Struct aya::programs::KProbe

source · [−]

pub struct KProbe { /* private fields */ }

Expand description

A kernel probe.

Kernel probes are eBPF programs that can be attached to almost any function inside the kernel. They can be of two kinds:

kprobe: get attached to the start of the target functions
kretprobe: get attached to the return address of the target functions

Minimum kernel version

The minimum kernel version required to use this feature is 4.1.

Examples

use aya::{Bpf, programs::KProbe};
use std::convert::TryInto;

let program: &mut KProbe = bpf.program_mut("intercept_wakeups").unwrap().try_into()?;
program.load()?;
program.attach("try_to_wake_up", 0)?;

Implementations

impl KProbe

pub fn load(&mut self) -> Result<(), ProgramError>

Loads the program inside the kernel.

See also Program::load.

pub fn kind(&self) -> ProbeKind

Returns KProbe if the program is a kprobe, or KRetProbe if the program is a kretprobe.

pub fn attach(
    &mut self,
    fn_name: &str,
    offset: u64
) -> Result<LinkRef, ProgramError>

Attaches the program.

Attaches the probe to the given function name inside the kernel. If offset is non-zero, it is added to the address of the target function.

If the program is a kprobe, it is attached to the start address of the target function. Conversely if the program is a kretprobe, it is attached to the return address of the target function.

Trait Implementations

impl Debug for KProbe

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl ProgramFd for KProbe

fn fd(&self) -> Option<RawFd>

Returns the RawFd of the program if it has been loaded, or None

impl ProgramFd for &mut KProbe

fn fd(&self) -> Option<RawFd>

Returns the RawFd of the program if it has been loaded, or None

impl<'a> TryFrom<&'a Program> for &'a KProbe

type Error = ProgramError

The type returned in the event of a conversion error.

fn try_from(program: &'a Program) -> Result<&'a KProbe, ProgramError>

Performs the conversion.

impl<'a> TryFrom<&'a mut Program> for &'a mut KProbe

type Error = ProgramError

The type returned in the event of a conversion error.

fn try_from(program: &'a mut Program) -> Result<&'a mut KProbe, ProgramError>

Performs the conversion.

Auto Trait Implementations

impl !RefUnwindSafe for KProbe

impl !Send for KProbe

impl !Sync for KProbe

impl Unpin for KProbe

impl !UnwindSafe for KProbe

Blanket Implementations

impl<T> Any for T where
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
T: ?Sized,

const: unstable · source

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
T: ?Sized,

const: unstable · source

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T where
U: From<T>,

const: unstable · source

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T, U> TryFrom<U> for T where
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T where
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.