Documentation ¶
Index ¶
- Constants
- func AttachCgroupProgram(cgroupProg *CgroupProgram, cgroupPath string, attachType AttachType) error
- func AttachCgroupProgramFromFd(progFd int, cgroupPath string, attachType AttachType) error
- func AttachSocketFilter(socketFilter *SocketFilter, sockFd int) error
- func AttachUprobe(uprobe *Uprobe, path string, offset uint64) error
- func CurrentKernelVersion() (uint32, error)
- func DetachCgroupProgram(cgroupProg *CgroupProgram, cgroupPath string, attachType AttachType) error
- func DetachSocketFilter(socketFilter *SocketFilter, sockFd int) error
- func GetProgFd(pinPath string) int
- func GetSyscallFnName(name string) (string, error)
- func KernelVersionFromReleaseString(releaseString string) (uint32, error)
- func NowNanoseconds() uint64
- func PinObject(fd int, pinPath string) error
- func PinObjectGlobal(fd int, namespace, name string) error
- type AttachType
- type CgroupProgram
- type CloseOptions
- type Kprobe
- type Map
- type Module
- func (b *Module) AttachXDP(devName string, secName string) error
- func (b *Module) AttachXDPWithFlags(devName string, secName string, flags uint32) error
- func (b *Module) CgroupProgram(name string) *CgroupProgram
- func (b *Module) Close() error
- func (b *Module) CloseExt(options map[string]CloseOptions) error
- func (b *Module) DeleteElement(mp *Map, key unsafe.Pointer) error
- func (b *Module) EnableKprobe(secName string, maxactive int) error
- func (b *Module) EnableKprobes(maxactive int) error
- func (b *Module) EnableOptionCompatProbe()
- func (b *Module) EnableTracepoint(secName string) error
- func (b *Module) IterCgroupProgram() <-chan *CgroupProgram
- func (b *Module) IterKprobes() <-chan *Kprobe
- func (b *Module) IterMaps() <-chan *Map
- func (b *Module) IterSchedProgram() <-chan *SchedProgram
- func (b *Module) IterSocketFilter() <-chan *SocketFilter
- func (b *Module) IterTracepointProgram() <-chan *TracepointProgram
- func (b *Module) IterUprobes() <-chan *Uprobe
- func (b *Module) IterXDPProgram() <-chan *XDPProgram
- func (b *Module) Kprobe(name string) *Kprobe
- func (b *Module) Load(parameters map[string]SectionParams) error
- func (b *Module) Log() []byte
- func (b *Module) LookupAndDeleteElement(mp *Map, value unsafe.Pointer) error
- func (b *Module) LookupElement(mp *Map, key, value unsafe.Pointer) error
- func (b *Module) LookupNextElement(mp *Map, key, nextKey, value unsafe.Pointer) (bool, error)
- func (b *Module) Map(name string) *Map
- func (b *Module) PerfMapStop(mapName string) error
- func (b *Module) RemoveXDP(devName string) error
- func (b *Module) SchedProgram(name string) *SchedProgram
- func (b *Module) SocketFilter(name string) *SocketFilter
- func (b *Module) UpdateElement(mp *Map, key, value unsafe.Pointer, flags uint64) error
- func (b *Module) Uprobe(name string) *Uprobe
- func (b *Module) XDPProgram(name string) *XDPProgram
- type OrderedBytesArray
- type PerfEventHeader
- type PerfEventLost
- type PerfEventSample
- type PerfMap
- type SchedProgram
- type SectionParams
- type SocketFilter
- type TracepointProgram
- type Uprobe
- type XDPProgram
Constants ¶
const ( // Object pin settings should correspond to those of other projects, e.g.: // https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/tree/include/bpf_elf.h#n25 // Also it should be self-consistent with `elf/include/bpf.h` in the same repository. PIN_NONE = 0 PIN_OBJECT_NS = 1 PIN_GLOBAL_NS = 2 PIN_CUSTOM_NS = 3 )
const ( BPFDirGlobals = "globals" // as in iproute2's BPF_DIR_GLOBALS BPFFSPath = "/sys/fs/bpf/" )
Variables ¶
This section is empty.
Functions ¶
func AttachCgroupProgram ¶
func AttachCgroupProgram(cgroupProg *CgroupProgram, cgroupPath string, attachType AttachType) error
func AttachCgroupProgramFromFd ¶
func AttachCgroupProgramFromFd(progFd int, cgroupPath string, attachType AttachType) error
func AttachSocketFilter ¶
func AttachSocketFilter(socketFilter *SocketFilter, sockFd int) error
func AttachUprobe ¶
AttachUprobe attaches the uprobe's BPF script to the program or library at the given path and offset.
func CurrentKernelVersion ¶
CurrentKernelVersion returns the current kernel version in LINUX_VERSION_CODE format (see KernelVersionFromReleaseString())
func DetachCgroupProgram ¶
func DetachCgroupProgram(cgroupProg *CgroupProgram, cgroupPath string, attachType AttachType) error
func DetachSocketFilter ¶
func DetachSocketFilter(socketFilter *SocketFilter, sockFd int) error
func GetSyscallFnName ¶
Returns the qualified syscall named by going through '/proc/kallsyms' on the system on which its executed. It allows BPF programs that may have been compiled for older syscall functions to run on newer kernels
func KernelVersionFromReleaseString ¶
KernelVersionFromReleaseString converts a release string with format 4.4.2[-1] to a kernel version number in LINUX_VERSION_CODE format. That is, for kernel "a.b.c", the version number will be (a<<16 + b<<8 + c)
func NowNanoseconds ¶
func NowNanoseconds() uint64
NowNanoseconds returns a time that can be compared to bpf_ktime_get_ns()
func PinObjectGlobal ¶
PinObjectGlobal pins and object to a name in a namespaces e.g. `/sys/fs/bpf/my-namespace/globals/my-name`
Types ¶
type AttachType ¶
type AttachType int
const ( IngressType AttachType = iota EgressType SockCreateType )
type CgroupProgram ¶
type CgroupProgram struct { Name string // contains filtered or unexported fields }
CgroupProgram represents a cgroup skb/sock program
func (*CgroupProgram) Fd ¶
func (p *CgroupProgram) Fd() int
type CloseOptions ¶
type CloseOptions struct { // Set Unpin to true to close pinned maps as well Unpin bool PinPath string }
CloseOptions can be used for custom `Close` parameters
type Kprobe ¶
type Kprobe struct { Name string // contains filtered or unexported fields }
Kprobe represents a kprobe or kretprobe and has to be declared in the C file,
type Map ¶
type Map struct { Name string // contains filtered or unexported fields }
Map represents a eBPF map. An eBPF map has to be declared in the C file.
type Module ¶
type Module struct {
// contains filtered or unexported fields
}
func NewModuleFromReader ¶
func NewModuleWithLog ¶
func (*Module) AttachXDPWithFlags ¶
AttachXDPWithFlags attaches an xdp section to a device with flags.
func (*Module) CgroupProgram ¶
func (b *Module) CgroupProgram(name string) *CgroupProgram
func (*Module) Close ¶
Close takes care of terminating all underlying BPF programs and structures. That is:
* Closing map file descriptors and unpinning them where applicable * Detaching BPF programs from kprobes and closing their file descriptors * Closing cgroup-bpf file descriptors * Closing socket filter file descriptors * Closing XDP file descriptors
It doesn't detach BPF programs from cgroups or sockets because they're considered resources the user controls. It also doesn't unpin pinned maps. Use CloseExt and set Unpin to do this.
func (*Module) CloseExt ¶
func (b *Module) CloseExt(options map[string]CloseOptions) error
CloseExt takes a map "elf section -> CloseOptions"
func (*Module) DeleteElement ¶
DeleteElement deletes the given key in the the map stored in mp. The key is stored in the key unsafe.Pointer.
func (*Module) EnableKprobe ¶
EnableKprobe enables a kprobe/kretprobe identified by secName. For kretprobes, you can configure the maximum number of instances of the function that can be probed simultaneously with maxactive. If maxactive is 0 it will be set to the default value: if CONFIG_PREEMPT is enabled, this is max(10, 2*NR_CPUS); otherwise, it is NR_CPUS. For kprobes, maxactive is ignored.
func (*Module) EnableKprobes ¶
EnableKprobes enables all kprobes/kretprobes included in the module. The value in maxactive will be applied to all the kretprobes.
func (*Module) EnableOptionCompatProbe ¶
func (b *Module) EnableOptionCompatProbe()
EnableOptionCompatProbe will attempt to automatically convert function names in kprobe and kretprobe to maintain compatibility between kernel versions. See: https://github.com/accuknox/gobpf/issues/146
func (*Module) EnableTracepoint ¶
func (*Module) IterCgroupProgram ¶
func (b *Module) IterCgroupProgram() <-chan *CgroupProgram
func (*Module) IterKprobes ¶
IterKprobes returns a channel that emits the kprobes that included in the module.
func (*Module) IterSchedProgram ¶
func (b *Module) IterSchedProgram() <-chan *SchedProgram
IterSchedProgram returns a channel that emits the sched programs included in the module.
func (*Module) IterSocketFilter ¶
func (b *Module) IterSocketFilter() <-chan *SocketFilter
func (*Module) IterTracepointProgram ¶
func (b *Module) IterTracepointProgram() <-chan *TracepointProgram
func (*Module) IterUprobes ¶
IterUprobes returns a channel that emits the uprobes included in the module.
func (*Module) IterXDPProgram ¶
func (b *Module) IterXDPProgram() <-chan *XDPProgram
func (*Module) Load ¶
func (b *Module) Load(parameters map[string]SectionParams) error
Load loads the BPF programs and BPF maps in the module. Each ELF section can optionally have parameters that changes how it is configured.
func (*Module) LookupAndDeleteElement ¶
LookupAndDeleteElement picks up and delete the element in the the map stored in mp. The value is stored in the value unsafe.Pointer.
func (*Module) LookupElement ¶
LookupElement looks up the given key in the the map stored in mp. The value is stored in the value unsafe.Pointer.
func (*Module) LookupNextElement ¶
LookupNextElement looks up the next element in mp using the given key. The next key and the value are stored in the nextKey and value parameter. Returns false at the end of the mp.
func (*Module) PerfMapStop ¶
PerfMapStop stops the BPF program from writing into the perf ring buffers. However, the userspace program can still read the ring buffers.
func (*Module) SchedProgram ¶
func (b *Module) SchedProgram(name string) *SchedProgram
func (*Module) SocketFilter ¶
func (b *Module) SocketFilter(name string) *SocketFilter
func (*Module) UpdateElement ¶
UpdateElement stores value in key in the map stored in mp. The flags can have the following values (if you include "uapi/linux/bpf.h"): C.BPF_ANY to create new element or update existing; C.BPF_NOEXIST to create new element if it didn't exist; C.BPF_EXIST to update existing element.
func (*Module) XDPProgram ¶
func (b *Module) XDPProgram(name string) *XDPProgram
type OrderedBytesArray ¶
type OrderedBytesArray struct {
// contains filtered or unexported fields
}
Assume the timestamp is at the beginning of the user struct
func (OrderedBytesArray) Len ¶
func (a OrderedBytesArray) Len() int
func (OrderedBytesArray) Less ¶
func (a OrderedBytesArray) Less(i, j int) bool
func (OrderedBytesArray) Swap ¶
func (a OrderedBytesArray) Swap(i, j int)
type PerfEventHeader ¶
Matching 'struct perf_event_header in <linux/perf_event.h>
type PerfEventLost ¶
type PerfEventLost struct { PerfEventHeader Id uint64 Lost uint64 }
Matching 'struct perf_event_lost in kernel sources
type PerfEventSample ¶
type PerfEventSample struct { PerfEventHeader Size uint32 // contains filtered or unexported fields }
Matching 'struct perf_event_sample in kernel sources
type PerfMap ¶
type PerfMap struct {
// contains filtered or unexported fields
}
func InitPerfMap ¶
func (*PerfMap) DumpBackward ¶
func (*PerfMap) PollStop ¶
func (pm *PerfMap) PollStop()
PollStop stops the goroutine that polls the perf event map. Callers must not close receiverChan or lostChan: they will be automatically closed on the sender side.
func (*PerfMap) SetTimestampFunc ¶
SetTimestampFunc registers a timestamp callback that will be used to reorder the perf events chronologically.
If not set, the order of events sent through receiverChan is not guaranteed.
Typically, the ebpf program will use bpf_ktime_get_ns() to get a timestamp and store it in the perf event. The perf event struct is opaque to this package, hence the need for a callback.
func (*PerfMap) SwapAndDumpBackward ¶
type SchedProgram ¶
type SchedProgram struct { Name string // contains filtered or unexported fields }
SchedProgram represents a traffic classifier program
func (*SchedProgram) Fd ¶
func (sp *SchedProgram) Fd() int
type SectionParams ¶
type SocketFilter ¶
type SocketFilter struct { Name string // contains filtered or unexported fields }
SocketFilter represents a socket filter
func (*SocketFilter) Fd ¶
func (sf *SocketFilter) Fd() int
type TracepointProgram ¶
type TracepointProgram struct { Name string // contains filtered or unexported fields }
TracepointProgram represents a tracepoint program
func (*TracepointProgram) Fd ¶
func (tp *TracepointProgram) Fd() int
type XDPProgram ¶
type XDPProgram struct { Name string // contains filtered or unexported fields }
XDPProgram represents a XDP hook program
func (*XDPProgram) Fd ¶
func (xdpp *XDPProgram) Fd() int