ebpftracer

package
v1.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2024 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TailSchedProcessExecEventSubmit uint32 = iota
	MaxTail
)
View Source 
const (
	ProbeSysEnter handle = iota
	ProbeSysExit
	ProbeSyscallEnter__Internal
	ProbeSyscallExit__Internal
	ProbeSchedProcessFork
	ProbeSchedProcessExec
	ProbeSchedProcessExit
	ProbeSchedProcessFree
	ProbeSchedSwitch
	ProbeVfsWriteMagic
	ProbeVfsWriteMagicRet
	ProbeVfsWriteVMagic
	ProbeVfsWriteVMagicRet
	ProbeKernelWriteMagic
	ProbeKernelWriteMagicRet
	ProbeCgroupMkdir
	ProbeCgroupRmdir
	ProbeSecurityBPRMCheck
	ProbeSecuritySocketConnect
	ProbeCgroupSKBIngress
	ProbeCgroupSKBEgress
	ProbeFileUpdateTime
	ProbeFileUpdateTimeRet
	ProbeFileModified
	ProbeFileModifiedRet
	ProbeFdInstall
	ProbeFilpClose
	ProbeExecBinprm
	ProbeOomMarkVictim
	ProbeTtyOpen
	ProbeTtyWrite
	ProbeCgroupSockCreate
	ProbeCgroupSockOpts
)

Variables

View Source 
var (
	FilterPass                    error = nil
	FilterErrRateLimit                  = errors.New("rate limit")
	FilterErrEmptyDNSResponse           = errors.New("empty dns response")
	FilterErrDNSDuplicateDetected       = errors.New("dns duplicate detected")
)
View Source 
var ErrPanic = errors.New("encountered panic")

Error indicating that the resulting error was caught from a panic

Functions

func EnabledBPFStats added in v1.21.0 

func EnabledBPFStats(log *logging.Logger) (func(), error)

Types

type ActualDestinationGetter 

type ActualDestinationGetter interface {
	GetDestination(src, dst netip.AddrPort) (netip.AddrPort, bool)
}

ActualDestinationGetter is used to find actual destination ip. Usually this info is obtained from conntrack.

type ArgType 

type ArgType uint8

type CgroupClient added in v1.3.0 

type CgroupClient interface {
	GetCgroupsRootPath() string
	LoadCgroup(id cgroup.ID, path string)
	CleanupCgroup(cgroup cgroup.ID)
	IsDefaultHierarchy(uint32) bool
}

type Config 

type Config struct {
	BTFPath                string
	EventsPerCPUBuffer     int
	EventsOutputChanSize   int
	DefaultCgroupsVersion  string `validate:"required,oneof=V1 V2"`
	DebugEnabled           bool
	ContainerClient        ContainerClient
	CgroupClient           CgroupClient
	SignatureEngine        *signature.SignatureEngine
	MountNamespacePIDStore *types.PIDsPerNamespace
	// All PIPs reported from ebpf will be normalized to this PID namespace
	HomePIDNS                          proc.NamespaceID
	AllowAnyEvent                      bool
	NetflowOutputChanSize              int
	NetflowSampleSubmitIntervalSeconds uint64
	NetflowGrouping                    NetflowGrouping
	TrackSyscallStats                  bool
	ProcessTreeCollector               processTreeCollector
	MetricsReporting                   MetricsReportingConfig
}

type ContainerClient 

type ContainerClient interface {
	GetContainerForCgroup(ctx context.Context, cgroup cgroup.ID) (*containers.Container, error)
	AddContainerByCgroupID(ctx context.Context, cgroupID cgroup.ID) (cont *containers.Container, rerrr error)
	CleanupCgroup(cgroup cgroup.ID)
}

type EBPFMetric added in v1.16.0 

type EBPFMetric int

Must be kept in sync with `enum metric` defined in types.h. 

const (
	UnknownMetric EBPFMetric = iota

	NoFreeScratchBuffer
	NoFreeScratchBufferSocketSetState
	NoFreeScratchBufferNetflows
)

func (EBPFMetric) String added in v1.16.0 

func (m EBPFMetric) String() string

type EventFilter 

type EventFilter func(event *types.Event) error

EventFilter allows for filtering of events before they are send to the server

type EventFilterGenerator 

type EventFilterGenerator func() EventFilter

EventFilterGenerator Produces an event filter for each call

func DeduplicateDnsEvents 

func DeduplicateDnsEvents(l *logging.Logger, size uint32, ttl time.Duration) EventFilterGenerator

DeduplicateDnsEvents creates a filter that will drop any DNS event with questions already seen in `ttl` time

func FilterAnd 

func FilterAnd(filtersGenerators ...EventFilterGenerator) EventFilterGenerator

func FilterEmptyDnsAnswers 

func FilterEmptyDnsAnswers(l *logging.Logger) EventFilterGenerator

FilterEmptyDnsAnswers will drop any DNS event, that is missing an answer section

func GlobalEventFilterGenerator 

func GlobalEventFilterGenerator(filter EventFilter) EventFilterGenerator

GlobalEventFilterGenerator always returns the given filter on each generator invocation. This is useful, if you want some global filtering across cgroups.

func RateLimit 

func RateLimit(spec RateLimitPolicy) EventFilterGenerator

func RateLimitPrivateIP added in v1.13.2 

func RateLimitPrivateIP(spec RateLimitPolicy) EventFilterGenerator

type EventPolicy 

type EventPolicy struct {
	ID                 events.ID
	PreFilterGenerator PreEventFilterGenerator
	FilterGenerator    EventFilterGenerator
}

type EventProbe 

type EventProbe struct {
	// contains filtered or unexported fields
}

type EventsPolicyConfig added in v1.17.0 

type EventsPolicyConfig struct {
	EnabledEvents []events.ID `json:"enabledEvents"`
}

func (*EventsPolicyConfig) Set added in v1.17.0 

func (n *EventsPolicyConfig) Set(s string) error

func (*EventsPolicyConfig) String added in v1.17.0 

func (n *EventsPolicyConfig) String() string

func (*EventsPolicyConfig) Type added in v1.17.0 

func (n *EventsPolicyConfig) Type() string

type LRUPolicy 

type LRUPolicy struct {
	Size int
}

type MetricsReportingConfig added in v1.21.0 

type MetricsReportingConfig struct {
	ProgramMetricsEnabled bool
	TracerMetricsEnabled  bool
}

func (MetricsReportingConfig) Enabled added in v1.21.0 

func (m MetricsReportingConfig) Enabled() bool

type NetflowGrouping added in v1.13.1 

type NetflowGrouping uint64
const (
	NetflowGroupingDropSrcPort NetflowGrouping = (1 << iota)
)

func (*NetflowGrouping) Set added in v1.13.1 

func (n *NetflowGrouping) Set(s string) error

func (*NetflowGrouping) String added in v1.13.1 

func (n *NetflowGrouping) String() string

func (*NetflowGrouping) Type added in v1.13.1 

func (n *NetflowGrouping) Type() string

type Policy 

type Policy struct {
	SystemEvents    []events.ID // List of events required for internal tasks such as cache cleanup
	SignatureEvents []events.ID
	Events          []*EventPolicy
	Output          PolicyOutputConfig
}

type PolicyOutputConfig 

type PolicyOutputConfig struct {
	RelativeTime bool
	ExecHash     bool

	ParseArguments    bool
	ParseArgumentsFDs bool
	EventsSorting     bool
}

type PreEventFilter 

type PreEventFilter func(ctx *types.EventContext) error

PreEventFilter allows for filtering of events coming from the kernel before they are decoded

type PreEventFilterGenerator 

type PreEventFilterGenerator func() PreEventFilter

EventFilterGenerator Produces an pre event filter for each call

func GlobalPreEventFilterGenerator 

func GlobalPreEventFilterGenerator(filter PreEventFilter) PreEventFilterGenerator

GlobalPreEventFilterGenerator always returns the given filter on each generator invocation. This is useful, if you want some global filtering across cgroups.

func PreRateLimit 

func PreRateLimit(spec RateLimitPolicy) PreEventFilterGenerator

PreRateLimit creates an pre event filter that limits the amount of events that will be processed accoring to the specified limits

type RateLimitPolicy 

type RateLimitPolicy struct {
	// If interval is set rate limit can be used as interval based sampling. In such case burst is always 1.
	Interval time.Duration

	// Rate is events per second.
	Rate  float64
	Burst int
}

RateLimitPolicy allows to configure event rate limiting.

type SyscallID 

type SyscallID uint32

func (SyscallID) String 

func (s SyscallID) String() string

type SyscallStats 

type SyscallStats struct {
	ID    SyscallID
	Count uint64
}

type SyscallStatsKeyCgroupID 

type SyscallStatsKeyCgroupID uint64

type TailCall 

type TailCall struct {
	// contains filtered or unexported fields
}

type Tracer 

type Tracer struct {
	// contains filtered or unexported fields
}

func New 

func New(log *logging.Logger, cfg Config) *Tracer

func (*Tracer) ApplyPolicy 

func (t *Tracer) ApplyPolicy(policy *Policy) error

func (*Tracer) Close 

func (t *Tracer) Close() error

func (*Tracer) CollectNetworkSummary added in v1.21.0 

func (t *Tracer) CollectNetworkSummary() (map[TrafficKey]TrafficSummary, error)

func (*Tracer) Events 

func (t *Tracer) Events() <-chan *types.Event

func (*Tracer) GetEventName added in v1.4.0 

func (t *Tracer) GetEventName(id events.ID) string

func (*Tracer) IsCgroupMuted 

func (t *Tracer) IsCgroupMuted(cgroup uint64) bool

func (*Tracer) Load 

func (t *Tracer) Load() error

func (*Tracer) MuteEventsFromCgroup 

func (t *Tracer) MuteEventsFromCgroup(cgroup uint64) error

func (*Tracer) MuteEventsFromCgroups 

func (t *Tracer) MuteEventsFromCgroups(cgroups []uint64) error

func (*Tracer) NetflowEvents added in v1.7.0 

func (t *Tracer) NetflowEvents() <-chan *types.Event

func (*Tracer) ReadSyscallStats 

func (t *Tracer) ReadSyscallStats() (map[SyscallStatsKeyCgroupID][]SyscallStats, error)

func (*Tracer) Run 

func (t *Tracer) Run(ctx context.Context) error

func (*Tracer) UnmuteEventsFromCgroup 

func (t *Tracer) UnmuteEventsFromCgroup(cgroup uint64) error

func (*Tracer) UnmuteEventsFromCgroups 

func (t *Tracer) UnmuteEventsFromCgroups(cgroups []uint64) error

type TracerEventContextT added in v1.21.0 

type TracerEventContextT = tracerEventContextT

type TrafficKey added in v1.21.0 

type TrafficKey tracerIpKey

type TrafficSummary added in v1.21.0 

type TrafficSummary tracerTrafficSummary

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.