Categorygithub.com/elastic/tk-btf
modulepackage
0.1.0
Repository: https://github.com/elastic/tk-btf.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
9
Dependents
2
Files
1.3k SLOC

# README

Tracing KProbes from BTF (tk-btf)

Build status

tk-btf is a Go package to fabricate the string representation of Linux tracing kprobes based on BTF files.

Quick Start

To try out tk-btf have a look at the examples folder.

License

This software is licensed under the Apache License, version 2 ("ALv2"), quoted below.

Copyright 2023-2024 Elasticsearch https://www.elastic.co

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This repository includes dependencies/submodules whose licenses are listed in LICENSE.txt.

# Packages

No description provided by the author

# Functions

BitFieldTypeMask generates the string representation of a bitfield fetchArg type based on the given mask value (https://docs.kernel.org/trace/kprobetrace.html#types).
NewFetchArg creates and returns a new fetchArg with the given name and type.
NewKProbe creates and returns new Probe of type ProbeTypeKProbe.
NewKRetProbe creates and returns new Probe of type ProbeTypeKRetProbe.
NewSpecFromKernel generates a new Spec from the kernel.
NewSpecFromPath generates a new Spec from the given file path.
NewSpecFromReader generates a new Spec from the given io.ReaderAt.
NewSymbol creates and returns a new Symbol instance with the given symbol names.
NewSymbolWithoutValidation creates and returns a new Symbol instance which during build won't try to extract the function prototype from the btf spec.

# Constants

ProbeTypeKProbe captures a KProbe.
ProbeTypeKRetProbe captures a KRetProbe.
WrapNone there is no wrapping to the type.
WrapPointer the type will be wrapped under a pointer that targets to it.
WrapStructPointer the type will be wrapped as a member of an arbitrary struct at offset zero which is wrapped under a pointer.

# Variables

ErrArrayIndexInvalidField means that the field specified as an array index is invalid.
ErrDuplicateFetchArgs means that two or more fetch args with the same name are specified.
ErrFieldNotFound means that a field is not part of the parent btf type members.
ErrFuncParamNotFound means that the function parameter was not found in the btf func proto.
ErrIncompatibleFetchArg means that a fetch arg is assigned to probe type that is not compatible with, e.g.
ErrMissingFieldBuilders means that the fetch args has not any field builders assigned.
ErrMissingFields means that the fetch arg of a type that requires fields has not any fields assigned.
ErrMissingSymbolNames means that no symbol names are specified.
ErrSpecKernelNotSupported means that the running kernel does not support btf.
ErrSymbolNotFound means that the symbol (aka function name) was not found in the BTF spec.
ErrUnsupportedArch means that the architecture is not supported.
ErrUnsupportedFuncParamIndex means that the parameter index could not be mapped to any register.
ErrUnsupportedWrapType means that the wrap type is not supported.

# Structs

No description provided by the author
Spec holds the btfSpec and the registersResolver.
No description provided by the author
Symbol represents a function symbol and holds the list of probes associated with it.

# Type aliases

ProbeType highlights the type of the Probe.
Wrap indicates if and how the first field should be wrapped in fieldsBuilder that process the fields without relying on the existence of the function prototype in the BTF spec, namely FuncParamWithCustomType, FuncParamArbitrary and FuncReturnArbitrary.