Documentation
¶
Index ¶
- Constants
- type CgroupProbe
- type Handle
- type Probe
- type ProbeGroup
- func (p *ProbeGroup) Attach(handle Handle, args ...interface{}) error
- func (p *ProbeGroup) Autoload(handle Handle, autoload bool) error
- func (p *ProbeGroup) Detach(handle Handle, args ...interface{}) error
- func (p *ProbeGroup) DetachAll() error
- func (p *ProbeGroup) GetProbeByHandle(handle Handle) Probe
- func (p *ProbeGroup) GetProbeType(handle Handle) ProbeType
- type ProbeType
- type TraceProbe
- type Uprobe
Constants ¶
View Source
const ( ExecTest EmptyKprobe )
Test probe handles
View Source
const ( KProbe = iota // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#1-kp KretProbe // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#1-kp Tracepoint // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#3-tracep RawTracepoint // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#7-raw-tracep SyscallEnter SyscallExit InvalidProbeType )
View Source
const SyscallPrefix = "__x64_sys_"
View Source
const SyscallPrefixCompat = "__ia32_sys_"
View Source
const SyscallPrefixCompat2 = "__ia32_compat_sys_"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CgroupProbe ¶
type CgroupProbe struct {
// contains filtered or unexported fields
}
func NewCgroupProbe ¶
func NewCgroupProbe(a bpf.BPFAttachType, progName string) *CgroupProbe
NewCgroupProbe creates a new cgroup probe.
func (*CgroupProbe) GetProgramName ¶
func (p *CgroupProbe) GetProgramName() string
type Handle ¶
type Handle int32
const ( SysEnter Handle = iota SysExit SyscallEnter__Internal SyscallExit__Internal SchedProcessFork SchedProcessExec SchedProcessExit SchedProcessFree SchedSwitch DoExit CapCapable VfsWrite VfsWriteRet VfsWriteV VfsWriteVRet KernelWrite KernelWriteRet VfsWriteMagic VfsWriteMagicRet VfsWriteVMagic VfsWriteVMagicRet KernelWriteMagic KernelWriteMagicRet SecurityMmapAddr SecurityMmapFile SecurityFileMProtect CommitCreds SwitchTaskNS CgroupAttachTask CgroupMkdir CgroupRmdir SecurityBPRMCheck SecurityFileOpen SecurityInodeUnlink SecurityInodeMknod SecurityInodeSymlink SecuritySocketCreate SecuritySocketListen SecuritySocketConnect SecuritySocketAccept SecuritySocketBind SecuritySocketSetsockopt SecuritySbMount SecurityBPF SecurityBPFMap SecurityKernelReadFile SecurityKernelPostReadFile DoSplice DoSpliceRet ProcCreate RegisterKprobe RegisterKprobeRet CallUsermodeHelper DebugfsCreateFile DebugfsCreateDir DeviceAdd RegisterChrdev RegisterChrdevRet DoInitModule DoInitModuleRet LoadElfPhdrs Filldir64 SecurityFilePermission TaskRename SyscallTableCheck PrintNetSeqOps SecurityInodeRename DoSigaction SecurityBpfProg SecurityFileIoctl CheckHelperCall CheckMapFuncCompatibility KallsymsLookupName KallsymsLookupNameRet SockAllocFile SockAllocFileRet SecuritySkClone SecuritySocketRecvmsg SecuritySocketSendmsg CgroupBPFRunFilterSKB CgroupSKBIngress CgroupSKBEgress DoMmap DoMmapRet PrintMemDump VfsRead VfsReadRet VfsReadV VfsReadVRet VfsUtimes UtimesCommon DoTruncate FileUpdateTime FileUpdateTimeRet FileModified FileModifiedRet FdInstall FilpClose InotifyFindInode InotifyFindInodeRet BpfCheck ExecBinprm SecurityPathNotify SecurityBprmCredsForExec SetFsPwd HiddenKernelModuleSeeker TpProbeRegPrioMayExist HiddenKernelModuleVerifier ModuleLoad ModuleFree SignalCgroupMkdir SignalCgroupRmdir SignalSchedProcessFork SignalSchedProcessExec SignalSchedProcessExit ExecuteFinishedX86 ExecuteAtFinishedX86 ExecuteFinishedCompatX86 ExecuteAtFinishedCompatX86 ExecuteFinishedARM ExecuteAtFinishedARM ExecuteFinishedCompatARM ExecuteAtFinishedCompatARM SecurityTaskSetrlimit SecuritySettime64 Ptrace PtraceRet ProcessVmWritev ProcessVmWritevRet ArchPrctl ArchPrctlRet Dup DupRet Dup2 Dup2Ret Dup3 Dup3Ret ChmodCommon )
type ProbeGroup ¶
type ProbeGroup struct {
// contains filtered or unexported fields
}
ProbeGroup is a collection of probes.
func NewDefaultProbeGroup ¶
func NewDefaultProbeGroup(module *bpf.Module, netEnabled bool) (*ProbeGroup, error)
NewDefaultProbeGroup initializes the default ProbeGroup (TODO: extensions will use probe groups)
func NewProbeGroup ¶
func NewProbeGroup(m *bpf.Module, p map[Handle]Probe) *ProbeGroup
NewProbeGroup creates a new ProbeGroup.
func (*ProbeGroup) Attach ¶
func (p *ProbeGroup) Attach(handle Handle, args ...interface{}) error
Attach attaches a probe's program to its hook, by given handle.
func (*ProbeGroup) Autoload ¶
func (p *ProbeGroup) Autoload(handle Handle, autoload bool) error
Autoload disables autoload feature for a given handle's program.
func (*ProbeGroup) Detach ¶
func (p *ProbeGroup) Detach(handle Handle, args ...interface{}) error
Detach detaches a probe's program from its hook, by given handle.
func (*ProbeGroup) DetachAll ¶
func (p *ProbeGroup) DetachAll() error
DetachAll detaches all existing probes programs from their hooks.
func (*ProbeGroup) GetProbeByHandle ¶
func (p *ProbeGroup) GetProbeByHandle(handle Handle) Probe
func (*ProbeGroup) GetProbeType ¶
func (p *ProbeGroup) GetProbeType(handle Handle) ProbeType
GetProbe returns a probe type by its handle.
type TraceProbe ¶
type TraceProbe struct {
// contains filtered or unexported fields
}
func NewTraceProbe ¶
func NewTraceProbe(t ProbeType, evtName string, progName string) *TraceProbe
NewTraceProbe creates a new tracing probe (kprobe, kretprobe, tracepoint, raw_tracepoint).
func (*TraceProbe) GetEventName ¶
func (p *TraceProbe) GetEventName() string
func (*TraceProbe) GetProbeType ¶
func (p *TraceProbe) GetProbeType() ProbeType
func (*TraceProbe) GetProgramName ¶
func (p *TraceProbe) GetProgramName() string
func (*TraceProbe) IsAttached ¶
func (p *TraceProbe) IsAttached() bool
type Uprobe ¶
type Uprobe struct {
// contains filtered or unexported fields
}
func (*Uprobe) GetBinaryPath ¶
func (*Uprobe) GetEventName ¶
func (*Uprobe) GetProgramName ¶
func (*Uprobe) GetSymbolName ¶
Source Files
Click to show internal directories.
Click to hide internal directories.