Documentation
¶
Index ¶
- func LoadBpf() (*ebpf.CollectionSpec, error)
- func LoadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error
- type BPF
- func (b *BPF) AttachCgroups(cgroupPath string) error
- func (b *BPF) AttachKprobes() error
- func (b *BPF) AttachTcHooks(ifindex int, egress, ingress bool) error
- func (b *BPF) AttachTracepoints() error
- func (b *BPF) Close()
- func (b *BPF) CountReport() types.CountReport
- func (b *BPF) Load(opts Options) error
- func (b *BPF) PullExecEvents(ctx context.Context, chanSize int) (<-chan BpfExecEventT, error)
- func (b *BPF) PullPacketEvents(ctx context.Context, chanSize int) (<-chan BpfPacketEventT, error)
- func (b *BPF) UpdateFlowPidMapValues(data map[*BpfFlowPidKeyT]BpfFlowPidValueT) error
- type BpfExecEventT
- type BpfFlowPidKeyT
- type BpfFlowPidValueT
- type BpfMapSpecs
- type BpfMaps
- type BpfObjects
- type BpfObjectsWithoutCgroup
- type BpfPacketEventT
- type BpfProgramSpecs
- type BpfPrograms
- type BpfSpecs
- type Options
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadBpf ¶
func LoadBpf() (*ebpf.CollectionSpec, error)
LoadBpf returns the embedded CollectionSpec for Bpf.
func LoadBpfObjects ¶
func LoadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error
LoadBpfObjects loads Bpf and converts it into a struct.
The following types are suitable as obj argument:
*BpfObjects *BpfPrograms *BpfMaps
See ebpf.CollectionSpec.LoadAndAssign documentation for details.
Types ¶
type BPF ¶
type BPF struct {
// contains filtered or unexported fields
}
func (*BPF) AttachCgroups ¶ added in v0.6.0
func (*BPF) AttachKprobes ¶
func (*BPF) AttachTracepoints ¶
func (*BPF) CountReport ¶ added in v0.7.0
func (b *BPF) CountReport() types.CountReport
func (*BPF) PullExecEvents ¶ added in v0.2.0
func (*BPF) PullPacketEvents ¶ added in v0.2.0
func (*BPF) UpdateFlowPidMapValues ¶ added in v0.5.2
func (b *BPF) UpdateFlowPidMapValues(data map[*BpfFlowPidKeyT]BpfFlowPidValueT) error
type BpfExecEventT ¶
type BpfFlowPidKeyT ¶
type BpfFlowPidValueT ¶
type BpfFlowPidValueT struct{ Pid uint32 }
type BpfMapSpecs ¶
type BpfMapSpecs struct {
ExecEventStack *ebpf.MapSpec `ebpf:"exec_event_stack"`
ExecEvents *ebpf.MapSpec `ebpf:"exec_events"`
FilterByKernelCount *ebpf.MapSpec `ebpf:"filter_by_kernel_count"`
FilterPidMap *ebpf.MapSpec `ebpf:"filter_pid_map"`
FlowPidMap *ebpf.MapSpec `ebpf:"flow_pid_map"`
PacketEventStack *ebpf.MapSpec `ebpf:"packet_event_stack"`
PacketEvents *ebpf.MapSpec `ebpf:"packet_events"`
SockCookiePidMap *ebpf.MapSpec `ebpf:"sock_cookie_pid_map"`
}
BpfMapSpecs contains maps before they are loaded into the kernel.
It can be passed ebpf.CollectionSpec.Assign.
type BpfMaps ¶
type BpfMaps struct {
ExecEventStack *ebpf.Map `ebpf:"exec_event_stack"`
ExecEvents *ebpf.Map `ebpf:"exec_events"`
FilterByKernelCount *ebpf.Map `ebpf:"filter_by_kernel_count"`
FilterPidMap *ebpf.Map `ebpf:"filter_pid_map"`
FlowPidMap *ebpf.Map `ebpf:"flow_pid_map"`
PacketEventStack *ebpf.Map `ebpf:"packet_event_stack"`
PacketEvents *ebpf.Map `ebpf:"packet_events"`
SockCookiePidMap *ebpf.Map `ebpf:"sock_cookie_pid_map"`
}
BpfMaps contains all maps after they have been loaded into the kernel.
It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.
type BpfObjects ¶
type BpfObjects struct {
BpfPrograms
BpfMaps
}
BpfObjects contains all objects after they have been loaded into the kernel.
It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.
func (*BpfObjects) Close ¶
func (o *BpfObjects) Close() error
type BpfObjectsWithoutCgroup ¶ added in v0.6.0
type BpfObjectsWithoutCgroup struct {
KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"`
RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"`
RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"`
RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"`
TcEgress *ebpf.Program `ebpf:"tc_egress"`
TcIngress *ebpf.Program `ebpf:"tc_ingress"`
BpfMaps
}
type BpfPacketEventT ¶
type BpfProgramSpecs ¶
type BpfProgramSpecs struct {
CgroupSockCreate *ebpf.ProgramSpec `ebpf:"cgroup__sock_create"`
CgroupSockRelease *ebpf.ProgramSpec `ebpf:"cgroup__sock_release"`
KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"`
RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"`
RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"`
RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"`
TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"`
TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"`
}
BpfSpecs contains programs before they are loaded into the kernel.
It can be passed ebpf.CollectionSpec.Assign.
type BpfPrograms ¶
type BpfPrograms struct {
CgroupSockCreate *ebpf.Program `ebpf:"cgroup__sock_create"`
CgroupSockRelease *ebpf.Program `ebpf:"cgroup__sock_release"`
KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"`
RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"`
RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"`
RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"`
TcEgress *ebpf.Program `ebpf:"tc_egress"`
TcIngress *ebpf.Program `ebpf:"tc_ingress"`
}
BpfPrograms contains all programs after they have been loaded into the kernel.
It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.
func (*BpfPrograms) Close ¶
func (p *BpfPrograms) Close() error
type BpfSpecs ¶
type BpfSpecs struct {
BpfProgramSpecs
BpfMapSpecs
}
BpfSpecs contains maps and programs before they are loaded into the kernel.
It can be passed ebpf.CollectionSpec.Assign.
Source Files
Click to show internal directories.
Click to hide internal directories.