Documentation
¶
Index ¶
- Constants
- func CompileCbpf(expr string, l3 bool) (insts []bpf.Instruction, err error)
- func CompileEbpf(expr string, opts cbpfc.EBPFOpts, l3 bool) (insts asm.Instructions, err error)
- func InjectFilters(program *ebpf.ProgramSpec, filterExpr string) (err error)
- func InjectL2Filter(program *ebpf.ProgramSpec, filterExpr string) (err error)
- type StackOffset
Constants ¶
View Source
const ( MaxBpfInstructions = 4096 MAXIMUM_SNAPLEN = 262144 )
Variables ¶
This section is empty.
Functions ¶
func CompileCbpf ¶
func CompileCbpf(expr string, l3 bool) (insts []bpf.Instruction, err error)
func CompileEbpf ¶
Steps: 1. Compile pcap expresion to cbpf using libpcap 2. Convert cbpf to ebpf using cloudflare/cbpfc 3. Convert direct memory load to bpf_probe_read_kernel
The conversion to ebpf requires two registers pointing to the start and end of the packet data. As we mentioned in the comment of DLT_RAW, packet data starts from L3 network header, rather than L2 ethernet header, caller should make sure to pass the correct arguments.
func InjectFilters ¶ added in v1.0.3
func InjectFilters(program *ebpf.ProgramSpec, filterExpr string) (err error)
func InjectL2Filter ¶ added in v1.0.7
func InjectL2Filter(program *ebpf.ProgramSpec, filterExpr string) (err error)
Types ¶
type StackOffset ¶ added in v1.0.3
type StackOffset int
const ( BpfReadKernelOffset StackOffset = -8*(iota+1) - 80 R1Offset R2Offset R3Offset R4Offset R5Offset AvailableOffset )
Source Files
Click to show internal directories.
Click to hide internal directories.