pwru

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MaxStackDepth = 50

	BackendKprobe      = "kprobe"
	BackendKprobeMulti = "kprobe-multi"
)

Variables

View Source 
var Version string = "version unknown"

Version is the pwru version and is set at compile time via LDFLAGS-

Functions

func GetFuncsByPos added in v0.0.7 

func GetFuncsByPos(funcs Funcs) map[int][]string

func HaveBPFLinkKprobeMulti added in v0.0.7 

func HaveBPFLinkKprobeMulti() bool

Very hacky way to check whether multi-link kprobe is supported.

func NewOutput 

func NewOutput(flags *Flags, printSkbMap *ebpf.Map, printStackMap *ebpf.Map,
	addr2Name Addr2Name, kprobeMulti bool, btfSpec *btf.Spec) (*output, error)

Types

type Addr2Name 

type Addr2Name struct {
	Addr2NameMap   map[uint64]*ksym
	Addr2NameSlice []*ksym
}

func GetAddrs 

func GetAddrs(funcs Funcs, all bool) (Addr2Name, error)

type Event 

type Event struct {
	PID          uint32
	Type         uint32
	Addr         uint64
	SAddr        uint64
	Timestamp    uint64
	PrintSkbId   uint64
	Meta         Meta
	Tuple        Tuple
	PrintStackId int64
	ParamSecond  uint64
	CPU          uint32
}

type FilterCfg added in v0.0.2 

type FilterCfg struct {
	FilterNetns   uint32
	FilterMark    uint32
	FilterIfindex uint32

	// TODO: if there are more options later, then you can consider using a bit map
	OutputRelativeTS uint8
	OutputMeta       uint8
	OutputTuple      uint8
	OutputSkb        uint8
	OutputStack      uint8

	IsSet    byte
	TrackSkb byte
}

func GetConfig added in v0.0.9 

func GetConfig(flags *Flags) (cfg FilterCfg, err error)

type Flags 

type Flags struct {
	ShowVersion bool

	KernelBTF string

	FilterNetns    string
	FilterMark     uint32
	FilterFunc     string
	FilterTrackSkb bool
	FilterIfname   string
	FilterPcap     string

	OutputTS         string
	OutputMeta       bool
	OutputTuple      bool
	OutputSkb        bool
	OutputStack      bool
	OutputLimitLines uint64
	OutputFile       string

	KMods    []string
	AllKMods bool

	ReadyFile string

	Backend string
}

func (*Flags) Parse added in v1.0.0 

func (f *Flags) Parse()

func (*Flags) SetFlags added in v0.0.2 

func (f *Flags) SetFlags()

type Funcs 

type Funcs map[string]int

func GetFuncs 

func GetFuncs(pattern string, spec *btf.Spec, kmods []string, kprobeMulti bool) (Funcs, error)

type KProbeMaps added in v0.0.8 

type KProbeMaps interface {
	GetEvents() *ebpf.Map
	GetPrintStackMap() *ebpf.Map
}

type KProbeMapsWithOutputSKB added in v0.0.8 

type KProbeMapsWithOutputSKB interface {
	KProbeMaps
	GetPrintSkbMap() *ebpf.Map
}

type KProbeObjects added in v0.0.8 

type KProbeObjects interface {
	KProbeMaps
	KProbePrograms
	Close() error
}

type KProbePrograms added in v0.0.8 

type KProbePrograms interface {
	GetKprobeSkb1() *ebpf.Program
	GetKprobeSkb2() *ebpf.Program
	GetKprobeSkb3() *ebpf.Program
	GetKprobeSkb4() *ebpf.Program
	GetKprobeSkb5() *ebpf.Program
	GetKprobeSkbLifetimeTermination() *ebpf.Program
}

type Meta 

type Meta struct {
	Netns   uint32
	Mark    uint32
	Ifindex uint32
	Len     uint32
	MTU     uint32
	Proto   uint16
	Pad     uint16
}

type StackData added in v0.0.2 

type StackData struct {
	IPs [MaxStackDepth]uint64
}

type Tuple 

type Tuple struct {
	Saddr   [16]byte
	Daddr   [16]byte
	Sport   uint16
	Dport   uint16
	L3Proto uint16
	L4Proto uint8
	Pad     uint8
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.