osquery-1

mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 17:45:22 +00:00

History

Alessandro Gario 5c1bf4ff0c Initial implementations for BPF-based socket and process events tables (#6571 ) * deb_packages: Fix include order issue * bpf_socket_events, bpf_process_events: Initial implementation * BPF: Add process tracking to process events, remove sockets_event * CMake: Upgrade the C++ standard to C++17 * BPF: Improve initial system state snapshot and event collection * BPF: Add tests for SystemStateTracker * BPF: Add tests for BPFEventPublisher * BPF: Refactor, add tests for ProcessContextFactory * Refactor: Improve initial scan/event handling, fix openat * BPF: Improve event ordering * BPF: Fix test issue in BPFEventPublisher::processOpenAt * BPF: Mark WIP functions as deprecated * BPF: Improve tests * BPF: Add back bpf_socket_events and connect() support * BPF: Add Netlink addr support, add bind() * BPF: Add accept/accept4 support * BPF: Add tests for BPFEventPublisher::processOpenat2Event * BPF: Add remaining tests for BPFEventPublisher * BPF: Add configuration flags for memory management * BPF: Add cmdline support to ProcessContextFactory * BPF: Add additional tests * BPF: Add unit test for SystemStateTracker::accept * BPF: Update cwd handling * BPF: Add tests for bpf_socket_events * BPF: Add tests for bpf_process_events * BPF: Add json_cmdline hidden column to bpf_process_events * BPF: Update all copyright headers * BPF: Add syscall duration in socket_events/process_events * BPF: Code review changes * BPF: Update ebpfpub to the latest version * BPF: Removed unused functions * BPF: Code review changes Add whitespace around namespaces * BPF: Revert header changes in rot13.cpp * BPF: Code review changes Rename the bpf_ntime column in bpf_socket_events/bpf_process_events to ntime and make it the last visible column * BPF: Code review changes Update the dependencies for the BPF tests * BPF: Code review changes Update the dependencies for the BPF table tests * BPF: Code review changes Update how characters are appended to strings in the system state tracker class * BPF: Code review changes Update the string -> integer conversion utilities in the process context factory class. * BPF: Hide failed exec syscalls from bpf_process_events results * BPF: Do not log an error for invalid sockaddr structures * BPF: Code review changes Remove clang-format ignore block * BPF: Code review changes Update log messages in the BPFEventPublisher class * BPF: Code review changes Remove clang-format ignore block around the function tracer descriptors * BPF: Code review changes Document the IFilesystem interface * BPF: Code review changes Document the IProcessContextFactory interface * BPF: Code review changes Document the ISystemStateTracker interface		2020-10-16 01:14:00 -07:00
..
modules	Enable cppcheck target in macOS builds (#6685 )	2020-10-04 16:33:42 -04:00
wix_patches	Fix MSI Service Error handling	2019-09-19 12:32:35 -04:00
CPackConfig.cmake.in	Update copyright notices (#6589 )	2020-08-11 16:46:54 -04:00
flags.cmake	Initial implementations for BPF-based socket and process events tables (#6571 )	2020-10-16 01:14:00 -07:00
globals.cmake	cmake: Add TARGET_PROCESSOR	2020-09-05 16:50:28 -04:00
options.cmake	Update copyright notices (#6589 )	2020-08-11 16:46:54 -04:00
packaging.cmake	cmake: Use TARGET_PROCESSOR to set Linux .tgz name suffix	2020-09-05 16:50:28 -04:00
toolchain.cmake	Restore PIE support being dropped on Linux (#6611 )	2020-08-28 17:14:37 -04:00
utilities.cmake	Update copyright notices (#6589 )	2020-08-11 16:46:54 -04:00