Documentation
¶
Index ¶
- Constants
- func ContainerDBUpdaterProvider(meta kubeMetadataProvider, ...) swarm.InstanceFunc
- func ExcludingCriteria(cfg *obi.Config) []services.Selector
- func ExecTyperProvider(cfg *obi.Config, metrics imetrics.Reporter, k8sInformer *kube.MetadataProvider, ...) swarm.InstanceFunc
- func ExecutableReady(pid PID) (string, bool)
- func FindingCriteria(cfg *obi.Config) []services.Selector
- func GlobsAsSelector(in services.GlobDefinitionCriteria) []services.Selector
- func LogEnricherFindingCriteria(cfg *obi.Config) []services.Selector
- func NormalizeGlobCriteria(finderCriteria services.GlobDefinitionCriteria) []services.Selector
- func OnlyDefinesDeprecatedServiceSelection(cfg *obi.Config) bool
- func ProcessAgeFunc() func(int32) time.Duration
- func ProcessWatcherFunc(cfg *obi.Config, ebpfContext *ebpfcommon.EBPFEventContext, ...) swarm.RunFunc
- func RegexAsSelector(in services.RegexDefinitionCriteria) []services.Selector
- func WatcherKubeEnricherProvider(kubeMetaProvider kubeMetadataProvider, ...) swarm.InstanceFunc
- type Event
- type Matcher
- type PID
- type ProcessAttrs
- type ProcessFinder
- type ProcessFinderStartOpt
- type ProcessMatch
- type WatchEventType
Constants ¶
const ( EventCreated = WatchEventType(iota) EventDeleted EventInstanceDeleted )
Variables ¶
This section is empty.
Functions ¶
func ContainerDBUpdaterProvider ¶
func ContainerDBUpdaterProvider( meta kubeMetadataProvider, input, output *msg.Queue[[]Event[ebpf.Instrumentable]], ) swarm.InstanceFunc
ContainerDBUpdaterProvider is a stage in the Process Finder pipeline that will be enabled only if Kubernetes decoration is enabled. It just updates part of the kubernetes database when a new process is discovered.
func ExecTyperProvider ¶
func ExecTyperProvider( cfg *obi.Config, metrics imetrics.Reporter, k8sInformer *kube.MetadataProvider, input *msg.Queue[[]Event[ProcessMatch]], output *msg.Queue[[]Event[ebpf.Instrumentable]], ) swarm.InstanceFunc
ExecTyperProvider classifies the discovered executables according to the executable type (Go, generic...), and filters these executables that are not instrumentable.
func ExecutableReady ¶
func GlobsAsSelector ¶
func GlobsAsSelector(in services.GlobDefinitionCriteria) []services.Selector
func NormalizeGlobCriteria ¶
func NormalizeGlobCriteria(finderCriteria services.GlobDefinitionCriteria) []services.Selector
func ProcessAgeFunc ¶
func ProcessWatcherFunc ¶
func ProcessWatcherFunc(cfg *obi.Config, ebpfContext *ebpfcommon.EBPFEventContext, output *msg.Queue[[]Event[ProcessAttrs]]) swarm.RunFunc
ProcessWatcherFunc polls every PollInterval for new processes and forwards either new or deleted process PIDs as well as PIDs from processes that setup a new connection
func RegexAsSelector ¶
func RegexAsSelector(in services.RegexDefinitionCriteria) []services.Selector
func WatcherKubeEnricherProvider ¶
func WatcherKubeEnricherProvider( kubeMetaProvider kubeMetadataProvider, input, output *msg.Queue[[]Event[ProcessAttrs]], ) swarm.InstanceFunc
Types ¶
type Event ¶
type Event[T any] struct { Type WatchEventType Obj T }
type Matcher ¶
type Matcher struct {
Log *slog.Logger
Criteria []services.Selector
ExcludeCriteria []services.Selector
LogEnricherCriteria []services.Selector
// ProcessHistory keeps track of the processes that have been already matched and submitted for
// instrumentation.
// This avoids keep inspecting again and again client processes each time they open a new connection port
ProcessHistory map[PID]ProcessMatch
Input <-chan []Event[ProcessAttrs]
Output *msg.Queue[[]Event[ProcessMatch]]
Namespace string
HasHostPidAccess bool
}
Matcher is the component that matches the processes against the discovery criteria. It filters the processes that match the discovery criteria and sends them to the output channel.
type ProcessAttrs ¶
type ProcessAttrs struct {
// contains filtered or unexported fields
}
type ProcessFinder ¶
type ProcessFinder struct {
// contains filtered or unexported fields
}
func NewProcessFinder ¶
func NewProcessFinder( cfg *obi.Config, ctxInfo *global.ContextInfo, tracesInput *msg.Queue[[]request.Span], ebpfEventContext *ebpfcommon.EBPFEventContext, ) *ProcessFinder
func (*ProcessFinder) Done ¶
func (pf *ProcessFinder) Done() <-chan error
func (*ProcessFinder) Start ¶
func (pf *ProcessFinder) Start(ctx context.Context, opts ...ProcessFinderStartOpt) (<-chan Event[*ebpf.Instrumentable], error)
Start the ProcessFinder pipeline in background. It returns a channel where each new discovered ebpf.ProcessTracer will be notified.
type ProcessFinderStartOpt ¶
type ProcessFinderStartOpt func(*processFinderStartConfig)
ProcessFinderStartOpt allows overriding some internal behavior of ProcessFinder.Start method. This is useful for vendoring OBI inside another collector
func WithEnrichedProcessEvents ¶
func WithEnrichedProcessEvents(enrichedProcessEvents *msg.Queue[[]Event[ProcessAttrs]]) ProcessFinderStartOpt
WithEnrichedProcessEvents allows overriding the enrichedProcessEvents internal communication queue. This is useful for components that vendor OBI and want to listen for process events that have been already enriched with extra metadata (e.g. Kubernetes)
type ProcessMatch ¶
type ProcessMatch struct {
Criteria []services.Selector
LogEnricherCriteria []services.Selector
Process *services.ProcessInfo
}
ProcessMatch matches a found process with the first selection criteria it fulfilled.
func (ProcessMatch) LogEnricherEnabled ¶
func (pm ProcessMatch) LogEnricherEnabled() bool
type WatchEventType ¶
type WatchEventType int
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package exec provides the utilities to analyze the executable code
|
Package exec provides the utilities to analyze the executable code |