-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathgadget.yaml
105 lines (105 loc) · 3.26 KB
/
gadget.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: tcprst
description: Trace the sequence of kernel function calls involved in the transmission
of IPv4 TCP RST packets.
tracers:
events:
mapName: events
structName: event
structs:
event:
fields:
- name: callee
description: Kernel function that sends IPv4 TCP RST packets. It could be FUNC_TCP_SEND_ACTIVE_RESET
or FUNC_TCP_V4_SEND_RESET.
attributes:
width: 26
alignment: left
ellipsis: start
- name: caller
description: Kernel function that calls the actual function that generates the
RST (callee). It could be FUNC_TCP_DISCONNECT, FUNC_TCP_ABORT, FUNC_TCP_CLOSE,
FUNC_TCP_KEEPALIVE_TIMER or FUNC_TCP_OUT_OF_RESOURCES for FUNC_TCP_SEND_ACTIVE_RESET.Or,
FUNC_TCP_V4_DO_RCV or FUNC_TCP_V4_RCV for FUNC_TCP_V4_SEND_RESET.
attributes:
width: 26
alignment: left
ellipsis: start
- name: sk_state
description: State of the socket before calling the actual function that generates
the RST (callee). Inside the callee, it might be already TCP_CLOSE.
attributes:
width: 3
alignment: left
ellipsis: end
- name: mntns_id
description: Mount namespace inode id of the process that calls callee.
attributes:
template: ns
- name: netns_id
description: Network namespace inode id of the process that calls callee.
attributes:
template: ns
- name: pid
description: Process ID of the process that calls callee.
attributes:
template: pid
- name: tid
description: Thread ID of the process that calls callee.
attributes:
hidden: true
template: pid
- name: uid
description: User ID of the process that calls callee.
attributes:
hidden: true
template: uid
- name: gid
description: Group ID of the process that calls callee.
attributes:
hidden: true
template: uid
- name: comm
description: Command name of the process that calls callee.
attributes:
template: comm
- name: socket_mntns_id
description: Mount namespace inode id of the process that owns the socket.
attributes:
template: ns
- name: socket_netns_id
description: Network namespace inode id of the process that owns the socket.
attributes:
template: ns
- name: socket_pid
description: Process ID of the process that owns the socket.
attributes:
hidden: true
template: pid
- name: socket_tid
description: Thread ID of the process that owns the socket.
attributes:
hidden: true
template: pid
- name: socket_uid
description: User ID of the process that owns the socket.
attributes:
hidden: true
template: uid
- name: socket_gid
description: Group ID of the process that owns the socket.
attributes:
hidden: true
template: uid
- name: socket_comm
description: Command name of the process that owns the socket.
attributes:
hidden: true
template: comm
- name: src
description: Source address
attributes:
width: 24
- name: dst
description: Destination address
attributes:
width: 24