This repository has been archived by the owner on Nov 19, 2021. It is now read-only.
v0.1.4
In-kernel filtering has been reworked!
- Along with a cleaner userland API:
filter := kernel.NewFilter(probe.Module())
if err := filter.AddRule(
kernel.NewFilterRuleN(
kernel.FilterRuleSetModeSyscall(),
kernel.FilterRuleSetSyscall("execve"),
kernel.FilterRuleSetPidNamespace(4026531836),
kernel.FilterRuleSetSampleRate(10),
kernel.FilterRuleSetActionAllow())); err != nil {
log.Fatal(err)
}
if err := filter.Enable(); err != nil {
log.Fatal(err)
}
fmt.Println(filter.GetRunning())
- The kernel filtering has been optimized, now with fewer branches!