bcc

package
v0.0.0-...-f36e432 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2023 License: Apache-2.0 Imports: 21 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	BPF_PROBE_ENTRY = iota
	BPF_PROBE_RETURN
)
View Source 
const (
	XDP_FLAGS_UPDATE_IF_NOEXIST = uint32(1) << iota
	XDP_FLAGS_SKB_MODE
	XDP_FLAGS_DRV_MODE
	XDP_FLAGS_HW_MODE
	XDP_FLAGS_MODES = XDP_FLAGS_SKB_MODE | XDP_FLAGS_DRV_MODE | XDP_FLAGS_HW_MODE
	XDP_FLAGS_MASK  = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_MODES
)
View Source 
const (
	DEBUG_LLVM_IR            uint = 0x1  // compiled LLVM IR
	DEBUG_BPF                uint = 0x2  // loaded BPF bytecode and register state on branches
	DEBUG_PREPROCESSOR       uint = 0x4  // pre-processor result
	DEBUG_SOURCE             uint = 0x8  // ASM instructions embedded with source
	DEBUG_BPF_REGISTER_STATE uint = 0x10 // register state on all instructions in addition to DEBUG_BPF
	DEBUG_BTF                uint = 0x20 // print the messages from the libbpf library.
)

Debug flags Reference: https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md#1-bpf

View Source 
const BPF_MAX_STACK_DEPTH = 127

From src/cc/export/helpers.h This must be always sync with BPF.h

View Source 
const DEFAULT_PERF_BUFFER_PAGE_CNT = 8
View Source 
const KernelAddressSpace = 0x00ffffffffffffff

Variables

This section is empty.

Functions

func FixSyscallFnName 

func FixSyscallFnName(name string) string

func GetHostByteOrder 

func GetHostByteOrder() binary.ByteOrder

GetHostByteOrder returns the current byte-order.

func GetSyscallFnName 

func GetSyscallFnName(name string) string

func GetSyscallPrefix 

func GetSyscallPrefix() string

func GetUserAddresses 

func GetUserAddresses(module, expr string) ([]uint64, error)

func GetUserFunctions 

func GetUserFunctions(module, expr string) ([]string, error)

func LoadProcKallsymWithCallback 

func LoadProcKallsymWithCallback(callback func(sym *Symbol)) error

Types

type Config 

type Config struct {
	Name     string
	Fd       int
	KeySize  uint64
	LeafSize uint64
	KeyDesc  string
	LeafDesc string
	Capacity int
}

type LoadOption 

type LoadOption func(*LoadOptions)

func LoadWithAttachType 

func LoadWithAttachType(attachType int) LoadOption

func LoadWithDevice 

func LoadWithDevice(device string) LoadOption

type LoadOptions 

type LoadOptions struct {
	Device     string
	AttachType int
}

func DefaultLoadOptions 

func DefaultLoadOptions() *LoadOptions

type LostSamples 

type LostSamples func(uint64)

type Module 

type Module struct {
	*ModuleOptions
	// contains filtered or unexported fields
}

Module type

func NewModule 

func NewModule(code string, opt ...ModuleOption) (*Module, error)

NewModule asynchronously compiles the code, generates a new BPF module and returns it.

func (*Module) AttachKprobe 

func (bpf *Module) AttachKprobe(fnName string, fd int, maxActive int) error

AttachKprobe attaches a kprobe fd to a function.

func (*Module) AttachKretprobe 

func (bpf *Module) AttachKretprobe(fnName string, fd int, maxActive int) error

AttachKretprobe attaches a kretprobe fd to a function.

func (*Module) AttachMatchingUprobes 

func (bpf *Module) AttachMatchingUprobes(name, match string, fd, pid int) error

AttachMatchingUprobes attaches a uprobe fd to all symbols in the library or binary 'name' that match a given pattern. The 'name' argument can be given as either a full library path (/usr/lib/..), a library without the lib prefix, or as a binary with full path (/bin/bash) A pid can be given, or -1 to attach to all processes

Presently attempts to trace processes running in a different namespace to the tracer will fail due to limitations around namespace-switching in multi-threaded programs (such as Go programs)

func (*Module) AttachMatchingUretprobes 

func (bpf *Module) AttachMatchingUretprobes(name, match string, fd, pid int) error

AttachMatchingUretprobes attaches a uretprobe fd to all symbols in the library or binary 'name' that match a given pattern. The 'name' argument can be given as either a full library path (/usr/lib/..), a library without the lib prefix, or as a binary with full path (/bin/bash) A pid can be given, or -1 to attach to all processes

Presently attempts to trace processes running in a different namespace to the tracer will fail due to limitations around namespace-switching in multi-threaded programs (such as Go programs)

func (*Module) AttachPerfEvent 

func (bpf *Module) AttachPerfEvent(evType, evConfig int, samplePeriod int, sampleFreq int, pid, cpu, groupFd, fd int) error

AttachPerfEvent attaches a perf event fd to a function Argument 'evType' is a member of 'perf_type_id' enum in the kernel header 'include/uapi/linux/perf_event.h'. Argument 'evConfig' is one of PERF_COUNT_* constants in the same file.

func (*Module) AttachRawTracepoint 

func (bpf *Module) AttachRawTracepoint(name string, fd int) error

AttachRawTracepoint attaches a raw tracepoint fd to a function The 'name' argument is in the format 'name', there is no category

func (*Module) AttachTracepoint 

func (bpf *Module) AttachTracepoint(name string, fd int) error

AttachTracepoint attaches a tracepoint fd to a function The 'name' argument is in the format 'category:name'

func (*Module) AttachUprobe 

func (bpf *Module) AttachUprobe(name, symbol string, fd, pid int) error

AttachUprobe attaches a uprobe fd to the symbol in the library or binary 'name' The 'name' argument can be given as either a full library path (/usr/lib/..), a library without the lib prefix, or as a binary with full path (/bin/bash) A pid can be given to attach to, or -1 to attach to all processes

Presently attempts to trace processes running in a different namespace to the tracer will fail due to limitations around namespace-switching in multi-threaded programs (such as Go programs)

func (*Module) AttachUretprobe 

func (bpf *Module) AttachUretprobe(name, symbol string, fd, pid int) error

AttachUretprobe attaches a uretprobe fd to the symbol in the library or binary 'name' The 'name' argument can be given as either a full library path (/usr/lib/..), a library without the lib prefix, or as a binary with full path (/bin/bash) A pid can be given to attach to, or -1 to attach to all processes

Presently attempts to trace processes running in a different namespace to the tracer will fail due to limitations around namespace-switching in multi-threaded programs (such as Go programs)

func (*Module) AttachXDP 

func (bpf *Module) AttachXDP(devName string, fd int) error

AttachXDP attaches a xdp fd to a device.

func (*Module) AttachXDPWithFlags 

func (bpf *Module) AttachXDPWithFlags(devName string, fd int, flags uint32) error

AttachXDPWithFlags attaches a xdp fd to a device with flags.

func (*Module) Close 

func (bpf *Module) Close()

Close takes care of closing all kprobes opened by this modules and destroys the underlying libbpf module.

func (*Module) ClosePerfBuffer 

func (bpf *Module) ClosePerfBuffer(name string) error

func (*Module) GetPerfBuffer 

func (bpf *Module) GetPerfBuffer(name string) *PerfEvent

func (*Module) GetProgramTag 

func (bpf *Module) GetProgramTag(fd int) (tag uint64, err error)

GetProgramTag returns a tag for ebpf program under passed fd

func (*Module) GetRingBuffer 

func (bpf *Module) GetRingBuffer(name string) *RingBuf

func (*Module) GetSymCache 

func (bpf *Module) GetSymCache(pid int) *SymbolCache

func (*Module) Load 

func (bpf *Module) Load(name string, progType int, opt ...LoadOption) (int, error)

Load a program.

func (*Module) LoadKprobe 

func (bpf *Module) LoadKprobe(name string, opt ...LoadOption) (int, error)

LoadKprobe loads a program of type BPF_PROG_TYPE_KPROBE.

func (*Module) LoadNet 

func (bpf *Module) LoadNet(name string, opt ...LoadOption) (int, error)

LoadNet loads a program of type BPF_PROG_TYPE_SCHED_ACT.

func (*Module) LoadPerfEvent 

func (bpf *Module) LoadPerfEvent(name string, opt ...LoadOption) (int, error)

LoadPerfEvent loads a program of type BPF_PROG_TYPE_PERF_EVENT

func (*Module) LoadRawTracepoint 

func (bpf *Module) LoadRawTracepoint(name string, opt ...LoadOption) (int, error)

LoadRawTracepoint loads a program of type BPF_PROG_TYPE_RAW_TRACEPOINT

func (*Module) LoadTracepoint 

func (bpf *Module) LoadTracepoint(name string, opt ...LoadOption) (int, error)

LoadTracepoint loads a program of type BPF_PROG_TYPE_TRACEPOINT

func (*Module) LoadUprobe 

func (bpf *Module) LoadUprobe(name string, opt ...LoadOption) (int, error)

LoadUprobe loads a program of type BPF_PROG_TYPE_KPROBE.

func (*Module) OpenPerfBuffer 

func (bpf *Module) OpenPerfBuffer(name string, rawCb RawSample, lostCb LostSamples, pageCnt int) error

func (*Module) OpenRingBuffer 

func (bpf *Module) OpenRingBuffer(name string, cb RingbufSample) error

func (*Module) PollPerfBuffer 

func (bpf *Module) PollPerfBuffer(name string, timeout time.Duration) int

func (*Module) PollRingBuffer 

func (bpf *Module) PollRingBuffer(name string, timeout time.Duration) int

func (*Module) ReleaseSymCache 

func (bpf *Module) ReleaseSymCache(pid int)

func (*Module) RemoveXDP 

func (bpf *Module) RemoveXDP(devName string) error

RemoveXDP removes any xdp from this device.

func (*Module) ResolveKernelSymbol 

func (bpf *Module) ResolveKernelSymbol(addr uint64, opts ResolveSymbolOptions) string

ResolveKernelSymbol translate a kernel memory address into a kernel function name, which is returned. When the show module is set, the module name ("kernel") is also included. When the show offset is set, the instruction offset as a hexadecimal number is also included in the string

Example outout when both show module and show offset are set: 

"__x64_sys_epoll_pwait+0x00000077 [kernel]"

func (*Module) ResolveKernelSymbolAddr 

func (bpf *Module) ResolveKernelSymbolAddr(name string) (uint64, error)

ResolveKernelSymbolAddr translate a kernel name into address. This is the reverse of ResolveKernelSymbol. This function will return an error if unable to resolve the function name.

func (*Module) ResolveSymbol 

func (bpf *Module) ResolveSymbol(pid int, addr uint64, opts ResolveSymbolOptions) string

ResolveSymbol Translate a memory address into a function name for a pid, which is returned. When the show module option is set, the module name is also included. When the show offset is set, the instruction offset as a hexadecimal number is also included in the return string. A pid of lss than zero will access the kernel symbol cache.

Example output when both show module and show offset are set: 

"net/http.HandlerFunc.ServeHTTP+0x0000002f [.app]"

Example output when both show module and show offset are unset: 

"net/http.HandlerFunc.ServeHTTP"

func (*Module) TableDesc 

func (bpf *Module) TableDesc(id uint64) map[string]interface{}

TableDesc returns a map with table properties (name, fd, ...).

func (*Module) TableId 

func (bpf *Module) TableId(name string) C.size_t

TableId returns the id of a table.

func (*Module) TableIter 

func (bpf *Module) TableIter() <-chan map[string]interface{}

TableIter returns a receveier channel to iterate over entries.

func (*Module) TableSize 

func (bpf *Module) TableSize() uint64

TableSize returns the number of tables in the module.

type ModuleOption 

type ModuleOption func(*ModuleOptions)

func WithAllowRlimit 

func WithAllowRlimit(allow bool) ModuleOption

func WithCFlags 

func WithCFlags(cflag ...string) ModuleOption

func WithDebug 

func WithDebug(mode uint) ModuleOption

func WithDevice 

func WithDevice(device string) ModuleOption

type ModuleOptions 

type ModuleOptions struct {
	Debug       uint
	CFlags      []string
	AllowRlimit bool
	Device      string
}

func DefaultModuleOptions 

func DefaultModuleOptions() *ModuleOptions

type PerfEvent 

type PerfEvent struct {
	// contains filtered or unexported fields
}

TODO(vietanhduong): Implement open perf event

func CreatePerfBuffer 

func CreatePerfBuffer(table *Table) *PerfEvent

func (*PerfEvent) Close 

func (perf *PerfEvent) Close() error

func (*PerfEvent) CloseAllCpu 

func (perf *PerfEvent) CloseAllCpu() error

func (*PerfEvent) OpenAllCpu 

func (perf *PerfEvent) OpenAllCpu(raw RawSample, lost LostSamples, pageCnt int) error

func (*PerfEvent) Poll 

func (perf *PerfEvent) Poll(timeout time.Duration) int

type RawSample 

type RawSample func([]byte, int)

type ResolveSymbolOptions 

type ResolveSymbolOptions struct {
	ShowOffset bool
	ShowModule bool
	NoDemangle bool
}

type RingBuf 

type RingBuf struct {
	// contains filtered or unexported fields
}

func CreateRingBuf 

func CreateRingBuf(table *Table) *RingBuf

func (*RingBuf) Close 

func (t *RingBuf) Close()

func (*RingBuf) OpenRingBuffer 

func (t *RingBuf) OpenRingBuffer(cb RingbufSample) error

func (*RingBuf) Poll 

func (t *RingBuf) Poll(timeout time.Duration) int

type RingbufSample 

type RingbufSample func([]byte, int)

type Symbol 

type Symbol struct {
	Name   string
	Module string
	Offset uint64
}

func LoadProcKallsym 

func LoadProcKallsym() ([]*Symbol, error)

func MatchUserSymbols 

func MatchUserSymbols(module, expr string) ([]*Symbol, error)

func (*Symbol) String 

func (k *Symbol) String() string

type SymbolCache 

type SymbolCache struct {
	// contains filtered or unexported fields
}

func NewSymbolCache 

func NewSymbolCache(pid int) *SymbolCache

func (*SymbolCache) Close 

func (c *SymbolCache) Close()

func (*SymbolCache) Resolve 

func (c *SymbolCache) Resolve(address uint64, demangle bool) *Symbol

func (*SymbolCache) ResolveName 

func (c *SymbolCache) ResolveName(module, name string) (uint64, error)

func (*SymbolCache) SymbolOrAddrIfUnknown 

func (c *SymbolCache) SymbolOrAddrIfUnknown(addr uint64) string

type Table 

type Table struct {
	// contains filtered or unexported fields
}

Table references a BPF table. The zero value cannot be used.

func NewTable 

func NewTable(id C.size_t, module *Module) *Table

New tables returns a refernce to a BPF table.

func (*Table) ClearStackId 

func (table *Table) ClearStackId(stackId int)

func (*Table) Config 

func (table *Table) Config() *Config

Config returns the table properties (name, fd, ...).

func (*Table) Delete 

func (table *Table) Delete(key []byte) error

Delete a key.

func (*Table) DeleteAll 

func (table *Table) DeleteAll() error

DeleteAll deletes all entries from the table

func (*Table) DeleteP 

func (table *Table) DeleteP(key unsafe.Pointer) error

DeleteP a key.

func (*Table) First 

func (table *Table) First(key unsafe.Pointer) bool

func (*Table) Get 

func (table *Table) Get(key []byte) ([]byte, error)

Get takes a key and returns the value or nil, and an 'ok' style indicator.

func (*Table) GetAddrSymbol 

func (table *Table) GetAddrSymbol(addr uint64, pid int) string

func (*Table) GetP 

func (table *Table) GetP(key unsafe.Pointer) (unsafe.Pointer, error)

GetP takes a key and returns the value or nil.

func (*Table) GetStackAddr 

func (table *Table) GetStackAddr(stackId int, clear bool) []uint64

func (*Table) ID 

func (table *Table) ID() int

ID returns the table id.

func (*Table) Iter 

func (table *Table) Iter() *TableIterator

Iter returns an iterator to list all table entries available as raw bytes.

func (*Table) KeyBytesToStr 

func (table *Table) KeyBytesToStr(key []byte) (string, error)

KeyBytesToStr returns the given key value formatted using the bcc-table's key string printer.

func (*Table) KeyStrToBytes 

func (table *Table) KeyStrToBytes(keyStr string) ([]byte, error)

func (*Table) LeafBytesToStr 

func (table *Table) LeafBytesToStr(leaf []byte) (string, error)

LeafBytesToStr returns the given leaf value formatted using the bcc-table's leaf string printer.

func (*Table) LeafStrToBytes 

func (table *Table) LeafStrToBytes(leafStr string) ([]byte, error)

func (*Table) Lookup 

func (table *Table) Lookup(key, value unsafe.Pointer) error

func (*Table) Name 

func (table *Table) Name() string

Name returns the table name.

func (*Table) Next 

func (table *Table) Next(key, nextKey unsafe.Pointer) error

func (*Table) Remove 

func (table *Table) Remove(key unsafe.Pointer) error

func (*Table) Set 

func (table *Table) Set(key, leaf []byte) error

Set a key to a value.

func (*Table) SetP 

func (table *Table) SetP(key, leaf unsafe.Pointer) error

SetP a key to a value as unsafe.Pointer.

func (*Table) Update 

func (table *Table) Update(key, value unsafe.Pointer) error

func (*Table) UpdateSymbolOptions 

func (table *Table) UpdateSymbolOptions(useDebugFile, checkDebugFileCrc, lazySymbolize bool, useSymbolType int)

type TableIterator 

type TableIterator struct {
	// contains filtered or unexported fields
}

TableIterator contains the current position for iteration over a *bcc.Table and provides methods for iteration.

func (*TableIterator) Err 

func (it *TableIterator) Err() error

Err returns the last error that ocurred while table.Iter oder iter.Next

func (*TableIterator) Key 

func (it *TableIterator) Key() []byte

Key returns the current key value of the iterator, if the most recent call to Next returned true. The slice is valid only until the next call to Next.

func (*TableIterator) Leaf 

func (it *TableIterator) Leaf() []byte

Leaf returns the current leaf value of the iterator, if the most recent call to Next returned true. The slice is valid only until the next call to Next.

func (*TableIterator) Next 

func (it *TableIterator) Next() bool

Next looks up the next element and return true if one is available.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.