ebpftracer

package
v1.26.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2024 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Index

Constants

View Source
const (
	TailSchedProcessExecEventSubmit uint32 = iota
	MaxTail
)
View Source
const (
	ProbeSysEnter handle = iota
	ProbeSysExit
	ProbeSyscallEnter__Internal
	ProbeSyscallExit__Internal
	ProbeSchedProcessFork
	ProbeSchedProcessExec
	ProbeSchedProcessExit
	ProbeSchedProcessFree
	ProbeSchedSwitch
	ProbeVfsWriteMagic
	ProbeVfsWriteMagicRet
	ProbeVfsWriteVMagic
	ProbeVfsWriteVMagicRet
	ProbeKernelWriteMagic
	ProbeKernelWriteMagicRet
	ProbeCgroupMkdir
	ProbeCgroupRmdir
	ProbeSecurityBPRMCheck
	ProbeSecuritySocketConnect
	ProbeCgroupSKBIngress
	ProbeCgroupSKBEgress
	ProbeFileUpdateTime
	ProbeFileUpdateTimeRet
	ProbeFileModified
	ProbeFileModifiedRet
	ProbeFdInstall
	ProbeFilpClose
	ProbeExecBinprm
	ProbeOomMarkVictim
	ProbeTtyOpen
	ProbeTtyWrite
	ProbeCgroupSockCreate
	ProbeCgroupSockOpts
)

Variables

View Source
var (
	FilterPass                    error = nil
	FilterErrRateLimit                  = errors.New("rate limit")
	FilterErrEmptyDNSResponse           = errors.New("empty dns response")
	FilterErrDNSDuplicateDetected       = errors.New("dns duplicate detected")
)
View Source
var ErrPanic = errors.New("encountered panic")

Error indicating that the resulting error was caught from a panic

Functions

func EnabledBPFStats added in v1.21.0

func EnabledBPFStats(log *logging.Logger) (func(), error)

Types

type ActualDestinationGetter

type ActualDestinationGetter interface {
	GetDestination(src, dst netip.AddrPort) (netip.AddrPort, bool)
}

ActualDestinationGetter is used to find actual destination ip. Usually this info is obtained from conntrack.

type ArgType

type ArgType uint8

type CgroupClient added in v1.3.0

type CgroupClient interface {
	GetCgroupsRootPath() string
	LoadCgroup(id cgroup.ID, path string)
	CleanupCgroup(cgroup cgroup.ID)
	IsDefaultHierarchy(uint32) bool
}

type Config

type Config struct {
	BTFPath                string
	EventsPerCPUBuffer     int
	EventsOutputChanSize   int
	DefaultCgroupsVersion  string `validate:"required,oneof=V1 V2"`
	DebugEnabled           bool
	ContainerClient        ContainerClient
	CgroupClient           CgroupClient
	SignatureEngine        *signature.SignatureEngine
	MountNamespacePIDStore *types.PIDsPerNamespace
	// All PIPs reported from ebpf will be normalized to this PID namespace
	HomePIDNS                          proc.NamespaceID
	AllowAnyEvent                      bool
	NetflowOutputChanSize              int
	NetflowSampleSubmitIntervalSeconds uint64
	NetflowGrouping                    NetflowGrouping
	TrackSyscallStats                  bool
	ProcessTreeCollector               processTreeCollector
	MetricsReporting                   MetricsReportingConfig
}

type ContainerClient

type ContainerClient interface {
	GetContainerForCgroup(ctx context.Context, cgroup cgroup.ID) (*containers.Container, error)
	AddContainerByCgroupID(ctx context.Context, cgroupID cgroup.ID) (cont *containers.Container, rerrr error)
	CleanupCgroup(cgroup cgroup.ID)
}

type EBPFMetric added in v1.16.0

type EBPFMetric int

Must be kept in sync with `enum metric` defined in types.h.

const (
	UnknownMetric EBPFMetric = iota

	NoFreeScratchBuffer
	NoFreeScratchBufferSocketSetState
	NoFreeScratchBufferNetflows
)

func (EBPFMetric) String added in v1.16.0

func (m EBPFMetric) String() string

type EventFilter

type EventFilter func(event *types.Event) error

EventFilter allows for filtering of events before they are send to the server

type EventFilterGenerator

type EventFilterGenerator func() EventFilter

EventFilterGenerator Produces an event filter for each call

func DeduplicateDnsEvents

func DeduplicateDnsEvents(l *logging.Logger, size uint32, ttl time.Duration) EventFilterGenerator

DeduplicateDnsEvents creates a filter that will drop any DNS event with questions already seen in `ttl` time

func FilterAnd

func FilterAnd(filtersGenerators ...EventFilterGenerator) EventFilterGenerator

func FilterEmptyDnsAnswers

func FilterEmptyDnsAnswers(l *logging.Logger) EventFilterGenerator

FilterEmptyDnsAnswers will drop any DNS event, that is missing an answer section

func GlobalEventFilterGenerator

func GlobalEventFilterGenerator(filter EventFilter) EventFilterGenerator

GlobalEventFilterGenerator always returns the given filter on each generator invocation. This is useful, if you want some global filtering across cgroups.

func RateLimit

func RateLimit(spec RateLimitPolicy) EventFilterGenerator

func RateLimitPrivateIP added in v1.13.2

func RateLimitPrivateIP(spec RateLimitPolicy) EventFilterGenerator

type EventPolicy

type EventPolicy struct {
	ID                 events.ID
	PreFilterGenerator PreEventFilterGenerator
	FilterGenerator    EventFilterGenerator
}

type EventProbe

type EventProbe struct {
	// contains filtered or unexported fields
}

type EventsPolicyConfig added in v1.17.0

type EventsPolicyConfig struct {
	EnabledEvents []events.ID `json:"enabledEvents"`
}

func (*EventsPolicyConfig) Set added in v1.17.0

func (n *EventsPolicyConfig) Set(s string) error

func (*EventsPolicyConfig) String added in v1.17.0

func (n *EventsPolicyConfig) String() string

func (*EventsPolicyConfig) Type added in v1.17.0

func (n *EventsPolicyConfig) Type() string

type LRUPolicy

type LRUPolicy struct {
	Size int
}

type MetricsReportingConfig added in v1.21.0

type MetricsReportingConfig struct {
	ProgramMetricsEnabled bool
	TracerMetricsEnabled  bool
}

func (MetricsReportingConfig) Enabled added in v1.21.0

func (m MetricsReportingConfig) Enabled() bool

type NetflowGrouping added in v1.13.1

type NetflowGrouping uint64
const (
	NetflowGroupingDropSrcPort NetflowGrouping = (1 << iota)
)

func (*NetflowGrouping) Set added in v1.13.1

func (n *NetflowGrouping) Set(s string) error

func (*NetflowGrouping) String added in v1.13.1

func (n *NetflowGrouping) String() string

func (*NetflowGrouping) Type added in v1.13.1

func (n *NetflowGrouping) Type() string

type Policy

type Policy struct {
	SystemEvents    []events.ID // List of events required for internal tasks such as cache cleanup
	SignatureEvents []events.ID
	Events          []*EventPolicy
	Output          PolicyOutputConfig
}

type PolicyOutputConfig

type PolicyOutputConfig struct {
	RelativeTime bool
	ExecHash     bool

	ParseArguments    bool
	ParseArgumentsFDs bool
	EventsSorting     bool
}

type PreEventFilter

type PreEventFilter func(ctx *types.EventContext) error

PreEventFilter allows for filtering of events coming from the kernel before they are decoded

type PreEventFilterGenerator

type PreEventFilterGenerator func() PreEventFilter

EventFilterGenerator Produces an pre event filter for each call

func GlobalPreEventFilterGenerator

func GlobalPreEventFilterGenerator(filter PreEventFilter) PreEventFilterGenerator

GlobalPreEventFilterGenerator always returns the given filter on each generator invocation. This is useful, if you want some global filtering across cgroups.

func PreRateLimit

func PreRateLimit(spec RateLimitPolicy) PreEventFilterGenerator

PreRateLimit creates an pre event filter that limits the amount of events that will be processed accoring to the specified limits

type RateLimitPolicy

type RateLimitPolicy struct {
	// If interval is set rate limit can be used as interval based sampling. In such case burst is always 1.
	Interval time.Duration

	// Rate is events per second.
	Rate  float64
	Burst int
}

RateLimitPolicy allows to configure event rate limiting.

type SyscallID

type SyscallID uint32

func (SyscallID) String

func (s SyscallID) String() string

type SyscallStats

type SyscallStats struct {
	ID    SyscallID
	Count uint64
}

type SyscallStatsKeyCgroupID

type SyscallStatsKeyCgroupID uint64

type TailCall

type TailCall struct {
	// contains filtered or unexported fields
}

type Tracer

type Tracer struct {
	// contains filtered or unexported fields
}

func New

func New(log *logging.Logger, cfg Config) *Tracer

func (*Tracer) ApplyPolicy

func (t *Tracer) ApplyPolicy(policy *Policy) error

func (*Tracer) Close

func (t *Tracer) Close() error

func (*Tracer) CollectNetworkSummary added in v1.21.0

func (t *Tracer) CollectNetworkSummary() (map[TrafficKey]TrafficSummary, error)

func (*Tracer) Events

func (t *Tracer) Events() <-chan *types.Event

func (*Tracer) GetEventName added in v1.4.0

func (t *Tracer) GetEventName(id events.ID) string

func (*Tracer) IsCgroupMuted

func (t *Tracer) IsCgroupMuted(cgroup uint64) bool

func (*Tracer) Load

func (t *Tracer) Load() error

func (*Tracer) MuteEventsFromCgroup

func (t *Tracer) MuteEventsFromCgroup(cgroup uint64) error

func (*Tracer) MuteEventsFromCgroups

func (t *Tracer) MuteEventsFromCgroups(cgroups []uint64) error

func (*Tracer) NetflowEvents added in v1.7.0

func (t *Tracer) NetflowEvents() <-chan *types.Event

func (*Tracer) ReadSyscallStats

func (t *Tracer) ReadSyscallStats() (map[SyscallStatsKeyCgroupID][]SyscallStats, error)

func (*Tracer) Run

func (t *Tracer) Run(ctx context.Context) error

func (*Tracer) UnmuteEventsFromCgroup

func (t *Tracer) UnmuteEventsFromCgroup(cgroup uint64) error

func (*Tracer) UnmuteEventsFromCgroups

func (t *Tracer) UnmuteEventsFromCgroups(cgroups []uint64) error

type TracerEventContextT added in v1.21.0

type TracerEventContextT = tracerEventContextT

type TrafficKey added in v1.21.0

type TrafficKey tracerIpKey

type TrafficSummary added in v1.21.0

type TrafficSummary tracerTrafficSummary

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL