4444
4545#include " src/common/base/base.h"
4646#include " src/common/json/json.h"
47+ #include " src/stirling/bpf_tools/probe_specs/probe_specs.h"
4748#include " src/stirling/bpf_tools/task_struct_resolver.h"
4849#include " src/stirling/obj_tools/elf_reader.h"
4950
@@ -64,164 +65,6 @@ namespace px {
6465namespace stirling {
6566namespace bpf_tools {
6667
67- enum class BPFProbeAttachType {
68- // Attach to function entry.
69- kEntry = BPF_PROBE_ENTRY,
70- // Attach to function return (BCC native way, using stack).
71- kReturn = BPF_PROBE_RETURN,
72- // Attach to all function return instructions (required for golang).
73- kReturnInsts ,
74- };
75-
76- /* *
77- * Describes a kernel probe (kprobe).
78- */
79- struct KProbeSpec {
80- // Name of kernel function to probe (currently must be syscall).
81- std::string_view kernel_fn;
82-
83- // Whether this is an ENTRY or RETURN probe.
84- BPFProbeAttachType attach_type = BPFProbeAttachType::kEntry ;
85-
86- // Name of user-provided function to run when event is triggered.
87- std::string_view probe_fn;
88-
89- // If true the kernel_fn is the short name of a syscall.
90- bool is_syscall = true ;
91-
92- // Whether to fail if the kprobe doesn't deploy. Useful in case the symbol may not exist in some
93- // kernels.
94- bool is_optional = false ;
95-
96- std::string ToString () const {
97- return absl::Substitute (" [kernel_function=$0 type=$1 probe=$2]"
98- magic_enum::enum_name (attach_type), probe_fn);
99- }
100- };
101-
102- /* *
103- * Describes a userspace probe (uprobe).
104- */
105- struct UProbeSpec {
106- // The canonical path to the binary to which this uprobe is attached.
107- std::filesystem::path binary_path;
108-
109- // Exactly one of symbol and address must be specified.
110- std::string symbol;
111- uint64_t address = 0 ;
112-
113- // Must be identical to the default value of `pid` argument of BPF::{attach,detach}_uprobe().
114- static constexpr pid_t kDefaultPID = -1 ;
115-
116- // Specifies the target process to attach. This still requires setting binary_path, symbol or
117- // address.
118- pid_t pid = kDefaultPID ;
119-
120- BPFProbeAttachType attach_type = BPFProbeAttachType::kEntry ;
121- std::string probe_fn;
122- bool is_optional = false ;
123-
124- std::string ToString () const {
125- return absl::Substitute (
126- " [binary=$0 symbol=$1 address=$2 pid=$3 type=$4 probe_fn=$5 optional=$6]"
127- binary_path.string (), symbol, address, pid, magic_enum::enum_name (attach_type), probe_fn,
128- is_optional);
129- }
130-
131- std::string ToJSON () const {
132- ::px::utils::JSONObjectBuilder builder;
133- builder.WriteKV (" binary" string ());
134- builder.WriteKV (" symbol"
135- builder.WriteKV (" address" static_cast <int64_t >(address));
136- builder.WriteKV (" pid"
137- builder.WriteKV (" type" magic_enum::enum_name (attach_type));
138- builder.WriteKV (" probe_fn"
139- return builder.GetString ();
140- }
141- };
142-
143- /* *
144- * Describes a probe on a pre-defined kernel tracepoint.
145- */
146- struct TracepointSpec {
147- std::string tracepoint;
148- std::string probe_fn;
149-
150- std::string ToString () const {
151- return absl::Substitute (" [tracepoint=$0 probe=$1]"
152- }
153- };
154-
155- /* *
156- * Describes a sampling probe that triggers according to a time period.
157- * This is in contrast to KProbes and UProbes, which trigger based on
158- * a code event.
159- */
160- struct SamplingProbeSpec {
161- // Name of user-provided BPF function to run when probe is triggered.
162- std::string_view probe_fn;
163-
164- // Sampling period in milliseconds to trigger the probe.
165- uint64_t period_millis;
166- };
167-
168- /* *
169- * PerfBufferSizeCategory specifies which category (currently Data or Control) a perf buffer belongs
170- * to. This is used for accounting purposes, so that a maximum total size can be set per category.
171- */
172- enum class PerfBufferSizeCategory {
173- kUncategorized ,
174- kData ,
175- kControl ,
176- };
177-
178- /* *
179- * Describes a BPF perf buffer, through which data is returned to user-space.
180- */
181- struct PerfBufferSpec {
182- // Name of the perf buffer.
183- // Must be the same as the perf buffer name declared in the probe code with BPF_PERF_OUTPUT.
184- std::string name;
185-
186- // Function that will be called for every event in the perf buffer,
187- // when perf buffer read is triggered.
188- perf_reader_raw_cb probe_output_fn;
189-
190- // Function that will be called if there are lost/clobbered perf events.
191- perf_reader_lost_cb probe_loss_fn;
192-
193- // Size of perf buffer. Will be rounded up to and allocated in a power of 2 number of pages.
194- int size_bytes = 1024 * 1024 ;
195-
196- // We specify a maximum total size per PerfBufferSizeCategory, this specifies which size category
197- // to count this buffer's size against.
198- PerfBufferSizeCategory size_category = PerfBufferSizeCategory::kUncategorized ;
199-
200- std::string ToString () const {
201- return absl::Substitute (" name=$0 size_bytes=$1 size_category=$2"
202- magic_enum::enum_name (size_category));
203- }
204- };
205-
206- /* *
207- * Describes a perf event to attach.
208- * This can be run stand-alone and is not dependent on kProbes.
209- */
210- struct PerfEventSpec {
211- // The type of perf event (e.g. PERF_TYPE_HARDWARE, PERF_TYPE_SOFTWARE, etc.)
212- perf_type_id type;
213-
214- // The actual event to be counted (e.g. PERF_COUNT_HW_CPU_CYCLES).
215- uint32_t config;
216-
217- // Name of user-provided function to run when event is triggered.
218- std::string_view probe_fn;
219-
220- // Sampling period in number of events.
221- // Mutually exclusive with sample_freq.
222- uint64_t sample_period;
223- };
224-
22568/* *
22669 * Wrapper around BCC, as a convenience.
22770 */
0 commit comments