package ebpf // import "github.com/newtools/ebpf"Package ebpf is a toolkit f

1. package ebpf // import "github.com/newtools/ebpf"
2.  
3. Package ebpf is a toolkit for working with eBPF programs.
4.  
5. eBPF programs are small snippets of code which are executed directly in a VM
6. in the Linux kernel, which makes them very fast and flexible. Many Linux
7. subsystems now accept eBPF programs. This makes it possible to implement
8. highly application specific logic inside the kernel, without having to
9. modify the actual kernel itself.
10.  
11. Since eBPF is a relatively young concept, documentation and user space
12. support is still lacking. Most of the available tools are written in C, and
13. reside in the kernel's source tree. The more mature external projects like
14. libbcc focus on using eBPF for instrumentation and debugging. This leads to
15. certain trade-offs which are not acceptable when writing production
16. services.
17.  
18. This package is instead designed for long-running processes which want to
19. use eBPF to implement part of their application logic. It has no run-time
20. dependencies outside of the library and the Linux kernel itself. eBPF code
21. should be compiled ahead of time using clang, and shipped with your
22. application as any other resource.
23.  
24. The two main parts are an ELF loader, which reads object files emitted by
25. clang, and facilities to modify and load eBPF programs into the kernel.
26.  
27. This package doesn't include code required to attach eBPF to Linux
28. subsystems, since this varies per subsystem. See the examples for possible
29. solutions.
30.  
31. FUNCTIONS
32.  
33. func SanitizeName(name string, replacement rune) string
34. SanitizeName replaces all invalid characters in name.
35.  
36. Use this to automatically generate valid names for maps and programs at run
37. time.
38.  
39. Passing a negative value for replacement will delete characters instead of
40. replacing them.
41.  
42.  
43. TYPES
44.  
45. type Map struct {
46. // Has unexported fields.
47. }
48. Map represents a Map file descriptor.
49.  
50. Methods which take interface{} arguments by default encode them using
51. binary.Read/Write in the machine's native endianness.
52.  
53. Implement Marshaler on the arguments if you need custom encoding.
54.  
55. func LoadPinnedMap(fileName string) (*Map, error)
56. LoadPinnedMap load a Map from a BPF file.
57.  
58. Requires at least Linux 4.13, and is not compatible with nested maps. Use
59. LoadPinnedMapExplicit in these situations.
60.  
61. func LoadPinnedMapExplicit(fileName string, abi *MapABI) (*Map, error)
62. LoadPinnedMapExplicit loads a map with explicit parameters.
63.  
64. func NewMap(spec *MapSpec) (*Map, error)
65. NewMap creates a new Map.
66.  
67. Creating a map for the first time will perform feature detection by creating
68. small, temporary maps.
69.  
70. func (m *Map) ABI() MapABI
71. ABI gets the ABI of the Map
72.  
73. func (m *Map) Clone() (*Map, error)
74. Clone creates a duplicate of the Map.
75.  
76. Closing the duplicate does not affect the original, and vice versa. Changes
77. made to the map are reflected by both instances however.
78.  
79. Cloning a nil Map returns nil.
80.  
81. func (m *Map) Close() error
82. Close removes a Map
83.  
84. func (m *Map) Create(key, value interface{}) error
85. Create creates a new value in a map, failing if the key exists already
86.  
87. func (m *Map) Delete(key interface{}) error
88. Delete removes a value.
89.  
90. Use DeleteStrict if you desire an error if key does not exist.
91.  
92. func (m *Map) DeleteStrict(key interface{}) error
93. DeleteStrict removes a key and returns an error if the key doesn't exist.
94.  
95. func (m *Map) FD() int
96. FD gets the raw fd value of Map
97.  
98. func (m *Map) Get(key, valueOut interface{}) (bool, error)
99. Get retrieves a value from a Map.
100.  
101. Calls Close() on valueOut if it is of type **Map or **Program, and *valueOut
102. is not nil.
103.  
104. func (m *Map) GetBytes(key interface{}) ([]byte, error)
105. GetBytes gets a value from Map
106.  
107. func (m *Map) Iterate() *MapIterator
108. Iterate traverses a map.
109.  
110. It's safe to create multiple iterators at the same time.
111.  
112. It's not possible to guarantee that all keys in a map will be returned if
113. there are concurrent modifications to the map.
114.  
115. func (m *Map) MarshalBinary() ([]byte, error)
116. MarshalBinary implements BinaryMarshaler.
117.  
118. func (m *Map) NextKey(key, nextKeyOut interface{}) (bool, error)
119. NextKey finds the key following an initial key.
120.  
121. See NextKeyBytes for details.
122.  
123. func (m *Map) NextKeyBytes(key interface{}) ([]byte, error)
124. NextKeyBytes returns the key following an initial key as a byte slice.
125.  
126. Passing nil will return the first key.
127.  
128. Use Iterate if you want to traverse all entries in the map.
129.  
130. func (m *Map) Pin(fileName string) error
131. Pin persists the map past the lifetime of the process that created it.
132.  
133. This requires bpffs to be mounted above fileName. See
134. http://cilium.readthedocs.io/en/doc-1.0/kubernetes/install/#mounting-the-bpf-fs-optional
135.  
136. func (m *Map) Put(key, value interface{}) error
137. Put replaces or creates a value in map
138.  
139. func (m *Map) Replace(key, value interface{}) error
140. Replace replaces a value in a map, failing if the value did not exist
141.  
142. func (m *Map) String() string
143. type MapABI struct {
144. Type MapType
145. KeySize uint32
146. ValueSize uint32
147. MaxEntries uint32
148. InnerMap *MapABI
149. }
150. MapABI describes a Map.
151.  
152. Members which have the zero value of their type are not checked.
153.  
154. func (abi *MapABI) Check(m *Map) error
155. Check verifies that a Map conforms to the ABI.
156.  
157. type MapIterator struct {
158. // Has unexported fields.
159. }
160. MapIterator iterates a Map.
161.  
162. See Map.Iterate.
163.  
164. func (mi *MapIterator) Err() error
165. Err returns any encountered error.
166.  
167. The method must be called after Next returns nil.
168.  
169. func (mi *MapIterator) Next(keyOut, valueOut interface{}) bool
170. Next decodes the next key and value.
171.  
172. Returns false if there are no more entries.
173.  
174. See Map.Get for further caveats around valueOut.
175.  
176. type MapSpec struct {
177. // Name is passed to the kernel as a debug aid. Must only contain
178. // alpha numeric and '_' characters.
179. Name string
180. Type MapType
181. KeySize uint32
182. ValueSize uint32
183. MaxEntries uint32
184. Flags uint32
185. // InnerMap is used as a template for ArrayOfMaps and HashOfMaps
186. InnerMap *MapSpec
187. }
188. MapSpec defines a Map.
189.  
190. func (ms *MapSpec) Copy() *MapSpec
191. Copy returns a copy of the spec.
192.  
193. func (ms *MapSpec) String() string
194. type MapType uint32
195. MapType indicates the type map structure that will be initialized in the
196. kernel.
197.  
198. const (
199. UnspecifiedMap MapType = iota
200. // Hash is a hash map
201. Hash
202. // Array is an array map
203. Array
204. // ProgramArray - A program array map is a special kind of array map whose map
205. // values contain only file descriptors referring to other eBPF
206. // programs. Thus, both the key_size and value_size must be
207. // exactly four bytes. This map is used in conjunction with the
208. // TailCall helper.
209. ProgramArray
210. // PerfEventArray - A perf event array is used in conjunction with PerfEventRead
211. // and PerfEventOutput calls, to read the raw bpf_perf_data from the registers.
212. PerfEventArray
213. // PerCPUHash - This data structure is useful for people who have high performance
214. // network needs and can reconcile adds at the end of some cycle, so that
215. // hashes can be lock free without the use of XAdd, which can be costly.
216. PerCPUHash
217. // PerCPUArray - This data structure is useful for people who have high performance
218. // network needs and can reconcile adds at the end of some cycle, so that
219. // hashes can be lock free without the use of XAdd, which can be costly.
220. // Each CPU gets a copy of this hash, the contents of all of which can be reconciled
221. // later.
222. PerCPUArray
223. // StackTrace - This holds whole user and kernel stack traces, it can be retrieved with
224. // GetStackID
225. StackTrace
226. // CGroupArray - This is a very niche structure used to help SKBInCGroup determine
227. // if an skb is from a socket belonging to a specific cgroup
228. CGroupArray
229. // LRUHash - This allows you to create a small hash structure that will purge the
230. // least recently used items rather than thow an error when you run out of memory
231. LRUHash
232. // LRUCPUHash - This is NOT like PerCPUHash, this structure is shared among the CPUs,
233. // it has more to do with including the CPU id with the LRU calculation so that if a
234. // particular CPU is using a value over-and-over again, then it will be saved, but if
235. // a value is being retrieved a lot but sparsely across CPUs it is not as important, basically
236. // giving weight to CPU locality over overall usage.
237. LRUCPUHash
238. // LPMTrie - This is an implementation of Longest-Prefix-Match Trie structure. It is useful,
239. // for storing things like IP addresses which can be bit masked allowing for keys of differing
240. // values to refer to the same reference based on their masks. See wikipedia for more details.
241. LPMTrie
242. // ArrayOfMaps - Each item in the array is another map. The inner map mustn't be a map of maps
243. // itself.
244. ArrayOfMaps
245. // HashOfMaps - Each item in the hash map is another map. The inner map mustn't be a map of maps
246. // itself.
247. HashOfMaps
248. )
249. All the various map types that can be created
250.  
251. func (i MapType) String() string
252. type Marshaler interface {
253. encoding.BinaryMarshaler
254. encoding.BinaryUnmarshaler
255. }
256. Marshaler allows controlling the binary representation used for getting and
257. setting keys on a map.
258.  
259. type PerfReader struct {
260.  
261. // Error receives a write if the reader exits
262. // due to an error.
263. Error <-chan error
264.  
265. // Samples is closed when the Reader exits.
266. Samples <-chan *PerfSample
267. // Has unexported fields.
268. }
269. PerfReader allows reading bpf_perf_event_output from user space.
270.  
271. func NewPerfReader(opts PerfReaderOptions) (out *PerfReader, err error)
272. NewPerfReader creates a new reader with the given options.
273.  
274. The value returned by LostSamples() will increase if the buffer isn't large
275. enough to contain all incoming samples.
276.  
277. func (pr *PerfReader) Close() (err error)
278. Close stops the reader, discarding any samples not yet written to 'Samples'.
279.  
280. Calls to perf_event_output from eBPF programs will return ENOENT after
281. calling this method.
282.  
283. func (pr *PerfReader) FlushAndClose() error
284. FlushAndClose stops the reader, flushing any samples to 'Samples'. Will
285. block if no consumer reads from 'Samples'.
286.  
287. Calls to perf_event_output from eBPF programs will return ENOENT after
288. calling this method.
289.  
290. func (pr *PerfReader) LostSamples() uint64
291. LostSamples returns the number of samples dropped by the perf subsystem.
292.  
293. type PerfReaderOptions struct {
294. // A map of type PerfEventArray. The reader takes ownership of the
295. // map and takes care of closing it.
296. Map *Map
297. // Controls the size of the per CPU buffer in bytes. LostSamples() will
298. // increase if the buffer is too small.
299. PerCPUBuffer int
300. // The reader will start processing samples once the per CPU buffer
301. // exceeds this value. Must be smaller than PerCPUBuffer.
302. Watermark int
303. }
304. PerfReaderOptions control the behaviour of the user space reader.
305.  
306. type PerfSample struct {
307. // Data are padded with 0 to have a 64-bit alignment.
308. // If you are using variable length samples you need to take
309. // this into account.
310. Data []byte
311. }
312. PerfSample is read from the kernel by PerfReader.