Struct aya::programs::KProbe [−][src]
pub struct KProbe { /* fields omitted */ }
Expand description
A kernel probe.
Kernel probes are eBPF programs that can be attached to almost any function inside the kernel. They can be of two kinds:
kprobe
: get attached to the start of the target functionskretprobe
: get attached to the return address of the target functions
Minimum kernel version
The minimum kernel version required to use this feature is 4.1.
Examples
use aya::{Bpf, programs::KProbe};
use std::convert::TryInto;
let program: &mut KProbe = bpf.program_mut("intercept_wakeups")?.try_into()?;
program.load()?;
program.attach("try_to_wake_up", 0)?;
Implementations
Loads the program inside the kernel.
See also Program::load
.
Returns KProbe
if the program is a kprobe
, or KRetProbe
if the
program is a kretprobe
.
Attaches the program.
Attaches the probe to the given function name inside the kernel. If
offset
is non-zero, it is added to the address of the target
function.
If the program is a kprobe
, it is attached to the start address of the target function.
Conversely if the program is a kretprobe
, it is attached to the return address of the
target function.
Trait Implementations
type Error = ProgramError
type Error = ProgramError
The type returned in the event of a conversion error.