KProbe

perf_event::events

Struct KProbe 

Source 
pub struct KProbe(/* private fields */);
Expand description

Kernel-space probe event.

Kprobes allow you to dynamically insert breakpoints into kernel functions. This can be used to count function executions or to attach eBPF programs that run during those breakpoints.

There are two types of kprobes:

  • kprobes trigger when the relevant function is called (or, potentially, executed at an offset within that function).
  • kretprobes trigger just before the relevant function returns.

Kprobes can be create either for a named function or at a raw address in kernel space.

The internal documentation on how kprobes work is available here.

Implementations§

Source§

impl KProbe

Source

pub fn for_function(retprobe: bool, func: CString, offset: u64) -> Result<Self>

Create a kprobe or kretprobe for a named kernel function.

§Errors

This will attempt to read the kprobe PMU type from /sys/bus/event_source. It will return an error if the kprobe PMU is not available or the filesystem exposed by the kernel there is otherwise unparseable.

Source

pub fn for_addr(retprobe: bool, addr: u64) -> Result<Self>

Create a kprobe or kretprobe for a kernel address.

§Errors

This will attempt to read the kprobe PMU type from /sys/bus/event_source. It will return an error if the kprobe PMU is not available or the filesystem exposed by the kernel there is otherwise unparseable.

Source

pub fn probe(func: impl AsRef<[u8]>, offset: u64) -> Result<Self>

Create a kprobe on the given function at offset.

§Errors

This will attempt to read the kprobe PMU type from /sys/bus/event_source. It will return an error if the kprobe PMU is not available or the filesystem exposed by the kernel there is otherwise unparseable.

§Panics

Panics if func contains a nul byte other than at the very end.

Source

pub fn retprobe(func: impl AsRef<[u8]>, offset: u64) -> Result<Self>

Create a kretprobe on the given function at offset.

§Errors

This will attempt to read the kprobe PMU type from /sys/bus/event_source. It will return an error if the kprobe PMU is not available or the filesystem exposed by the kernel there is otherwise unparseable.

§Panics

Panics if func contains a nul byte other than at the very end.

Trait Implementations§

Source§

impl Clone for KProbe

Source§

fn clone(&self) -> KProbe

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for KProbe

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Event for KProbe

Source§

fn update_attrs(self, attr: &mut perf_event_attr)

Update the perf_event_attr struct so that it will record the requested event. Read more
Source§

fn update_attrs_with_data( self, attr: &mut perf_event_attr, ) -> Option<Arc<dyn EventData>>

Update the perf_event_attr struct so that it will record the requested event. Read more

Auto Trait Implementations§

§

impl Freeze for KProbe

§

impl RefUnwindSafe for KProbe

§

impl Send for KProbe

§

impl Sync for KProbe

§

impl Unpin for KProbe

§

impl UnwindSafe for KProbe

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> EventData for T
where T: Send + Sync,