examples/

directory
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 11, 2023 License: MIT

README

eBPF Examples

  • Kprobe - Attach a program to the entry or exit of an arbitrary kernel symbol (function).
    • kprobe - Kprobe using bpf2go.
    • kprobepin - Reuse a pinned map for the kprobe example. It assumes the BPF FS is mounted at /sys/fs/bpf.
    • kprobe_percpu - Use a BPF_MAP_TYPE_PERCPU_ARRAY map.
    • ringbuffer - Use a BPF_MAP_TYPE_RINGBUF map.
  • Uprobe - Attach a program to the entry or exit of an arbitrary userspace binary symbol (function).
  • Tracepoint - Attach a program to predetermined kernel tracepoints.
  • Cgroup - Attach a program to control groups (cgroups).
    • cgroup_skb - Count packets egressing the current cgroup.
  • Fentry - Attach a program to the entrypoint of a kernel function. Like kprobes, but with better performance and usability, for kernels 5.5 and later.
    • tcp_connect - Trace outgoing IPv4 TCP connections.
    • tcp_close - Log RTT of IPv4 TCP connections using eBPF CO-RE helpers.
  • XDP - Attach a program to a network interface to process incoming packets.
    • xdp - Print packet counts by IPv4 source address.
  • Add your use case(s) here!

How to run

cd ebpf/examples/
go run -exec sudo [./kprobe, ./uretprobe, ./ringbuffer, ...]

How to recompile

The examples are built via go generate invoked by the Makefile in the project root.

make -C ../

Directories

Path Synopsis
This program demonstrates attaching an eBPF program to a control group.
This program demonstrates attaching an eBPF program to a control group.
This program demonstrates attaching an eBPF program to a kernel symbol.
This program demonstrates attaching an eBPF program to a kernel symbol.
This program demonstrates attaching an eBPF program to a kernel symbol and using percpu map to collect data.
This program demonstrates attaching an eBPF program to a kernel symbol and using percpu map to collect data.
This program demonstrates attaching an eBPF program to a kernel symbol.
This program demonstrates attaching an eBPF program to a kernel symbol.
An example of using maps within maps.
An example of using maps within maps.
This program demonstrates attaching an eBPF program to a kernel tracepoint.
This program demonstrates attaching an eBPF program to a kernel tracepoint.
This program demonstrates how to attach an eBPF program to a tracepoint.
This program demonstrates how to attach an eBPF program to a tracepoint.
This program demonstrates attaching an eBPF program to a network interface with XDP (eXpress Data Path).
This program demonstrates attaching an eBPF program to a network interface with XDP (eXpress Data Path).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL