github/weave-scope
1
0
Fork 0
mirror of https://github.com/weaveworks/scope.git synced 2026-05-06 01:08:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b2e6b97aa8089423c0f6623375d260ac62379708
weave-scope/probe/endpoint/procspy/spy.go
Alban Crequy d715ccc391 ebpf: handle fd_install events from tcptracer-bpf 
Since https://github.com/weaveworks/tcptracer-bpf/pull/39, tcptracer-bpf
can generate "fd_install" events when a process installs a new file
descriptor in its fd table. Those events must be requested explicitely
on a per-pid basis with tracer.AddFdInstallWatcher(pid).

This is useful to know about "accept" events that would otherwise be
missed because kretprobes are not triggered for functions that were
called before the installation of the kretprobe.

This patch find all the processes that are currently blocked on an
accept() syscall during the EbpfTracker initialization.
feedInitialConnections() will use tracer.AddFdInstallWatcher() to
subscribe to fd_install  events. When a fd_install event is received,
synthesise an accept event with the connection tuple and the network
namespace (from /proc).
2017-05-19 14:49:38 +02:00

52 lines
1.4 KiB
Go
Raw Blame History

// Package procspy lists TCP connections, and optionally tries to find the
// owning processes. Works on Linux (via /proc) and Darwin (via `lsof -i` and
// `netstat`). You'll need root to use Processes().
package procspy
import (
"net"
)
const (
// according to /include/net/tcp_states.h
tcpEstablished = 1
tcpFinWait1 = 4
tcpFinWait2 = 5
tcpCloseWait = 8
)
// Connection is a (TCP) connection. The Proc struct might not be filled in.
type Connection struct {
Transport string
LocalAddress net.IP
LocalPort uint16
RemoteAddress net.IP
RemotePort uint16
Inode uint64
Proc Proc
}
// Proc is a single process with PID and process name.
type Proc struct {
PID uint
Name string
NetNamespaceID uint64
}
// ConnIter is returned by Connections().
type ConnIter interface {
Next() *Connection
}
// ConnectionScanner scans the system for established (TCP) connections
type ConnectionScanner interface {
// Connections returns all established (TCP) connections. If processes is
// false we'll just list all TCP connections, and there is no need to be root.
// If processes is true it'll additionally try to lookup the process owning the
// connection, filling in the Proc field. You will need to run this as root to
// find all processes.
Connections(processes bool) (ConnIter, error)
// Stops the scanning
Stop()
}
Reference in New Issue View Git Blame Copy Permalink