Documentation ¶
Overview ¶
Package strace implements the logic to print out the input and the return value of each traced syscall.
Index ¶
- Constants
- Variables
- func Disable(sinks SinkType)
- func Enable(whitelist []string, sinks SinkType) error
- func EnableAll(sinks SinkType)
- func Initialize()
- type FormatSpecifier
- type SinkType
- type SyscallInfo
- type SyscallMap
- func (s SyscallMap) ConvertToSysno(syscall string) (uintptr, bool)
- func (s SyscallMap) ConvertToSysnoMap(syscalls []string) (map[uintptr]bool, error)
- func (s SyscallMap) Name(sysno uintptr) string
- func (s SyscallMap) SyscallEnter(t *kernel.Task, sysno uintptr, args arch.SyscallArguments, flags uint32) interface{}
- func (s SyscallMap) SyscallExit(context interface{}, t *kernel.Task, sysno, rval uintptr, err error)
Constants ¶
const DefaultLogMaximumSize = 1024
DefaultLogMaximumSize is the default LogMaximumSize.
Variables ¶
var CloneFlagSet = abi.FlagSet{ { Flag: syscall.CLONE_VM, Name: "CLONE_VM", }, { Flag: syscall.CLONE_FS, Name: "CLONE_FS", }, { Flag: syscall.CLONE_FILES, Name: "CLONE_FILES", }, { Flag: syscall.CLONE_SIGHAND, Name: "CLONE_SIGHAND", }, { Flag: syscall.CLONE_PTRACE, Name: "CLONE_PTRACE", }, { Flag: syscall.CLONE_VFORK, Name: "CLONE_VFORK", }, { Flag: syscall.CLONE_PARENT, Name: "CLONE_PARENT", }, { Flag: syscall.CLONE_THREAD, Name: "CLONE_THREAD", }, { Flag: syscall.CLONE_NEWNS, Name: "CLONE_NEWNS", }, { Flag: syscall.CLONE_SYSVSEM, Name: "CLONE_SYSVSEM", }, { Flag: syscall.CLONE_SETTLS, Name: "CLONE_SETTLS", }, { Flag: syscall.CLONE_PARENT_SETTID, Name: "CLONE_PARENT_SETTID", }, { Flag: syscall.CLONE_CHILD_CLEARTID, Name: "CLONE_CHILD_CLEARTID", }, { Flag: syscall.CLONE_DETACHED, Name: "CLONE_DETACHED", }, { Flag: syscall.CLONE_UNTRACED, Name: "CLONE_UNTRACED", }, { Flag: syscall.CLONE_CHILD_SETTID, Name: "CLONE_CHILD_SETTID", }, { Flag: syscall.CLONE_NEWUTS, Name: "CLONE_NEWUTS", }, { Flag: syscall.CLONE_NEWIPC, Name: "CLONE_NEWIPC", }, { Flag: syscall.CLONE_NEWUSER, Name: "CLONE_NEWUSER", }, { Flag: syscall.CLONE_NEWPID, Name: "CLONE_NEWPID", }, { Flag: syscall.CLONE_NEWNET, Name: "CLONE_NEWNET", }, { Flag: syscall.CLONE_IO, Name: "CLONE_IO", }, }
CloneFlagSet is the set of clone(2) flags.
var EventMaximumSize uint
EventMaximumSize determines the maximum size for data blobs (read, write, etc.) sent over the event channel. Default is 0 because most clients cannot do anything useful with binary text dump of byte array arguments.
var FutexCmd = abi.ValueSet{ { Value: linux.FUTEX_WAIT, Name: "FUTEX_WAIT", }, { Value: linux.FUTEX_WAKE, Name: "FUTEX_WAKE", }, { Value: linux.FUTEX_FD, Name: "FUTEX_FD", }, { Value: linux.FUTEX_REQUEUE, Name: "FUTEX_REQUEUE", }, { Value: linux.FUTEX_CMP_REQUEUE, Name: "FUTEX_CMP_REQUEUE", }, { Value: linux.FUTEX_WAKE_OP, Name: "FUTEX_WAKE_OP", }, { Value: linux.FUTEX_LOCK_PI, Name: "FUTEX_LOCK_PI", }, { Value: linux.FUTEX_UNLOCK_PI, Name: "FUTEX_UNLOCK_PI", }, { Value: linux.FUTEX_TRYLOCK_PI, Name: "FUTEX_TRYLOCK_PI", }, { Value: linux.FUTEX_WAIT_BITSET, Name: "FUTEX_WAIT_BITSET", }, { Value: linux.FUTEX_WAKE_BITSET, Name: "FUTEX_WAKE_BITSET", }, { Value: linux.FUTEX_WAIT_REQUEUE_PI, Name: "FUTEX_WAIT_REQUEUE_PI", }, { Value: linux.FUTEX_CMP_REQUEUE_PI, Name: "FUTEX_CMP_REQUEUE_PI", }, }
FutexCmd are the possible futex(2) commands.
var LogMaximumSize uint = DefaultLogMaximumSize
LogMaximumSize determines the maximum display size for data blobs (read, write, etc.).
var OpenFlagSet = abi.FlagSet{ { Flag: syscall.O_APPEND, Name: "O_APPEND", }, { Flag: syscall.O_ASYNC, Name: "O_ASYNC", }, { Flag: syscall.O_CLOEXEC, Name: "O_CLOEXEC", }, { Flag: syscall.O_CREAT, Name: "O_CREAT", }, { Flag: syscall.O_DIRECT, Name: "O_DIRECT", }, { Flag: syscall.O_DIRECTORY, Name: "O_DIRECTORY", }, { Flag: syscall.O_EXCL, Name: "O_EXCL", }, { Flag: syscall.O_NOATIME, Name: "O_NOATIME", }, { Flag: syscall.O_NOCTTY, Name: "O_NOCTTY", }, { Flag: syscall.O_NOFOLLOW, Name: "O_NOFOLLOW", }, { Flag: syscall.O_NONBLOCK, Name: "O_NONBLOCK", }, { Flag: 0x200000, Name: "O_PATH", }, { Flag: syscall.O_SYNC, Name: "O_SYNC", }, { Flag: syscall.O_TRUNC, Name: "O_TRUNC", }, }
OpenFlagSet is the set of open(2) flags.
var OpenMode = abi.ValueSet{ { Value: syscall.O_RDWR, Name: "O_RDWR", }, { Value: syscall.O_WRONLY, Name: "O_WRONLY", }, { Value: syscall.O_RDONLY, Name: "O_RDONLY", }, }
OpenMode represents the mode to open(2) a file.
var PtraceRequestSet = abi.ValueSet{ { Value: syscall.PTRACE_TRACEME, Name: "PTRACE_TRACEME", }, { Value: syscall.PTRACE_PEEKTEXT, Name: "PTRACE_PEEKTEXT", }, { Value: syscall.PTRACE_PEEKDATA, Name: "PTRACE_PEEKDATA", }, { Value: syscall.PTRACE_PEEKUSR, Name: "PTRACE_PEEKUSR", }, { Value: syscall.PTRACE_POKETEXT, Name: "PTRACE_POKETEXT", }, { Value: syscall.PTRACE_POKEDATA, Name: "PTRACE_POKEDATA", }, { Value: syscall.PTRACE_POKEUSR, Name: "PTRACE_POKEUSR", }, { Value: syscall.PTRACE_CONT, Name: "PTRACE_CONT", }, { Value: syscall.PTRACE_KILL, Name: "PTRACE_KILL", }, { Value: syscall.PTRACE_SINGLESTEP, Name: "PTRACE_SINGLESTEP", }, { Value: syscall.PTRACE_ATTACH, Name: "PTRACE_ATTACH", }, { Value: syscall.PTRACE_DETACH, Name: "PTRACE_DETACH", }, { Value: syscall.PTRACE_SYSCALL, Name: "PTRACE_SYSCALL", }, { Value: syscall.PTRACE_SETOPTIONS, Name: "PTRACE_SETOPTIONS", }, { Value: syscall.PTRACE_GETEVENTMSG, Name: "PTRACE_GETEVENTMSG", }, { Value: syscall.PTRACE_GETSIGINFO, Name: "PTRACE_GETSIGINFO", }, { Value: syscall.PTRACE_SETSIGINFO, Name: "PTRACE_SETSIGINFO", }, { Value: syscall.PTRACE_GETREGSET, Name: "PTRACE_GETREGSET", }, { Value: syscall.PTRACE_SETREGSET, Name: "PTRACE_SETREGSET", }, { Value: kernel.PTRACE_SEIZE, Name: "PTRACE_SEIZE", }, { Value: kernel.PTRACE_INTERRUPT, Name: "PTRACE_INTERRUPT", }, { Value: kernel.PTRACE_LISTEN, Name: "PTRACE_LISTEN", }, { Value: kernel.PTRACE_PEEKSIGINFO, Name: "PTRACE_PEEKSIGINFO", }, { Value: kernel.PTRACE_GETSIGMASK, Name: "PTRACE_GETSIGMASK", }, { Value: kernel.PTRACE_SETSIGMASK, Name: "PTRACE_SETSIGMASK", }, { Value: syscall.PTRACE_GETREGS, Name: "PTRACE_GETREGS", }, { Value: syscall.PTRACE_SETREGS, Name: "PTRACE_SETREGS", }, { Value: syscall.PTRACE_GETFPREGS, Name: "PTRACE_GETFPREGS", }, { Value: syscall.PTRACE_SETFPREGS, Name: "PTRACE_SETFPREGS", }, { Value: syscall.PTRACE_GETFPXREGS, Name: "PTRACE_GETFPXREGS", }, { Value: syscall.PTRACE_SETFPXREGS, Name: "PTRACE_SETFPXREGS", }, { Value: syscall.PTRACE_OLDSETOPTIONS, Name: "PTRACE_OLDSETOPTIONS", }, { Value: syscall.PTRACE_GET_THREAD_AREA, Name: "PTRACE_GET_THREAD_AREA", }, { Value: syscall.PTRACE_SET_THREAD_AREA, Name: "PTRACE_SET_THREAD_AREA", }, { Value: syscall.PTRACE_ARCH_PRCTL, Name: "PTRACE_ARCH_PRCTL", }, { Value: syscall.PTRACE_SYSEMU, Name: "PTRACE_SYSEMU", }, { Value: syscall.PTRACE_SYSEMU_SINGLESTEP, Name: "PTRACE_SYSEMU_SINGLESTEP", }, { Value: syscall.PTRACE_SINGLEBLOCK, Name: "PTRACE_SINGLEBLOCK", }, }
PtraceRequestSet are the possible ptrace(2) requests.
var SocketFamily = abi.ValueSet{ { Value: linux.AF_UNSPEC, Name: "AF_UNSPEC", }, { Value: linux.AF_UNIX, Name: "AF_UNIX", }, { Value: linux.AF_INET, Name: "AF_INET", }, { Value: linux.AF_AX25, Name: "AF_AX25", }, { Value: linux.AF_IPX, Name: "AF_IPX", }, { Value: linux.AF_APPLETALK, Name: "AF_APPLETALK", }, { Value: linux.AF_NETROM, Name: "AF_NETROM", }, { Value: linux.AF_BRIDGE, Name: "AF_BRIDGE", }, { Value: linux.AF_ATMPVC, Name: "AF_ATMPVC", }, { Value: linux.AF_X25, Name: "AF_X25", }, { Value: linux.AF_INET6, Name: "AF_INET6", }, { Value: linux.AF_ROSE, Name: "AF_ROSE", }, { Value: linux.AF_DECnet, Name: "AF_DECnet", }, { Value: linux.AF_NETBEUI, Name: "AF_NETBEUI", }, { Value: linux.AF_SECURITY, Name: "AF_SECURITY", }, { Value: linux.AF_KEY, Name: "AF_KEY", }, { Value: linux.AF_NETLINK, Name: "AF_NETLINK", }, { Value: linux.AF_PACKET, Name: "AF_PACKET", }, { Value: linux.AF_ASH, Name: "AF_ASH", }, { Value: linux.AF_ECONET, Name: "AF_ECONET", }, { Value: linux.AF_ATMSVC, Name: "AF_ATMSVC", }, { Value: linux.AF_RDS, Name: "AF_RDS", }, { Value: linux.AF_SNA, Name: "AF_SNA", }, { Value: linux.AF_IRDA, Name: "AF_IRDA", }, { Value: linux.AF_PPPOX, Name: "AF_PPPOX", }, { Value: linux.AF_WANPIPE, Name: "AF_WANPIPE", }, { Value: linux.AF_LLC, Name: "AF_LLC", }, { Value: linux.AF_IB, Name: "AF_IB", }, { Value: linux.AF_MPLS, Name: "AF_MPLS", }, { Value: linux.AF_CAN, Name: "AF_CAN", }, { Value: linux.AF_TIPC, Name: "AF_TIPC", }, { Value: linux.AF_BLUETOOTH, Name: "AF_BLUETOOTH", }, { Value: linux.AF_IUCV, Name: "AF_IUCV", }, { Value: linux.AF_RXRPC, Name: "AF_RXRPC", }, { Value: linux.AF_ISDN, Name: "AF_ISDN", }, { Value: linux.AF_PHONET, Name: "AF_PHONET", }, { Value: linux.AF_IEEE802154, Name: "AF_IEEE802154", }, { Value: linux.AF_CAIF, Name: "AF_CAIF", }, { Value: linux.AF_ALG, Name: "AF_ALG", }, { Value: linux.AF_NFC, Name: "AF_NFC", }, { Value: linux.AF_VSOCK, Name: "AF_VSOCK", }, }
SocketFamily are the possible socket(2) families.
var SocketFlagSet = abi.FlagSet{ { Flag: linux.SOCK_CLOEXEC, Name: "SOCK_CLOEXEC", }, { Flag: linux.SOCK_NONBLOCK, Name: "SOCK_NONBLOCK", }, }
SocketFlagSet are the possible socket(2) flags.
var SocketProtocol = map[int32]abi.ValueSet{ linux.AF_INET: ipProtocol, linux.AF_INET6: ipProtocol, linux.AF_NETLINK: { { Value: linux.NETLINK_ROUTE, Name: "NETLINK_ROUTE", }, { Value: linux.NETLINK_UNUSED, Name: "NETLINK_UNUSED", }, { Value: linux.NETLINK_USERSOCK, Name: "NETLINK_USERSOCK", }, { Value: linux.NETLINK_FIREWALL, Name: "NETLINK_FIREWALL", }, { Value: linux.NETLINK_SOCK_DIAG, Name: "NETLINK_SOCK_DIAG", }, { Value: linux.NETLINK_NFLOG, Name: "NETLINK_NFLOG", }, { Value: linux.NETLINK_XFRM, Name: "NETLINK_XFRM", }, { Value: linux.NETLINK_SELINUX, Name: "NETLINK_SELINUX", }, { Value: linux.NETLINK_ISCSI, Name: "NETLINK_ISCSI", }, { Value: linux.NETLINK_AUDIT, Name: "NETLINK_AUDIT", }, { Value: linux.NETLINK_FIB_LOOKUP, Name: "NETLINK_FIB_LOOKUP", }, { Value: linux.NETLINK_CONNECTOR, Name: "NETLINK_CONNECTOR", }, { Value: linux.NETLINK_NETFILTER, Name: "NETLINK_NETFILTER", }, { Value: linux.NETLINK_IP6_FW, Name: "NETLINK_IP6_FW", }, { Value: linux.NETLINK_DNRTMSG, Name: "NETLINK_DNRTMSG", }, { Value: linux.NETLINK_KOBJECT_UEVENT, Name: "NETLINK_KOBJECT_UEVENT", }, { Value: linux.NETLINK_GENERIC, Name: "NETLINK_GENERIC", }, { Value: linux.NETLINK_SCSITRANSPORT, Name: "NETLINK_SCSITRANSPORT", }, { Value: linux.NETLINK_ECRYPTFS, Name: "NETLINK_ECRYPTFS", }, { Value: linux.NETLINK_RDMA, Name: "NETLINK_RDMA", }, { Value: linux.NETLINK_CRYPTO, Name: "NETLINK_CRYPTO", }, }, }
SocketProtocol are the possible socket(2) protocols for each protocol family.
var SocketType = abi.ValueSet{ { Value: linux.SOCK_STREAM, Name: "SOCK_STREAM", }, { Value: linux.SOCK_DGRAM, Name: "SOCK_DGRAM", }, { Value: linux.SOCK_RAW, Name: "SOCK_RAW", }, { Value: linux.SOCK_RDM, Name: "SOCK_RDM", }, { Value: linux.SOCK_SEQPACKET, Name: "SOCK_SEQPACKET", }, { Value: linux.SOCK_DCCP, Name: "SOCK_DCCP", }, { Value: linux.SOCK_PACKET, Name: "SOCK_PACKET", }, }
SocketType are the possible socket(2) types.
Functions ¶
func Disable ¶
func Disable(sinks SinkType)
Disable will disable Strace for all system calls and missing syscalls.
Preconditions: Initialize has been called.
func Enable ¶
Enable enables the syscalls in whitelist in all syscall tables.
Preconditions: Initialize has been called.
func EnableAll ¶
func EnableAll(sinks SinkType)
EnableAll enables all syscalls in all syscall tables.
Preconditions: Initialize has been called.
func Initialize ¶
func Initialize()
Initialize prepares all syscall tables for use by this package.
N.B. This is not in an init function because we can't be sure all syscall tables are registered with the kernel when init runs.
TODO: remove kernel package dependencies from this package and have the kernel package self-initialize all syscall tables.
Types ¶
type FormatSpecifier ¶
type FormatSpecifier int
FormatSpecifier values describe how an individual syscall argument should be formatted.
const ( // Hex is just a hexadecimal number. Hex FormatSpecifier = iota // Oct is just an octal number. Oct // ReadBuffer is a buffer for a read-style call. The syscall return // value is used for the length. // // Formatted after syscall execution. ReadBuffer // WriteBuffer is a buffer for a write-style call. The following arg is // used for the length. // // Contents omitted after syscall execution. WriteBuffer // ReadIOVec is a pointer to a struct iovec for a writev-style call. // The following arg is used for the length. The return value is used // for the total length. // // Complete contents only formatted after syscall execution. ReadIOVec // WriteIOVec is a pointer to a struct iovec for a writev-style call. // The following arg is used for the length. // // Complete contents only formatted before syscall execution, omitted // after. WriteIOVec // IOVec is a generic pointer to a struct iovec. Contents are not dumped. IOVec // SendMsgHdr is a pointer to a struct msghdr for a sendmsg-style call. // Contents formatted only before syscall execution, omitted after. SendMsgHdr // RecvMsgHdr is a pointer to a struct msghdr for a recvmsg-style call. // Contents formatted only after syscall execution. RecvMsgHdr // Path is a pointer to a char* path. Path // ExecveStringVector is a NULL-terminated array of strings. Enforces // the maximum execve array length. ExecveStringVector // PipeFDs is an array of two FDs, formatted after syscall execution. PipeFDs // Uname is a pointer to a struct uname, formatted after syscall exection. Uname // Stat is a pointer to a struct stat, formatted after syscall execution. Stat // SockAddr is a pointer to a struct sockaddr. The following arg is // used for length. SockAddr // PostSockAddr is a pointer to a struct sockaddr, formatted after // syscall execution. The following arg is a pointer to the socklen_t // length. PostSockAddr // SockLen is a pointer to a socklen_t, formatted before and after // syscall execution. SockLen // SockFamily is a socket protocol family value. SockFamily // SockType is a socket type and flags value. SockType // SockProtocol is a socket protocol value. Argument n-2 is the socket // protocol family. SockProtocol // SockFlags are socket flags. SockFlags // Timespec is a pointer to a struct timespec. Timespec // PostTimespec is a pointer to a struct timespec, formatted after // syscall execution. PostTimespec // UTimeTimespec is a pointer to a struct timespec. Formatting includes // UTIME_NOW and UTIME_OMIT. UTimeTimespec // ItimerVal is a pointer to a struct itimerval. ItimerVal // ItimerVal is a pointer to a struct itimerval, formatted after // syscall execution. PostItimerVal // Timeval is a pointer to a struct timeval, formatted before and after // syscall execution. Timeval // Utimbuf is a pointer to a struct utimbuf. Utimbuf // CloneFlags are clone(2) flags. CloneFlags // OpenFlags are open(2) flags. OpenFlags // Mode is a mode_t. Mode // FutexOp is the futex(2) operation. FutexOp // PtraceRequest is the ptrace(2) request. PtraceRequest // Rusage is a struct rusage, formatted after syscall execution. Rusage )
Valid FormatSpecifiers.
Unless otherwise specified, values are formatted before syscall execution and not updated after syscall execution (the same value is output).
type SyscallInfo ¶
type SyscallInfo struct {
// contains filtered or unexported fields
}
SyscallInfo captures the name and printing format of a syscall.
type SyscallMap ¶
type SyscallMap map[uintptr]SyscallInfo
SyscallMap maps syscalls into names and printing formats.
func Lookup ¶
Lookup returns the SyscallMap for the OS/Arch combination. The returned map must not be changed.
func (SyscallMap) ConvertToSysno ¶
func (s SyscallMap) ConvertToSysno(syscall string) (uintptr, bool)
ConvertToSysno converts the name to system call number. Returns false if syscall with same name is not found.
func (SyscallMap) ConvertToSysnoMap ¶
func (s SyscallMap) ConvertToSysnoMap(syscalls []string) (map[uintptr]bool, error)
ConvertToSysnoMap converts the names to a map keyed on the syscall number and value set to true. The map is in a convenient format to call SyscallFlagsTable.Enable().
func (SyscallMap) Name ¶
func (s SyscallMap) Name(sysno uintptr) string
Name returns the syscall name.
func (SyscallMap) SyscallEnter ¶
func (s SyscallMap) SyscallEnter(t *kernel.Task, sysno uintptr, args arch.SyscallArguments, flags uint32) interface{}
SyscallEnter implements kernel.Stracer.SyscallEnter. It logs the syscall entry trace.
func (SyscallMap) SyscallExit ¶
func (s SyscallMap) SyscallExit(context interface{}, t *kernel.Task, sysno, rval uintptr, err error)
SyscallExit implements kernel.Stracer.SyscallExit. It logs the syscall exit trace.