ebpf

package

v0.0.0-...-e3d77be Latest Latest Go to latest Published: Nov 14, 2024 License: GPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/evanrolfe/trayce_agent

Links

Open Source Insights

Documentation ¶

Index ¶

type BPF
- func NewBPF(bpfModule BPFModuleI) *BPF
type BPFI
type BPFModuleI
type ContainersI
type ProbeManager
type ProbeManagerI
type ProbeRef
type Stream
- func NewStream(containers ContainersI, probeManager ProbeManagerI) *Stream

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BPF ¶

type BPF struct {
	// contains filtered or unexported fields
}

BPF is a wrapper around libbpfgo.BPFModule and provides methods for create/deleting probes and also fetching data from ebpf maps.

func NewBPF ¶

func NewBPF(bpfModule BPFModuleI) *BPF

func (*BPF) AttachGoUProbe ¶

func (bpf *BPF) AttachGoUProbe(funcName string, exitFuncName string, probeFuncName string, binaryPath string) ([]*libbpfgo.BPFLink, error)

func (*BPF) AttachKProbe ¶

func (bpf *BPF) AttachKProbe(funcName string, probeFuncName string) (*libbpfgo.BPFLink, error)

func (*BPF) AttachKRetProbe ¶

func (bpf *BPF) AttachKRetProbe(funcName string, probeFuncName string) (*libbpfgo.BPFLink, error)

func (*BPF) AttachUProbe ¶

func (bpf *BPF) AttachUProbe(funcName string, probeFuncName string, binaryPath string) (*libbpfgo.BPFLink, error)

func (*BPF) AttachURetProbe ¶

func (bpf *BPF) AttachURetProbe(funcName string, probeFuncName string, binaryPath string) (*libbpfgo.BPFLink, error)

func (*BPF) Close ¶

func (bpf *BPF) Close()

func (*BPF) DestroyProbe ¶

func (bpf *BPF) DestroyProbe(probe *libbpfgo.BPFLink) error

func (*BPF) GetMap ¶

func (bpf *BPF) GetMap(mapName string) (*libbpfgo.BPFMap, error)

func (*BPF) InitRingBuf ¶

func (bpf *BPF) InitRingBuf(mapName string, eventsChan chan []byte) (*libbpfgo.RingBuffer, error)

func (*BPF) LoadProgram ¶

func (bpf *BPF) LoadProgram() error

type BPFI ¶

type BPFI interface {
	GetMap(mapName string) (*libbpfgo.BPFMap, error)
	InitRingBuf(mapName string, eventsChan chan []byte) (*libbpfgo.RingBuffer, error)
	LoadProgram() error
	Close()
	AttachKProbe(funcName string, probeFuncName string) (*libbpfgo.BPFLink, error)
	AttachKRetProbe(funcName string, probeFuncName string) (*libbpfgo.BPFLink, error)
	AttachUProbe(funcName string, probeFuncName string, binaryPath string) (*libbpfgo.BPFLink, error)
	AttachURetProbe(funcName string, probeFuncName string, binaryPath string) (*libbpfgo.BPFLink, error)
	AttachGoUProbe(funcName string, exitFuncName string, probeFuncName string, binaryPath string) ([]*libbpfgo.BPFLink, error)
	DestroyProbe(probe *libbpfgo.BPFLink) error
}

type BPFModuleI ¶

type BPFModuleI interface {
	InitRingBuf(mapName string, eventsChan chan []byte) (*libbpfgo.RingBuffer, error)
	GetMap(mapName string) (*libbpfgo.BPFMap, error)
	GetProgram(progName string) (*libbpfgo.BPFProg, error)
	BPFLoadObject() error
	Close()
}

type ContainersI ¶

type ContainersI interface {
	GetProcsToIntercept() map[uint32]docker.Proc
	GetContainersToIntercept() map[string]docker.Container
}

type ProbeManager ¶

type ProbeManager struct {
	// contains filtered or unexported fields
}

ProbeManager lets you add & remove ebpf probes. It keeps track of them so they can be deleted too when necessary.

func NewProbeManager ¶

func NewProbeManager(bpf BPFI) (*ProbeManager, error)

func NewProbeManagerFromBytes ¶

func NewProbeManagerFromBytes(bpfBuf []byte, btfPath string) (*ProbeManager, error)

func NewProbeManagerFromFileArgs ¶

func NewProbeManagerFromFileArgs(bpfPath string, btfPath string) (*ProbeManager, error)

func (*ProbeManager) AttachGoUProbes ¶

func (pm *ProbeManager) AttachGoUProbes(proc docker.Proc, funcName string, exitFuncName string, probeFuncName string) error

AttachGoUProbe attach uprobes to the entry and exits of a Go function. URetProbes will not work with Go. Each return statement in the function is an exit which is probed. This will also only work for cryptos/tls.Conn.Read and Write.

func (*ProbeManager) AttachToKProbe ¶

func (pm *ProbeManager) AttachToKProbe(funcName string, probeFuncName string) error

func (*ProbeManager) AttachToKRetProbe ¶

func (pm *ProbeManager) AttachToKRetProbe(funcName string, probeFuncName string) error

func (*ProbeManager) AttachToUProbe ¶

func (pm *ProbeManager) AttachToUProbe(container docker.Container, funcName string, probeFuncName string, binaryPath string) (*libbpfgo.BPFLink, error)

func (*ProbeManager) AttachToURetProbe ¶

func (pm *ProbeManager) AttachToURetProbe(container docker.Container, funcName string, probeFuncName string, binaryPath string) (*libbpfgo.BPFLink, error)

func (*ProbeManager) Close ¶

func (pm *ProbeManager) Close()

func (*ProbeManager) DetachUprobesForContainer ¶

func (pm *ProbeManager) DetachUprobesForContainer(container docker.Container) error

func (*ProbeManager) DetachUprobesForProc ¶

func (pm *ProbeManager) DetachUprobesForProc(proc docker.Proc) error

func (*ProbeManager) GetMap ¶

func (pm *ProbeManager) GetMap(mapName string) (*libbpfgo.BPFMap, error)

func (*ProbeManager) ReceiveEvents ¶

func (pm *ProbeManager) ReceiveEvents(mapName string, eventsChan chan []byte) error

type ProbeManagerI ¶

type ProbeManagerI interface {
	AttachToKProbe(funcName string, probeFuncName string) error
	AttachToKRetProbe(funcName string, probeFuncName string) error
	ReceiveEvents(mapName string, eventsChan chan []byte) error
	GetMap(mapName string) (*libbpfgo.BPFMap, error)
	AttachToUProbe(container docker.Container, funcName string, probeFuncName string, binaryPath string) (*libbpfgo.BPFLink, error)
	AttachToURetProbe(container docker.Container, funcName string, probeFuncName string, binaryPath string) (*libbpfgo.BPFLink, error)
	AttachGoUProbes(proc docker.Proc, funcName string, exitFuncName string, probeFuncName string) error
	DetachUprobesForContainer(container docker.Container) error
	DetachUprobesForProc(proc docker.Proc) error
	Close()
}

type ProbeRef ¶

type ProbeRef struct {
	// contains filtered or unexported fields
}

type Stream ¶

type Stream struct {
	// contains filtered or unexported fields
}

Stream is a bridge between the docker client and ebpf. When new containers and proccesses are opened, it instruments them with ebpf probes. It also provides an event stream channel which gives us the Connect,Data and Close events that are sent from ebpf.

func NewStream ¶

func NewStream(containers ContainersI, probeManager ProbeManagerI) *Stream

func (*Stream) AddCloseCallback ¶

func (stream *Stream) AddCloseCallback(callback func(events.CloseEvent))

func (*Stream) AddConnectCallback ¶

func (stream *Stream) AddConnectCallback(callback func(events.ConnectEvent))

func (*Stream) AddDataCallback ¶

func (stream *Stream) AddDataCallback(callback func(events.DataEvent))

func (*Stream) Close ¶

func (stream *Stream) Close()

func (*Stream) Start ¶

func (stream *Stream) Start(outputChan chan events.IEvent)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL