probes

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KProbe        = iota // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#1-kp
	KretProbe            // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#1-kp
	Tracepoint           // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#3-tracep
	RawTracepoint        // github.com/iovisor/bcc/blob/master/docs/reference_guide.md#7-raw-tracep
)

Variables

This section is empty.

Functions

This section is empty.

Types

type CgroupProbe 

type CgroupProbe struct {
	// contains filtered or unexported fields
}

func NewCgroupProbe 

func NewCgroupProbe(a bpf.BPFAttachType, progName string) *CgroupProbe

NewCgroupProbe creates a new cgroup probe.

func (*CgroupProbe) GetProgramName 

func (p *CgroupProbe) GetProgramName() string

type Handle 

type Handle int32
const (
	SysEnter Handle = iota
	SysExit
	SyscallEnter__Internal
	SyscallExit__Internal
	SchedProcessFork
	SchedProcessExec
	SchedProcessExit
	SchedProcessFree
	SchedSwitch
	DoExit
	CapCapable
	VfsWrite
	VfsWriteRet
	VfsWriteV
	VfsWriteVRet
	KernelWrite
	KernelWriteRet
	VfsWriteMagic
	VfsWriteMagicRet
	VfsWriteVMagic
	VfsWriteVMagicRet
	KernelWriteMagic
	KernelWriteMagicRet
	SecurityMmapAddr
	SecurityMmapFile
	SecurityFileMProtect
	CommitCreds
	SwitchTaskNS
	CgroupAttachTask
	CgroupMkdir
	CgroupRmdir
	SecurityBPRMCheck
	SecurityFileOpen
	SecurityInodeUnlink
	SecurityInodeMknod
	SecurityInodeSymlink
	SecuritySocketCreate
	SecuritySocketListen
	SecuritySocketConnect
	SecuritySocketAccept
	SecuritySocketBind
	SecuritySocketSetsockopt
	SecuritySbMount
	SecurityBPF
	SecurityBPFMap
	SecurityKernelReadFile
	SecurityKernelPostReadFile
	DoSplice
	DoSpliceRet
	ProcCreate
	RegisterKprobe
	RegisterKprobeRet
	CallUsermodeHelper
	DebugfsCreateFile
	DebugfsCreateDir
	DeviceAdd
	RegisterChrdev
	RegisterChrdevRet
	DoInitModule
	DoInitModuleRet
	LoadElfPhdrs
	Filldir64
	SecurityFilePermission
	TaskRename
	SyscallTableCheck
	PrintNetSeqOps
	SecurityInodeRename
	DoSigaction
	SecurityBpfProg
	SecurityFileIoctl
	CheckHelperCall
	CheckMapFuncCompatibility
	KallsymsLookupName
	KallsymsLookupNameRet
	SockAllocFile
	SockAllocFileRet
	SecuritySkClone
	SecuritySocketRecvmsg
	SecuritySocketSendmsg
	CgroupBPFRunFilterSKB
	CgroupSKBIngress
	CgroupSKBEgress
	DoMmap
	DoMmapRet
	PrintMemDump
	VfsRead
	VfsReadRet
	VfsReadV
	VfsReadVRet
	VfsUtimes
	UtimesCommon
	DoTruncate
	FileUpdateTime
	FileUpdateTimeRet
	FileModified
	FileModifiedRet
	FdInstall
	FilpClose
	InotifyFindInode
	InotifyFindInodeRet
	BpfCheck
	ExecBinprm
	ExecBinprmRet
	HiddenKernelModuleSeeker
	TpProbeRegPrioMayExist
	HiddenKernelModuleVerifier
	ModuleLoad
	ModuleFree
	SignalCgroupMkdir
	SignalCgroupRmdir
	SignalSchedProcessFork
	SignalSchedProcessExec
	SignalSchedProcessExit
)

type Probe 

type Probe interface {
	// contains filtered or unexported methods
}

type ProbeGroup 

type ProbeGroup struct {
	// contains filtered or unexported fields
}

ProbeGroup is a collection of probes.

func NewDefaultProbeGroup 

func NewDefaultProbeGroup(module *bpf.Module, netEnabled bool, kSyms *helpers.KernelSymbolTable) (*ProbeGroup, error)

NewDefaultProbeGroup initializes the default ProbeGroup (TODO: extensions will use probe groups)

func NewProbeGroup 

func NewProbeGroup(m *bpf.Module, p map[Handle]Probe) *ProbeGroup

NewProbeGroup creates a new ProbeGroup.

func (*ProbeGroup) Attach 

func (p *ProbeGroup) Attach(handle Handle, args ...interface{}) error

Attach attaches a probe's program to its hook, by given handle.

func (*ProbeGroup) Autoload 

func (p *ProbeGroup) Autoload(handle Handle, autoload bool) error

Autoload disables autoload feature for a given handle's program.

func (*ProbeGroup) Detach 

func (p *ProbeGroup) Detach(handle Handle, args ...interface{}) error

Detach detaches a probe's program from its hook, by given handle.

func (*ProbeGroup) DetachAll 

func (p *ProbeGroup) DetachAll() error

DetachAll detaches all existing probes programs from their hooks.

func (*ProbeGroup) GetProbeByHandle 

func (p *ProbeGroup) GetProbeByHandle(handle Handle) Probe

func (*ProbeGroup) GetProbeType 

func (p *ProbeGroup) GetProbeType(handle Handle) string

GetProbe returns a probe type by its handle.

type ProbeType 

type ProbeType uint8

type TraceProbe 

type TraceProbe struct {
	// contains filtered or unexported fields
}

func NewTraceProbe 

func NewTraceProbe(t ProbeType, evtName string, progName string) *TraceProbe

NewTraceProbe creates a new tracing probe (kprobe, kretprobe, tracepoint, raw_tracepoint).

func (*TraceProbe) GetEventName 

func (p *TraceProbe) GetEventName() string

func (*TraceProbe) GetProbeType 

func (p *TraceProbe) GetProbeType() ProbeType

func (*TraceProbe) GetProgramName 

func (p *TraceProbe) GetProgramName() string

type Uprobe 

type Uprobe struct {
	// contains filtered or unexported fields
}

func NewUprobe 

func NewUprobe(evtName string, progName string, binPath string, symName string) *Uprobe

NewUprobe creates a new uprobe.

func (*Uprobe) GetBinaryPath 

func (p *Uprobe) GetBinaryPath() string

func (*Uprobe) GetEventName 

func (p *Uprobe) GetEventName() string

func (*Uprobe) GetProgramName 

func (p *Uprobe) GetProgramName() string

func (*Uprobe) GetSymbolName 

func (p *Uprobe) GetSymbolName() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.