Commit Graph

2 Commits

Author SHA1 Message Date
7af1728eed Cleanup done and documtation added
symbolyze.go has been simplified and cleaned up.  It now also is documented,
f.e.:

 % go doc Scanner
package symbolyze // import "."

type Scanner struct {
	*log.Logger // Embedded logger

	// Has unexported fields.
}
    Scanner represents an engine for scanning for a specific symbol in all
    ELF-files matching a certain pattern. The pattern is described in
    fileapth.Match().

    Once a Scanner is created with New(), it should be populated with Observer
    functions using OnFound(). Optionally, the scanner can be put into debugging
    mode by a call to DebugOn() prior to a call to Run().

    A call to Scanner.Run() then starts the engine and it will scan all pids in
    /proc. Whenever a match is found, all observers will be called with the
    (pid, offset), concurrently.

func New(symbol, pathglob string) *Scanner
func (S *Scanner) DebugOn()
func (S *Scanner) OnFound(fun Observer)
func (S *Scanner) Run() error
2020-01-15 23:26:30 +01:00
fb59ca1072 modular solution, first working draft
symbolyze/ now contains a module that exposes a Finder type with a
simple API, like:

	finder := symbolyze.New("_PyRuntime", "*python3*")
	finder.Debug(true)
	finder.OnFound(mapFD.Set)
	finder.Run()

Instead of writing (pid, offset) directly to a eBPF-map, it implements
an observer-pattern and expects a callback.

TODOs/next steps:

	- Write documentation
	- Add tests
	- Experiment and re-evaluate design
2020-01-15 20:42:53 +01:00