bcc

package
v0.0.0-...-dccb05b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2020 License: Apache-2.0 Imports: 13 Imported by: 5

Documentation

Index

Constants

View Source
const (
	BPF_PROBE_ENTRY = iota
	BPF_PROBE_RETURN
)
View Source
const (
	XDP_FLAGS_UPDATE_IF_NOEXIST = uint32(1) << iota
	XDP_FLAGS_SKB_MODE
	XDP_FLAGS_DRV_MODE
	XDP_FLAGS_HW_MODE
	XDP_FLAGS_MODES = XDP_FLAGS_SKB_MODE | XDP_FLAGS_DRV_MODE | XDP_FLAGS_HW_MODE
	XDP_FLAGS_MASK  = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_MODES
)
View Source
const BPF_PERF_READER_PAGE_CNT = 8

Variables

This section is empty.

Functions

func GetHostByteOrder

func GetHostByteOrder() binary.ByteOrder

GetHostByteOrder returns the current byte-order.

func GetSyscallFnName

func GetSyscallFnName(name string) string

func GetSyscallPrefix

func GetSyscallPrefix() string

Types

type Module

type Module struct {
	// contains filtered or unexported fields
}

Module type

func NewModule

func NewModule(code string, cflags []string) *Module

NewModule asynchronously compiles the code, generates a new BPF module and returns it.

func (*Module) AttachKprobe

func (bpf *Module) AttachKprobe(fnName string, fd int, maxActive int) error

AttachKprobe attaches a kprobe fd to a function.

func (*Module) AttachKretprobe

func (bpf *Module) AttachKretprobe(fnName string, fd int, maxActive int) error

AttachKretprobe attaches a kretprobe fd to a function.

func (*Module) AttachMatchingUprobes

func (bpf *Module) AttachMatchingUprobes(name, match string, fd, pid int) error

AttachMatchingUprobes attaches a uprobe fd to all symbols in the library or binary 'name' that match a given pattern. The 'name' argument can be given as either a full library path (/usr/lib/..), a library without the lib prefix, or as a binary with full path (/bin/bash) A pid can be given, or -1 to attach to all processes

Presently attempts to trace processes running in a different namespace to the tracer will fail due to limitations around namespace-switching in multi-threaded programs (such as Go programs)

func (*Module) AttachMatchingUretprobes

func (bpf *Module) AttachMatchingUretprobes(name, match string, fd, pid int) error

AttachMatchingUretprobes attaches a uretprobe fd to all symbols in the library or binary 'name' that match a given pattern. The 'name' argument can be given as either a full library path (/usr/lib/..), a library without the lib prefix, or as a binary with full path (/bin/bash) A pid can be given, or -1 to attach to all processes

Presently attempts to trace processes running in a different namespace to the tracer will fail due to limitations around namespace-switching in multi-threaded programs (such as Go programs)

func (*Module) AttachPerfEvent

func (bpf *Module) AttachPerfEvent(evType, evConfig int, samplePeriod int, sampleFreq int, pid, cpu, groupFd, fd int) error

AttachPerfEvent attaches a perf event fd to a function Argument 'evType' is a member of 'perf_type_id' enum in the kernel header 'include/uapi/linux/perf_event.h'. Argument 'evConfig' is one of PERF_COUNT_* constants in the same file.

func (*Module) AttachRawTracepoint

func (bpf *Module) AttachRawTracepoint(name string, fd int) error

AttachRawTracepoint attaches a raw tracepoint fd to a function The 'name' argument is in the format 'name', there is no category

func (*Module) AttachTracepoint

func (bpf *Module) AttachTracepoint(name string, fd int) error

AttachTracepoint attaches a tracepoint fd to a function The 'name' argument is in the format 'category:name'

func (*Module) AttachUprobe

func (bpf *Module) AttachUprobe(name, symbol string, fd, pid int) error

AttachUprobe attaches a uprobe fd to the symbol in the library or binary 'name' The 'name' argument can be given as either a full library path (/usr/lib/..), a library without the lib prefix, or as a binary with full path (/bin/bash) A pid can be given to attach to, or -1 to attach to all processes

Presently attempts to trace processes running in a different namespace to the tracer will fail due to limitations around namespace-switching in multi-threaded programs (such as Go programs)

func (*Module) AttachUretprobe

func (bpf *Module) AttachUretprobe(name, symbol string, fd, pid int) error

AttachUretprobe attaches a uretprobe fd to the symbol in the library or binary 'name' The 'name' argument can be given as either a full library path (/usr/lib/..), a library without the lib prefix, or as a binary with full path (/bin/bash) A pid can be given to attach to, or -1 to attach to all processes

Presently attempts to trace processes running in a different namespace to the tracer will fail due to limitations around namespace-switching in multi-threaded programs (such as Go programs)

func (*Module) AttachXDP

func (bpf *Module) AttachXDP(devName string, fd int) error

AttachXDP attaches a xdp fd to a device.

func (*Module) AttachXDPWithFlags

func (bpf *Module) AttachXDPWithFlags(devName string, fd int, flags uint32) error

AttachXDPWithFlags attaches a xdp fd to a device with flags.

func (*Module) Close

func (bpf *Module) Close()

Close takes care of closing all kprobes opened by this modules and destroys the underlying libbpf module.

func (*Module) GetProgramTag

func (bpf *Module) GetProgramTag(fd int) (tag uint64, err error)

GetProgramTag returns a tag for ebpf program under passed fd

func (*Module) Load

func (bpf *Module) Load(name string, progType int, logLevel, logSize uint) (int, error)

Load a program.

func (*Module) LoadKprobe

func (bpf *Module) LoadKprobe(name string) (int, error)

LoadKprobe loads a program of type BPF_PROG_TYPE_KPROBE.

func (*Module) LoadNet

func (bpf *Module) LoadNet(name string) (int, error)

LoadNet loads a program of type BPF_PROG_TYPE_SCHED_ACT.

func (*Module) LoadPerfEvent

func (bpf *Module) LoadPerfEvent(name string) (int, error)

LoadPerfEvent loads a program of type BPF_PROG_TYPE_PERF_EVENT

func (*Module) LoadRawTracepoint

func (bpf *Module) LoadRawTracepoint(name string) (int, error)

LoadRawTracepoint loads a program of type BPF_PROG_TYPE_RAW_TRACEPOINT

func (*Module) LoadTracepoint

func (bpf *Module) LoadTracepoint(name string) (int, error)

LoadTracepoint loads a program of type BPF_PROG_TYPE_TRACEPOINT

func (*Module) LoadUprobe

func (bpf *Module) LoadUprobe(name string) (int, error)

LoadUprobe loads a program of type BPF_PROG_TYPE_KPROBE.

func (*Module) RemoveXDP

func (bpf *Module) RemoveXDP(devName string) error

RemoveXDP removes any xdp from this device.

func (*Module) TableDesc

func (bpf *Module) TableDesc(id uint64) map[string]interface{}

TableDesc returns a map with table properties (name, fd, ...).

func (*Module) TableId

func (bpf *Module) TableId(name string) C.size_t

TableId returns the id of a table.

func (*Module) TableIter

func (bpf *Module) TableIter() <-chan map[string]interface{}

TableIter returns a receveier channel to iterate over entries.

func (*Module) TableSize

func (bpf *Module) TableSize() uint64

TableSize returns the number of tables in the module.

type PerfMap

type PerfMap struct {
	// contains filtered or unexported fields
}

func InitPerfMap

func InitPerfMap(table *Table, receiverChan chan []byte) (*PerfMap, error)

InitPerfMap initializes a perf map with a receiver channel.

func (*PerfMap) Start

func (pm *PerfMap) Start()

Start to poll the perf map reader and send back event data over the connected channel.

func (*PerfMap) Stop

func (pm *PerfMap) Stop()

Stop to poll the perf map readers after a maximum of 500ms (the timeout we use for perf_reader_poll). Ideally we would have a way to cancel the poll, but perf_reader_poll doesn't support that yet.

type Table

type Table struct {
	// contains filtered or unexported fields
}

Table references a BPF table. The zero value cannot be used.

func NewTable

func NewTable(id C.size_t, module *Module) *Table

New tables returns a refernce to a BPF table.

func (*Table) Config

func (table *Table) Config() map[string]interface{}

Config returns the table properties (name, fd, ...).

func (*Table) Delete

func (table *Table) Delete(key []byte) error

Delete a key.

func (*Table) DeleteAll

func (table *Table) DeleteAll() error

DeleteAll deletes all entries from the table

func (*Table) DeleteP

func (table *Table) DeleteP(key unsafe.Pointer) error

DeleteP a key.

func (*Table) Get

func (table *Table) Get(key []byte) ([]byte, error)

Get takes a key and returns the value or nil, and an 'ok' style indicator.

func (*Table) GetP

func (table *Table) GetP(key unsafe.Pointer) (unsafe.Pointer, error)

GetP takes a key and returns the value or nil.

func (*Table) ID

func (table *Table) ID() string

ID returns the table id.

func (*Table) Iter

func (table *Table) Iter() *TableIterator

Iter returns an iterator to list all table entries available as raw bytes.

func (*Table) KeyBytesToStr

func (table *Table) KeyBytesToStr(key []byte) (string, error)

KeyBytesToStr returns the given key value formatted using the bcc-table's key string printer.

func (*Table) KeyStrToBytes

func (table *Table) KeyStrToBytes(keyStr string) ([]byte, error)

func (*Table) LeafBytesToStr

func (table *Table) LeafBytesToStr(leaf []byte) (string, error)

LeafBytesToStr returns the given leaf value formatted using the bcc-table's leaf string printer.

func (*Table) LeafStrToBytes

func (table *Table) LeafStrToBytes(leafStr string) ([]byte, error)

func (*Table) Name

func (table *Table) Name() string

Name returns the table name.

func (*Table) Set

func (table *Table) Set(key, leaf []byte) error

Set a key to a value.

func (*Table) SetP

func (table *Table) SetP(key, leaf unsafe.Pointer) error

SetP a key to a value as unsafe.Pointer.

type TableIterator

type TableIterator struct {
	// contains filtered or unexported fields
}

TableIterator contains the current position for iteration over a *bcc.Table and provides methods for iteration.

func (*TableIterator) Err

func (it *TableIterator) Err() error

Err returns the last error that ocurred while table.Iter oder iter.Next

func (*TableIterator) Key

func (it *TableIterator) Key() []byte

Key returns the current key value of the iterator, if the most recent call to Next returned true. The slice is valid only until the next call to Next.

func (*TableIterator) Leaf

func (it *TableIterator) Leaf() []byte

Leaf returns the current leaf value of the iterator, if the most recent call to Next returned true. The slice is valid only until the next call to Next.

func (*TableIterator) Next

func (it *TableIterator) Next() bool

Next looks up the next element and return true if one is available.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL