vista

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 30, 2024 License: Apache-2.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SOCK_STREAM    sockType = 1
	SOCK_DGRAM     sockType = 2
	SOCK_RAW       sockType = 3
	SOCK_RDM       sockType = 4
	SOCK_SEQPACKET sockType = 5
	SOCK_DCCP      sockType = 6
	SOCK_PACKET    sockType = 10
)
View Source 
const (
	TCP_ESTABLISHED sockState = 1 + iota
	TCP_SYN_SENT
	TCP_SYN_RECV
	TCP_FIN_WAIT1
	TCP_FIN_WAIT2
	TCP_TIME_WAIT
	TCP_CLOSE
	TCP_CLOSE_WAIT
	TCP_LAST_ACK
	TCP_LISTEN
	TCP_CLOSING /* Now a valid state */
	TCP_NEW_SYN_RECV
	TCP_BOUND_INACTIVE /* Pseudo-state for inet_diag */
)
View Source 
const (
	ProgNameFentryTC = "fentry_tc"
	ProgNameFexitTC  = "fexit_tc"

	ProgNameFentryTCPcap = "fentry_tc_pcap"
	ProgNameFexitTCPcap  = "fexit_tc_pcap"

	ProgNameFentryXDP = "fentry_xdp"
	ProgNameFexitXDP  = "fexit_xdp"

	ProgNameFentryXDPPcap = "fentry_xdp_pcap"
	ProgNameFexitXDPPcap  = "fexit_xdp_pcap"
)
View Source 
const (
	MaxStackDepth = 50

	BackendKprobe      = "kprobe"
	BackendKprobeMulti = "kprobe-multi"
)

Variables

View Source 
var Version string = "version unknown"

Version is the vista version and is set at compile time via LDFLAGS-

Functions

func AttachKprobeMulti 

func AttachKprobeMulti(ctx context.Context, bar *pb.ProgressBar, kprobes []Kprobe, a2n Addr2Name) (links []link.Link, ignored int)

AttachKprobeMulti attaches kprobe-multi serially.

func AttachKprobes 

func AttachKprobes(ctx context.Context, bar *pb.ProgressBar, kps []Kprobe, batch uint) (links []link.Link, ignored int)

AttachKprobes attaches kprobes concurrently.

func DetectKfreeSkbReason 

func DetectKfreeSkbReason(spec *btf.Spec) bool

func GetFuncsByPos 

func GetFuncsByPos(funcs Funcs) map[int][]string

func HaveAvailableFilterFunctions 

func HaveAvailableFilterFunctions() bool

func HaveBPFLinkKprobeMulti 

func HaveBPFLinkKprobeMulti() bool

Very hacky way to check whether multi-link kprobe is supported.

func HaveBPFLinkTracing 

func HaveBPFLinkTracing() bool

Very hacky way to check whether tracing link is supported.

func HaveBpfSkbOutput 

func HaveBpfSkbOutput() bool

func HaveBpfXdpOutput 

func HaveBpfXdpOutput() bool

func InjectPcapFilter 

func InjectPcapFilter(spec *ebpf.CollectionSpec, f *Flags)

func KprobeIptables 

func KprobeIptables(coll *ebpf.Collection) *iptablesKprober

func KprobeSkb 

func KprobeSkb(ctx context.Context, funcs Funcs, coll *ebpf.Collection, a2n Addr2Name, useKprobeMulti bool, batch uint, supportKfreeSkbReason bool, dropstack bool) *skbKprober

func KprobeSock 

func KprobeSock(ctx context.Context, funcs Funcs, coll *ebpf.Collection,
	a2n Addr2Name, useKprobeMulti bool, batch uint,
) *sockKprober

func KprobeTCP 

func KprobeTCP(coll *ebpf.Collection) *tcpKprober

func ParseKallsyms 

func ParseKallsyms(funcsSkb, funcsSk Funcs, all bool) (Addr2Name, BpfProgName2Addr, error)

func TraceTC 

func TraceTC(options TracingOptions) *tracing

func TraceXDP 

func TraceXDP(options TracingOptions) *tracing

func TrackSkb 

func TrackSkb(coll *ebpf.Collection, haveFexit bool) *skbTracker

func TrimBpfSpec 

func TrimBpfSpec(spec *ebpf.CollectionSpec, f *Flags, haveFexit bool)

Types

type Addr2Name 

type Addr2Name struct {
	Addr2NameMap   map[uint64]*ksym
	Addr2NameSlice []*ksym
	Name2AddrMap   map[string][]uintptr
}

type BpfProgName2Addr 

type BpfProgName2Addr map[string]uint64

type Bytes 

type Bytes uint64

func (Bytes) String 

func (b Bytes) String() string

type Event 

type Event struct {
	PID          uint32
	Type         uint8
	Source       uint8
	Pad          uint16
	Addr         uint64
	SAddr        uint64
	Timestamp    uint64
	PrintSkbId   uint64
	PrintStackId int64
	Tuple        Tuple
	Meta         Meta
	CPU          uint32
	Data         [72]byte
}

func (*Event) Iptables 

func (e *Event) Iptables() *IptablesMeta

func (*Event) Pcap 

func (e *Event) Pcap() *PcapMeta

func (*Event) Sock 

func (e *Event) Sock() *SockMeta

func (*Event) TCP 

func (e *Event) TCP() *TCPMeta

type FilterCfg 

type FilterCfg struct {
	FilterNetns   uint32
	FilterSkbMark uint32
	FilterSkMark  uint32
	FilterIfindex uint32

	FilterTCPLifetime uint64

	FilterIPv4    [4]byte
	FilterPortBe  [2]byte
	FilterPort    uint16
	FilterL4Proto uint16

	OutputFlags uint16

	PcapSnapLen uint16
	Pad         uint16
}

func GetConfig 

func GetConfig(flags *Flags) (cfg FilterCfg, err error)

type Flags 

type Flags struct {
	ShowVersion bool
	ShowHelp    bool

	KernelBTF string

	FilterTraceSkb      bool
	FilterTraceSk       bool
	FilterTraceIptables bool
	FilterTraceTCP      bool
	FilterTrackSkb      bool
	FilterTraceTc       bool
	FilterTraceXdp      bool

	FilterNetns       string
	FilterSkbMark     uint32
	FilterSkMark      uint32
	FilterSkbFunc     string
	FilterSkFunc      string
	FilterIfname      string
	FilterPcap        string
	FilterKprobeBatch uint

	FilterProto string

	FilterAddr string

	FilterPort uint16

	FilterTCPLifetime time.Duration

	OutputTS string

	OutputMeta       bool
	OutputTuple      bool
	OutputSkb        bool
	OutputStack      bool
	OutputIptables   bool
	OutputTCP        bool
	OutputSk         bool
	OutputLimitLines int64
	OutputFile       string

	PcapFile    string
	PcapSnaplen uint16
	PcapMode    []string

	FilterSkbDropStack bool

	KMods    []string
	AllKMods bool

	ReadyFile string

	KprobeBackend string

	PerCPUBuffer uint
	// contains filtered or unexported fields
}

func (*Flags) HavePcap 

func (f *Flags) HavePcap() bool

func (*Flags) Parse 

func (f *Flags) Parse()

func (*Flags) PrintHelp 

func (f *Flags) PrintHelp()

func (*Flags) SetFlags 

func (f *Flags) SetFlags()

type Funcs 

type Funcs map[string]int

func GetSkFuncs 

func GetSkFuncs(pattern string, spec *btf.Spec, kmods []string, kprobeMulti bool) (Funcs, error)

func GetSkbFuncs 

func GetSkbFuncs(pattern string, spec *btf.Spec, kmods []string, kprobeMulti bool) (Funcs, error)

type ICMPInfo 

type ICMPInfo struct {
	ID   uint16
	Seq  uint16
	Type uint8
}

type IptablesMeta 

type IptablesMeta struct {
	Table   [32]byte
	Delay   uint64
	Verdict uint32
	Hook    uint8
	Pf      uint8
	Pad     [2]byte
}

type Kprobe 

type Kprobe struct {
	HookFuncs []string
	Prog      *ebpf.Program
	// contains filtered or unexported fields
}

type Meta 

type Meta struct {
	Netns   uint32
	Mark    uint32
	Ifindex uint32
	Len     uint32
	MTU     uint32
	Proto   uint16
	PktType uint8

	IsKfreeSkbReason uint8
	KfreeSkbReason   uint32
}

type Output added in v0.1.1 

type Output struct {
	// contains filtered or unexported fields
}

func NewOutput 

func NewOutput(flags *Flags, printSkbMap *ebpf.Map, printStackMap *ebpf.Map,
	addr2Name Addr2Name, kprobeMulti bool, btfSpec *btf.Spec,
) (*Output, error)

func (*Output) Close added in v0.1.1 

func (o *Output) Close()

func (*Output) Pcap added in v0.1.1 

func (o *Output) Pcap(ev OutputEvent) error

func (*Output) Print added in v0.1.1 

func (o *Output) Print(ev OutputEvent)

func (*Output) PrintHeader added in v0.1.1 

func (o *Output) PrintHeader()

type OutputCounter 

type OutputCounter struct {
	// contains filtered or unexported fields
}

func NewOutputCounter 

func NewOutputCounter(limit int64) *OutputCounter

func (*OutputCounter) Next 

func (c *OutputCounter) Next() bool

type OutputEvent 

type OutputEvent struct {
	Event  *Event
	Packet []byte
	IsPcap bool
}

func NewOutputEvent 

func NewOutputEvent(raw []byte) (OutputEvent, error)

type PcapMeta 

type PcapMeta struct {
	RxQueue uint32
	CapLen  uint32
	Action  uint8
	IsFexit uint8
	Pad     [2]byte
}

type PortInfo 

type PortInfo struct {
	Sport uint16
	Dport uint16
}

type Reset 

type Reset uint8

func (Reset) String 

func (r Reset) String() string

type SockMeta 

type SockMeta struct {
	SkcBoundIfindex uint32
	// SkRxDstIfindex  uint32
	SkBacklog       uint32
	SkRcvBuff       uint32
	SkSndBuff       uint32
	SkPriority      uint32
	SkMark          uint32
	SkType          sockType
	SocketState     socketState
	SkcState        sockState
	SkcReusePort    uint8
	WithSocket      uint8
	SocketPad       uint8
	SocketFileInode uint64
	SocketFlags     uint64
}

type StackData 

type StackData struct {
	IPs [MaxStackDepth]uint64
}

type TCPMeta 

type TCPMeta struct {
	RxBytes  Bytes
	TxBytes  Bytes
	Lifetime uint64 // in ns
	Srtt     uint32 // in us
	Retrans  uint32
	SkMark   uint32
	Reset    uint8
	Pad      [3]byte
	Cong     [16]byte
	Comm     [16]byte
}

type TracingOptions 

type TracingOptions struct {
	Coll *ebpf.Collection
	Spec *ebpf.CollectionSpec
	Opts *ebpf.CollectionOptions

	OutputSkb bool
	Pcap      bool
	PcapModes []string
	N2A       BpfProgName2Addr
	// contains filtered or unexported fields
}

type Tuple 

type Tuple struct {
	Saddr    [16]byte
	Daddr    [16]byte
	L3Proto  uint16
	L4Proto  uint8
	ICMPType uint8
	Data     [4]byte
}

func (*Tuple) ICMPInfo 

func (t *Tuple) ICMPInfo() *ICMPInfo

func (*Tuple) PortInfo 

func (t *Tuple) PortInfo() *PortInfo

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.