Skip to content
This repository has been archived by the owner on Nov 19, 2021. It is now read-only.

v0.1.4

Compare
Choose a tag to compare
@github-actions github-actions released this 04 Feb 17:55
· 4 commits to main since this release
4658a5b

image

In-kernel filtering has been reworked!

  • Along with a cleaner userland API:
	filter := kernel.NewFilter(probe.Module())
	if err := filter.AddRule(
		kernel.NewFilterRuleN(
			kernel.FilterRuleSetModeSyscall(),
			kernel.FilterRuleSetSyscall("execve"),
			kernel.FilterRuleSetPidNamespace(4026531836),
			kernel.FilterRuleSetSampleRate(10),
			kernel.FilterRuleSetActionAllow())); err != nil {
		log.Fatal(err)
	}
	if err := filter.Enable(); err != nil {
		log.Fatal(err)
	}
        fmt.Println(filter.GetRunning())
  • The kernel filtering has been optimized, now with fewer branches!

Changelog

4658a5b A cleaner API for filtering. (#10)
950b701 README