ebpf

package

v0.3.3 Latest Latest Go to latest Published: Feb 15, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/netobserv/netobserv-ebpf-agent

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func LoadBpf() (*ebpf.CollectionSpec, error)
func LoadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error
type BpfDnsFlowId
type BpfDnsRecordT
type BpfFlowId
type BpfFlowIdT
type BpfFlowMetrics
type BpfFlowMetricsT
type BpfFlowRecordT
type BpfMapSpecs
type BpfMaps
- func (m *BpfMaps) Close() error
type BpfObjects
- func (o *BpfObjects) Close() error
type BpfPktDropsT
type BpfProgramSpecs
type BpfPrograms
- func (p *BpfPrograms) Close() error
type BpfSpecs
type FlowFetcher
- func NewFlowFetcher(cfg *FlowFetcherConfig) (*FlowFetcher, error)
- func (m *FlowFetcher) Close() error
- func (m *FlowFetcher) DeleteMapsStaleEntries(timeOut time.Duration)
- func (m *FlowFetcher) LookupAndDeleteMap() map[BpfFlowId][]BpfFlowMetrics
- func (m *FlowFetcher) ReadRingBuf() (ringbuf.Record, error)
- func (m *FlowFetcher) Register(iface ifaces.Interface) error
type FlowFetcherConfig
type PacketFetcher
- func NewPacketFetcher(cacheMaxSize int, pcaFilters string, ingress, egress bool) (*PacketFetcher, error)
- func (p *PacketFetcher) Close() error
- func (p *PacketFetcher) LookupAndDeleteMap() map[int][]*byte
- func (p *PacketFetcher) ReadPerf() (perf.Record, error)
- func (p *PacketFetcher) Register(iface ifaces.Interface) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LoadBpf ¶ added in v0.3.0

func LoadBpf() (*ebpf.CollectionSpec, error)

LoadBpf returns the embedded CollectionSpec for Bpf.

func LoadBpfObjects ¶ added in v0.3.0

func LoadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error

LoadBpfObjects loads Bpf and converts it into a struct.

The following types are suitable as obj argument:

*BpfObjects
*BpfPrograms
*BpfMaps

See ebpf.CollectionSpec.LoadAndAssign documentation for details.

Types ¶

type BpfDnsFlowId ¶ added in v0.3.2

type BpfDnsFlowId struct {
	SrcPort  uint16
	DstPort  uint16
	SrcIp    [16]uint8
	DstIp    [16]uint8
	Id       uint16
	Protocol uint8
}

type BpfDnsRecordT ¶ added in v0.3.2

type BpfDnsRecordT struct {
	Id      uint16
	Flags   uint16
	Latency uint64
	Errno   uint8
}

type BpfFlowId ¶ added in v0.3.0

type BpfFlowId BpfFlowIdT

type BpfFlowIdT ¶ added in v0.3.0

type BpfFlowIdT struct {
	EthProtocol       uint16
	Direction         uint8
	SrcMac            [6]uint8
	DstMac            [6]uint8
	SrcIp             [16]uint8
	DstIp             [16]uint8
	SrcPort           uint16
	DstPort           uint16
	TransportProtocol uint8
	IcmpType          uint8
	IcmpCode          uint8
	IfIndex           uint32
}

type BpfFlowMetrics ¶ added in v0.3.0

type BpfFlowMetrics BpfFlowMetricsT

type BpfFlowMetricsT ¶ added in v0.3.0

type BpfFlowMetricsT struct {
	Packets         uint32
	Bytes           uint64
	StartMonoTimeTs uint64
	EndMonoTimeTs   uint64
	Flags           uint16
	Errno           uint8
	Dscp            uint8
	PktDrops        BpfPktDropsT
	DnsRecord       BpfDnsRecordT
	FlowRtt         uint64
}

type BpfFlowRecordT ¶ added in v0.3.0

type BpfFlowRecordT struct {
	Id      BpfFlowId
	Metrics BpfFlowMetrics
}

type BpfMapSpecs ¶ added in v0.3.0

type BpfMapSpecs struct {
	AggregatedFlows *ebpf.MapSpec `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.MapSpec `ebpf:"direct_flows"`
	DnsFlows        *ebpf.MapSpec `ebpf:"dns_flows"`
	PacketRecord    *ebpf.MapSpec `ebpf:"packet_record"`
}

BpfMapSpecs contains maps before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type BpfMaps ¶ added in v0.3.0

type BpfMaps struct {
	AggregatedFlows *ebpf.Map `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.Map `ebpf:"direct_flows"`
	DnsFlows        *ebpf.Map `ebpf:"dns_flows"`
	PacketRecord    *ebpf.Map `ebpf:"packet_record"`
}

BpfMaps contains all maps after they have been loaded into the kernel.

It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*BpfMaps) Close ¶ added in v0.3.0

func (m *BpfMaps) Close() error

type BpfObjects ¶ added in v0.3.0

type BpfObjects struct {
	BpfPrograms
	BpfMaps
}

BpfObjects contains all objects after they have been loaded into the kernel.

It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*BpfObjects) Close ¶ added in v0.3.0

func (o *BpfObjects) Close() error

type BpfPktDropsT ¶ added in v0.3.2

type BpfPktDropsT struct {
	Packets         uint32
	Bytes           uint64
	LatestFlags     uint16
	LatestState     uint8
	LatestDropCause uint32
}

type BpfProgramSpecs ¶ added in v0.3.0

type BpfProgramSpecs struct {
	EgressFlowParse  *ebpf.ProgramSpec `ebpf:"egress_flow_parse"`
	EgressPcaParse   *ebpf.ProgramSpec `ebpf:"egress_pca_parse"`
	IngressFlowParse *ebpf.ProgramSpec `ebpf:"ingress_flow_parse"`
	IngressPcaParse  *ebpf.ProgramSpec `ebpf:"ingress_pca_parse"`
	KfreeSkb         *ebpf.ProgramSpec `ebpf:"kfree_skb"`
	TcpRcvFentry     *ebpf.ProgramSpec `ebpf:"tcp_rcv_fentry"`
	TcpRcvKprobe     *ebpf.ProgramSpec `ebpf:"tcp_rcv_kprobe"`
}

BpfSpecs contains programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type BpfPrograms ¶ added in v0.3.0

type BpfPrograms struct {
	EgressFlowParse  *ebpf.Program `ebpf:"egress_flow_parse"`
	EgressPcaParse   *ebpf.Program `ebpf:"egress_pca_parse"`
	IngressFlowParse *ebpf.Program `ebpf:"ingress_flow_parse"`
	IngressPcaParse  *ebpf.Program `ebpf:"ingress_pca_parse"`
	KfreeSkb         *ebpf.Program `ebpf:"kfree_skb"`
	TcpRcvFentry     *ebpf.Program `ebpf:"tcp_rcv_fentry"`
	TcpRcvKprobe     *ebpf.Program `ebpf:"tcp_rcv_kprobe"`
}

BpfPrograms contains all programs after they have been loaded into the kernel.

It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*BpfPrograms) Close ¶ added in v0.3.0

func (p *BpfPrograms) Close() error

type BpfSpecs ¶ added in v0.3.0

type BpfSpecs struct {
	BpfProgramSpecs
	BpfMapSpecs
}

BpfSpecs contains maps and programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type FlowFetcher ¶ added in v0.2.1

type FlowFetcher struct {
	// contains filtered or unexported fields
}

FlowFetcher reads and forwards the Flows from the Traffic Control hooks in the eBPF kernel space. It provides access both to flows that are aggregated in the kernel space (via PerfCPU hashmap) and to flows that are forwarded by the kernel via ringbuffer because could not be aggregated in the map

func NewFlowFetcher ¶ added in v0.2.1

func NewFlowFetcher(cfg *FlowFetcherConfig) (*FlowFetcher, error)

func (*FlowFetcher) Close ¶ added in v0.2.1

func (m *FlowFetcher) Close() error

Close the eBPF fetcher from the system. We don't need a "Close(iface)" method because the filters and qdiscs are automatically removed when the interface is down nolint:cyclop

func (*FlowFetcher) DeleteMapsStaleEntries ¶ added in v0.3.2

func (m *FlowFetcher) DeleteMapsStaleEntries(timeOut time.Duration)

DeleteMapsStaleEntries Look for any stale entries in the features maps and delete them

func (*FlowFetcher) LookupAndDeleteMap ¶ added in v0.2.1

func (m *FlowFetcher) LookupAndDeleteMap() map[BpfFlowId][]BpfFlowMetrics

LookupAndDeleteMap reads all the entries from the eBPF map and removes them from it. It returns a map where the key For synchronization purposes, we get/delete a whole snapshot of the flows map. This way we avoid missing packets that could be updated on the ebpf side while we process/aggregate them here Changing this method invocation by BatchLookupAndDelete could improve performance TODO: detect whether BatchLookupAndDelete is supported (Kernel>=5.6) and use it selectively Supported Lookup/Delete operations by kernel: https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md Race conditions here causes that some flows are lost in high-load scenarios

func (*FlowFetcher) ReadRingBuf ¶ added in v0.2.1

func (m *FlowFetcher) ReadRingBuf() (ringbuf.Record, error)

func (*FlowFetcher) Register ¶ added in v0.2.1

func (m *FlowFetcher) Register(iface ifaces.Interface) error

Register and links the eBPF fetcher into the system. The program should invoke Unregister before exiting.

type FlowFetcherConfig ¶ added in v0.3.2

type FlowFetcherConfig struct {
	EnableIngress bool
	EnableEgress  bool
	Debug         bool
	Sampling      int
	CacheMaxSize  int
	PktDrops      bool
	DNSTracker    bool
	EnableRTT     bool
}

type PacketFetcher ¶ added in v0.3.3

type PacketFetcher struct {
	// contains filtered or unexported fields
}

It provides access to packets from the kernel space (via PerfCPU hashmap)

func NewPacketFetcher ¶ added in v0.3.3

func NewPacketFetcher(
	cacheMaxSize int,
	pcaFilters string,
	ingress, egress bool,
) (*PacketFetcher, error)

func (*PacketFetcher) Close ¶ added in v0.3.3

func (p *PacketFetcher) Close() error

Close the eBPF fetcher from the system. We don't need an "Close(iface)" method because the filters and qdiscs are automatically removed when the interface is down

func (*PacketFetcher) LookupAndDeleteMap ¶ added in v0.3.3

func (p *PacketFetcher) LookupAndDeleteMap() map[int][]*byte

func (*PacketFetcher) ReadPerf ¶ added in v0.3.3

func (p *PacketFetcher) ReadPerf() (perf.Record, error)

func (*PacketFetcher) Register ¶ added in v0.3.3

func (p *PacketFetcher) Register(iface ifaces.Interface) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL