Documentation
¶
Overview ¶
Package ptracer holds the start command of CWS injector
Package ptracer holds ptracer related files ¶
Package ptracer holds the start command of CWS injector ¶
Package ptracer holds the start command of CWS injector ¶
Package ptracer holds ptracer related files ¶
Package ptracer holds the start command of CWS injector ¶
Package ptracer holds the start command of CWS injector ¶
Package ptracer holds ptracer related files ¶
Package ptracer holds ptracer related files ¶
Package ptracer holds ptracer related files ¶
Package ptracer holds the start command of CWS injector
Index ¶
- Constants
- func Attach(pids []int, probeAddr string, opts Opts) error
- func GetSyscallNr(regs syscall.PtraceRegs) int
- func Wrap(args []string, envs []string, probeAddr string, opts Opts) (int, error)
- type CWSPtracerCtx
- type CallbackType
- type Creds
- type ECSMetadata
- type FSResources
- type FdResources
- type Logger
- type Opts
- type ProcProcess
- type Process
- type ProcessCache
- func (tc *ProcessCache) Add(pid int, process *Process)
- func (tc *ProcessCache) Get(pid int) *Process
- func (tc *ProcessCache) GetSpan(tgid int) *SpanTLS
- func (tc *ProcessCache) Remove(process *Process)
- func (tc *ProcessCache) SetSpanTLS(tgid int, span *SpanTLS)
- func (tc *ProcessCache) UnsetSpan(tgid int)
- type SpanTLS
- type StringArrayIterator
- type StringIterator
- type SyscallState
- type SyscallStateTracker
- type TextScannerIterator
- type Tracer
- func (t *Tracer) GetSyscallName(regs syscall.PtraceRegs) string
- func (t *Tracer) PeekString(pid int, ptr uint64) (string, error)
- func (t *Tracer) ReadArgData(pid int, regs syscall.PtraceRegs, arg int, size uint) ([]byte, error)
- func (t *Tracer) ReadArgInt32(regs syscall.PtraceRegs, arg int) int32
- func (t *Tracer) ReadArgInt32Ptr(pid int, regs syscall.PtraceRegs, arg int) (int32, error)
- func (t *Tracer) ReadArgInt64(regs syscall.PtraceRegs, arg int) int64
- func (t *Tracer) ReadArgString(pid int, regs syscall.PtraceRegs, arg int) (string, error)
- func (t *Tracer) ReadArgStringArray(pid int, regs syscall.PtraceRegs, arg int) ([]string, error)
- func (t *Tracer) ReadArgUint32(regs syscall.PtraceRegs, arg int) uint32
- func (t *Tracer) ReadArgUint64(regs syscall.PtraceRegs, arg int) uint64
- func (t *Tracer) ReadRet(regs syscall.PtraceRegs) int64
Constants ¶
View Source
const ( // EnvPasswdPathOverride define the env to set to override the default passwd file path EnvPasswdPathOverride = "TEST_DD_PASSWD_PATH" // EnvGroupPathOverride define the env to set to override the default group file path EnvGroupPathOverride = "TEST_DD_GROUP_PATH" )
View Source
const ( // RPCCmd defines the ioctl CMD magic used by APM to register span TLS RPCCmd uint64 = 0xdeadc001 // RegisterSpanTLSOp defines the span TLS register op code RegisterSpanTLSOp uint8 = 6 )
View Source
const ( OpenNr = unix.SYS_OPEN // OpenNr defines the syscall ID for amd64 OpenatNr = unix.SYS_OPENAT // OpenatNr defines the syscall ID for amd64 Openat2Nr = unix.SYS_OPENAT2 // Openat2Nr defines the syscall ID for amd64 CreatNr = unix.SYS_CREAT // CreatNr defines the syscall ID for amd64 NameToHandleAtNr = unix.SYS_NAME_TO_HANDLE_AT // NameToHandleAtNr defines the syscall ID for amd64 OpenByHandleAtNr = unix.SYS_OPEN_BY_HANDLE_AT // OpenByHandleAtNr defines the syscall ID for amd64 ExecveNr = unix.SYS_EXECVE // ExecveNr defines the syscall ID for amd64 ExecveatNr = unix.SYS_EXECVEAT // ExecveatNr defines the syscall ID for amd64 CloneNr = unix.SYS_CLONE // CloneNr defines the syscall ID for amd64 Clone3Nr = unix.SYS_CLONE3 // Clone3Nr defines the syscall ID for amd64 ForkNr = unix.SYS_FORK // ForkNr defines the syscall ID for amd64 VforkNr = unix.SYS_VFORK // VforkNr defines the syscall ID for amd64 ExitNr = unix.SYS_EXIT // ExitNr defines the syscall ID for amd64 FcntlNr = unix.SYS_FCNTL // FcntlNr defines the syscall ID for amd64 DupNr = unix.SYS_DUP // DupNr defines the syscall ID for amd64 Dup2Nr = unix.SYS_DUP2 // Dup2Nr defines the syscall ID for amd64 Dup3Nr = unix.SYS_DUP3 // Dup3Nr defines the syscall ID for amd64 ChdirNr = unix.SYS_CHDIR // ChdirNr defines the syscall ID for amd64 FchdirNr = unix.SYS_FCHDIR // FchdirNr defines the syscall ID for amd64 SetuidNr = unix.SYS_SETUID // SetuidNr defines the syscall ID for amd64 SetgidNr = unix.SYS_SETGID // SetgidNr defines the syscall ID for amd64 SetreuidNr = unix.SYS_SETREUID // SetreuidNr defines the syscall ID for amd64 SetregidNr = unix.SYS_SETREGID // SetregidNr defines the syscall ID for amd64 SetresuidNr = unix.SYS_SETRESUID // SetresuidNr defines the syscall ID for amd64 SetresgidNr = unix.SYS_SETRESGID // SetresgidNr defines the syscall ID for amd64 SetfsuidNr = unix.SYS_SETFSUID // SetfsuidNr defines the syscall ID for amd64 SetfsgidNr = unix.SYS_SETFSGID // SetfsgidNr defines the syscall ID for amd64 CloseNr = unix.SYS_CLOSE // CloseNr defines the syscall ID for amd64 MemfdCreateNr = unix.SYS_MEMFD_CREATE // MemfdCreateNr defines the syscall ID for amd64 CapsetNr = unix.SYS_CAPSET // CapsetNr defines the syscall ID for amd64 UnlinkNr = unix.SYS_UNLINK // UnlinkNr defines the syscall ID for amd64 UnlinkatNr = unix.SYS_UNLINKAT // UnlinkatNr defines the syscall ID for amd64 RmdirNr = unix.SYS_RMDIR // RmdirNr defines the syscall ID for amd64 RenameNr = unix.SYS_RENAME // RenameNr defines the syscall ID for amd64 RenameAtNr = unix.SYS_RENAMEAT // RenameAtNr defines the syscall ID for amd64 RenameAt2Nr = unix.SYS_RENAMEAT2 // RenameAt2Nr defines the syscall ID for amd64 MkdirNr = unix.SYS_MKDIR // MkdirNr defines the syscall ID for amd64 MkdirAtNr = unix.SYS_MKDIRAT // MkdirAtNr defines the syscall ID for amd64 UtimeNr = unix.SYS_UTIME // UtimeNr defines the syscall ID for amd64 UtimesNr = unix.SYS_UTIMES // UtimesNr defines the syscall ID for amd64 UtimensAtNr = unix.SYS_UTIMENSAT // UtimensAtNr defines the syscall ID for amd64 FutimesAtNr = unix.SYS_FUTIMESAT // FutimesAtNr defines the syscall ID for amd64 LinkNr = unix.SYS_LINK // LinkNr defines the syscall ID for amd64 LinkAtNr = unix.SYS_LINKAT // LinkAtNr defines the syscall ID for amd64 SymlinkNr = unix.SYS_SYMLINK // SymlinkNr defines the syscall ID for amd64 SymlinkAtNr = unix.SYS_SYMLINKAT // SymlinkAtNr defines the syscall ID for amd64 ChmodNr = unix.SYS_CHMOD // ChmodNr defines the syscall ID for amd64 FchmodNr = unix.SYS_FCHMOD // FchmodNr defines the syscall ID for amd64 FchmodAtNr = unix.SYS_FCHMODAT // FchmodAtNr defines the syscall ID for amd64 FchmodAt2Nr = unix.SYS_FCHMODAT2 // FchmodAt2Nr defines the syscall ID for amd64 ChownNr = unix.SYS_CHOWN // ChownNr defines the syscall ID for amd64 FchownNr = unix.SYS_FCHOWN // FchownNr defines the syscall ID for amd64 FchownAtNr = unix.SYS_FCHOWNAT // FchownAtNr defines the syscall ID for amd64 LchownNr = unix.SYS_LCHOWN // LchownNr defines the syscall ID for amd64 InitModuleNr = unix.SYS_INIT_MODULE // InitModuleNr defines the syscall ID for amd64 FInitModuleNr = unix.SYS_FINIT_MODULE // FInitModuleNr defines the syscall ID for amd64 DeleteModuleNr = unix.SYS_DELETE_MODULE // DeleteModuleNr defines the syscall ID for amd64 IoctlNr = unix.SYS_IOCTL // IoctlNr defines the syscall ID for amd64 MountNr = unix.SYS_MOUNT // MountNr defines the syscall ID for amd64 Umount2Nr = unix.SYS_UMOUNT2 // Umount2Nr defines the syscall ID for amd64 PipeNr = unix.SYS_PIPE // PipeNr defines the syscall ID for arm64 Pipe2Nr = unix.SYS_PIPE2 // Pipe2Nr defines the syscall ID for arm64 )
Variables ¶
This section is empty.
Functions ¶
func GetSyscallNr ¶
func GetSyscallNr(regs syscall.PtraceRegs) int
GetSyscallNr returns the given syscall number
Types ¶
type CWSPtracerCtx ¶
type CWSPtracerCtx struct {
Tracer
// contains filtered or unexported fields
}
CWSPtracerCtx holds the ptracer internal needed variables
func (*CWSPtracerCtx) AttachTracer ¶
func (ctx *CWSPtracerCtx) AttachTracer() error
AttachTracer attach the tracer to the given pid
func (*CWSPtracerCtx) CWSCleanup ¶
func (ctx *CWSPtracerCtx) CWSCleanup()
CWSCleanup cleans up the ptracer
func (*CWSPtracerCtx) NewTracer ¶
func (ctx *CWSPtracerCtx) NewTracer() error
NewTracer returns a tracer
func (*CWSPtracerCtx) StartCWSPtracer ¶
func (ctx *CWSPtracerCtx) StartCWSPtracer() (int, error)
StartCWSPtracer start the ptracer
type CallbackType ¶
type CallbackType = int
CallbackType represents a callback type
const ( // CallbackPreType defines a callback called in pre stage CallbackPreType CallbackType = iota // CallbackPostType defines a callback called in post stage CallbackPostType // CallbackExitType defines a callback called at exit CallbackExitType // MaxStringSize defines the max read size MaxStringSize = 4096 )
type ECSMetadata ¶
type ECSMetadata struct {
DockerID string `json:"DockerId"`
}
ECSMetadata defines ECS metadata https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v4.html
type FSResources ¶
type FSResources struct {
Cwd string
}
FSResources defines shared process resources
type FdResources ¶
FdResources defines shared process resources
type Opts ¶
type Opts struct {
Creds Creds
Verbose bool
Debug bool
Async bool
StatsDisabled bool
ProcScanDisabled bool
ScanProcEvery time.Duration
SeccompDisabled bool
AttachedCb func()
// contains filtered or unexported fields
}
Opts defines ptracer options
type ProcProcess ¶
ProcProcess defines a process from procfs
type Process ¶
type Process struct {
Pid int
Tgid int
Nr map[int]*ebpfless.SyscallMsg
FdRes *FdResources
FsRes *FSResources
}
Process represents a process context
type ProcessCache ¶
type ProcessCache struct {
// contains filtered or unexported fields
}
ProcessCache defines a thread cache
func NewProcessCache ¶
func NewProcessCache() *ProcessCache
NewProcessCache returns a new thread cache
func (*ProcessCache) Get ¶
func (tc *ProcessCache) Get(pid int) *Process
Get return the process entry for the given pid
func (*ProcessCache) GetSpan ¶
func (tc *ProcessCache) GetSpan(tgid int) *SpanTLS
GetSpan returns the span TLS entry for the given pid
func (*ProcessCache) SetSpanTLS ¶
func (tc *ProcessCache) SetSpanTLS(tgid int, span *SpanTLS)
SetSpanTLS sets the span TLS entry for the given pid
func (*ProcessCache) UnsetSpan ¶
func (tc *ProcessCache) UnsetSpan(tgid int)
UnsetSpan unsets the span TLS entry for the given pid
type SpanTLS ¶
type SpanTLS struct {
// contains filtered or unexported fields
}
SpanTLS holds the needed informations to retrieve spans on a TLS
type StringArrayIterator ¶
type StringArrayIterator struct {
// contains filtered or unexported fields
}
StringArrayIterator defines a string array iterator
func NewStringArrayIterator ¶
func NewStringArrayIterator(array []string) *StringArrayIterator
NewStringArrayIterator returns a new string array iterator
func (*StringArrayIterator) Next ¶
func (s *StringArrayIterator) Next() bool
Next returns true if there is a next element
func (*StringArrayIterator) Text ¶
func (s *StringArrayIterator) Text() string
Text return the current element
type StringIterator ¶
StringIterator defines a string iterator
type SyscallState ¶
SyscallState defines the state of the syscall
type SyscallStateTracker ¶
type SyscallStateTracker struct {
// contains filtered or unexported fields
}
SyscallStateTracker defines a syscall state tracker
func NewSyscallStateTracker ¶
func NewSyscallStateTracker() *SyscallStateTracker
NewSyscallStateTracker returns a new syscall state tracker
func (*SyscallStateTracker) Exit ¶
func (st *SyscallStateTracker) Exit(pid int)
Exit delete the pid from the tracker
func (*SyscallStateTracker) NextStop ¶
func (st *SyscallStateTracker) NextStop(pid int) *SyscallState
NextStop update the state for the given pid
func (*SyscallStateTracker) PeekState ¶
func (st *SyscallStateTracker) PeekState(pid int) *SyscallState
PeekState return the state of the given pid
type TextScannerIterator ¶
type TextScannerIterator struct {
// contains filtered or unexported fields
}
TextScannerIterator defines a text scanner iterator
func NewTextScannerIterator ¶
func NewTextScannerIterator(file *os.File) *TextScannerIterator
NewTextScannerIterator returns a new text scanner iterator
func (*TextScannerIterator) Next ¶
func (t *TextScannerIterator) Next() bool
Next returns true if there is a next element
func (*TextScannerIterator) Text ¶
func (t *TextScannerIterator) Text() string
Text returns the current element
type Tracer ¶
type Tracer struct {
PtracedSyscalls []string
PIDs []int
Args []string
Envs []string
// contains filtered or unexported fields
}
Tracer represents a tracer
func (*Tracer) GetSyscallName ¶
func (t *Tracer) GetSyscallName(regs syscall.PtraceRegs) string
GetSyscallName returns the given syscall name
func (*Tracer) PeekString ¶
PeekString peeks and returns a string from a pid at a given addr ptr
func (*Tracer) ReadArgData ¶
ReadArgData reads the regs and returns the wanted arg as byte array
func (*Tracer) ReadArgInt32 ¶
func (t *Tracer) ReadArgInt32(regs syscall.PtraceRegs, arg int) int32
ReadArgInt32 reads the regs and returns the wanted arg as int32
func (*Tracer) ReadArgInt32Ptr ¶
ReadArgInt32Ptr reads the regs and returns the wanted arg as int32
func (*Tracer) ReadArgInt64 ¶
func (t *Tracer) ReadArgInt64(regs syscall.PtraceRegs, arg int) int64
ReadArgInt64 reads the regs and returns the wanted arg as int64
func (*Tracer) ReadArgString ¶
ReadArgString reads the regs and returns the wanted arg as string
func (*Tracer) ReadArgStringArray ¶
ReadArgStringArray reads and returns the wanted arg as string array
func (*Tracer) ReadArgUint32 ¶
func (t *Tracer) ReadArgUint32(regs syscall.PtraceRegs, arg int) uint32
ReadArgUint32 reads the regs and returns the wanted arg as uint32
func (*Tracer) ReadArgUint64 ¶
func (t *Tracer) ReadArgUint64(regs syscall.PtraceRegs, arg int) uint64
ReadArgUint64 reads the regs and returns the wanted arg as uint64
Source Files
Click to show internal directories.
Click to hide internal directories.