Documentation
¶
Overview ¶
SPDX-License-Identifier: Apache-2.0 Copyright Authors of Tetragon
Index ¶
- Constants
- Variables
- func CheckOrMountCgroup2() error
- func CheckOrMountFS(bpfRoot string)
- func CheckOrMountTraceFS() error
- func ConfigureResourceLimits() error
- func DetectMixBpfAndTailCalls() bool
- func Environment() []string
- func GetMapRoot() string
- func GetNumPossibleCPUs() int
- func HasAuditLoginuid() bool
- func HasBatchAPI() bool
- func HasBuildId() bool
- func HasFentryProgram() bool
- func HasGetFuncRetHelper() bool
- func HasKfunc(name string) bool
- func HasKprobeMulti() bool
- func HasLSMPrograms() bool
- func HasLinkPin() bool
- func HasMissedStatsKprobeMulti() bool
- func HasMissedStatsPerfEvent() bool
- func HasModifyReturn() bool
- func HasModifyReturnSyscall() bool
- func HasOverrideHelper() bool
- func HasProbeWriteUserHelper() bool
- func HasProgramLargeSize() bool
- func HasSignalHelper() bool
- func HasUprobeMulti() bool
- func HasUprobeRefCtrOffset() bool
- func HasUprobeRegsChange() bool
- func LocalMapName(name string, id uint16) string
- func LocalMapPath(name string, id uint16) string
- func LogFeatures() string
- func MapPath(name string) string
- func MapPrefixPath() string
- func ParseMemlockFromFDInfo(fd int) (int, error)
- func SetMapPrefix(path string)
- func SetMapRoot(path string)
- type ExtendedMapInfo
- type Feature
- type FeatureKfuncs
- type FeatureProbe
- type PerfEventConfig
Constants ¶
View Source
const ( PERF_TYPE_SOFTWARE = 1 PERF_SAMPLE_RAW = 1 << 10 PERF_COUNT_SW_BPF_OUTPUT = 10 // BPF map type constants. Must match enum bpf_map_type from linux/bpf.h BPF_MAP_TYPE_UNSPEC = 0 BPF_MAP_TYPE_HASH = 1 BPF_MAP_TYPE_ARRAY = 2 BPF_MAP_TYPE_PROG_ARRAY = 3 BPF_MAP_TYPE_PERF_EVENT_ARRAY = 4 BPF_MAP_TYPE_PERCPU_HASH = 5 BPF_MAP_TYPE_PERCPU_ARRAY = 6 BPF_MAP_TYPE_STACK_TRACE = 7 BPF_MAP_TYPE_CGROUP_ARRAY = 8 BPF_MAP_TYPE_LRU_HASH = 9 BPF_MAP_TYPE_LRU_PERCPU_HASH = 10 BPF_MAP_TYPE_LPM_TRIE = 11 BPF_MAP_TYPE_ARRAY_OF_MAPS = 12 BPF_MAP_TYPE_HASH_OF_MAPS = 13 BPF_MAP_TYPE_DEVMAP = 14 BPF_MAP_TYPE_SOCKMAP = 15 BPF_MAP_TYPE_CPUMAP = 16 BPF_MAP_TYPE_XSKMAP = 17 BPF_MAP_TYPE_SOCKHASH = 18 BPF_MAP_TYPE_CGROUP_STORAGE = 19 BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 20 // BPF syscall command constants. Must match enum bpf_cmd from linux/bpf.h BPF_MAP_CREATE = 0 BPF_MAP_LOOKUP_ELEM = 1 BPF_MAP_UPDATE_ELEM = 2 BPF_MAP_DELETE_ELEM = 3 BPF_MAP_GET_NEXT_KEY = 4 BPF_PROG_LOAD = 5 BPF_OBJ_PIN = 6 BPF_OBJ_GET = 7 BPF_PROG_ATTACH = 8 BPF_PROG_DETACH = 9 BPF_PROG_TEST_RUN = 10 BPF_PROG_GET_NEXT_ID = 11 BPF_MAP_GET_NEXT_ID = 12 BPF_PROG_GET_FD_BY_ID = 13 BPF_MAP_GET_FD_BY_ID = 14 BPF_OBJ_GET_INFO_BY_FD = 15 BPF_PROG_QUERY = 16 BPF_RAW_TRACEPOINT_OPEN = 17 BPF_BTF_LOAD = 18 BPF_BTF_GET_FD_BY_ID = 19 BPF_TASK_FD_QUERY = 20 // BPF syscall attach types BPF_CGROUP_INET_INGRESS = 0 BPF_CGROUP_INET_EGRESS = 1 BPF_CGROUP_INET_SOCK_CREATE = 2 BPF_CGROUP_SOCK_OPS = 3 BPF_SK_SKB_STREAM_PARSER = 4 BPF_SK_SKB_STREAM_VERDICT = 5 BPF_CGROUP_DEVICE = 6 BPF_SK_MSG_VERDICT = 7 BPF_CGROUP_INET4_BIND = 8 BPF_CGROUP_INET6_BIND = 9 BPF_CGROUP_INET4_CONNECT = 10 BPF_CGROUP_INET6_CONNECT = 11 BPF_CGROUP_INET4_POST_BIND = 12 BPF_CGROUP_INET6_POST_BIND = 13 BPF_CGROUP_UDP4_SENDMSG = 14 BPF_CGROUP_UDP6_SENDMSG = 15 BPF_LIRC_MODE2 = 16 BPF_FLOW_DISSECTOR = 17 BPF_CGROUP_SYSCTL = 18 BPF_CGROUP_UDP4_RECVMSG = 19 BPF_CGROUP_UDP6_RECVMSG = 20 // Flags for BPF_MAP_UPDATE_ELEM. Must match values from linux/bpf.h BPF_ANY = 0 BPF_NOEXIST = 1 BPF_EXIST = 2 // Flags for BPF_MAP_CREATE. Must match values from linux/bpf.h BPF_F_NO_PREALLOC = 1 << 0 BPF_F_NO_COMMON_LRU = 1 << 1 BPF_F_NUMA_NODE = 1 << 2 // Flags for BPF_PROG_QUERY BPF_F_QUERY_EFFECTVE = 1 << 0 // Flags for accessing BPF object BPF_F_RDONLY = 1 << 3 BPF_F_WRONLY = 1 << 4 // Flag for stack_map, store build_id+offset instead of pointer BPF_F_STACK_BUILD_ID = 1 << 5 // Build ID flags bit for perf_event_open PerfBitBuildId = constants.CBitFieldMaskBit34 )
View Source
const ( OverrideReturnProbe = "override_return" BuildIDProbe = "buildid" KprobeMultiProbe = "kprobe_multi" UprobeMultiProbe = "uprobe_multi" FmodRetProbe = "fmodret" FmodRetSyscallProbe = "fmodret_syscall" SignalHelperProbe = "signal" LargeProgsProbe = "large" LinkPinProbe = "link_pin" LsmProbe = "lsm" MissedStatsKprobeMultiProbe = "missed_stats_kprobe_multi" MissedStatsKprobeProbe = "missed_stats_kprobe" BatchUpdateProbe = "batch_update" UprobeRefCtrOffsetProbe = "uprobe_refctroff" AuditLoginUIDProbe = "audit_loginuid" ProbeWriteUserProbe = "probe_write_user" UprobeRegsChangeProbe = "uprobe_regs_change" MixBPFAndTailCallsProbe = "mix_bpf_and_tail_calls" Fentry = "fentry" GetFuncRet = "get_func_ret" )
probe constants
Variables ¶
View Source
var FeatureProbes = []FeatureProbe{ {OverrideReturnProbe, HasOverrideHelper}, {BuildIDProbe, HasBuildId}, {KprobeMultiProbe, HasKprobeMulti}, {UprobeMultiProbe, HasUprobeMulti}, {FmodRetProbe, HasModifyReturn}, {FmodRetSyscallProbe, HasModifyReturnSyscall}, {SignalHelperProbe, HasSignalHelper}, {LargeProgsProbe, HasProgramLargeSize}, {LinkPinProbe, HasLinkPin}, {LsmProbe, HasLSMPrograms}, {MissedStatsKprobeMultiProbe, HasMissedStatsKprobeMulti}, {MissedStatsKprobeProbe, HasMissedStatsPerfEvent}, {BatchUpdateProbe, HasBatchAPI}, {UprobeRefCtrOffsetProbe, HasUprobeRefCtrOffset}, {AuditLoginUIDProbe, HasAuditLoginuid}, {ProbeWriteUserProbe, HasProbeWriteUserHelper}, {UprobeRegsChangeProbe, HasUprobeRegsChange}, {MixBPFAndTailCallsProbe, DetectMixBpfAndTailCalls}, {Fentry, HasFentryProgram}, {GetFuncRet, HasGetFuncRetHelper}, }
View Source
var (
RingBufEventsMapName = "tg_rb_events"
)
Functions ¶
func CheckOrMountCgroup2 ¶
func CheckOrMountCgroup2() error
func CheckOrMountFS ¶
func CheckOrMountFS(bpfRoot string)
CheckOrMountFS checks or mounts the BPF filesystem and then opens/creates/deletes all maps which have previously been scheduled to be opened/created/deleted.
func CheckOrMountTraceFS ¶ added in v1.6.1
func CheckOrMountTraceFS() error
CheckOrMountTraceFS tries to mount tracefs. TraceFS is available since linux 4.1. In case it isn't available, fallbacks at mounting debugfs. By 2030, debugfs tracing automount will be killed upstream: https://github.com/torvalds/linux/commit/9ba817fb7c6afd3c86a6d4c3b822924b87ef0348
func ConfigureResourceLimits ¶
func ConfigureResourceLimits() error
func DetectMixBpfAndTailCalls ¶ added in v1.7.0
func DetectMixBpfAndTailCalls() bool
func Environment ¶
func Environment() []string
Environment returns a list of environment variables which are needed to make BPF programs and tc aware of the actual BPFFS mount path.
func GetMapRoot ¶
func GetMapRoot() string
func GetNumPossibleCPUs ¶
func GetNumPossibleCPUs() int
func HasAuditLoginuid ¶ added in v1.6.0
func HasAuditLoginuid() bool
func HasBatchAPI ¶ added in v1.5.0
func HasBatchAPI() bool
func HasBuildId ¶ added in v0.9.0
func HasBuildId() bool
func HasFentryProgram ¶ added in v1.7.0
func HasFentryProgram() bool
func HasGetFuncRetHelper ¶ added in v1.7.0
func HasGetFuncRetHelper() bool
func HasKprobeMulti ¶ added in v0.8.3
func HasKprobeMulti() bool
func HasLSMPrograms ¶ added in v1.2.0
func HasLSMPrograms() bool
func HasLinkPin ¶ added in v1.2.0
func HasLinkPin() bool
func HasMissedStatsKprobeMulti ¶ added in v1.2.0
func HasMissedStatsKprobeMulti() bool
func HasMissedStatsPerfEvent ¶ added in v1.2.0
func HasMissedStatsPerfEvent() bool
func HasModifyReturn ¶ added in v1.0.0
func HasModifyReturn() bool
func HasModifyReturnSyscall ¶ added in v1.1.0
func HasModifyReturnSyscall() bool
func HasOverrideHelper ¶
func HasOverrideHelper() bool
func HasProbeWriteUserHelper ¶ added in v1.6.0
func HasProbeWriteUserHelper() bool
func HasProgramLargeSize ¶ added in v1.1.0
func HasProgramLargeSize() bool
func HasSignalHelper ¶ added in v1.1.0
func HasSignalHelper() bool
func HasUprobeMulti ¶ added in v1.1.0
func HasUprobeMulti() bool
func HasUprobeRefCtrOffset ¶ added in v1.6.0
func HasUprobeRefCtrOffset() bool
func HasUprobeRegsChange ¶ added in v1.6.0
func HasUprobeRegsChange() bool
func LocalMapName ¶
LocalMapName returns the name for a BPF map that is local to the specified ID.
func LocalMapPath ¶
LocalMapPath returns the path for a BPF map that is local to the specified ID.
func LogFeatures ¶ added in v1.0.0
func LogFeatures() string
func MapPrefixPath ¶
func MapPrefixPath() string
func ParseMemlockFromFDInfo ¶ added in v1.2.1
func SetMapPrefix ¶
func SetMapPrefix(path string)
func SetMapRoot ¶
func SetMapRoot(path string)
Types ¶
type ExtendedMapInfo ¶ added in v1.2.1
func ExtendedInfoFromMap ¶ added in v1.2.1
func ExtendedInfoFromMap(m *ebpf.Map) (ExtendedMapInfo, error)
func ExtendedInfoFromMapID ¶ added in v1.2.1
func ExtendedInfoFromMapID(id int) (ExtendedMapInfo, error)
func MemlockInfoFromMapID ¶ added in v1.2.1
func MemlockInfoFromMapID(id int) (ExtendedMapInfo, error)
type FeatureKfuncs ¶ added in v1.7.0
type FeatureKfuncs struct {
// contains filtered or unexported fields
}
type FeatureProbe ¶ added in v1.7.0
type PerfEventConfig ¶
type PerfEventConfig struct {
NumCpus int
NumPages int
MapName string
Type int
Config int
SampleType int
WakeupEvents int
}
func DefaultPerfEventConfig ¶
func DefaultPerfEventConfig() *PerfEventConfig
DefaultPerfEventConfig returns the default perf event configuration. It relies on the map root to be set.
Source Files
Click to show internal directories.
Click to hide internal directories.