probes

package
v0.22.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 10, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TestUnavailableHook = 1000 + iota
	ExecTest
	EmptyKprobe
)

Test probe handles

View Source 
const (
	KProbe        = iota // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#1-kp
	KretProbe            // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#1-kp
	Tracepoint           // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#3-tracep
	RawTracepoint        // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#7-raw-tracep
	SyscallEnter
	SyscallExit
	InvalidProbeType
)
View Source 
const SyscallPrefix = "__x64_sys_"
View Source 
const SyscallPrefixCompat = "__ia32_sys_"
View Source 
const SyscallPrefixCompat2 = "__ia32_compat_sys_"

Variables

This section is empty.

Functions

This section is empty.

Types

type CgroupProbe added in v0.16.0 

type CgroupProbe struct {
	// contains filtered or unexported fields
}

func NewCgroupProbe added in v0.16.0 

func NewCgroupProbe(a bpf.BPFAttachType, progName string) *CgroupProbe

NewCgroupProbe creates a new cgroup probe.

func (*CgroupProbe) GetProgramName added in v0.20.0 

func (p *CgroupProbe) GetProgramName() string

type Handle 

type Handle int32
const (
	SysEnter Handle = iota
	SysExit
	SyscallEnter__Internal
	SyscallExit__Internal
	SchedProcessFork
	SchedProcessExec
	SchedProcessExit
	SchedProcessFree
	SchedSwitch
	DoExit
	CapCapable
	VfsWrite
	VfsWriteRet
	VfsWriteV
	VfsWriteVRet
	KernelWrite
	KernelWriteRet
	VfsWriteMagic
	VfsWriteMagicRet
	VfsWriteVMagic
	VfsWriteVMagicRet
	KernelWriteMagic
	KernelWriteMagicRet
	SecurityMmapAddr
	SecurityMmapFile
	SecurityFileMProtect
	CommitCreds
	SwitchTaskNS
	CgroupAttachTask
	CgroupMkdir
	CgroupRmdir
	SecurityBPRMCheck
	SecurityFileOpen
	SecurityInodeUnlink
	SecurityInodeMknod
	SecurityInodeSymlink
	SecuritySocketCreate
	SecuritySocketListen
	SecuritySocketConnect
	SecuritySocketAccept
	SecuritySocketBind
	SecuritySocketSetsockopt
	SecuritySbMount
	SecurityBPF
	SecurityBPFMap
	SecurityKernelReadFile
	SecurityKernelPostReadFile
	DoSplice
	DoSpliceRet
	ProcCreate
	RegisterKprobe
	RegisterKprobeRet
	CallUsermodeHelper
	DebugfsCreateFile
	DebugfsCreateDir
	DeviceAdd
	RegisterChrdev
	RegisterChrdevRet
	DoInitModule
	DoInitModuleRet
	LoadElfPhdrs
	Filldir64
	SecurityFilePermission
	TaskRename
	SyscallTableCheck
	PrintNetSeqOps
	SecurityInodeRename
	DoSigaction
	SecurityBpfProg
	SecurityFileIoctl
	CheckHelperCall
	CheckMapFuncCompatibility
	KallsymsLookupName
	KallsymsLookupNameRet
	SockAllocFile
	SockAllocFileRet
	SecuritySkClone
	SecuritySocketRecvmsg
	SecuritySocketSendmsg
	CgroupBPFRunFilterSKB
	CgroupSKBIngress
	CgroupSKBEgress
	DoMmap
	DoMmapRet
	PrintMemDump
	VfsRead
	VfsReadRet
	VfsReadV
	VfsReadVRet
	VfsUtimes
	UtimesCommon
	DoTruncate
	FileUpdateTime
	FileUpdateTimeRet
	FileModified
	FileModifiedRet
	FdInstall
	FilpClose
	InotifyFindInode
	InotifyFindInodeRet
	BpfCheck
	ExecBinprm
	SecurityPathNotify
	SecurityBprmCredsForExec
	SetFsPwd
	HiddenKernelModuleSeeker
	TpProbeRegPrioMayExist
	HiddenKernelModuleVerifier
	ModuleLoad
	ModuleFree
	SignalCgroupMkdir
	SignalCgroupRmdir
	SignalSchedProcessFork
	SignalSchedProcessExec
	SignalSchedProcessExit
	ExecuteFinishedX86
	ExecuteAtFinishedX86
	ExecuteFinishedCompatX86
	ExecuteAtFinishedCompatX86
	ExecuteFinishedARM
	ExecuteAtFinishedARM
	ExecuteFinishedCompatARM
	ExecuteAtFinishedCompatARM
	SecurityTaskSetrlimit
	SecuritySettime64
	Ptrace
	PtraceRet
	ProcessVmWritev
	ProcessVmWritevRet
	ArchPrctl
	ArchPrctlRet
	Dup
	DupRet
	Dup2
	Dup2Ret
	Dup3
	Dup3Ret
)

type Probe 

type Probe interface {
	// contains filtered or unexported methods
}

type ProbeGroup added in v0.16.0 

type ProbeGroup struct {
	// contains filtered or unexported fields
}

ProbeGroup is a collection of probes.

func NewDefaultProbeGroup added in v0.16.0 

func NewDefaultProbeGroup(module *bpf.Module, netEnabled bool) (*ProbeGroup, error)

NewDefaultProbeGroup initializes the default ProbeGroup (TODO: extensions will use probe groups)

func NewProbeGroup added in v0.16.0 

func NewProbeGroup(m *bpf.Module, p map[Handle]Probe) *ProbeGroup

NewProbeGroup creates a new ProbeGroup.

func (*ProbeGroup) Attach added in v0.16.0 

func (p *ProbeGroup) Attach(handle Handle, args ...interface{}) error

Attach attaches a probe's program to its hook, by given handle.

func (*ProbeGroup) Autoload added in v0.16.0 

func (p *ProbeGroup) Autoload(handle Handle, autoload bool) error

Autoload disables autoload feature for a given handle's program.

func (*ProbeGroup) Detach added in v0.16.0 

func (p *ProbeGroup) Detach(handle Handle, args ...interface{}) error

Detach detaches a probe's program from its hook, by given handle.

func (*ProbeGroup) DetachAll added in v0.16.0 

func (p *ProbeGroup) DetachAll() error

DetachAll detaches all existing probes programs from their hooks.

func (*ProbeGroup) GetProbeByHandle added in v0.18.0 

func (p *ProbeGroup) GetProbeByHandle(handle Handle) Probe

func (*ProbeGroup) GetProbeType added in v0.16.0 

func (p *ProbeGroup) GetProbeType(handle Handle) ProbeType

GetProbe returns a probe type by its handle.

type ProbeType added in v0.16.0 

type ProbeType uint8

func (ProbeType) String added in v0.21.0 

func (t ProbeType) String() string

type TraceProbe added in v0.16.0 

type TraceProbe struct {
	// contains filtered or unexported fields
}

func NewTraceProbe added in v0.16.0 

func NewTraceProbe(t ProbeType, evtName string, progName string) *TraceProbe

NewTraceProbe creates a new tracing probe (kprobe, kretprobe, tracepoint, raw_tracepoint).

func (*TraceProbe) GetEventName added in v0.18.0 

func (p *TraceProbe) GetEventName() string

func (*TraceProbe) GetProbeType added in v0.18.0 

func (p *TraceProbe) GetProbeType() ProbeType

func (*TraceProbe) GetProgramName added in v0.18.0 

func (p *TraceProbe) GetProgramName() string

func (*TraceProbe) IsAttached added in v0.22.0 

func (p *TraceProbe) IsAttached() bool

type Uprobe added in v0.16.0 

type Uprobe struct {
	// contains filtered or unexported fields
}

func NewUprobe added in v0.16.0 

func NewUprobe(evtName string, progName string, binPath string, symName string) *Uprobe

NewUprobe creates a new uprobe.

func (*Uprobe) GetBinaryPath added in v0.20.0 

func (p *Uprobe) GetBinaryPath() string

func (*Uprobe) GetEventName added in v0.20.0 

func (p *Uprobe) GetEventName() string

func (*Uprobe) GetProgramName added in v0.20.0 

func (p *Uprobe) GetProgramName() string

func (*Uprobe) GetSymbolName added in v0.20.0 

func (p *Uprobe) GetSymbolName() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.