CloneTracer
- class duetector.tracers.bcc.clone.CloneTracer(config: Config | dict[str, Any] | None = None, *args, **kwargs)[source]
Bases:
BccTracerA tracer for clone syscall.
- attach_type: str | None = 'kprobe'
Attatch type for
bcc.BPF, called asBPF.attatch_{attach_type},
- property attatch_args
dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object’s
(key, value) pairs
- dict(iterable) -> new dictionary initialized as if via:
d = {} for k, v in iterable:
d[k] = v
- dict(**kwargs) -> new dictionary initialized with the name=value pairs
in the keyword argument list. For example: dict(one=1, two=2)
- data_t
alias of
CloneTracking
- default_config = {'attach_event': '__x64_sys_clone', 'disabled': False, 'poll_timeout': 10}
Default config for this tracer.
- name: str | None = '__x64_sys_clone'
Name for this tracer. Will be used for collecting data.
- property poll_args
dict() -> new empty dictionary dict(mapping) -> new dictionary initialized from a mapping object’s
(key, value) pairs
- dict(iterable) -> new dictionary initialized as if via:
d = {} for k, v in iterable:
d[k] = v
- dict(**kwargs) -> new dictionary initialized with the name=value pairs
in the keyword argument list. For example: dict(one=1, two=2)
- poll_fn: str = 'ring_buffer_poll'
Poll function name in
bcc.BPF
- prog: str = '\n #include <linux/sched.h>\n\n // define output data structure in C\n struct data_t {\n u32 pid;\n u32 uid;\n u32 gid;\n u64 timestamp;\n char comm[TASK_COMM_LEN];\n };\n BPF_RINGBUF_OUTPUT(buffer, 1 << 4);\n\n int do_trace(struct pt_regs *ctx) {\n struct data_t data = {};\n\n data.pid = bpf_get_current_pid_tgid();\n data.uid = bpf_get_current_uid_gid();\n data.gid = bpf_get_current_uid_gid() >> 32;\n data.timestamp = bpf_ktime_get_ns();\n bpf_get_current_comm(&data.comm, sizeof(data.comm));\n\n buffer.ringbuf_output(&data, sizeof(data), 0);\n\n return 0;\n }\n '
bpf program