Documentation
¶
Index ¶
- Constants
- func RunUtilityTracer(p UtilityTracer) error
- type CommonTracer
- type Instrumentable
- type KprobesTracer
- type PIDsAccounter
- type ProcessTracer
- func (pt *ProcessTracer) AllowPID(pid, ns uint32, svc *svc.Attrs)
- func (pt *ProcessTracer) BlockPID(pid, ns uint32)
- func (pt *ProcessTracer) Init() error
- func (pt *ProcessTracer) NewExecutable(exe *link.Executable, ie *Instrumentable) error
- func (pt *ProcessTracer) NewExecutableInstance(ie *Instrumentable) error
- func (pt *ProcessTracer) Run(ctx context.Context, out chan<- []request.Span)
- func (pt *ProcessTracer) UnlinkExecutable(info *exec.FileInfo)
- type ProcessTracerType
- type Tracer
- type UtilityTracer
Constants ¶
View Source
const ( Go = ProcessTracerType(iota) Generic )
View Source
const PinInternal = ebpf.PinType(100)
Variables ¶
This section is empty.
Functions ¶
func RunUtilityTracer ¶ added in v0.4.2
func RunUtilityTracer(p UtilityTracer) error
Types ¶
type CommonTracer ¶ added in v0.4.2
type CommonTracer interface {
// Load the bpf object that is generated by the bpf2go compiler
Load() (*ebpf.CollectionSpec, error)
// AddCloser adds io.Closer instances that need to be invoked when the
// Run function ends.
AddCloser(c ...io.Closer)
AddModuleCloser(ino uint64, c ...io.Closer)
// BpfObjects that are created by the bpf2go compiler
BpfObjects() any
// Sets up any tail call tables if the BPF program has it
SetupTailCalls()
}
type Instrumentable ¶ added in v1.9.0
type Instrumentable struct {
Type svc.InstrumentableType
InstrumentationError error
// in some runtimes, like python gunicorn, we need to allow
// tracing both the parent pid and all of its children pid
ChildPids []uint32
FileInfo *exec.FileInfo
Offsets *goexec.Offsets
Tracer *ProcessTracer
}
type KprobesTracer ¶ added in v0.4.2
type KprobesTracer interface {
CommonTracer
// KProbes returns a map with the name of the kernel probes that need to be
// tapped into. Start matches kprobe, End matches kretprobe
KProbes() map[string]ebpfcommon.FunctionPrograms
Tracepoints() map[string]ebpfcommon.FunctionPrograms
}
type PIDsAccounter ¶ added in v0.3.2
type PIDsAccounter interface {
// AllowPID notifies the tracer to accept traces from the process with the
// provided PID. Unless system-wide instrumentation, the Tracer should discard
// traces from processes whose PID has not been allowed before
// We must use a pointer for svc.Attrs so that all child processes share the same
// object. This is important when we tag a service as exporting traces or metrics.
AllowPID(uint32, uint32, *svc.Attrs)
// BlockPID notifies the tracer to stop accepting traces from the process
// with the provided PID. After receiving them via ringbuffer, it should
// discard them.
BlockPID(uint32, uint32)
}
type ProcessTracer ¶
type ProcessTracer struct {
Programs []Tracer
SystemWide bool
Type ProcessTracerType
Instrumentables map[uint64]*instrumenter
// contains filtered or unexported fields
}
ProcessTracer instruments an executable with eBPF and provides the eBPF readers that will forward the traces to later stages in the pipeline
func NewProcessTracer ¶ added in v1.9.0
func NewProcessTracer(cfg *beyla.Config, tracerType ProcessTracerType, programs []Tracer) *ProcessTracer
func (*ProcessTracer) AllowPID ¶ added in v0.3.2
func (pt *ProcessTracer) AllowPID(pid, ns uint32, svc *svc.Attrs)
func (*ProcessTracer) BlockPID ¶ added in v0.3.2
func (pt *ProcessTracer) BlockPID(pid, ns uint32)
func (*ProcessTracer) Init ¶ added in v1.9.0
func (pt *ProcessTracer) Init() error
func (*ProcessTracer) NewExecutable ¶ added in v1.9.0
func (pt *ProcessTracer) NewExecutable(exe *link.Executable, ie *Instrumentable) error
func (*ProcessTracer) NewExecutableInstance ¶ added in v1.9.0
func (pt *ProcessTracer) NewExecutableInstance(ie *Instrumentable) error
func (*ProcessTracer) Run ¶
func (pt *ProcessTracer) Run(ctx context.Context, out chan<- []request.Span)
func (*ProcessTracer) UnlinkExecutable ¶ added in v1.9.0
func (pt *ProcessTracer) UnlinkExecutable(info *exec.FileInfo)
type ProcessTracerType ¶ added in v1.1.0
type ProcessTracerType int
type Tracer ¶
type Tracer interface {
PIDsAccounter
KprobesTracer
// Constants returns a map of constants to be overriden into the eBPF program.
// The key is the constant name and the value is the value to overwrite.
Constants() map[string]any
// GoProbes returns a map with the name of Go functions that need to be inspected
// in the executable, as well as the eBPF programs that optionally need to be
// inserted as the Go function start and end probes
GoProbes() map[string][]ebpfcommon.FunctionPrograms
// UProbes returns a map with the module name mapping to the uprobes that need to be
// tapped into. Start matches uprobe, End matches uretprobe
UProbes() map[string]map[string]ebpfcommon.FunctionPrograms
// SocketFilters returns a list of programs that need to be loaded as a
// generic eBPF socket filter
SocketFilters() []*ebpf.Program
// Sets up Linux traffic control egress/ingress
SetupTC()
// Probes can potentially instrument a shared library among multiple executables
// These two functions alow programs to remember this and avoid duplicated instrumentations
// The argument is the OS file id
RecordInstrumentedLib(uint64)
AlreadyInstrumentedLib(uint64) bool
UnlinkInstrumentedLib(uint64)
RegisterOffsets(*exec.FileInfo, *goexec.Offsets)
// Run will do the action of listening for eBPF traces and forward them
// periodically to the output channel.
Run(context.Context, chan<- []request.Span)
}
Tracer is an individual eBPF program (e.g. the net/http or the grpc tracers)
type UtilityTracer ¶ added in v0.4.2
type UtilityTracer interface {
KprobesTracer
Run(context.Context)
}
Subset of the above interface, which supports loading eBPF programs which are not tied to service monitoring
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.