ebpf

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const MacLen = 6

Variables

This section is empty.

Functions

func LoadNet 

func LoadNet() (*ebpf.CollectionSpec, error)

LoadNet returns the embedded CollectionSpec for Net.

func LoadNetObjects 

func LoadNetObjects(obj interface{}, opts *ebpf.CollectionOptions) error

LoadNetObjects loads Net and converts it into a struct.

The following types are suitable as obj argument: 

*NetObjects
*NetPrograms
*NetMaps

See ebpf.CollectionSpec.LoadAndAssign documentation for details.

Types

type FlowFetcher 

type FlowFetcher struct {
	// contains filtered or unexported fields
}

FlowFetcher reads and forwards the Flows from the Traffic Control hooks in the eBPF kernel space. It provides access both to flows that are aggregated in the kernel space (via PerfCPU hashmap) and to flows that are forwarded by the kernel via ringbuffer because could not be aggregated in the map

func NewFlowFetcher 

func NewFlowFetcher(
	sampling, cacheMaxSize int,
	ingress, egress bool,
) (*FlowFetcher, error)

func (*FlowFetcher) Close 

func (m *FlowFetcher) Close() error

Close the eBPF fetcher from the system. We don't need an "Close(iface)" method because the filters and qdiscs are automatically removed when the interface is down

func (*FlowFetcher) LookupAndDeleteMap 

func (m *FlowFetcher) LookupAndDeleteMap() map[NetFlowId][]NetFlowMetrics

LookupAndDeleteMap reads all the entries from the eBPF map and removes them from it. It returns a map where the key For synchronization purposes, we get/delete a whole snapshot of the flows map. This way we avoid missing packets that could be updated on the ebpf side while we process/aggregate them here Changing this method invocation by BatchLookupAndDelete could improve performance TODO: detect whether BatchLookupAndDelete is supported (Kernel>=5.6) and use it selectively Supported Lookup/Delete operations by kernel: https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md Race conditions here causes that some flows are lost in high-load scenarios

func (*FlowFetcher) ReadRingBuf 

func (m *FlowFetcher) ReadRingBuf() (ringbuf.Record, error)

func (*FlowFetcher) Register 

func (m *FlowFetcher) Register(iface ifaces.Interface) error

Register and links the eBPF fetcher into the system. The program should invoke Unregister before exiting.

type IPAddr 

type IPAddr [net.IPv6len]uint8

IPAddr encodes v4 and v6 IPs with a fixed length. IPv4 addresses are encoded as IPv6 addresses with prefix ::ffff/96 as described in https://datatracker.ietf.org/doc/html/rfc4038#section-4.2 (same behavior as Go's net.IP type)

func (*IPAddr) IP 

func (ia *IPAddr) IP() net.IP

IP returns the net.IP equivalent object

func (*IPAddr) IntEncodeV4 

func (ia *IPAddr) IntEncodeV4() uint32

IntEncodeV4 encodes an IPv4 address as an integer (in network encoding, big endian). It assumes that the passed IP is already IPv4. Otherwise it would just encode the last 4 bytes of an IPv6 address

func (*IPAddr) MarshalJSON 

func (ia *IPAddr) MarshalJSON() ([]byte, error)

type MacAddr 

type MacAddr [MacLen]uint8

func (*MacAddr) MarshalJSON 

func (m *MacAddr) MarshalJSON() ([]byte, error)

func (*MacAddr) String 

func (m *MacAddr) String() string

type NetFlowId 

type NetFlowId NetFlowIdT

func (*NetFlowId) DstIP 

func (fi *NetFlowId) DstIP() *IPAddr

DstIP is never null. Returned as pointer for efficiency.

func (*NetFlowId) DstMAC 

func (fi *NetFlowId) DstMAC() *MacAddr

DstMAC is never null. Returned as pointer for efficiency.

func (*NetFlowId) SrcIP 

func (fi *NetFlowId) SrcIP() *IPAddr

SrcIP is never null. Returned as pointer for efficiency.

func (*NetFlowId) SrcMAC 

func (fi *NetFlowId) SrcMAC() *MacAddr

SrcMAC is never null. Returned as pointer for efficiency.

type NetFlowIdT 

type NetFlowIdT struct {
	EthProtocol       uint16
	Direction         uint8
	SrcMac            [6]uint8
	DstMac            [6]uint8
	SrcIp             struct{ In6U struct{ U6Addr8 [16]uint8 } }
	DstIp             struct{ In6U struct{ U6Addr8 [16]uint8 } }
	SrcPort           uint16
	DstPort           uint16
	TransportProtocol uint8
	IfIndex           uint32
}

type NetFlowMetrics 

type NetFlowMetrics NetFlowMetricsT

func (*NetFlowMetrics) Accumulate 

func (fm *NetFlowMetrics) Accumulate(src *NetFlowMetrics)

type NetFlowMetricsT 

type NetFlowMetricsT struct {
	Packets         uint32
	Bytes           uint64
	StartMonoTimeNs uint64
	EndMonoTimeNs   uint64
	Flags           uint16
	Errno           uint8
}

type NetFlowRecordT 

type NetFlowRecordT struct {
	Id      NetFlowId
	Metrics NetFlowMetrics
}

func ReadFrom 

func ReadFrom(reader io.Reader) (*NetFlowRecordT, error)

ReadFrom reads a Record from a binary source, in LittleEndian order

type NetMapSpecs 

type NetMapSpecs struct {
	AggregatedFlows *ebpf.MapSpec `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.MapSpec `ebpf:"direct_flows"`
}

NetMapSpecs contains maps before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type NetMaps 

type NetMaps struct {
	AggregatedFlows *ebpf.Map `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.Map `ebpf:"direct_flows"`
}

NetMaps contains all maps after they have been loaded into the kernel.

It can be passed to LoadNetObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetMaps) Close 

func (m *NetMaps) Close() error

type NetObjects 

type NetObjects struct {
	NetPrograms
	NetMaps
}

NetObjects contains all objects after they have been loaded into the kernel.

It can be passed to LoadNetObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetObjects) Close 

func (o *NetObjects) Close() error

type NetProgramSpecs 

type NetProgramSpecs struct {
	EgressFlowParse  *ebpf.ProgramSpec `ebpf:"egress_flow_parse"`
	IngressFlowParse *ebpf.ProgramSpec `ebpf:"ingress_flow_parse"`
}

NetSpecs contains programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type NetPrograms 

type NetPrograms struct {
	EgressFlowParse  *ebpf.Program `ebpf:"egress_flow_parse"`
	IngressFlowParse *ebpf.Program `ebpf:"ingress_flow_parse"`
}

NetPrograms contains all programs after they have been loaded into the kernel.

It can be passed to LoadNetObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetPrograms) Close 

func (p *NetPrograms) Close() error

type NetSpecs 

type NetSpecs struct {
	NetProgramSpecs
	NetMapSpecs
}

NetSpecs contains maps and programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type Record 

type Record struct {
	NetFlowRecordT
	// TODO: redundant field from RecordMetrics. Reorganize structs
	TimeFlowStart time.Time
	TimeFlowEnd   time.Time
	Interface     string
	// Duplicate tells whether this flow has another duplicate so it has to be excluded from
	// any metrics' aggregation (e.g. bytes/second rates between two pods).
	// The reason for this field is that the same flow can be observed from multiple interfaces,
	// so the agent needs to choose only a view of the same flow and mark the others as
	// "exclude from aggregation". Otherwise rates, sums, etc... values would be multiplied by the
	// number of interfaces this flow is observed from.
	Duplicate bool

	// AgentIP provides information about the source of the flow (the Agent that traced it)
	AgentIP string

	Metadata map[string]string
}

Record contains accumulated metrics from a flow, with extra metadata that is added from the user space

func NewRecord 

func NewRecord(
	key NetFlowId,
	metrics NetFlowMetrics,
	currentTime time.Time,
	monotonicCurrentTime uint64,
) *Record

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.