falco_event::fields

Enum TypeId

source 
#[non_exhaustive]
#[repr(u32)]
pub enum TypeId {

Show 47 variants    None = 0,
    I8 = 1,
    I16 = 2,
    I32 = 3,
    I64 = 4,
    U8 = 5,
    U16 = 6,
    U32 = 7,
    U64 = 8,
    CharBuf = 9,
    ByteBuf = 10,
    Errno = 11,
    SockAddr = 12,
    SockTuple = 13,
    Fd = 14,
    Pid = 15,
    FdList = 16,
    FsPath = 17,
    SyscallID = 18,
    SigType = 19,
    RelTime = 20,
    AbsTime = 21,
    Port = 22,
    L4Proto = 23,
    SockFamily = 24,
    Bool = 25,
    IPv4Addr = 26,
    Dyn = 27,
    Flags8 = 28,
    Flags16 = 29,
    Flags32 = 30,
    Uid = 31,
    Gid = 32,
    Double = 33,
    SigSet = 34,
    CharBufArray = 35,
    CharbufPairArray = 36,
    IPv4Net = 37,
    IPv6Addr = 38,
    IPv6Net = 39,
    IPAddr = 40,
    IPNet = 41,
    Mode = 42,
    FsRelPath = 43,
    EnumFlags8 = 44,
    EnumFlags16 = 45,
    EnumFlags32 = 46,

}
Expand description

The various data types supported by the Falco plugin framework

Limited subsets can be used in various contexts:

  • event parameters
  • values extracted by extract plugins
  • table key types
  • table value types

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

None = 0

No type (unused)

§

I8 = 1

8-bit signed int

§

I16 = 2

16-bit signed int

§

I32 = 3

32-bit signed int

§

I64 = 4

64-bit signed int

§

U8 = 5

8-bit unsigned int

§

U16 = 6

16-bit unsigned int

§

U32 = 7

32-bit unsigned int

§

U64 = 8

64-bit unsigned int

§

CharBuf = 9

A printable buffer of bytes, NULL terminated

§

ByteBuf = 10

A raw buffer of bytes not suitable for printing

§

Errno = 11

this is an INT64, but will be interpreted as an error code

§

SockAddr = 12

A sockaddr structure, 1byte family + data

§

SockTuple = 13

A sockaddr tuple, 1byte family + 12byte data + 12byte data

§

Fd = 14

A file descriptor number, 64bit

§

Pid = 15

A pid/tid, 64bit

§

FdList = 16

A list of fds, 16bit count + count * (64bit fd + 16bit flags)

§

FsPath = 17

A string containing a relative or absolute file system path, null terminated

§

SyscallID = 18

A 16bit system call ID. Can be used as a key for the g_ppm_sc_names table.

§

SigType = 19

An 8-bit signal number

§

RelTime = 20

A relative time. Seconds * 10^9 + nanoseconds. 64bit.

§

AbsTime = 21

An absolute time interval. Seconds from epoch * 10^9 + nanoseconds. 64bit.

§

Port = 22

A TCP/UDP prt. 2 bytes.

§

L4Proto = 23

A 1 byte IP protocol type.

§

SockFamily = 24

A 1 byte socket family.

§

Bool = 25

A boolean value, 4 bytes.

§

IPv4Addr = 26

A 4 byte raw IPv4 address.

§

Dyn = 27

Type can vary depending on the context. Used for filter fields like evt.rawarg.

§

Flags8 = 28

this is an UINT8, but will be interpreted as 8 bit flags.

§

Flags16 = 29

this is an UINT16, but will be interpreted as 16 bit flags.

§

Flags32 = 30

this is an UINT32, but will be interpreted as 32 bit flags.

§

Uid = 31

this is an UINT32, MAX_UINT32 will be interpreted as no value.

§

Gid = 32

this is an UINT32, MAX_UINT32 will be interpreted as no value.

§

Double = 33

this is a double precision floating point number.

§

SigSet = 34

sigset_t. I only store the lower UINT32 of it

§

CharBufArray = 35

Pointer to an array of strings, exported by the user events decoder. 64bit. For internal use only.

§

CharbufPairArray = 36

Pointer to an array of string pairs, exported by the user events decoder. 64bit. For internal use only.

§

IPv4Net = 37

An IPv4 network.

§

IPv6Addr = 38

A 16 byte raw IPv6 address.

§

IPv6Net = 39

An IPv6 network.

§

IPAddr = 40

Either an IPv4 or IPv6 address. The length indicates which one it is.

§

IPNet = 41

Either an IPv4 or IPv6 network. The length indicates which one it is.

§

Mode = 42

a 32 bit bitmask to represent file modes.

§

FsRelPath = 43

A path relative to a dirfd.

§

EnumFlags8 = 44

this is an UINT8, but will be interpreted as an enum flag, ie: contiguous values flag.

§

EnumFlags16 = 45

this is an UINT16, but will be interpreted as an enum flag, ie: contiguous values flag.

§

EnumFlags32 = 46

this is an UINT32, but will be interpreted as an enum flag, ie: contiguous values flag.

Trait Implementations§

source§

impl Clone for TypeId

source§

fn clone(&self) -> TypeId

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for TypeId

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl FromPrimitive for TypeId

source§

fn from_i64(n: i64) -> Option<Self>

Converts an i64 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_u64(n: u64) -> Option<Self>

Converts an u64 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_isize(n: isize) -> Option<Self>

Converts an isize to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_i8(n: i8) -> Option<Self>

Converts an i8 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_i16(n: i16) -> Option<Self>

Converts an i16 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_i32(n: i32) -> Option<Self>

Converts an i32 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_i128(n: i128) -> Option<Self>

Converts an i128 to return an optional value of this type. If the value cannot be represented by this type, then None is returned. Read more
source§

fn from_usize(n: usize) -> Option<Self>

Converts a usize to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_u8(n: u8) -> Option<Self>

Converts an u8 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_u16(n: u16) -> Option<Self>

Converts an u16 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_u32(n: u32) -> Option<Self>

Converts an u32 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_u128(n: u128) -> Option<Self>

Converts an u128 to return an optional value of this type. If the value cannot be represented by this type, then None is returned. Read more
source§

fn from_f32(n: f32) -> Option<Self>

Converts a f32 to return an optional value of this type. If the value cannot be represented by this type, then None is returned.
source§

fn from_f64(n: f64) -> Option<Self>

Converts a f64 to return an optional value of this type. If the value cannot be represented by this type, then None is returned. Read more
source§

impl PartialEq for TypeId

source§

fn eq(&self, other: &TypeId) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Copy for TypeId

source§

impl Eq for TypeId

source§

impl StructuralPartialEq for TypeId

Auto Trait Implementations§

§

impl Freeze for TypeId

§

impl RefUnwindSafe for TypeId

§

impl Send for TypeId

§

impl Sync for TypeId

§

impl Unpin for TypeId

§

impl UnwindSafe for TypeId

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.