systracer

package module

v1.0.1 Latest Latest Go to latest Published: Dec 7, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chaitin/systracer

Links

Open Source Insights

README ¶

SysTracer: Linux 系统活动跟踪器

release update

SysTracer 是长亭所开发的，用于跟踪 Linux 内核的关键活动并产生事件的跟踪程序。

借助 Linux Tracing 技术和内核分析手段，SysTracer 可以进行被动且实时地跟踪。

Documentation ¶

Overview ¶

Package systracer is the framework of linux event tracing system developed by Chaitin Tech.

Index ¶

Variables
type Condition
type Event
type Manager
- func New(ctx context.Context, group *errgroup.Group, options ...Option) (Manager, error)
type Option
type ProbeEvent
type ReturnEvent
type StringAddr
type Trace

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrBadTracePoint = errors.New("bad tracepoint")

ErrBadTracePoint is the error returned when the target trace point cannot be attached to.

Functions ¶

This section is empty.

Types ¶

type Condition ¶

type Condition struct{}

Condition is common embed field for defining an extra condition for current field.

type Event ¶

type Event struct {
	TaskPID   uint32
	Timestamp time.Time
	// contains filtered or unexported fields
}

Event stores common event data made by all types of concrete tracing events. The format is defined by "<debugfs>/tracing/trace" file.

The comm field is ommitted out since it is always imcomplete (rendered as "<...>) and is not essentially required by all events.

type Manager ¶

type Manager interface {
	// TraceKProbe creates either a kprobe (when handled
	// event is ProbeEvent) or a kretprobe (when handled
	// event is ReturnEvent).
	TraceKProbe(
		location string, handler interface{},
	) (Trace, <-chan struct{}, error)

	// TraceUProbe creates either a uprobe (when handled
	// event is ProbeEvent) or a uretprobe (when handled
	// event is ReturnEvent).
	TraceUProbe(
		library, location string, handler interface{},
	) (Trace, <-chan struct{}, error)
}

Manager is the manager of traces.

The manager is the monolithic consumer to read from trace pipe "<tracefs>/instances/<namespace>/trace_pipe" and generate events per registered events.

func New ¶

func New(
	ctx context.Context, group *errgroup.Group, options ...Option,
) (Manager, error)

New will create an instance of the manager.

type Option ¶

type Option func(*option)

Option to initialize the systrace subsystem.

func WithInstanceName ¶

func WithInstanceName(name string) Option

WithInstanceName is the name of the trace instance. The default value is "systrace".

func WithLimitInterval ¶

func WithLimitInterval(dur time.Duration) Option

WithLimitInterval specifies the interval of receiving event from trace pipe. Setting this value to 0 will disable the reception limit. The default value is 0.

func WithLogger ¶

func WithLogger(logger *zap.Logger) Option

WithLogger specifies the logger for the manager. The default value is zap.L().

func WithOptions ¶

func WithOptions(opts ...Option) Option

WithOptions aggregate a set of options together.

func WithTraceFSPath ¶

func WithTraceFSPath(path string) Option

WithTraceFSPath is the path of the tracefs. The default value is "/sys/kernel/debug/tracing".

type ProbeEvent ¶

type ProbeEvent struct {
	Event
}

ProbeEvent is the event triggered when touching any of the breakpoint inside a function.

type ReturnEvent ¶

type ReturnEvent struct {
	Event
}

ReturnEvent is the event triggered when a return instruction in function is executed.

type StringAddr ¶

type StringAddr struct {
	String string
	Addr   uint64
}

StringAddr is the special type used in the place of the string to fetch the address canary when decoding the string, when it is meaningful.

type Trace ¶

type Trace interface {
	ID() uint64
	SetCondition(string) error
	SetEnabled(bool)
	GetDone() uint64
	GetLost() uint64
	Close()
}

Trace is a controlling handle for trace events.

The trace handle is initially not started to avoid deadlocking when used as collectors. The caller must manually activate them after their master thread has been initialized.

And the trace can be stopped at runtime, it is recommended to disable certain tracing when there's no subscribers and the master thread nned not to track the real time state with the trace.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
systracer
connect Package connect defines the event source of network connection events on linux.	Package connect defines the event source of network connection events on linux.
inode Package inode provides service for uniquely pinning and addressing an inode for path.	Package inode provides service for uniquely pinning and addressing an inode for path.
listen
pkg
alloc package alloc is the id allocator that circulates the next id as the id allocator.	package alloc is the id allocator that circulates the next id as the id allocator.
kallsyms Package kallsyms loads and parses the kernel symbol table so that other modules can attach kprobe to functions.	Package kallsyms loads and parses the kernel symbol table so that other modules can attach kprobe to functions.
kversion Package kversion fetches the linux kernel version, and parse them with semantic versioning.	Package kversion fetches the linux kernel version, and parse them with semantic versioning.
rcnotify

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL