Documentation
¶
Index ¶
Constants ¶
View Source
const ( Go = ProcessTracerType(iota) Generic )
Variables ¶
This section is empty.
Functions ¶
func RunUtilityTracer ¶ added in v0.4.2
func RunUtilityTracer(p UtilityTracer, pinPath string) error
Types ¶
type CommonTracer ¶ added in v0.4.2
type CommonTracer interface {
// Load the bpf object that is generated by the bpf2go compiler
Load() (*ebpf.CollectionSpec, error)
// AddCloser adds io.Closer instances that need to be invoked when the
// Run function ends.
AddCloser(c ...io.Closer)
// BpfObjects that are created by the bpf2go compiler
BpfObjects() any
}
type KprobesTracer ¶ added in v0.4.2
type KprobesTracer interface {
CommonTracer
// KProbes returns a map with the name of the kernel probes that need to be
// tapped into. Start matches kprobe, End matches kretprobe
KProbes() map[string]ebpfcommon.FunctionPrograms
Tracepoints() map[string]ebpfcommon.FunctionPrograms
}
type PIDsAccounter ¶ added in v0.3.2
type PIDsAccounter interface {
// AllowPID notifies the tracer to accept traces from the process with the
// provided PID. Unless system-wide instrumentation, the Tracer should discard
// traces from processes whose PID has not been allowed before
AllowPID(uint32, svc.ID)
// BlockPID notifies the tracer to stop accepting traces from the process
// with the provided PID. After receiving them via ringbuffer, it should
// discard them.
BlockPID(uint32)
}
type ProcessTracer ¶
type ProcessTracer struct {
Programs []Tracer
ELFInfo *exec.FileInfo
Goffsets *goexec.Offsets
Exe *link.Executable
PinPath string
SystemWide bool
Type ProcessTracerType
// contains filtered or unexported fields
}
ProcessTracer instruments an executable with eBPF and provides the eBPF readers that will forward the traces to later stages in the pipeline
func (*ProcessTracer) AllowPID ¶ added in v0.3.2
func (pt *ProcessTracer) AllowPID(pid uint32, svc svc.ID)
func (*ProcessTracer) BlockPID ¶ added in v0.3.2
func (pt *ProcessTracer) BlockPID(pid uint32)
type ProcessTracerType ¶ added in v1.1.0
type ProcessTracerType int
type Tracer ¶
type Tracer interface {
PIDsAccounter
KprobesTracer
// Constants returns a map of constants to be overriden into the eBPF program.
// The key is the constant name and the value is the value to overwrite.
Constants(*exec.FileInfo, *goexec.Offsets) map[string]any
// GoProbes returns a map with the name of Go functions that need to be inspected
// in the executable, as well as the eBPF programs that optionally need to be
// inserted as the Go function start and end probes
GoProbes() map[string]ebpfcommon.FunctionPrograms
// UProbes returns a map with the module name mapping to the uprobes that need to be
// tapped into. Start matches uprobe, End matches uretprobe
UProbes() map[string]map[string]ebpfcommon.FunctionPrograms
// SocketFilters returns a list of programs that need to be loaded as a
// generic eBPF socket filter
SocketFilters() []*ebpf.Program
// Probes can potentially instrument a shared library among multiple executables
// These two functions alow programs to remember this and avoid duplicated instrumentations
// The argument is the OS file id
RecordInstrumentedLib(uint64)
AlreadyInstrumentedLib(uint64) bool
// Run will do the action of listening for eBPF traces and forward them
// periodically to the output channel.
Run(context.Context, chan<- []request.Span)
}
Tracer is an individual eBPF program (e.g. the net/http or the grpc tracers)
type UtilityTracer ¶ added in v0.4.2
type UtilityTracer interface {
KprobesTracer
Run(context.Context)
}
Subset of the above interface, which supports loading eBPF programs which are not tied to service monitoring
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.