Documentation
¶
Index ¶
- Constants
- func LoadKallsymsValues(ksymsTable *helpers.KernelSymbolTable, ksymbols []string) map[string]*helpers.KernelSymbol
- func LoadKconfigValues(kc *helpers.KernelConfig, isDebug bool) (map[helpers.KernelConfigOption]helpers.KernelConfigOptionValue, error)
- func SendKsymbolsToMap(bpfKsymsMap *libbpfgo.BPFMap, ksymbols map[string]*helpers.KernelSymbol) error
- func ValidateKsymbolsTable(ksyms *helpers.KernelSymbolTable) bool
Constants ¶
View Source
const (
CONFIG_ARCH_HAS_SYSCALL_WRAPPER helpers.KernelConfigOption = iota + helpers.CUSTOM_OPTION_START
)
Custom KernelConfigOption's to extend kernel_config helper support Add here all kconfig variables used within tracee.bpf.c
Variables ¶
This section is empty.
Functions ¶
func LoadKallsymsValues ¶ added in v0.8.0
func LoadKallsymsValues(ksymsTable *helpers.KernelSymbolTable, ksymbols []string) map[string]*helpers.KernelSymbol
func LoadKconfigValues ¶
func LoadKconfigValues(kc *helpers.KernelConfig, isDebug bool) (map[helpers.KernelConfigOption]helpers.KernelConfigOptionValue, error)
LoadKconfigValues load all kconfig variables used within tracee.bpf.c
func SendKsymbolsToMap ¶ added in v0.8.0
func ValidateKsymbolsTable ¶ added in v0.8.0
func ValidateKsymbolsTable(ksyms *helpers.KernelSymbolTable) bool
ValidateKsymbolsTable checks if the addresses in the table are valid by checking a specific symbol address. The reason for the addresses to be invalid is if the capabilities required to read the kallsyms file are not given. The chosen symbol used here is "security_file_open" because it is a must-have symbol for tracee to run.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.