sentinel-stack/sentinel-vmi/src/bridge.c

sentinel-stack/sentinel-vmi/src/bridge.c

Classes

	Name
struct	queued_alert
struct	pid_policy_state

Functions

	Name
const char *	threat_type_from_level(uint32_t level)
double	threat_confidence_from_level(uint32_t level)
int	open_bpf_map(void )
int	write_alert_to_map(struct vmi_alert * alert)
int	env_enabled(const char * key, int default_value)
void	parse_stream_config(void )
void	stream_disconnect(void )
void	schedule_stream_reconnect(uint64_t now_ns)
int	stream_connect_if_needed(uint64_t now_ns)
void	json_escape_string(const char * src, char * dst, size_t dst_size)
int	stream_send_alert(const struct vmi_alert * alert)
uint64_t	get_timestamp_ns(void )
struct pid_policy_state *	get_policy_state(uint32_t pid)
uint32_t	apply_threat_policy(uint32_t pid, uint32_t requested_threat, uint64_t now_ns, int * suppress_emit, int * escalated)
int	emit_alert(struct queued_alert * queued)
void	enqueue_alert(uint32_t pid, uint32_t threat_level, const char * reason, int immediate)
int	bridge_init(void )
void	bridge_teardown(void )
void	bridge_signal_malicious(uint32_t pid, const char * reason)
void	bridge_signal_suspicious(uint32_t pid, const char * reason)
void	bridge_flush_alerts(void )

Attributes

	Name
struct queued_alert[256]	alert_queue
int	alert_count
int	bpf_map_fd
uint64_t	total_alerts_processed
struct pid_policy_state[1024]	policy_table
int	stream_enabled
int	stream_fd
char[64]	stream_host
uint16_t	stream_port
char[16]	stream_mode
char[256]	stream_helper_cmd
FILE *	stream_helper_fp
int	stream_helper_include_metadata
uint64_t	stream_next_reconnect_ns
uint64_t	stream_reconnect_backoff_ns

Defines

	Name
	ALERT_QUEUE_SIZE
	PID_POLICY_TABLE_SIZE
	POLICY_ESCALATION_COUNT
	POLICY_ESCALATION_WINDOW_NS
	POLICY_DEDUP_WINDOW_NS
	STREAM_DEFAULT_HOST
	STREAM_DEFAULT_PORT
	STREAM_MODE_TCP
	STREAM_MODE_HELPER
	STREAM_RECONNECT_BASE_NS
	STREAM_RECONNECT_MAX_NS

Functions Documentation

function threat_type_from_level

static const char * threat_type_from_level(
    uint32_t level
)

function threat_confidence_from_level

static double threat_confidence_from_level(
    uint32_t level
)

function open_bpf_map

static int open_bpf_map(
    void
)

function write_alert_to_map

static int write_alert_to_map(
    struct vmi_alert * alert
)

function env_enabled

static int env_enabled(
    const char * key,
    int default_value
)

function parse_stream_config

static void parse_stream_config(
    void
)

function stream_disconnect

static void stream_disconnect(
    void
)

function schedule_stream_reconnect

static void schedule_stream_reconnect(
    uint64_t now_ns
)

function stream_connect_if_needed

static int stream_connect_if_needed(
    uint64_t now_ns
)

function json_escape_string

static void json_escape_string(
    const char * src,
    char * dst,
    size_t dst_size
)

function stream_send_alert

static int stream_send_alert(
    const struct vmi_alert * alert
)

function get_timestamp_ns

static uint64_t get_timestamp_ns(
    void
)

function get_policy_state

static struct pid_policy_state * get_policy_state(
    uint32_t pid
)

function apply_threat_policy

static uint32_t apply_threat_policy(
    uint32_t pid,
    uint32_t requested_threat,
    uint64_t now_ns,
    int * suppress_emit,
    int * escalated
)

function emit_alert

static int emit_alert(
    struct queued_alert * queued
)

function enqueue_alert

static void enqueue_alert(
    uint32_t pid,
    uint32_t threat_level,
    const char * reason,
    int immediate
)

function bridge_init

int bridge_init(
    void
)

function bridge_teardown

void bridge_teardown(
    void
)

function bridge_signal_malicious

void bridge_signal_malicious(
    uint32_t pid,
    const char * reason
)

function bridge_signal_suspicious

void bridge_signal_suspicious(
    uint32_t pid,
    const char * reason
)

function bridge_flush_alerts

void bridge_flush_alerts(
    void
)

Attributes Documentation

variable alert_queue

static struct queued_alert[256] alert_queue;

variable alert_count

static int alert_count = 0;

variable bpf_map_fd

static int bpf_map_fd = -1;

variable total_alerts_processed

static uint64_t total_alerts_processed = 0;

variable policy_table

static struct pid_policy_state[1024] policy_table;

variable stream_enabled

static int stream_enabled = 0;

variable stream_fd

static int stream_fd = -1;

variable stream_host

static char[64] stream_host;

variable stream_port

static uint16_t stream_port =  8421U;

variable stream_mode

static char[16] stream_mode;

variable stream_helper_cmd

static char[256] stream_helper_cmd;

variable stream_helper_fp

static FILE * stream_helper_fp = NULL;

variable stream_helper_include_metadata

static int stream_helper_include_metadata = 0;

variable stream_next_reconnect_ns

static uint64_t stream_next_reconnect_ns = 0;

variable stream_reconnect_backoff_ns

static uint64_t stream_reconnect_backoff_ns =  (1ULL * 1000000000ULL);

Macros Documentation

define ALERT_QUEUE_SIZE

#define ALERT_QUEUE_SIZE 256

define PID_POLICY_TABLE_SIZE

#define PID_POLICY_TABLE_SIZE 1024

define POLICY_ESCALATION_COUNT

#define POLICY_ESCALATION_COUNT 3U

define POLICY_ESCALATION_WINDOW_NS

#define POLICY_ESCALATION_WINDOW_NS (10ULL * 1000000000ULL)

define POLICY_DEDUP_WINDOW_NS

#define POLICY_DEDUP_WINDOW_NS (1ULL * 1000000000ULL)

define STREAM_DEFAULT_HOST

#define STREAM_DEFAULT_HOST "127.0.0.1"

define STREAM_DEFAULT_PORT

#define STREAM_DEFAULT_PORT 8421U

define STREAM_MODE_TCP

#define STREAM_MODE_TCP "tcp"

define STREAM_MODE_HELPER

#define STREAM_MODE_HELPER "helper"

define STREAM_RECONNECT_BASE_NS

#define STREAM_RECONNECT_BASE_NS (1ULL * 1000000000ULL)

define STREAM_RECONNECT_MAX_NS

#define STREAM_RECONNECT_MAX_NS (30ULL * 1000000000ULL)

---

Updated on 2026-05-26 at 13:25:29 +0000