README
¶
hello-libbpfgo
==================
|Build examples|
Examples for libbpf, `aquasecurity/libbpfgo <https://github.com/aquasecurity/libbpfgo>`__ and `cilium/ebpf <https://github.com/cilium/ebpf>`__.
setup develop env
--------------------
.. code-block:: shell
$ vagrant up
Program Types
------------------
Examples by program type:
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| Program Type | Attach Type | ELF Section Name | Examples |
+===========================================+========================================+==================================+===========================================+
| ``BPF_PROG_TYPE_CGROUP_DEVICE`` | ``BPF_CGROUP_DEVICE`` | ``cgroup/dev`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_CGROUP_SKB`` | | ``cgroup/skb`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET_EGRESS`` | ``cgroup_skb/egress`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET_INGRESS`` | ``cgroup_skb/ingress`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_CGROUP_SOCKOPT`` | ``BPF_CGROUP_GETSOCKOPT`` | ``cgroup/getsockopt`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_SETSOCKOPT`` | ``cgroup/setsockopt`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_CGROUP_SOCK_ADDR`` | ``BPF_CGROUP_INET4_BIND`` | ``cgroup/bind4`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET4_CONNECT`` | ``cgroup/connect4`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET4_GETPEERNAME`` | ``cgroup/getpeername4`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET4_GETSOCKNAME`` | ``cgroup/getsockname4`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET6_BIND`` | ``cgroup/bind6`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET6_CONNECT`` | ``cgroup/connect6`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET6_GETPEERNAME`` | ``cgroup/getpeername6`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET6_GETSOCKNAME`` | ``cgroup/getsockname6`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UDP4_RECVMSG`` | ``cgroup/recvmsg4`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UDP4_SENDMSG`` | ``cgroup/sendmsg4`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UDP6_RECVMSG`` | ``cgroup/recvmsg6`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UDP6_SENDMSG`` | ``cgroup/sendmsg6`` | |
| +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UNIX_CONNECT`` | ``cgroup/connect_unix`` | |
| +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UNIX_SENDMSG`` | ``cgroup/sendmsg_unix`` | |
| +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UNIX_RECVMSG`` | ``cgroup/recvmsg_unix`` | |
| +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UNIX_GETPEERNAME`` | ``cgroup/getpeername_unix`` | |
| +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_UNIX_GETSOCKNAME`` | ``cgroup/getsockname_unix`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_CGROUP_SOCK`` | ``BPF_CGROUP_INET4_POST_BIND`` | ``cgroup/post_bind4`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET6_POST_BIND`` | ``cgroup/post_bind6`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET_SOCK_CREATE`` | ``cgroup/sock_create`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``cgroup/sock`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_CGROUP_INET_SOCK_RELEASE`` | ``cgroup/sock_release`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_CGROUP_SYSCTL`` | ``BPF_CGROUP_SYSCTL`` | ``cgroup/sysctl`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_EXT`` | | ``freplace+`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_FLOW_DISSECTOR`` | ``BPF_FLOW_DISSECTOR`` | ``flow_dissector`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_KPROBE`` | | ``kprobe+`` |`28`_ `29`_ |
+ + +----------------------------------+-------------------------------------------+
| | | ``kretprobe+`` |`28`_ `29`_ |
+ + +----------------------------------+-------------------------------------------+
| | | ``ksyscall+`` |`30`_ `31`_ |
+ + +----------------------------------+-------------------------------------------+
| | | ``kretsyscall+`` |`30`_ `31`_ |
+ + +----------------------------------+-------------------------------------------+
| | | ``uprobe+`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``uprobe.s+`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``uretprobe+`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``uretprobe.s+`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``usdt+`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TRACE_KPROBE_MULTI`` | ``kprobe.multi+`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``kretprobe.multi+`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_LIRC_MODE2`` | ``BPF_LIRC_MODE2`` | ``lirc_mode2`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_LSM`` | ``BPF_LSM_CGROUP`` | ``lsm_cgroup+`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_LSM_MAC`` | ``lsm+`` |`26`_ `40`_ |
+ + +----------------------------------+-------------------------------------------+
| | | ``lsm.s+`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_LWT_IN`` | | ``lwt_in`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_LWT_OUT`` | | ``lwt_out`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_LWT_SEG6LOCAL`` | | ``lwt_seg6local`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_LWT_XMIT`` | | ``lwt_xmit`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_NETFILTER`` | | ``netfilter`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_PERF_EVENT`` | | ``perf_event`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE`` | | ``raw_tp.w+`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``raw_tracepoint.w+`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_RAW_TRACEPOINT`` | | ``raw_tp+`` |`12`_ `13`_ `41`_ |
+ + +----------------------------------+ +
| | | ``raw_tracepoint+`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SCHED_ACT`` | | ``action`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SCHED_CLS`` | | ``classifier`` |`21`_ `25`_ |
+ + +----------------------------------+ +
| | | ``tc`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_NETKIT_PRIMARY`` | ``netkit/primary`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_NETKIT_PEER`` | ``netkit/peer`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TCX_INGRESS`` | ``tc/ingress`` |`43`_ |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TCX_EGRESS`` | ``tc/egress`` |`44`_ |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TCX_INGRESS`` | ``tcx/ingress`` |`43`_ |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TCX_EGRESS`` | ``tcx/egress`` |`44`_ |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SK_LOOKUP`` | ``BPF_SK_LOOKUP`` | ``sk_lookup`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SK_MSG`` | ``BPF_SK_MSG_VERDICT`` | ``sk_msg`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SK_REUSEPORT`` | ``BPF_SK_REUSEPORT_SELECT_OR_MIGRATE`` | ``sk_reuseport/migrate`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_SK_REUSEPORT_SELECT`` | ``sk_reuseport`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SK_SKB`` | | ``sk_skb`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_SK_SKB_STREAM_PARSER`` | ``sk_skb/stream_parser`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_SK_SKB_STREAM_VERDICT`` | ``sk_skb/stream_verdict`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SOCKET_FILTER`` | | ``socket`` |`18`_ `19`_ `20`_ `39`_ |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SOCK_OPS`` | ``BPF_CGROUP_SOCK_OPS`` | ``sockops`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_STRUCT_OPS`` | | ``struct_ops+`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_SYSCALL`` | | ``syscall`` | |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_TRACEPOINT`` | | ``tp+`` |`04`_ `07`_ `14`_ |
+ + +----------------------------------+`35`_ `36`_ `37`_ +
| | | ``tracepoint+`` |`38`_ |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_TRACING`` | ``BPF_MODIFY_RETURN`` | ``fmod_ret+`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``fmod_ret.s+`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TRACE_FENTRY`` | ``fentry+`` |`32`_ |
+ + +----------------------------------+-------------------------------------------+
| | | ``fentry.s+`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TRACE_FEXIT`` | ``fexit+`` |`32`_ |
+ + +----------------------------------+-------------------------------------------+
| | | ``fexit.s+`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TRACE_ITER`` | ``iter+`` |`34`_ |
+ + +----------------------------------+-------------------------------------------+
| | | ``iter.s+`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_TRACE_RAW_TP`` | ``tp_btf+`` |`16`_ `17`_ `42`_ |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
| ``BPF_PROG_TYPE_XDP`` | ``BPF_XDP_CPUMAP`` | ``xdp.frags/cpumap`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``xdp/cpumap`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_XDP_DEVMAP`` | ``xdp.frags/devmap`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``xdp/devmap`` | |
+ +----------------------------------------+----------------------------------+-------------------------------------------+
| | ``BPF_XDP`` | ``xdp.frags`` | |
+ + +----------------------------------+-------------------------------------------+
| | | ``xdp`` |`33`_ |
+-------------------------------------------+----------------------------------------+----------------------------------+-------------------------------------------+
.. |Build examples| image:: https://github.com/mozillazg/hello-libbpfgo/actions/workflows/build.yml/badge.svg?branch=master
:target: https://github.com/mozillazg/hello-libbpfgo/actions/workflows/build.yml
.. _04: 04-tracepoint
.. _07: 07-tracepoint-args
.. _12: 12-raw-tracepoint-args
.. _13: 13-raw-tracepoint-args-sched_switch
.. _14: 14-tracepoint-args-sched_switch
.. _16: 16-btf-raw-tracepoint-args
.. _17: 17-btf-raw-tracepoint-args-sched_switch
.. _18: 18-socket-filter-capture-icmp-traffic-kernel-parse
.. _19: 19-socket-filter-capture-icmp-traffic-userspace-parse
.. _20: 20-socket-filter-capture-icmp-traffic-kernel-parse-without-llvm-load
.. _21: 21-tc-parse-packet-with-bpf_skb_load_bytes
.. _25: 25-tc-parse-packet-with-direct-memory-access
.. _26: 26-lsm-path_chmod
.. _28: 28-kprobe-hello
.. _29: 29-kprobe-hello-with-macro
.. _30: 30-ksyscall-hello
.. _31: 31-ksyscall-hello-with-macro
.. _32: 32-fentry-hello
.. _33: 33-xdp-hello
.. _34: 34-iter-task-hello
.. _35: 35-tracepoint-args-use-custom-struct
.. _36: 36-tracepoint-args-sched_switch-use-custom-struct
.. _37: 37-tracepoint-sched_process_exec
.. _38: 38-raw-tracepoint-sched_wakeup
.. _39: 39-socket-filter-tcp
.. _40: 40-lsm-block-path_unlink
.. _41: 41-raw-tracepoint-args-with-macro
.. _42: 42-btf-raw-tracepoint-args-with-macro
.. _43: 43-tcx-ingress-hello
.. _44: 44-tcx-egress-hello
https://mozillazg.com/tag/libbpf.html
Directories
Click to show internal directories.
Click to hide internal directories.