Modules§
Structs§
- Inode
Key - Key used to identify an inode in BPF maps.
- Inode
KeyMap - Explicit 16-byte key for BPF Map Lookups (ino + dev + gen). Layout: | ino (8) | dev (4) | gen (4) | = 16 bytes. Guarantees dense packing without padding issues.
- Inode
Resolved - Monitor
Event
Constants§
- DATA_
LEN - EVENT_
CONNECT - EVENT_
CONNECT_ BLOCKED - EVENT_
EXEC - EVENT_
EXIT - EVENT_
FILE_ BLOCKED - EVENT_
FORK - EVENT_
INODE_ RESOLVED - EVENT_
OPENAT - KEY_
MONITOR_ ALL - MONITOR_
STATS_ LEN - MONITOR_
STAT_ LSM_ EVENTS_ EMITTED - MONITOR_
STAT_ LSM_ RINGBUF_ DROPPED - MONITOR_
STAT_ TRACEPOINT_ EVENTS_ EMITTED - MONITOR_
STAT_ TRACEPOINT_ RINGBUF_ DROPPED - SOCKET_
STATS_ LEN - SOCKET_
STAT_ ALLOWED - SOCKET_
STAT_ BLOCKED_ CIDR - SOCKET_
STAT_ BLOCKED_ PORT - SOCKET_
STAT_ CHECKS - SOCKET_
STAT_ EVENTS_ EMITTED - SOCKET_
STAT_ RINGBUF_ DROPPED
Functions§
- encode_
kernel_ dev - Encode userspace dev_t into Linux kernel’s
new_encode_dev()format (sb->s_dev). This matches include/linux/kdev_t.h: new_encode_dev(MKDEV(major,minor)) for 32-bit dev_t encoding used in-kernel. - get_
inode_ generation