strace

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 30, 2024 License: Apache-2.0, MIT Imports: 17 Imported by: 0

Documentation

Overview

Package strace implements the logic to print out the input and the return value of each traced syscall.

Index

Constants

View Source
const DefaultLogMaximumSize = 1024

DefaultLogMaximumSize is the default LogMaximumSize.

Variables

View Source
var CapabilityBitset = abi.FlagSet{
	{
		Flag: 1 << uint32(linux.CAP_CHOWN),
		Name: "CAP_CHOWN",
	},
	{
		Flag: 1 << uint32(linux.CAP_DAC_OVERRIDE),
		Name: "CAP_DAC_OVERRIDE",
	},
	{
		Flag: 1 << uint32(linux.CAP_DAC_READ_SEARCH),
		Name: "CAP_DAC_READ_SEARCH",
	},
	{
		Flag: 1 << uint32(linux.CAP_FOWNER),
		Name: "CAP_FOWNER",
	},
	{
		Flag: 1 << uint32(linux.CAP_FSETID),
		Name: "CAP_FSETID",
	},
	{
		Flag: 1 << uint32(linux.CAP_KILL),
		Name: "CAP_KILL",
	},
	{
		Flag: 1 << uint32(linux.CAP_SETGID),
		Name: "CAP_SETGID",
	},
	{
		Flag: 1 << uint32(linux.CAP_SETUID),
		Name: "CAP_SETUID",
	},
	{
		Flag: 1 << uint32(linux.CAP_SETPCAP),
		Name: "CAP_SETPCAP",
	},
	{
		Flag: 1 << uint32(linux.CAP_LINUX_IMMUTABLE),
		Name: "CAP_LINUX_IMMUTABLE",
	},
	{
		Flag: 1 << uint32(linux.CAP_NET_BIND_SERVICE),
		Name: "CAP_NET_BIND_SERVICE",
	},
	{
		Flag: 1 << uint32(linux.CAP_NET_BROADCAST),
		Name: "CAP_NET_BROADCAST",
	},
	{
		Flag: 1 << uint32(linux.CAP_NET_ADMIN),
		Name: "CAP_NET_ADMIN",
	},
	{
		Flag: 1 << uint32(linux.CAP_NET_RAW),
		Name: "CAP_NET_RAW",
	},
	{
		Flag: 1 << uint32(linux.CAP_IPC_LOCK),
		Name: "CAP_IPC_LOCK",
	},
	{
		Flag: 1 << uint32(linux.CAP_IPC_OWNER),
		Name: "CAP_IPC_OWNER",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_MODULE),
		Name: "CAP_SYS_MODULE",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_RAWIO),
		Name: "CAP_SYS_RAWIO",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_CHROOT),
		Name: "CAP_SYS_CHROOT",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_PTRACE),
		Name: "CAP_SYS_PTRACE",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_PACCT),
		Name: "CAP_SYS_PACCT",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_ADMIN),
		Name: "CAP_SYS_ADMIN",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_BOOT),
		Name: "CAP_SYS_BOOT",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_NICE),
		Name: "CAP_SYS_NICE",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_RESOURCE),
		Name: "CAP_SYS_RESOURCE",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_TIME),
		Name: "CAP_SYS_TIME",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYS_TTY_CONFIG),
		Name: "CAP_SYS_TTY_CONFIG",
	},
	{
		Flag: 1 << uint32(linux.CAP_MKNOD),
		Name: "CAP_MKNOD",
	},
	{
		Flag: 1 << uint32(linux.CAP_LEASE),
		Name: "CAP_LEASE",
	},
	{
		Flag: 1 << uint32(linux.CAP_AUDIT_WRITE),
		Name: "CAP_AUDIT_WRITE",
	},
	{
		Flag: 1 << uint32(linux.CAP_AUDIT_CONTROL),
		Name: "CAP_AUDIT_CONTROL",
	},
	{
		Flag: 1 << uint32(linux.CAP_SETFCAP),
		Name: "CAP_SETFCAP",
	},
	{
		Flag: 1 << uint32(linux.CAP_MAC_OVERRIDE),
		Name: "CAP_MAC_OVERRIDE",
	},
	{
		Flag: 1 << uint32(linux.CAP_MAC_ADMIN),
		Name: "CAP_MAC_ADMIN",
	},
	{
		Flag: 1 << uint32(linux.CAP_SYSLOG),
		Name: "CAP_SYSLOG",
	},
	{
		Flag: 1 << uint32(linux.CAP_WAKE_ALARM),
		Name: "CAP_WAKE_ALARM",
	},
	{
		Flag: 1 << uint32(linux.CAP_BLOCK_SUSPEND),
		Name: "CAP_BLOCK_SUSPEND",
	},
	{
		Flag: 1 << uint32(linux.CAP_AUDIT_READ),
		Name: "CAP_AUDIT_READ",
	},
}

CapabilityBitset is the set of capabilities in a bitset.

View Source
var CloneFlagSet = abi.FlagSet{
	{
		Flag: linux.CLONE_VM,
		Name: "CLONE_VM",
	},
	{
		Flag: linux.CLONE_FS,
		Name: "CLONE_FS",
	},
	{
		Flag: linux.CLONE_FILES,
		Name: "CLONE_FILES",
	},
	{
		Flag: linux.CLONE_SIGHAND,
		Name: "CLONE_SIGHAND",
	},
	{
		Flag: linux.CLONE_PTRACE,
		Name: "CLONE_PTRACE",
	},
	{
		Flag: linux.CLONE_VFORK,
		Name: "CLONE_VFORK",
	},
	{
		Flag: linux.CLONE_PARENT,
		Name: "CLONE_PARENT",
	},
	{
		Flag: linux.CLONE_THREAD,
		Name: "CLONE_THREAD",
	},
	{
		Flag: linux.CLONE_NEWNS,
		Name: "CLONE_NEWNS",
	},
	{
		Flag: linux.CLONE_SYSVSEM,
		Name: "CLONE_SYSVSEM",
	},
	{
		Flag: linux.CLONE_SETTLS,
		Name: "CLONE_SETTLS",
	},
	{
		Flag: linux.CLONE_PARENT_SETTID,
		Name: "CLONE_PARENT_SETTID",
	},
	{
		Flag: linux.CLONE_CHILD_CLEARTID,
		Name: "CLONE_CHILD_CLEARTID",
	},
	{
		Flag: linux.CLONE_DETACHED,
		Name: "CLONE_DETACHED",
	},
	{
		Flag: linux.CLONE_UNTRACED,
		Name: "CLONE_UNTRACED",
	},
	{
		Flag: linux.CLONE_CHILD_SETTID,
		Name: "CLONE_CHILD_SETTID",
	},
	{
		Flag: linux.CLONE_NEWUTS,
		Name: "CLONE_NEWUTS",
	},
	{
		Flag: linux.CLONE_NEWIPC,
		Name: "CLONE_NEWIPC",
	},
	{
		Flag: linux.CLONE_NEWUSER,
		Name: "CLONE_NEWUSER",
	},
	{
		Flag: linux.CLONE_NEWPID,
		Name: "CLONE_NEWPID",
	},
	{
		Flag: linux.CLONE_NEWNET,
		Name: "CLONE_NEWNET",
	},
	{
		Flag: linux.CLONE_IO,
		Name: "CLONE_IO",
	},
}

CloneFlagSet is the set of clone(2) flags.

View Source
var CloseRangeFlagSet = abi.FlagSet{
	{
		Flag: uint64(linux.CLOSE_RANGE_CLOEXEC),
		Name: "CLOSE_RANGE_CLOEXEC",
	},
	{
		Flag: uint64(linux.CLOSE_RANGE_UNSHARE),
		Name: "CLOSE_RANGE_UNSHARE",
	},
}

CloseRangeFlagSet is the set of close_range(2) flags.

View Source
var EventMaximumSize uint

EventMaximumSize determines the maximum size for data blobs (read, write, etc.) sent over the event channel. Default is 0 because most clients cannot do anything useful with binary text dump of byte array arguments.

View Source
var FutexCmd = abi.ValueSet{
	linux.FUTEX_WAIT:            "FUTEX_WAIT",
	linux.FUTEX_WAKE:            "FUTEX_WAKE",
	linux.FUTEX_FD:              "FUTEX_FD",
	linux.FUTEX_REQUEUE:         "FUTEX_REQUEUE",
	linux.FUTEX_CMP_REQUEUE:     "FUTEX_CMP_REQUEUE",
	linux.FUTEX_WAKE_OP:         "FUTEX_WAKE_OP",
	linux.FUTEX_LOCK_PI:         "FUTEX_LOCK_PI",
	linux.FUTEX_UNLOCK_PI:       "FUTEX_UNLOCK_PI",
	linux.FUTEX_TRYLOCK_PI:      "FUTEX_TRYLOCK_PI",
	linux.FUTEX_WAIT_BITSET:     "FUTEX_WAIT_BITSET",
	linux.FUTEX_WAKE_BITSET:     "FUTEX_WAKE_BITSET",
	linux.FUTEX_WAIT_REQUEUE_PI: "FUTEX_WAIT_REQUEUE_PI",
	linux.FUTEX_CMP_REQUEUE_PI:  "FUTEX_CMP_REQUEUE_PI",
}

FutexCmd are the possible futex(2) commands.

View Source
var ItimerTypes = abi.ValueSet{
	linux.ITIMER_REAL:    "ITIMER_REAL",
	linux.ITIMER_VIRTUAL: "ITIMER_VIRTUAL",
	linux.ITIMER_PROF:    "ITIMER_PROF",
}

ItimerTypes are the possible itimer types.

View Source
var LogAppDataAllowed = true

LogAppDataAllowed is set to true when printing application data in strace logs is allowed.

View Source
var LogMaximumSize uint = DefaultLogMaximumSize

LogMaximumSize determines the maximum display size for data blobs (read, write, etc.).

View Source
var MmapFlagSet = abi.FlagSet{
	{
		Flag: linux.MAP_SHARED,
		Name: "MAP_SHARED",
	},
	{
		Flag: linux.MAP_PRIVATE,
		Name: "MAP_PRIVATE",
	},
	{
		Flag: linux.MAP_FIXED,
		Name: "MAP_FIXED",
	},
	{
		Flag: linux.MAP_ANONYMOUS,
		Name: "MAP_ANONYMOUS",
	},
	{
		Flag: linux.MAP_GROWSDOWN,
		Name: "MAP_GROWSDOWN",
	},
	{
		Flag: linux.MAP_DENYWRITE,
		Name: "MAP_DENYWRITE",
	},
	{
		Flag: linux.MAP_EXECUTABLE,
		Name: "MAP_EXECUTABLE",
	},
	{
		Flag: linux.MAP_LOCKED,
		Name: "MAP_LOCKED",
	},
	{
		Flag: linux.MAP_NORESERVE,
		Name: "MAP_NORESERVE",
	},
	{
		Flag: linux.MAP_POPULATE,
		Name: "MAP_POPULATE",
	},
	{
		Flag: linux.MAP_NONBLOCK,
		Name: "MAP_NONBLOCK",
	},
	{
		Flag: linux.MAP_STACK,
		Name: "MAP_STACK",
	},
	{
		Flag: linux.MAP_HUGETLB,
		Name: "MAP_HUGETLB",
	},
}

MmapFlagSet is the set of mmap(2) flags.

View Source
var OpenFlagSet = abi.FlagSet{
	{
		Flag: linux.O_APPEND,
		Name: "O_APPEND",
	},
	{
		Flag: linux.O_ASYNC,
		Name: "O_ASYNC",
	},
	{
		Flag: linux.O_CLOEXEC,
		Name: "O_CLOEXEC",
	},
	{
		Flag: linux.O_CREAT,
		Name: "O_CREAT",
	},
	{
		Flag: linux.O_DIRECT,
		Name: "O_DIRECT",
	},
	{
		Flag: linux.O_DIRECTORY,
		Name: "O_DIRECTORY",
	},
	{
		Flag: linux.O_EXCL,
		Name: "O_EXCL",
	},
	{
		Flag: linux.O_NOATIME,
		Name: "O_NOATIME",
	},
	{
		Flag: linux.O_NOCTTY,
		Name: "O_NOCTTY",
	},
	{
		Flag: linux.O_NOFOLLOW,
		Name: "O_NOFOLLOW",
	},
	{
		Flag: linux.O_NONBLOCK,
		Name: "O_NONBLOCK",
	},
	{
		Flag: 0x200000,
		Name: "O_PATH",
	},
	{
		Flag: linux.O_SYNC,
		Name: "O_SYNC",
	},
	{
		Flag: linux.O_TMPFILE,
		Name: "O_TMPFILE",
	},
	{
		Flag: linux.O_TRUNC,
		Name: "O_TRUNC",
	},
}

OpenFlagSet is the set of open(2) flags.

View Source
var OpenMode = abi.ValueSet{
	linux.O_RDWR:   "O_RDWR",
	linux.O_WRONLY: "O_WRONLY",
	linux.O_RDONLY: "O_RDONLY",
}

OpenMode represents the mode to open(2) a file.

View Source
var PollEventSet = abi.FlagSet{
	{Flag: linux.POLLIN, Name: "POLLIN"},
	{Flag: linux.POLLPRI, Name: "POLLPRI"},
	{Flag: linux.POLLOUT, Name: "POLLOUT"},
	{Flag: linux.POLLERR, Name: "POLLERR"},
	{Flag: linux.POLLHUP, Name: "POLLHUP"},
	{Flag: linux.POLLNVAL, Name: "POLLNVAL"},
	{Flag: linux.POLLRDNORM, Name: "POLLRDNORM"},
	{Flag: linux.POLLRDBAND, Name: "POLLRDBAND"},
	{Flag: linux.POLLWRNORM, Name: "POLLWRNORM"},
	{Flag: linux.POLLWRBAND, Name: "POLLWRBAND"},
	{Flag: linux.POLLMSG, Name: "POLLMSG"},
	{Flag: linux.POLLREMOVE, Name: "POLLREMOVE"},
	{Flag: linux.POLLRDHUP, Name: "POLLRDHUP"},
	{Flag: linux.POLLFREE, Name: "POLLFREE"},
	{Flag: linux.POLL_BUSY_LOOP, Name: "POLL_BUSY_LOOP"},
}

PollEventSet is the set of poll(2) event flags.

View Source
var ProtectionFlagSet = abi.FlagSet{
	{
		Flag: linux.PROT_READ,
		Name: "PROT_READ",
	},
	{
		Flag: linux.PROT_WRITE,
		Name: "PROT_WRITE",
	},
	{
		Flag: linux.PROT_EXEC,
		Name: "PROT_EXEC",
	},
}

ProtectionFlagSet represents the protection to mmap(2).

View Source
var PtraceRequestSet = abi.ValueSet{
	linux.PTRACE_TRACEME:           "PTRACE_TRACEME",
	linux.PTRACE_PEEKTEXT:          "PTRACE_PEEKTEXT",
	linux.PTRACE_PEEKDATA:          "PTRACE_PEEKDATA",
	linux.PTRACE_PEEKUSR:           "PTRACE_PEEKUSR",
	linux.PTRACE_POKETEXT:          "PTRACE_POKETEXT",
	linux.PTRACE_POKEDATA:          "PTRACE_POKEDATA",
	linux.PTRACE_POKEUSR:           "PTRACE_POKEUSR",
	linux.PTRACE_CONT:              "PTRACE_CONT",
	linux.PTRACE_KILL:              "PTRACE_KILL",
	linux.PTRACE_SINGLESTEP:        "PTRACE_SINGLESTEP",
	linux.PTRACE_ATTACH:            "PTRACE_ATTACH",
	linux.PTRACE_DETACH:            "PTRACE_DETACH",
	linux.PTRACE_SYSCALL:           "PTRACE_SYSCALL",
	linux.PTRACE_SETOPTIONS:        "PTRACE_SETOPTIONS",
	linux.PTRACE_GETEVENTMSG:       "PTRACE_GETEVENTMSG",
	linux.PTRACE_GETSIGINFO:        "PTRACE_GETSIGINFO",
	linux.PTRACE_SETSIGINFO:        "PTRACE_SETSIGINFO",
	linux.PTRACE_GETREGSET:         "PTRACE_GETREGSET",
	linux.PTRACE_SETREGSET:         "PTRACE_SETREGSET",
	linux.PTRACE_SEIZE:             "PTRACE_SEIZE",
	linux.PTRACE_INTERRUPT:         "PTRACE_INTERRUPT",
	linux.PTRACE_LISTEN:            "PTRACE_LISTEN",
	linux.PTRACE_PEEKSIGINFO:       "PTRACE_PEEKSIGINFO",
	linux.PTRACE_GETSIGMASK:        "PTRACE_GETSIGMASK",
	linux.PTRACE_SETSIGMASK:        "PTRACE_SETSIGMASK",
	linux.PTRACE_GETREGS:           "PTRACE_GETREGS",
	linux.PTRACE_SETREGS:           "PTRACE_SETREGS",
	linux.PTRACE_GETFPREGS:         "PTRACE_GETFPREGS",
	linux.PTRACE_SETFPREGS:         "PTRACE_SETFPREGS",
	linux.PTRACE_GETFPXREGS:        "PTRACE_GETFPXREGS",
	linux.PTRACE_SETFPXREGS:        "PTRACE_SETFPXREGS",
	linux.PTRACE_OLDSETOPTIONS:     "PTRACE_OLDSETOPTIONS",
	linux.PTRACE_GET_THREAD_AREA:   "PTRACE_GET_THREAD_AREA",
	linux.PTRACE_SET_THREAD_AREA:   "PTRACE_SET_THREAD_AREA",
	linux.PTRACE_ARCH_PRCTL:        "PTRACE_ARCH_PRCTL",
	linux.PTRACE_SYSEMU:            "PTRACE_SYSEMU",
	linux.PTRACE_SYSEMU_SINGLESTEP: "PTRACE_SYSEMU_SINGLESTEP",
	linux.PTRACE_SINGLEBLOCK:       "PTRACE_SINGLEBLOCK",
}

PtraceRequestSet are the possible ptrace(2) requests.

View Source
var SocketFamily = abi.ValueSet{
	linux.AF_UNSPEC:     "AF_UNSPEC",
	linux.AF_UNIX:       "AF_UNIX",
	linux.AF_INET:       "AF_INET",
	linux.AF_AX25:       "AF_AX25",
	linux.AF_IPX:        "AF_IPX",
	linux.AF_APPLETALK:  "AF_APPLETALK",
	linux.AF_NETROM:     "AF_NETROM",
	linux.AF_BRIDGE:     "AF_BRIDGE",
	linux.AF_ATMPVC:     "AF_ATMPVC",
	linux.AF_X25:        "AF_X25",
	linux.AF_INET6:      "AF_INET6",
	linux.AF_ROSE:       "AF_ROSE",
	linux.AF_DECnet:     "AF_DECnet",
	linux.AF_NETBEUI:    "AF_NETBEUI",
	linux.AF_SECURITY:   "AF_SECURITY",
	linux.AF_KEY:        "AF_KEY",
	linux.AF_NETLINK:    "AF_NETLINK",
	linux.AF_PACKET:     "AF_PACKET",
	linux.AF_ASH:        "AF_ASH",
	linux.AF_ECONET:     "AF_ECONET",
	linux.AF_ATMSVC:     "AF_ATMSVC",
	linux.AF_RDS:        "AF_RDS",
	linux.AF_SNA:        "AF_SNA",
	linux.AF_IRDA:       "AF_IRDA",
	linux.AF_PPPOX:      "AF_PPPOX",
	linux.AF_WANPIPE:    "AF_WANPIPE",
	linux.AF_LLC:        "AF_LLC",
	linux.AF_IB:         "AF_IB",
	linux.AF_MPLS:       "AF_MPLS",
	linux.AF_CAN:        "AF_CAN",
	linux.AF_TIPC:       "AF_TIPC",
	linux.AF_BLUETOOTH:  "AF_BLUETOOTH",
	linux.AF_IUCV:       "AF_IUCV",
	linux.AF_RXRPC:      "AF_RXRPC",
	linux.AF_ISDN:       "AF_ISDN",
	linux.AF_PHONET:     "AF_PHONET",
	linux.AF_IEEE802154: "AF_IEEE802154",
	linux.AF_CAIF:       "AF_CAIF",
	linux.AF_ALG:        "AF_ALG",
	linux.AF_NFC:        "AF_NFC",
	linux.AF_VSOCK:      "AF_VSOCK",
}

SocketFamily are the possible socket(2) families.

View Source
var SocketFlagSet = abi.FlagSet{
	{
		Flag: linux.SOCK_CLOEXEC,
		Name: "SOCK_CLOEXEC",
	},
	{
		Flag: linux.SOCK_NONBLOCK,
		Name: "SOCK_NONBLOCK",
	},
}

SocketFlagSet are the possible socket(2) flags.

View Source
var SocketProtocol = map[int32]abi.ValueSet{
	linux.AF_INET:  ipProtocol,
	linux.AF_INET6: ipProtocol,
	linux.AF_NETLINK: {
		linux.NETLINK_ROUTE:          "NETLINK_ROUTE",
		linux.NETLINK_UNUSED:         "NETLINK_UNUSED",
		linux.NETLINK_USERSOCK:       "NETLINK_USERSOCK",
		linux.NETLINK_FIREWALL:       "NETLINK_FIREWALL",
		linux.NETLINK_SOCK_DIAG:      "NETLINK_SOCK_DIAG",
		linux.NETLINK_NFLOG:          "NETLINK_NFLOG",
		linux.NETLINK_XFRM:           "NETLINK_XFRM",
		linux.NETLINK_SELINUX:        "NETLINK_SELINUX",
		linux.NETLINK_ISCSI:          "NETLINK_ISCSI",
		linux.NETLINK_AUDIT:          "NETLINK_AUDIT",
		linux.NETLINK_FIB_LOOKUP:     "NETLINK_FIB_LOOKUP",
		linux.NETLINK_CONNECTOR:      "NETLINK_CONNECTOR",
		linux.NETLINK_NETFILTER:      "NETLINK_NETFILTER",
		linux.NETLINK_IP6_FW:         "NETLINK_IP6_FW",
		linux.NETLINK_DNRTMSG:        "NETLINK_DNRTMSG",
		linux.NETLINK_KOBJECT_UEVENT: "NETLINK_KOBJECT_UEVENT",
		linux.NETLINK_GENERIC:        "NETLINK_GENERIC",
		linux.NETLINK_SCSITRANSPORT:  "NETLINK_SCSITRANSPORT",
		linux.NETLINK_ECRYPTFS:       "NETLINK_ECRYPTFS",
		linux.NETLINK_RDMA:           "NETLINK_RDMA",
		linux.NETLINK_CRYPTO:         "NETLINK_CRYPTO",
	},
}

SocketProtocol are the possible socket(2) protocols for each protocol family.

View Source
var SocketType = abi.ValueSet{
	uint64(linux.SOCK_STREAM):    "SOCK_STREAM",
	uint64(linux.SOCK_DGRAM):     "SOCK_DGRAM",
	uint64(linux.SOCK_RAW):       "SOCK_RAW",
	uint64(linux.SOCK_RDM):       "SOCK_RDM",
	uint64(linux.SOCK_SEQPACKET): "SOCK_SEQPACKET",
	uint64(linux.SOCK_DCCP):      "SOCK_DCCP",
	uint64(linux.SOCK_PACKET):    "SOCK_PACKET",
}

SocketType are the possible socket(2) types.

Functions

func Disable

func Disable(sinks SinkType)

Disable will disable Strace for all system calls and missing syscalls.

Preconditions: Initialize has been called.

func Enable

func Enable(allowlist []string, sinks SinkType) error

Enable enables the syscalls in allowlist in all syscall tables.

Preconditions: Initialize has been called.

func EnableAll

func EnableAll(sinks SinkType)

EnableAll enables all syscalls in all syscall tables.

Preconditions: Initialize has been called.

func Initialize

func Initialize()

Initialize prepares all syscall tables for use by this package.

N.B. This is not in an init function because we can't be sure all syscall tables are registered with the kernel when init runs.

Types

type FormatSpecifier

type FormatSpecifier int

FormatSpecifier values describe how an individual syscall argument should be formatted.

const (
	// Hex is just a hexadecimal number.
	Hex FormatSpecifier = iota

	// Oct is just an octal number.
	Oct

	// FD is a file descriptor.
	FD

	// ReadBuffer is a buffer for a read-style call. The syscall return
	// value is used for the length.
	//
	// Formatted after syscall execution.
	ReadBuffer

	// WriteBuffer is a buffer for a write-style call. The following arg is
	// used for the length.
	//
	// Contents omitted after syscall execution.
	WriteBuffer

	// ReadIOVec is a pointer to a struct iovec for a writev-style call.
	// The following arg is used for the length. The return value is used
	// for the total length.
	//
	// Complete contents only formatted after syscall execution.
	ReadIOVec

	// WriteIOVec is a pointer to a struct iovec for a writev-style call.
	// The following arg is used for the length.
	//
	// Complete contents only formatted before syscall execution, omitted
	// after.
	WriteIOVec

	// IOVec is a generic pointer to a struct iovec. Contents are not dumped.
	IOVec

	// SendMsgHdr is a pointer to a struct msghdr for a sendmsg-style call.
	// Contents formatted only before syscall execution, omitted after.
	SendMsgHdr

	// RecvMsgHdr is a pointer to a struct msghdr for a recvmsg-style call.
	// Contents formatted only after syscall execution.
	RecvMsgHdr

	// Path is a pointer to a char* path.
	Path

	// PostPath is a pointer to a char* path, formatted after syscall
	// execution.
	PostPath

	// ExecveStringVector is a NULL-terminated array of strings. Enforces
	// the maximum execve array length.
	ExecveStringVector

	// PipeFDs is an array of two FDs, formatted after syscall execution.
	PipeFDs

	// Uname is a pointer to a struct uname, formatted after syscall execution.
	Uname

	// Stat is a pointer to a struct stat, formatted after syscall execution.
	Stat

	// SockAddr is a pointer to a struct sockaddr. The following arg is
	// used for length.
	SockAddr

	// PostSockAddr is a pointer to a struct sockaddr, formatted after
	// syscall execution. The following arg is a pointer to the socklen_t
	// length.
	PostSockAddr

	// SockLen is a pointer to a socklen_t, formatted before and after
	// syscall execution.
	SockLen

	// SockFamily is a socket protocol family value.
	SockFamily

	// SockType is a socket type and flags value.
	SockType

	// SockProtocol is a socket protocol value. Argument n-2 is the socket
	// protocol family.
	SockProtocol

	// SockFlags are socket flags.
	SockFlags

	// Timespec is a pointer to a struct timespec.
	Timespec

	// PostTimespec is a pointer to a struct timespec, formatted after
	// syscall execution.
	PostTimespec

	// UTimeTimespec is a pointer to a struct timespec. Formatting includes
	// UTIME_NOW and UTIME_OMIT.
	UTimeTimespec

	// ItimerVal is a pointer to a struct itimerval.
	ItimerVal

	// PostItimerVal is a pointer to a struct itimerval, formatted after
	// syscall execution.
	PostItimerVal

	// ItimerSpec is a pointer to a struct itimerspec.
	ItimerSpec

	// PostItimerSpec is a pointer to a struct itimerspec, formatted after
	// syscall execution.
	PostItimerSpec

	// Timeval is a pointer to a struct timeval, formatted before and after
	// syscall execution.
	Timeval

	// Utimbuf is a pointer to a struct utimbuf.
	Utimbuf

	// Rusage is a struct rusage, formatted after syscall execution.
	Rusage

	// CloneFlags are clone(2) flags.
	CloneFlags

	// OpenFlags are open(2) flags.
	OpenFlags

	// Mode is a mode_t.
	Mode

	// FutexOp is the futex(2) operation.
	FutexOp

	// PtraceRequest is the ptrace(2) request.
	PtraceRequest

	// ItimerType is an itimer type (ITIMER_REAL, etc).
	ItimerType

	// Signal is a signal number.
	Signal

	// SignalMaskAction is a signal mask action passed to rt_sigprocmask(2).
	SignalMaskAction

	// SigSet is a signal set.
	SigSet

	// PostSigSet is a signal set, formatted after syscall execution.
	PostSigSet

	// SigAction is a struct sigaction.
	SigAction

	// PostSigAction is a struct sigaction, formatted after syscall execution.
	PostSigAction

	// CapHeader is a cap_user_header_t.
	CapHeader

	// CapData is the data argument to capget(2)/capset(2). The previous
	// argument must be CapHeader.
	CapData

	// PostCapData is the data argument to capget(2)/capset(2), formatted
	// after syscall execution. The previous argument must be CapHeader.
	PostCapData

	// PollFDs is an array of struct pollfd. The number of entries in the
	// array is in the next argument.
	PollFDs

	// SelectFDSet is an fd_set argument in select(2)/pselect(2). The
	// number of FDs represented must be the first argument.
	SelectFDSet

	// GetSockOptVal is the optval argument in getsockopt(2).
	//
	// Formatted after syscall execution.
	GetSockOptVal

	// SetSockOptVal is the optval argument in setsockopt(2).
	//
	// Contents omitted after syscall execution.
	SetSockOptVal

	// SockOptLevel is the level argument in getsockopt(2) and
	// setsockopt(2).
	SockOptLevel

	// SockOptLevel is the optname argument in getsockopt(2) and
	// setsockopt(2).
	SockOptName

	// EpollCtlOp is the op argument to epoll_ctl(2).
	EpollCtlOp

	// EpollEvent is the event argument in epoll_ctl(2).
	EpollEvent

	// EpollEvents is an array of struct epoll_event. It is the events
	// argument in epoll_wait(2)/epoll_pwait(2).
	EpollEvents

	// MmapProt is the protection argument in mmap(2).
	MmapProt

	// MmapFlags is the flags argument in mmap(2).
	MmapFlags

	// CloseRangeFlags are close_range(2) flags.
	CloseRangeFlags
)

Valid FormatSpecifiers.

Unless otherwise specified, values are formatted before syscall execution and not updated after syscall execution (the same value is output).

type SinkType

type SinkType uint32

SinkType defines where to send straces to.

const (
	// SinkTypeLog sends straces to text log
	SinkTypeLog SinkType = 1 << iota

	// SinkTypeEvent sends strace to event log
	SinkTypeEvent
)

type SyscallInfo

type SyscallInfo struct {
	// contains filtered or unexported fields
}

SyscallInfo captures the name and printing format of a syscall.

type SyscallMap

type SyscallMap map[uintptr]SyscallInfo

SyscallMap maps syscalls into names and printing formats.

func Lookup

func Lookup(os abi.OS, a arch.Arch) (SyscallMap, bool)

Lookup returns the SyscallMap for the OS/Arch combination. The returned map must not be changed.

func (SyscallMap) ConvertToSysno

func (s SyscallMap) ConvertToSysno(syscall string) (uintptr, bool)

ConvertToSysno converts the name to system call number. Returns false if syscall with same name is not found.

func (SyscallMap) ConvertToSysnoMap

func (s SyscallMap) ConvertToSysnoMap(syscalls []string) (map[uintptr]bool, error)

ConvertToSysnoMap converts the names to a map keyed on the syscall number and value set to true.

The map is in a convenient format to pass to SyscallFlagsTable.Enable().

func (SyscallMap) Name

func (s SyscallMap) Name(sysno uintptr) string

Name returns the syscall name.

func (SyscallMap) SyscallEnter

func (s SyscallMap) SyscallEnter(t *kernel.Task, sysno uintptr, args arch.SyscallArguments, flags uint32) any

SyscallEnter implements kernel.Stracer.SyscallEnter. It logs the syscall entry trace.

func (SyscallMap) SyscallExit

func (s SyscallMap) SyscallExit(context any, t *kernel.Task, sysno, rval uintptr, err error)

SyscallExit implements kernel.Stracer.SyscallExit. It logs the syscall exit trace.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL