Documentation ¶
Overview ¶
Package strace implements the logic to print out the input and the return value of each traced syscall.
Index ¶
- Constants
- Variables
- func Disable(sinks SinkType)
- func Enable(allowlist []string, sinks SinkType) error
- func EnableAll(sinks SinkType)
- func Initialize()
- type FormatSpecifier
- type SinkType
- type SyscallInfo
- type SyscallMap
- func (s SyscallMap) ConvertToSysno(syscall string) (uintptr, bool)
- func (s SyscallMap) ConvertToSysnoMap(syscalls []string) (map[uintptr]bool, error)
- func (s SyscallMap) Name(sysno uintptr) string
- func (s SyscallMap) SyscallEnter(t *kernel.Task, sysno uintptr, args arch.SyscallArguments, flags uint32) any
- func (s SyscallMap) SyscallExit(context any, t *kernel.Task, sysno, rval uintptr, err error)
Constants ¶
const DefaultLogMaximumSize = 1024
DefaultLogMaximumSize is the default LogMaximumSize.
Variables ¶
var CapabilityBitset = abi.FlagSet{ { Flag: 1 << uint32(linux.CAP_CHOWN), Name: "CAP_CHOWN", }, { Flag: 1 << uint32(linux.CAP_DAC_OVERRIDE), Name: "CAP_DAC_OVERRIDE", }, { Flag: 1 << uint32(linux.CAP_DAC_READ_SEARCH), Name: "CAP_DAC_READ_SEARCH", }, { Flag: 1 << uint32(linux.CAP_FOWNER), Name: "CAP_FOWNER", }, { Flag: 1 << uint32(linux.CAP_FSETID), Name: "CAP_FSETID", }, { Flag: 1 << uint32(linux.CAP_KILL), Name: "CAP_KILL", }, { Flag: 1 << uint32(linux.CAP_SETGID), Name: "CAP_SETGID", }, { Flag: 1 << uint32(linux.CAP_SETUID), Name: "CAP_SETUID", }, { Flag: 1 << uint32(linux.CAP_SETPCAP), Name: "CAP_SETPCAP", }, { Flag: 1 << uint32(linux.CAP_LINUX_IMMUTABLE), Name: "CAP_LINUX_IMMUTABLE", }, { Flag: 1 << uint32(linux.CAP_NET_BIND_SERVICE), Name: "CAP_NET_BIND_SERVICE", }, { Flag: 1 << uint32(linux.CAP_NET_BROADCAST), Name: "CAP_NET_BROADCAST", }, { Flag: 1 << uint32(linux.CAP_NET_ADMIN), Name: "CAP_NET_ADMIN", }, { Flag: 1 << uint32(linux.CAP_NET_RAW), Name: "CAP_NET_RAW", }, { Flag: 1 << uint32(linux.CAP_IPC_LOCK), Name: "CAP_IPC_LOCK", }, { Flag: 1 << uint32(linux.CAP_IPC_OWNER), Name: "CAP_IPC_OWNER", }, { Flag: 1 << uint32(linux.CAP_SYS_MODULE), Name: "CAP_SYS_MODULE", }, { Flag: 1 << uint32(linux.CAP_SYS_RAWIO), Name: "CAP_SYS_RAWIO", }, { Flag: 1 << uint32(linux.CAP_SYS_CHROOT), Name: "CAP_SYS_CHROOT", }, { Flag: 1 << uint32(linux.CAP_SYS_PTRACE), Name: "CAP_SYS_PTRACE", }, { Flag: 1 << uint32(linux.CAP_SYS_PACCT), Name: "CAP_SYS_PACCT", }, { Flag: 1 << uint32(linux.CAP_SYS_ADMIN), Name: "CAP_SYS_ADMIN", }, { Flag: 1 << uint32(linux.CAP_SYS_BOOT), Name: "CAP_SYS_BOOT", }, { Flag: 1 << uint32(linux.CAP_SYS_NICE), Name: "CAP_SYS_NICE", }, { Flag: 1 << uint32(linux.CAP_SYS_RESOURCE), Name: "CAP_SYS_RESOURCE", }, { Flag: 1 << uint32(linux.CAP_SYS_TIME), Name: "CAP_SYS_TIME", }, { Flag: 1 << uint32(linux.CAP_SYS_TTY_CONFIG), Name: "CAP_SYS_TTY_CONFIG", }, { Flag: 1 << uint32(linux.CAP_MKNOD), Name: "CAP_MKNOD", }, { Flag: 1 << uint32(linux.CAP_LEASE), Name: "CAP_LEASE", }, { Flag: 1 << uint32(linux.CAP_AUDIT_WRITE), Name: "CAP_AUDIT_WRITE", }, { Flag: 1 << uint32(linux.CAP_AUDIT_CONTROL), Name: "CAP_AUDIT_CONTROL", }, { Flag: 1 << uint32(linux.CAP_SETFCAP), Name: "CAP_SETFCAP", }, { Flag: 1 << uint32(linux.CAP_MAC_OVERRIDE), Name: "CAP_MAC_OVERRIDE", }, { Flag: 1 << uint32(linux.CAP_MAC_ADMIN), Name: "CAP_MAC_ADMIN", }, { Flag: 1 << uint32(linux.CAP_SYSLOG), Name: "CAP_SYSLOG", }, { Flag: 1 << uint32(linux.CAP_WAKE_ALARM), Name: "CAP_WAKE_ALARM", }, { Flag: 1 << uint32(linux.CAP_BLOCK_SUSPEND), Name: "CAP_BLOCK_SUSPEND", }, { Flag: 1 << uint32(linux.CAP_AUDIT_READ), Name: "CAP_AUDIT_READ", }, }
CapabilityBitset is the set of capabilities in a bitset.
var CloneFlagSet = abi.FlagSet{ { Flag: linux.CLONE_VM, Name: "CLONE_VM", }, { Flag: linux.CLONE_FS, Name: "CLONE_FS", }, { Flag: linux.CLONE_FILES, Name: "CLONE_FILES", }, { Flag: linux.CLONE_SIGHAND, Name: "CLONE_SIGHAND", }, { Flag: linux.CLONE_PTRACE, Name: "CLONE_PTRACE", }, { Flag: linux.CLONE_VFORK, Name: "CLONE_VFORK", }, { Flag: linux.CLONE_PARENT, Name: "CLONE_PARENT", }, { Flag: linux.CLONE_THREAD, Name: "CLONE_THREAD", }, { Flag: linux.CLONE_NEWNS, Name: "CLONE_NEWNS", }, { Flag: linux.CLONE_SYSVSEM, Name: "CLONE_SYSVSEM", }, { Flag: linux.CLONE_SETTLS, Name: "CLONE_SETTLS", }, { Flag: linux.CLONE_PARENT_SETTID, Name: "CLONE_PARENT_SETTID", }, { Flag: linux.CLONE_CHILD_CLEARTID, Name: "CLONE_CHILD_CLEARTID", }, { Flag: linux.CLONE_DETACHED, Name: "CLONE_DETACHED", }, { Flag: linux.CLONE_UNTRACED, Name: "CLONE_UNTRACED", }, { Flag: linux.CLONE_CHILD_SETTID, Name: "CLONE_CHILD_SETTID", }, { Flag: linux.CLONE_NEWUTS, Name: "CLONE_NEWUTS", }, { Flag: linux.CLONE_NEWIPC, Name: "CLONE_NEWIPC", }, { Flag: linux.CLONE_NEWUSER, Name: "CLONE_NEWUSER", }, { Flag: linux.CLONE_NEWPID, Name: "CLONE_NEWPID", }, { Flag: linux.CLONE_NEWNET, Name: "CLONE_NEWNET", }, { Flag: linux.CLONE_IO, Name: "CLONE_IO", }, }
CloneFlagSet is the set of clone(2) flags.
var CloseRangeFlagSet = abi.FlagSet{ { Flag: uint64(linux.CLOSE_RANGE_CLOEXEC), Name: "CLOSE_RANGE_CLOEXEC", }, { Flag: uint64(linux.CLOSE_RANGE_UNSHARE), Name: "CLOSE_RANGE_UNSHARE", }, }
CloseRangeFlagSet is the set of close_range(2) flags.
var EventMaximumSize uint
EventMaximumSize determines the maximum size for data blobs (read, write, etc.) sent over the event channel. Default is 0 because most clients cannot do anything useful with binary text dump of byte array arguments.
var FutexCmd = abi.ValueSet{ linux.FUTEX_WAIT: "FUTEX_WAIT", linux.FUTEX_WAKE: "FUTEX_WAKE", linux.FUTEX_FD: "FUTEX_FD", linux.FUTEX_REQUEUE: "FUTEX_REQUEUE", linux.FUTEX_CMP_REQUEUE: "FUTEX_CMP_REQUEUE", linux.FUTEX_WAKE_OP: "FUTEX_WAKE_OP", linux.FUTEX_LOCK_PI: "FUTEX_LOCK_PI", linux.FUTEX_UNLOCK_PI: "FUTEX_UNLOCK_PI", linux.FUTEX_TRYLOCK_PI: "FUTEX_TRYLOCK_PI", linux.FUTEX_WAIT_BITSET: "FUTEX_WAIT_BITSET", linux.FUTEX_WAKE_BITSET: "FUTEX_WAKE_BITSET", linux.FUTEX_WAIT_REQUEUE_PI: "FUTEX_WAIT_REQUEUE_PI", linux.FUTEX_CMP_REQUEUE_PI: "FUTEX_CMP_REQUEUE_PI", }
FutexCmd are the possible futex(2) commands.
var ItimerTypes = abi.ValueSet{ linux.ITIMER_REAL: "ITIMER_REAL", linux.ITIMER_VIRTUAL: "ITIMER_VIRTUAL", linux.ITIMER_PROF: "ITIMER_PROF", }
ItimerTypes are the possible itimer types.
var LogAppDataAllowed = true
LogAppDataAllowed is set to true when printing application data in strace logs is allowed.
var LogMaximumSize uint = DefaultLogMaximumSize
LogMaximumSize determines the maximum display size for data blobs (read, write, etc.).
var MmapFlagSet = abi.FlagSet{ { Flag: linux.MAP_SHARED, Name: "MAP_SHARED", }, { Flag: linux.MAP_PRIVATE, Name: "MAP_PRIVATE", }, { Flag: linux.MAP_FIXED, Name: "MAP_FIXED", }, { Flag: linux.MAP_ANONYMOUS, Name: "MAP_ANONYMOUS", }, { Flag: linux.MAP_GROWSDOWN, Name: "MAP_GROWSDOWN", }, { Flag: linux.MAP_DENYWRITE, Name: "MAP_DENYWRITE", }, { Flag: linux.MAP_EXECUTABLE, Name: "MAP_EXECUTABLE", }, { Flag: linux.MAP_LOCKED, Name: "MAP_LOCKED", }, { Flag: linux.MAP_NORESERVE, Name: "MAP_NORESERVE", }, { Flag: linux.MAP_POPULATE, Name: "MAP_POPULATE", }, { Flag: linux.MAP_NONBLOCK, Name: "MAP_NONBLOCK", }, { Flag: linux.MAP_STACK, Name: "MAP_STACK", }, { Flag: linux.MAP_HUGETLB, Name: "MAP_HUGETLB", }, }
MmapFlagSet is the set of mmap(2) flags.
var OpenFlagSet = abi.FlagSet{ { Flag: linux.O_APPEND, Name: "O_APPEND", }, { Flag: linux.O_ASYNC, Name: "O_ASYNC", }, { Flag: linux.O_CLOEXEC, Name: "O_CLOEXEC", }, { Flag: linux.O_CREAT, Name: "O_CREAT", }, { Flag: linux.O_DIRECT, Name: "O_DIRECT", }, { Flag: linux.O_DIRECTORY, Name: "O_DIRECTORY", }, { Flag: linux.O_EXCL, Name: "O_EXCL", }, { Flag: linux.O_NOATIME, Name: "O_NOATIME", }, { Flag: linux.O_NOCTTY, Name: "O_NOCTTY", }, { Flag: linux.O_NOFOLLOW, Name: "O_NOFOLLOW", }, { Flag: linux.O_NONBLOCK, Name: "O_NONBLOCK", }, { Flag: 0x200000, Name: "O_PATH", }, { Flag: linux.O_SYNC, Name: "O_SYNC", }, { Flag: linux.O_TMPFILE, Name: "O_TMPFILE", }, { Flag: linux.O_TRUNC, Name: "O_TRUNC", }, }
OpenFlagSet is the set of open(2) flags.
var OpenMode = abi.ValueSet{ linux.O_RDWR: "O_RDWR", linux.O_WRONLY: "O_WRONLY", linux.O_RDONLY: "O_RDONLY", }
OpenMode represents the mode to open(2) a file.
var PollEventSet = abi.FlagSet{ {Flag: linux.POLLIN, Name: "POLLIN"}, {Flag: linux.POLLPRI, Name: "POLLPRI"}, {Flag: linux.POLLOUT, Name: "POLLOUT"}, {Flag: linux.POLLERR, Name: "POLLERR"}, {Flag: linux.POLLHUP, Name: "POLLHUP"}, {Flag: linux.POLLNVAL, Name: "POLLNVAL"}, {Flag: linux.POLLRDNORM, Name: "POLLRDNORM"}, {Flag: linux.POLLRDBAND, Name: "POLLRDBAND"}, {Flag: linux.POLLWRNORM, Name: "POLLWRNORM"}, {Flag: linux.POLLWRBAND, Name: "POLLWRBAND"}, {Flag: linux.POLLMSG, Name: "POLLMSG"}, {Flag: linux.POLLREMOVE, Name: "POLLREMOVE"}, {Flag: linux.POLLRDHUP, Name: "POLLRDHUP"}, {Flag: linux.POLLFREE, Name: "POLLFREE"}, {Flag: linux.POLL_BUSY_LOOP, Name: "POLL_BUSY_LOOP"}, }
PollEventSet is the set of poll(2) event flags.
var ProtectionFlagSet = abi.FlagSet{ { Flag: linux.PROT_READ, Name: "PROT_READ", }, { Flag: linux.PROT_WRITE, Name: "PROT_WRITE", }, { Flag: linux.PROT_EXEC, Name: "PROT_EXEC", }, }
ProtectionFlagSet represents the protection to mmap(2).
var PtraceRequestSet = abi.ValueSet{ linux.PTRACE_TRACEME: "PTRACE_TRACEME", linux.PTRACE_PEEKTEXT: "PTRACE_PEEKTEXT", linux.PTRACE_PEEKDATA: "PTRACE_PEEKDATA", linux.PTRACE_PEEKUSR: "PTRACE_PEEKUSR", linux.PTRACE_POKETEXT: "PTRACE_POKETEXT", linux.PTRACE_POKEDATA: "PTRACE_POKEDATA", linux.PTRACE_POKEUSR: "PTRACE_POKEUSR", linux.PTRACE_CONT: "PTRACE_CONT", linux.PTRACE_KILL: "PTRACE_KILL", linux.PTRACE_SINGLESTEP: "PTRACE_SINGLESTEP", linux.PTRACE_ATTACH: "PTRACE_ATTACH", linux.PTRACE_DETACH: "PTRACE_DETACH", linux.PTRACE_SYSCALL: "PTRACE_SYSCALL", linux.PTRACE_SETOPTIONS: "PTRACE_SETOPTIONS", linux.PTRACE_GETEVENTMSG: "PTRACE_GETEVENTMSG", linux.PTRACE_GETSIGINFO: "PTRACE_GETSIGINFO", linux.PTRACE_SETSIGINFO: "PTRACE_SETSIGINFO", linux.PTRACE_GETREGSET: "PTRACE_GETREGSET", linux.PTRACE_SETREGSET: "PTRACE_SETREGSET", linux.PTRACE_SEIZE: "PTRACE_SEIZE", linux.PTRACE_INTERRUPT: "PTRACE_INTERRUPT", linux.PTRACE_LISTEN: "PTRACE_LISTEN", linux.PTRACE_PEEKSIGINFO: "PTRACE_PEEKSIGINFO", linux.PTRACE_GETSIGMASK: "PTRACE_GETSIGMASK", linux.PTRACE_SETSIGMASK: "PTRACE_SETSIGMASK", linux.PTRACE_GETREGS: "PTRACE_GETREGS", linux.PTRACE_SETREGS: "PTRACE_SETREGS", linux.PTRACE_GETFPREGS: "PTRACE_GETFPREGS", linux.PTRACE_SETFPREGS: "PTRACE_SETFPREGS", linux.PTRACE_GETFPXREGS: "PTRACE_GETFPXREGS", linux.PTRACE_SETFPXREGS: "PTRACE_SETFPXREGS", linux.PTRACE_OLDSETOPTIONS: "PTRACE_OLDSETOPTIONS", linux.PTRACE_GET_THREAD_AREA: "PTRACE_GET_THREAD_AREA", linux.PTRACE_SET_THREAD_AREA: "PTRACE_SET_THREAD_AREA", linux.PTRACE_ARCH_PRCTL: "PTRACE_ARCH_PRCTL", linux.PTRACE_SYSEMU: "PTRACE_SYSEMU", linux.PTRACE_SYSEMU_SINGLESTEP: "PTRACE_SYSEMU_SINGLESTEP", linux.PTRACE_SINGLEBLOCK: "PTRACE_SINGLEBLOCK", }
PtraceRequestSet are the possible ptrace(2) requests.
var SocketFamily = abi.ValueSet{ linux.AF_UNSPEC: "AF_UNSPEC", linux.AF_UNIX: "AF_UNIX", linux.AF_INET: "AF_INET", linux.AF_AX25: "AF_AX25", linux.AF_IPX: "AF_IPX", linux.AF_APPLETALK: "AF_APPLETALK", linux.AF_NETROM: "AF_NETROM", linux.AF_BRIDGE: "AF_BRIDGE", linux.AF_ATMPVC: "AF_ATMPVC", linux.AF_X25: "AF_X25", linux.AF_INET6: "AF_INET6", linux.AF_ROSE: "AF_ROSE", linux.AF_DECnet: "AF_DECnet", linux.AF_NETBEUI: "AF_NETBEUI", linux.AF_SECURITY: "AF_SECURITY", linux.AF_KEY: "AF_KEY", linux.AF_NETLINK: "AF_NETLINK", linux.AF_PACKET: "AF_PACKET", linux.AF_ASH: "AF_ASH", linux.AF_ECONET: "AF_ECONET", linux.AF_ATMSVC: "AF_ATMSVC", linux.AF_RDS: "AF_RDS", linux.AF_SNA: "AF_SNA", linux.AF_IRDA: "AF_IRDA", linux.AF_PPPOX: "AF_PPPOX", linux.AF_WANPIPE: "AF_WANPIPE", linux.AF_LLC: "AF_LLC", linux.AF_IB: "AF_IB", linux.AF_MPLS: "AF_MPLS", linux.AF_CAN: "AF_CAN", linux.AF_TIPC: "AF_TIPC", linux.AF_BLUETOOTH: "AF_BLUETOOTH", linux.AF_IUCV: "AF_IUCV", linux.AF_RXRPC: "AF_RXRPC", linux.AF_ISDN: "AF_ISDN", linux.AF_PHONET: "AF_PHONET", linux.AF_IEEE802154: "AF_IEEE802154", linux.AF_CAIF: "AF_CAIF", linux.AF_ALG: "AF_ALG", linux.AF_NFC: "AF_NFC", linux.AF_VSOCK: "AF_VSOCK", }
SocketFamily are the possible socket(2) families.
var SocketFlagSet = abi.FlagSet{ { Flag: linux.SOCK_CLOEXEC, Name: "SOCK_CLOEXEC", }, { Flag: linux.SOCK_NONBLOCK, Name: "SOCK_NONBLOCK", }, }
SocketFlagSet are the possible socket(2) flags.
var SocketProtocol = map[int32]abi.ValueSet{ linux.AF_INET: ipProtocol, linux.AF_INET6: ipProtocol, linux.AF_NETLINK: { linux.NETLINK_ROUTE: "NETLINK_ROUTE", linux.NETLINK_UNUSED: "NETLINK_UNUSED", linux.NETLINK_USERSOCK: "NETLINK_USERSOCK", linux.NETLINK_FIREWALL: "NETLINK_FIREWALL", linux.NETLINK_SOCK_DIAG: "NETLINK_SOCK_DIAG", linux.NETLINK_NFLOG: "NETLINK_NFLOG", linux.NETLINK_XFRM: "NETLINK_XFRM", linux.NETLINK_SELINUX: "NETLINK_SELINUX", linux.NETLINK_ISCSI: "NETLINK_ISCSI", linux.NETLINK_AUDIT: "NETLINK_AUDIT", linux.NETLINK_FIB_LOOKUP: "NETLINK_FIB_LOOKUP", linux.NETLINK_CONNECTOR: "NETLINK_CONNECTOR", linux.NETLINK_NETFILTER: "NETLINK_NETFILTER", linux.NETLINK_IP6_FW: "NETLINK_IP6_FW", linux.NETLINK_DNRTMSG: "NETLINK_DNRTMSG", linux.NETLINK_KOBJECT_UEVENT: "NETLINK_KOBJECT_UEVENT", linux.NETLINK_GENERIC: "NETLINK_GENERIC", linux.NETLINK_SCSITRANSPORT: "NETLINK_SCSITRANSPORT", linux.NETLINK_ECRYPTFS: "NETLINK_ECRYPTFS", linux.NETLINK_RDMA: "NETLINK_RDMA", linux.NETLINK_CRYPTO: "NETLINK_CRYPTO", }, }
SocketProtocol are the possible socket(2) protocols for each protocol family.
var SocketType = abi.ValueSet{ uint64(linux.SOCK_STREAM): "SOCK_STREAM", uint64(linux.SOCK_DGRAM): "SOCK_DGRAM", uint64(linux.SOCK_RAW): "SOCK_RAW", uint64(linux.SOCK_RDM): "SOCK_RDM", uint64(linux.SOCK_SEQPACKET): "SOCK_SEQPACKET", uint64(linux.SOCK_DCCP): "SOCK_DCCP", uint64(linux.SOCK_PACKET): "SOCK_PACKET", }
SocketType are the possible socket(2) types.
Functions ¶
func Disable ¶
func Disable(sinks SinkType)
Disable will disable Strace for all system calls and missing syscalls.
Preconditions: Initialize has been called.
func Enable ¶
Enable enables the syscalls in allowlist in all syscall tables.
Preconditions: Initialize has been called.
func EnableAll ¶
func EnableAll(sinks SinkType)
EnableAll enables all syscalls in all syscall tables.
Preconditions: Initialize has been called.
func Initialize ¶
func Initialize()
Initialize prepares all syscall tables for use by this package.
N.B. This is not in an init function because we can't be sure all syscall tables are registered with the kernel when init runs.
Types ¶
type FormatSpecifier ¶
type FormatSpecifier int
FormatSpecifier values describe how an individual syscall argument should be formatted.
const ( // Hex is just a hexadecimal number. Hex FormatSpecifier = iota // Oct is just an octal number. Oct // FD is a file descriptor. FD // ReadBuffer is a buffer for a read-style call. The syscall return // value is used for the length. // // Formatted after syscall execution. ReadBuffer // WriteBuffer is a buffer for a write-style call. The following arg is // used for the length. // // Contents omitted after syscall execution. WriteBuffer // ReadIOVec is a pointer to a struct iovec for a writev-style call. // The following arg is used for the length. The return value is used // for the total length. // // Complete contents only formatted after syscall execution. ReadIOVec // WriteIOVec is a pointer to a struct iovec for a writev-style call. // The following arg is used for the length. // // Complete contents only formatted before syscall execution, omitted // after. WriteIOVec // IOVec is a generic pointer to a struct iovec. Contents are not dumped. IOVec // SendMsgHdr is a pointer to a struct msghdr for a sendmsg-style call. // Contents formatted only before syscall execution, omitted after. SendMsgHdr // RecvMsgHdr is a pointer to a struct msghdr for a recvmsg-style call. // Contents formatted only after syscall execution. RecvMsgHdr // Path is a pointer to a char* path. Path // PostPath is a pointer to a char* path, formatted after syscall // execution. PostPath // ExecveStringVector is a NULL-terminated array of strings. Enforces // the maximum execve array length. ExecveStringVector // PipeFDs is an array of two FDs, formatted after syscall execution. PipeFDs // Uname is a pointer to a struct uname, formatted after syscall execution. Uname // Stat is a pointer to a struct stat, formatted after syscall execution. Stat // SockAddr is a pointer to a struct sockaddr. The following arg is // used for length. SockAddr // PostSockAddr is a pointer to a struct sockaddr, formatted after // syscall execution. The following arg is a pointer to the socklen_t // length. PostSockAddr // SockLen is a pointer to a socklen_t, formatted before and after // syscall execution. SockLen // SockFamily is a socket protocol family value. SockFamily // SockType is a socket type and flags value. SockType // SockProtocol is a socket protocol value. Argument n-2 is the socket // protocol family. SockProtocol // SockFlags are socket flags. SockFlags // Timespec is a pointer to a struct timespec. Timespec // PostTimespec is a pointer to a struct timespec, formatted after // syscall execution. PostTimespec // UTimeTimespec is a pointer to a struct timespec. Formatting includes // UTIME_NOW and UTIME_OMIT. UTimeTimespec // ItimerVal is a pointer to a struct itimerval. ItimerVal // PostItimerVal is a pointer to a struct itimerval, formatted after // syscall execution. PostItimerVal // ItimerSpec is a pointer to a struct itimerspec. ItimerSpec // PostItimerSpec is a pointer to a struct itimerspec, formatted after // syscall execution. PostItimerSpec // Timeval is a pointer to a struct timeval, formatted before and after // syscall execution. Timeval // Utimbuf is a pointer to a struct utimbuf. Utimbuf // Rusage is a struct rusage, formatted after syscall execution. Rusage // CloneFlags are clone(2) flags. CloneFlags // OpenFlags are open(2) flags. OpenFlags // Mode is a mode_t. Mode // FutexOp is the futex(2) operation. FutexOp // PtraceRequest is the ptrace(2) request. PtraceRequest // ItimerType is an itimer type (ITIMER_REAL, etc). ItimerType // Signal is a signal number. Signal // SignalMaskAction is a signal mask action passed to rt_sigprocmask(2). SignalMaskAction // SigSet is a signal set. SigSet // PostSigSet is a signal set, formatted after syscall execution. PostSigSet // SigAction is a struct sigaction. SigAction // PostSigAction is a struct sigaction, formatted after syscall execution. PostSigAction // CapHeader is a cap_user_header_t. CapHeader // CapData is the data argument to capget(2)/capset(2). The previous // argument must be CapHeader. CapData // PostCapData is the data argument to capget(2)/capset(2), formatted // after syscall execution. The previous argument must be CapHeader. PostCapData // PollFDs is an array of struct pollfd. The number of entries in the // array is in the next argument. PollFDs // SelectFDSet is an fd_set argument in select(2)/pselect(2). The // number of FDs represented must be the first argument. SelectFDSet // GetSockOptVal is the optval argument in getsockopt(2). // // Formatted after syscall execution. GetSockOptVal // SetSockOptVal is the optval argument in setsockopt(2). // // Contents omitted after syscall execution. SetSockOptVal // SockOptLevel is the level argument in getsockopt(2) and // setsockopt(2). SockOptLevel // SockOptLevel is the optname argument in getsockopt(2) and // setsockopt(2). SockOptName // EpollCtlOp is the op argument to epoll_ctl(2). EpollCtlOp // EpollEvent is the event argument in epoll_ctl(2). EpollEvent // EpollEvents is an array of struct epoll_event. It is the events // argument in epoll_wait(2)/epoll_pwait(2). EpollEvents // MmapProt is the protection argument in mmap(2). MmapProt // MmapFlags is the flags argument in mmap(2). MmapFlags // CloseRangeFlags are close_range(2) flags. CloseRangeFlags )
Valid FormatSpecifiers.
Unless otherwise specified, values are formatted before syscall execution and not updated after syscall execution (the same value is output).
type SyscallInfo ¶
type SyscallInfo struct {
// contains filtered or unexported fields
}
SyscallInfo captures the name and printing format of a syscall.
type SyscallMap ¶
type SyscallMap map[uintptr]SyscallInfo
SyscallMap maps syscalls into names and printing formats.
func Lookup ¶
Lookup returns the SyscallMap for the OS/Arch combination. The returned map must not be changed.
func (SyscallMap) ConvertToSysno ¶
func (s SyscallMap) ConvertToSysno(syscall string) (uintptr, bool)
ConvertToSysno converts the name to system call number. Returns false if syscall with same name is not found.
func (SyscallMap) ConvertToSysnoMap ¶
func (s SyscallMap) ConvertToSysnoMap(syscalls []string) (map[uintptr]bool, error)
ConvertToSysnoMap converts the names to a map keyed on the syscall number and value set to true.
The map is in a convenient format to pass to SyscallFlagsTable.Enable().
func (SyscallMap) Name ¶
func (s SyscallMap) Name(sysno uintptr) string
Name returns the syscall name.
func (SyscallMap) SyscallEnter ¶
func (s SyscallMap) SyscallEnter(t *kernel.Task, sysno uintptr, args arch.SyscallArguments, flags uint32) any
SyscallEnter implements kernel.Stracer.SyscallEnter. It logs the syscall entry trace.
func (SyscallMap) SyscallExit ¶
SyscallExit implements kernel.Stracer.SyscallExit. It logs the syscall exit trace.