kfilefields

package

v0.27.0 Latest Latest Go to latest Published: Apr 2, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Rendered for

Package kfilefields provides functions to read kernel "struct file" fields against a file descriptor.

This is done:

without using bpf iterators in order to work on old kernels.
without comparing pids from userspace and ebpf in order to work from different pid namespaces.

This section is empty.

This section is empty.

func ReadFOpForFdType(ft FdType) (uint64, error)

ReadFOpForFdType uses ebpf to read the f_op pointer from the kernel "struct file" associated with the given fd type.

func ReadPrivateDataFromFd(fd int) (uint64, error)

ReadPrivateDataFromFd uses ebpf to read the private_data pointer from the kernel "struct file" associated with the given fd.

type FdType int

const (
	FdTypeSocket FdType = iota
	FdTypeEbpfProgram
)

func (fd FdType) String() string

type Tracer struct {
	// contains filtered or unexported fields
}