Documentation
¶
Overview ¶
a small wrapper-api around setting and unsetting offset configurations in the bpf probe. Offsets are stored in a per_cpu bpf map in the following format:
key : uint8 (nsproxy / thread_pid) val : uint32 (offset into task_struct)
Index ¶
Constants ¶
const ( OffsetFlagNsProxy = (1 << 0) OffsetFlagPidNs = (1 << 1) OffsetFlagAll = (OffsetFlagNsProxy | OffsetFlagPidNs) )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// enable kernel metrics
EnableMetrics bool
// enable kernel trace events
EnableTracer bool
// the tracepoints (names) to enable by default
Tracepoints []string
}
Config is uhh, configuration stuff.
func NewProbeConfig ¶
func NewProbeConfig() *Config
NewProbeConfig returns the default configuration for a kernel probe.
type DataCallback ¶
DataCallback is the function called for every trace-event record, or if the lost channel had been signaled.
type Offset ¶
type Offset struct {
Type OffsetType
Value OffsetValue
}
Offset is a structure that represents a single offset configuration entry in the ebpf.
func NewOffset ¶
func NewOffset(t OffsetType, offs OffsetValue) *Offset
NewOffset creates a new offset context
type OffsetType ¶
type OffsetType uint8
const ( // ebpf configuration for the offset to task_struct's `nsproxy` member OffsetNSProxy OffsetType = 1 // ebpf configuration for the offset to pid_namespace's `ns` member OffsetPidNSCommon OffsetType = 2 )
type OffsetValue ¶
type OffsetValue uint32
type Offsetter ¶
type Offsetter struct {
// contains filtered or unexported fields
}
func NewOffsetter ¶
NewOffsetter creates and initializes a new Offsetter context from the ebpf module.
func (*Offsetter) Set ¶
func (o *Offsetter) Set(t interface{}, offset OffsetValue) error
Set will set the bpf offset configuration based on the type `t`. `t` can either be a string (nsproxy, pid_ns_common), or its native OffsetType. The value of which is the offset where this structure member lives.
type Probe ¶
type Probe struct {
// contains filtered or unexported fields
}
Probe contains underlying structures to control the kernel probe.
func NewProbe ¶
NewProbe does all initializations of our BPF structures. This does NOT do any operation in which requires administrative rights. That Functionality is for the initialization.
func (*Probe) DetectAndSetOffsets ¶ added in v0.1.3
DetectAndSetOffsets is a wrapper around the kernel Offseter. For now it requires `objdump` to be installed, and will attempt to find offsets within the `struct task_struct` structure that are required to run the probe with.
func (*Probe) InitProbe ¶
func (p *Probe) InitProbe(opts ...ProbeInitOption) error
InitProbe loads all the underlying bpf maps, allocates the perfevent buffer, sets the tracepoints, all of which are operations which require CAP_ADMIN
func (*Probe) InitTracepoints ¶
InitTracePoints will set our tracepoints as on.
type ProbeInitOption ¶ added in v0.1.3
func WithDefaultFilter ¶ added in v0.1.3
func WithDefaultFilter() ProbeInitOption
func WithOffsetDetection ¶ added in v0.1.3
func WithOffsetDetection() ProbeInitOption
Source Files
Directories