probes

package
v1.16.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2024 License: Apache-2.0 Imports: 28 Imported by: 7

Documentation

Overview

Package probes provides BPF features checks based on bpftool.

Index

Constants

View Source
const (
	NTF_EXT_LEARNED = netlink.NTF_EXT_LEARNED
	NTF_EXT_MANAGED = netlink.NTF_EXT_MANAGED
)

Family type definitions

Variables

View Source
var ErrNotSupported = errors.New("not supported")

ErrNotSupported indicates that a feature is not supported by the current kernel.

View Source
var HaveTCX = sync.OnceValue(func() error {
	prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
		Type: ebpf.SchedCLS,
		Instructions: asm.Instructions{
			asm.Mov.Imm(asm.R0, 0),
			asm.Return(),
		},
		License: "Apache-2.0",
	})
	if err != nil {
		return err
	}
	defer prog.Close()

	ns, err := netns.New()
	if err != nil {
		return fmt.Errorf("create netns: %w", err)
	}
	defer ns.Close()

	return ns.Do(func() error {
		l, err := link.AttachTCX(link.TCXOptions{
			Program:   prog,
			Attach:    ebpf.AttachTCXIngress,
			Interface: 1,
			Anchor:    link.Tail(),
		})
		if err != nil {
			return fmt.Errorf("creating link: %w", err)
		}
		if err := l.Close(); err != nil {
			return fmt.Errorf("closing link: %w", err)
		}

		return nil
	})
})

HaveTCX returns nil if the running kernel supports attaching bpf programs to tcx hooks.

Functions

func CreateHeaderFiles

func CreateHeaderFiles(headerDir string, probes *FeatureProbes) error

CreateHeaderFiles creates C header files with macros indicating which BPF features are available in the kernel.

func HaveAttachCgroup

func HaveAttachCgroup() error

HaveAttachCgroup returns nil if the kernel is compiled with CONFIG_CGROUP_BPF.

It's only an approximation and doesn't execute a successful cgroup attachment under the hood. If any unexpected errors are encountered, the original error is returned.

func HaveAttachType

func HaveAttachType(pt ebpf.ProgramType, at ebpf.AttachType) (err error)

HaveAttachType returns nil if the given program/attach type combination is supported by the underlying kernel. Returns ebpf.ErrNotSupported if loading a program with the given Program/AttachType fails. If the probe is inconclusive due to an unrecognized return code, the original error is returned.

Note that program types that don't use attach types will silently succeed if an attach type is specified.

Probe results are cached by the package and shouldn't be memoized by the caller.

func HaveBatchAPI added in v1.16.0

func HaveBatchAPI() error

HaveBatchAPI checks if kernel supports batched bpf map lookup API.

func HaveBoundedLoops

func HaveBoundedLoops() error

HaveBoundedLoops is a wrapper around features.HaveBoundedLoops() to check if the kernel supports bounded loops in BPF programs. On unexpected probe results this function will terminate with log.Fatal().

func HaveDeadCodeElim added in v1.16.0

func HaveDeadCodeElim() error

HaveDeadCodeElim tests whether the kernel supports dead code elimination.

func HaveFibIfindex

func HaveFibIfindex() error

HaveFibIfindex checks if kernel has d1c362e1dd68 ("bpf: Always return target ifindex in bpf_fib_lookup") which is 5.10+. This got merged in the same kernel as the new redirect helpers.

func HaveIPv6Support

func HaveIPv6Support() error

HaveIPv6Support tests whether kernel can open an IPv6 socket. This will also implicitly auto-load IPv6 kernel module if available and not yet loaded.

func HaveLargeInstructionLimit

func HaveLargeInstructionLimit() error

HaveLargeInstructionLimit is a wrapper around features.HaveLargeInstructions() to check if the kernel supports the 1 Million instruction limit. On unexpected probe results this function will terminate with log.Fatal().

func HaveManagedNeighbors

func HaveManagedNeighbors() error

HaveManagedNeighbors returns nil if the host supports managed neighbor entries (NTF_EXT_MANAGED). On unexpected probe results this function will terminate with log.Fatal().

func HaveOuterSourceIPSupport

func HaveOuterSourceIPSupport() (err error)

HaveOuterSourceIPSupport tests whether the kernel support setting the outer source IP address via the bpf_skb_set_tunnel_key BPF helper. We can't rely on the verifier to reject a program using the new support because the verifier just accepts any argument size for that helper; non-supported fields will simply not be used. Instead, we set the outer source IP and retrieve it with bpf_skb_get_tunnel_key right after. If the retrieved value equals the value set, we have a confirmation the kernel supports it.

func HaveProgramHelper

func HaveProgramHelper(pt ebpf.ProgramType, helper asm.BuiltinFunc) error

HaveProgramHelper is a wrapper around features.HaveProgramHelper() to check if a certain BPF program/helper copmbination is supported by the kernel. On unexpected probe results this function will terminate with log.Fatal().

func HaveSKBAdjustRoomL2RoomMACSupport added in v1.15.0

func HaveSKBAdjustRoomL2RoomMACSupport() (err error)

HaveSKBAdjustRoomL2RoomMACSupport tests whether the kernel supports the `bpf_skb_adjust_room` helper with the `BPF_ADJ_ROOM_MAC` mode. To do so, we create a program that requests the passed in SKB to be expanded by 20 bytes. The helper checks the `mode` argument and will return -ENOSUPP if the mode is unknown. Otherwise it should resize the SKB by 20 bytes and return 0.

func HaveV2ISA

func HaveV2ISA() error

HaveV2ISA is a wrapper around features.HaveV2ISA() to check if the kernel supports the V2 ISA. On unexpected probe results this function will terminate with log.Fatal().

func HaveV3ISA

func HaveV3ISA() error

HaveV3ISA is a wrapper around features.HaveV3ISA() to check if the kernel supports the V3 ISA. On unexpected probe results this function will terminate with log.Fatal().

func Jiffies

func Jiffies() (uint64, error)

Jiffies returns the kernel's internal timestamp in jiffies read from /proc/schedstat.

func KernelHZ

func KernelHZ() (uint16, error)

KernelHZ attempts to estimate the kernel's CONFIG_HZ compile-time value by making snapshots of the kernel timestamp with a time interval in between.

Blocks for at least 100ms while the measurement is in progress. Can block significantly longer under some hypervisors like VirtualBox due to buggy clocks, interrupt coalescing and low timer resolution.

Types

type FeatureProbes

type FeatureProbes struct {
	ProgramHelpers map[ProgramHelper]bool
	Misc           miscFeatures
}

func ExecuteHeaderProbes

func ExecuteHeaderProbes() *FeatureProbes

ExecuteHeaderProbes probes the kernel for a specific set of BPF features which are currently used to generate various feature macros for the datapath. The probe results returned in FeatureProbes are then used in the respective function that writes the actual C macro definitions. Further needed probes should be added here, while new macro strings need to be added in the correct `write*Header()` function.

type Features

type Features struct {
	SystemConfig `json:"system_config"`
	MapTypes     `json:"map_types"`
}

Features contains BPF feature checks returned by bpftool.

type KernelParam

type KernelParam string

KernelParam is a type based on string which represents CONFIG_* kernel parameters which usually have values "y", "n" or "m".

func (KernelParam) Enabled

func (kp KernelParam) Enabled() bool

Enabled checks whether the kernel parameter is enabled.

func (KernelParam) Module

func (kp KernelParam) Module() bool

Module checks whether the kernel parameter is enabled as a module.

type MapTypes

type MapTypes struct {
	HaveHashMapType                bool `json:"have_hash_map_type"`
	HaveArrayMapType               bool `json:"have_array_map_type"`
	HaveProgArrayMapType           bool `json:"have_prog_array_map_type"`
	HavePerfEventArrayMapType      bool `json:"have_perf_event_array_map_type"`
	HavePercpuHashMapType          bool `json:"have_percpu_hash_map_type"`
	HavePercpuArrayMapType         bool `json:"have_percpu_array_map_type"`
	HaveStackTraceMapType          bool `json:"have_stack_trace_map_type"`
	HaveCgroupArrayMapType         bool `json:"have_cgroup_array_map_type"`
	HaveLruHashMapType             bool `json:"have_lru_hash_map_type"`
	HaveLruPercpuHashMapType       bool `json:"have_lru_percpu_hash_map_type"`
	HaveLpmTrieMapType             bool `json:"have_lpm_trie_map_type"`
	HaveArrayOfMapsMapType         bool `json:"have_array_of_maps_map_type"`
	HaveHashOfMapsMapType          bool `json:"have_hash_of_maps_map_type"`
	HaveDevmapMapType              bool `json:"have_devmap_map_type"`
	HaveSockmapMapType             bool `json:"have_sockmap_map_type"`
	HaveCpumapMapType              bool `json:"have_cpumap_map_type"`
	HaveXskmapMapType              bool `json:"have_xskmap_map_type"`
	HaveSockhashMapType            bool `json:"have_sockhash_map_type"`
	HaveCgroupStorageMapType       bool `json:"have_cgroup_storage_map_type"`
	HaveReuseportSockarrayMapType  bool `json:"have_reuseport_sockarray_map_type"`
	HavePercpuCgroupStorageMapType bool `json:"have_percpu_cgroup_storage_map_type"`
	HaveQueueMapType               bool `json:"have_queue_map_type"`
	HaveStackMapType               bool `json:"have_stack_map_type"`
}

MapTypes contains bools indicating which types of BPF maps the currently running kernel supports.

type ProbeManager

type ProbeManager struct {
	// contains filtered or unexported fields
}

ProbeManager is a manager of BPF feature checks.

func NewProbeManager

func NewProbeManager() *ProbeManager

NewProbeManager returns a new instance of ProbeManager - a manager of BPF feature checks.

func (*ProbeManager) GetOptionalConfig

func (p *ProbeManager) GetOptionalConfig() map[KernelParam]kernelOption

GetOptionalConfig performs a check of *optional* kernel configuration options. It returns a map indicating which optional/non-mandatory kernel parameters are enabled. GetOptionalConfig is being used by CLI "cilium kernel-check".

func (*ProbeManager) GetRequiredConfig

func (p *ProbeManager) GetRequiredConfig() map[KernelParam]kernelOption

GetRequiredConfig performs a check of mandatory kernel configuration options. It returns a map indicating which required kernel parameters are enabled - and which are not. GetRequiredConfig is being used by CLI "cilium kernel-check".

func (*ProbeManager) KernelConfigAvailable

func (p *ProbeManager) KernelConfigAvailable() bool

KernelConfigAvailable checks if the Kernel Config is available on the system or not.

func (*ProbeManager) Probe

func (*ProbeManager) Probe() Features

Probe probes the underlying kernel for features.

func (*ProbeManager) SystemConfigProbes

func (p *ProbeManager) SystemConfigProbes() error

SystemConfigProbes performs a check of kernel configuration parameters. It returns an error when parameters required by Cilium are not enabled. It logs warnings when optional parameters are not enabled.

When kernel config file is not found, bpftool can't probe kernel configuration parameter real setting, so only return error log when kernel config file exists and kernel configuration parameter setting is disabled

type ProgramHelper

type ProgramHelper struct {
	Program ebpf.ProgramType
	Helper  asm.BuiltinFunc
}

type SystemConfig

type SystemConfig struct {
	UnprivilegedBpfDisabled      int         `json:"unprivileged_bpf_disabled"`
	BpfJitEnable                 int         `json:"bpf_jit_enable"`
	BpfJitHarden                 int         `json:"bpf_jit_harden"`
	BpfJitKallsyms               int         `json:"bpf_jit_kallsyms"`
	BpfJitLimit                  int         `json:"bpf_jit_limit"`
	ConfigBpf                    KernelParam `json:"CONFIG_BPF"`
	ConfigBpfSyscall             KernelParam `json:"CONFIG_BPF_SYSCALL"`
	ConfigHaveEbpfJit            KernelParam `json:"CONFIG_HAVE_EBPF_JIT"`
	ConfigBpfJit                 KernelParam `json:"CONFIG_BPF_JIT"`
	ConfigBpfJitAlwaysOn         KernelParam `json:"CONFIG_BPF_JIT_ALWAYS_ON"`
	ConfigCgroups                KernelParam `json:"CONFIG_CGROUPS"`
	ConfigCgroupBpf              KernelParam `json:"CONFIG_CGROUP_BPF"`
	ConfigCgroupNetClassID       KernelParam `json:"CONFIG_CGROUP_NET_CLASSID"`
	ConfigSockCgroupData         KernelParam `json:"CONFIG_SOCK_CGROUP_DATA"`
	ConfigBpfEvents              KernelParam `json:"CONFIG_BPF_EVENTS"`
	ConfigKprobeEvents           KernelParam `json:"CONFIG_KPROBE_EVENTS"`
	ConfigUprobeEvents           KernelParam `json:"CONFIG_UPROBE_EVENTS"`
	ConfigTracing                KernelParam `json:"CONFIG_TRACING"`
	ConfigFtraceSyscalls         KernelParam `json:"CONFIG_FTRACE_SYSCALLS"`
	ConfigFunctionErrorInjection KernelParam `json:"CONFIG_FUNCTION_ERROR_INJECTION"`
	ConfigBpfKprobeOverride      KernelParam `json:"CONFIG_BPF_KPROBE_OVERRIDE"`
	ConfigNet                    KernelParam `json:"CONFIG_NET"`
	ConfigXdpSockets             KernelParam `json:"CONFIG_XDP_SOCKETS"`
	ConfigLwtunnelBpf            KernelParam `json:"CONFIG_LWTUNNEL_BPF"`
	ConfigNetActBpf              KernelParam `json:"CONFIG_NET_ACT_BPF"`
	ConfigNetClsBpf              KernelParam `json:"CONFIG_NET_CLS_BPF"`
	ConfigNetClsAct              KernelParam `json:"CONFIG_NET_CLS_ACT"`
	ConfigNetSchIngress          KernelParam `json:"CONFIG_NET_SCH_INGRESS"`
	ConfigXfrm                   KernelParam `json:"CONFIG_XFRM"`
	ConfigIPRouteClassID         KernelParam `json:"CONFIG_IP_ROUTE_CLASSID"`
	ConfigIPv6Seg6Bpf            KernelParam `json:"CONFIG_IPV6_SEG6_BPF"`
	ConfigBpfLircMode2           KernelParam `json:"CONFIG_BPF_LIRC_MODE2"`
	ConfigBpfStreamParser        KernelParam `json:"CONFIG_BPF_STREAM_PARSER"`
	ConfigNetfilterXtMatchBpf    KernelParam `json:"CONFIG_NETFILTER_XT_MATCH_BPF"`
	ConfigBpfilter               KernelParam `json:"CONFIG_BPFILTER"`
	ConfigBpfilterUmh            KernelParam `json:"CONFIG_BPFILTER_UMH"`
	ConfigTestBpf                KernelParam `json:"CONFIG_TEST_BPF"`
	ConfigKernelHz               KernelParam `json:"CONFIG_HZ"`
}

SystemConfig contains kernel configuration and sysctl parameters related to BPF functionality.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL