-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprobe.go
124 lines (105 loc) · 3.25 KB
/
probe.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.
package socket_tracer
import (
"strings"
)
const (
kprobeCfgFile = "kprobe_events"
uprobeCfgFile = "uprobe_events"
)
// ProbeType represents the type of a kprobe.
type ProbeType uint8
const (
TypeKProbe ProbeType = iota
TypeKRetProbe
TypeUProbe
TypeURetProbe
)
type probeSettings struct {
defaultGroup string
cfgFile string
prefix byte
}
var probeCfg = map[ProbeType]probeSettings{
TypeKProbe: {"kprobes", kprobeCfgFile, 'p'},
TypeKRetProbe: {"kprobes", kprobeCfgFile, 'r'},
TypeUProbe: {"uprobes", uprobeCfgFile, 'p'},
TypeURetProbe: {"uprobes", uprobeCfgFile, 'r'},
}
var probeFileInfo = make(map[string]map[byte]ProbeType, 2)
func init() {
for typ, cfg := range probeCfg {
m := probeFileInfo[cfg.cfgFile]
if m == nil {
m = make(map[byte]ProbeType, 2)
probeFileInfo[cfg.cfgFile] = m
}
m[cfg.prefix] = typ
}
}
// Probe represents a kprobe or kretprobe.
type Probe struct {
// Type tells whether this is a kprobe, kretprobe, uprobe or uretprobe.
Type ProbeType
// Group is the probe's group. If left unset, it will be automatically
// set to "kprobes" or "uprobes", depending on type. This affects where
// the probe configuration resides inside `debugfs`:
// /sys/kernel/debug/tracing/events/<group>/<name>
Group string
// Name is the name given to this probe. If left empty (not recommended),
// the kernel will give it a name based on Address. Then it will be
// necessary to list the installed probes and figure out which one it is,
// so it can be used with LoadProbeDescription.
Name string
// Address is the function name or address where the probe will be installed.
// According to the docs:
// - `[MOD:]SYM[+offs]|MEMADDR` for KProbes.
// - `PATH:OFFSET` for UProbes.
Address string
// Fetchargs is the string of arguments that will be fetched when the probe
// is hit.
Fetchargs string
// Filter is a filter expression to apply to this probe
Filter string
}
// String converts this probe to the textual representation expected by the Kernel.
func (p *Probe) String() string {
var builder strings.Builder
builder.WriteByte(p.settings().prefix)
builder.WriteByte(':')
if len(p.Group) > 0 {
builder.WriteString(p.Group)
builder.WriteByte('/')
}
builder.WriteString(p.Name)
builder.WriteByte(' ')
builder.WriteString(p.Address)
builder.WriteByte(' ')
builder.WriteString(p.Fetchargs)
return builder.String()
}
func (p *Probe) settings() probeSettings {
return probeCfg[p.Type]
}
// RemoveString converts this probe to the textual representation needed to
// remove the probe.
func (p *Probe) RemoveString() string {
var builder strings.Builder
builder.WriteString("-:")
if len(p.Group) > 0 {
builder.WriteString(p.Group)
builder.WriteByte('/')
}
builder.WriteString(p.Name)
return builder.String()
}
// EffectiveGroup is the actual group used to access this kprobe inside debugfs.
// It is the group given when setting the probe, or "kprobes" if unset.
func (p *Probe) EffectiveGroup() string {
if len(p.Group) > 0 {
return p.Group
}
return p.settings().defaultGroup
}