kernel

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 17, 2020 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

a small wrapper-api around setting and unsetting offset configurations in the bpf probe. Offsets are stored in a per_cpu bpf map in the following format: 

key : uint8  (nsproxy / thread_pid)
val : uint32 (offset into task_struct)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// enable kernel metrics
	EnableMetrics bool
	// enable kernel trace events
	EnableTracer bool
	// the tracepoints (names) to enable by default
	Tracepoints []string
}

Config is uhh, configuration stuff.

func NewProbeConfig 

func NewProbeConfig() *Config

NewProbeConfig returns the default configuration for a kernel probe.

type DataCallback 

type DataCallback func(msg []byte, lost uint64) error

DataCallback is the function called for every trace-event record, or if the lost channel had been signaled.

type Offset 

type Offset struct {
	Type  OffsetType
	Value OffsetValue
}

Offset is a structure that represents a single offset configuration entry in the ebpf.

func NewOffset 

func NewOffset(t OffsetType, offs OffsetValue) *Offset

NewOffset creates a new offset context

type OffsetType 

type OffsetType uint8
const (
	// ebpf configuration for the offset to task_struct's `nsproxy` member
	OffsetNSProxy OffsetType = 1
	// ebpf configuration for the offset to pid_namespace's `ns` member
	OffsetPidNSCommon OffsetType = 2
)

type OffsetValue 

type OffsetValue uint32

type Offsetter 

type Offsetter struct {
	// contains filtered or unexported fields
}

func NewOffsetter 

func NewOffsetter(mod *elf.Module) (*Offsetter, error)

NewOffsetter creates and initializes a new Offsetter context from the ebpf module.

func (*Offsetter) Set 

func (o *Offsetter) Set(t interface{}, offset OffsetValue) error

Set will set the bpf offset configuration based on the type `t`. `t` can either be a string (nsproxy, pid_ns_common), or its native OffsetType. The value of which is the offset where this structure member lives.

type Probe 

type Probe struct {
	// contains filtered or unexported fields
}

Probe contains underlying structures to control the kernel probe.

func NewProbe 

func NewProbe(bpf *bytes.Reader, cfg *Config) (*Probe, error)

NewProbe does all initializations of our BPF structures. This does NOT do any operation in which requires administrative rights. That Functionality is for the initialization.

func (*Probe) Close 

func (p *Probe) Close() error

Close will de-initialize and close all the underlying bpf modules.

func (*Probe) InitProbe 

func (p *Probe) InitProbe() error

InitProbe loads all the underlying bpf maps, allocates the perfevent buffer, sets the tracepoints, all of which are operations which require CAP_ADMIN

func (*Probe) InitTracepoints 

func (p *Probe) InitTracepoints() error

InitTracePoints will set our tracepoints as on.

func (*Probe) Module 

func (p *Probe) Module() *elf.Module

Module returns the gobpf.elf module reference for use in other apis (like filtering)

func (*Probe) Run 

func (p *Probe) Run(ctx context.Context, cb DataCallback) error

Run will read raw kernel trace events, and for each incoming trace, will call the user-provided callback `DataCallback`

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.