is leveraged when opening merged files. More... | |
| const char * | bpf_probe |
| The name of the BPF probe to open. If NULL, the kernel driver will be used. More... | |
| const char * | suppressed_comms [SCAP_MAX_SUPPRESSED_COMMS] |
| A list of processes (comm) for which no. More... | |
| bool | udig |
| If true, UDIG will be used for event capture. Otherwise, the kernel driver will be used. More... | |
1.8.17