package link
import "github.com/cilium/ebpf/link"
Package link allows attaching eBPF programs to various kernel hooks.
Index ¶
- Variables
- func RawAttachProgram(opts RawAttachProgramOptions) error
- func RawDetachProgram(opts RawDetachProgramOptions) error
- type CgroupOptions
- type ID
- type Iter
- func AttachIter(opts IterOptions) (*Iter, error)
- func LoadPinnedIter(fileName string) (*Iter, error)
- func (it *Iter) Close() error
- func (it *Iter) FD() int
- func (it *Iter) Open() (io.ReadCloser, error)
- func (it *Iter) Pin(fileName string) error
- func (it *Iter) Update(new *ebpf.Program) error
- type IterOptions
- type Link
- func AttachCgroup(opts CgroupOptions) (Link, error)
- func AttachRawTracepoint(opts RawTracepointOptions) (Link, error)
- func LoadPinnedCgroup(fileName string) (Link, error)
- type NetNsInfo
- type NetNsLink
- func AttachNetNs(ns int, prog *ebpf.Program) (*NetNsLink, error)
- func LoadPinnedNetNs(fileName string) (*NetNsLink, error)
- func (nns *NetNsLink) Info() (*NetNsInfo, error)
- type RawAttachProgramOptions
- type RawDetachProgramOptions
- type RawLink
- func AttachRawLink(opts RawLinkOptions) (*RawLink, error)
- func LoadPinnedRawLink(fileName string) (*RawLink, error)
- func (l *RawLink) Close() error
- func (l *RawLink) FD() int
- func (l *RawLink) Info() (*RawLinkInfo, error)
- func (l *RawLink) Pin(fileName string) error
- func (l *RawLink) Update(new *ebpf.Program) error
- func (l *RawLink) UpdateArgs(opts RawLinkUpdateOptions) error
- type RawLinkInfo
- type RawLinkOptions
- type RawLinkUpdateOptions
- type RawTracepointOptions
- type Type
Examples ¶
Variables ¶
var ErrNotSupported = internal.ErrNotSupported
Functions ¶
func RawAttachProgram ¶
func RawAttachProgram(opts RawAttachProgramOptions) error
RawAttachProgram is a low level wrapper around BPF_PROG_ATTACH.
You should use one of the higher level abstractions available in this package if possible.
func RawDetachProgram ¶
func RawDetachProgram(opts RawDetachProgramOptions) error
RawDetachProgram is a low level wrapper around BPF_PROG_DETACH.
You should use one of the higher level abstractions available in this package if possible.
Types ¶
type CgroupOptions ¶
type CgroupOptions struct {
// Path to a cgroupv2 folder.
Path string
// One of the AttachCgroup* constants
Attach ebpf.AttachType
// Program must be of type CGroup*, and the attach type must match Attach.
Program *ebpf.Program
}
type ID ¶
type ID uint32
ID uniquely identifies a BPF link.
type Iter ¶
type Iter struct {
// contains filtered or unexported fields
}
Iter represents an attached bpf_iter.
func AttachIter ¶
func AttachIter(opts IterOptions) (*Iter, error)
AttachIter attaches a BPF seq_file iterator.
func LoadPinnedIter ¶
LoadPinnedIter loads a pinned iterator from a bpffs.
func (*Iter) Close ¶
Close implements Link.
func (*Iter) FD ¶
FD returns the underlying file descriptor.
func (*Iter) Open ¶
func (it *Iter) Open() (io.ReadCloser, error)
Open creates a new instance of the iterator.
Reading from the returned reader triggers the BPF program.
func (*Iter) Pin ¶
Pin implements Link.
func (*Iter) Update ¶
Update implements Link.
type IterOptions ¶
type IterOptions struct {
// Program must be of type Tracing with attach type
// AttachTraceIter. The kind of iterator to attach to is
// determined at load time via the AttachTo field.
//
// AttachTo requires the kernel to include BTF of itself,
// and it to be compiled with a recent pahole (>= 1.16).
Program *ebpf.Program
}
type Link ¶
type Link interface {
// Replace the current program with a new program.
//
// Passing a nil program is an error. May return an error wrapping ErrNotSupported.
Update(*ebpf.Program) error
// Persist a link by pinning it into a bpffs.
//
// May return an error wrapping ErrNotSupported.
Pin(string) error
// Close frees resources.
//
// The link will be broken unless it has been pinned. A link
// may continue past the lifetime of the process if Close is
// not called.
Close() error
// contains filtered or unexported methods
}
Link represents a Program attached to a BPF hook.
func AttachCgroup ¶
func AttachCgroup(opts CgroupOptions) (Link, error)
AttachCgroup links a BPF program to a cgroup.
func AttachRawTracepoint ¶
func AttachRawTracepoint(opts RawTracepointOptions) (Link, error)
AttachRawTracepoint links a BPF program to a raw_tracepoint.
Requires at least Linux 4.17.
func LoadPinnedCgroup ¶
LoadPinnedCgroup loads a pinned cgroup from a bpffs.
type NetNsInfo ¶
type NetNsInfo struct {
RawLinkInfo
}
NetNsInfo contains metadata about a network namespace link.
type NetNsLink ¶
type NetNsLink struct {
*RawLink
}
NetNsLink is a program attached to a network namespace.
func AttachNetNs ¶
AttachNetNs attaches a program to a network namespace.
Code:
Example¶
{
prog, err := createSkLookupProgram()
if err != nil {
panic(err)
}
defer prog.Close()
// This can be a path to another netns as well.
netns, err := os.Open("/proc/self/ns/net")
if err != nil {
panic(err)
}
defer netns.Close()
link, err := AttachNetNs(int(netns.Fd()), prog)
if err != nil {
panic(err)
}
// The socket lookup program is now active until Close().
link.Close()
}
func LoadPinnedNetNs ¶
LoadPinnedNetNs loads a network namespace link from bpffs.
func (*NetNsLink) Info ¶
Info returns information about the link.
type RawAttachProgramOptions ¶
type RawAttachProgramOptions struct {
// File descriptor to attach to. This differs for each attach type.
Target int
// Program to attach.
Program *ebpf.Program
// Program to replace (cgroups).
Replace *ebpf.Program
// Attach must match the attach type of Program (and Replace).
Attach ebpf.AttachType
// Flags control the attach behaviour. This differs for each attach type.
Flags uint32
}
type RawDetachProgramOptions ¶
type RawDetachProgramOptions struct {
Target int
Program *ebpf.Program
Attach ebpf.AttachType
}
type RawLink ¶
type RawLink struct {
// contains filtered or unexported fields
}
RawLink is the low-level API to bpf_link.
You should consider using the higher level interfaces in this package instead.
func AttachRawLink ¶
func AttachRawLink(opts RawLinkOptions) (*RawLink, error)
AttachRawLink creates a raw link.
func LoadPinnedRawLink ¶
LoadPinnedRawLink loads a persisted link from a bpffs.
func (*RawLink) Close ¶
Close breaks the link.
Use Pin if you want to make the link persistent.
func (*RawLink) FD ¶
FD returns the raw file descriptor.
func (*RawLink) Info ¶
func (l *RawLink) Info() (*RawLinkInfo, error)
Info returns metadata about the link.
func (*RawLink) Pin ¶
Pin persists a link past the lifetime of the process.
Calling Close on a pinned Link will not break the link until the pin is removed.
func (*RawLink) Update ¶
Update implements Link.
func (*RawLink) UpdateArgs ¶
func (l *RawLink) UpdateArgs(opts RawLinkUpdateOptions) error
UpdateArgs updates a link based on args.
type RawLinkInfo ¶
RawLinkInfo contains metadata on a link.
type RawLinkOptions ¶
type RawLinkOptions struct {
// File descriptor to attach to. This differs for each attach type.
Target int
// Program to attach.
Program *ebpf.Program
// Attach must match the attach type of Program.
Attach ebpf.AttachType
}
RawLinkOptions control the creation of a raw link.
type RawLinkUpdateOptions ¶
RawLinkUpdateOptions control the behaviour of RawLink.UpdateArgs.
type RawTracepointOptions ¶
type RawTracepointOptions struct {
// Tracepoint name.
Name string
// Program must be of type RawTracepoint*
Program *ebpf.Program
}
type Type ¶
type Type uint32
Type is the kind of link.
const ( UnspecifiedType Type = iota RawTracepointType TracingType CgroupType IterType NetNsType XDPType )
Valid link types.
Equivalent to enum bpf_link_type.
Source Files ¶
cgroup.go doc.go iter.go link.go netns.go program.go raw_tracepoint.go syscalls.go
- Version
- v0.4.0
- Published
- Mar 18, 2021
- Platform
- js/wasm
- Imports
- 9 packages
- Last checked
- 4 hours ago –
Tools for package owners.