ebpf

package
v1.6.2-community Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 22, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConvertFilterPortsToInstr 

func ConvertFilterPortsToInstr(intPort int32, rangePorts, ports string) intstr.IntOrString

func LoadBpf added in v0.3.0 

func LoadBpf() (*ebpf.CollectionSpec, error)

LoadBpf returns the embedded CollectionSpec for Bpf.

func LoadBpfObjects added in v0.3.0 

func LoadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error

LoadBpfObjects loads Bpf and converts it into a struct.

The following types are suitable as obj argument: 

*BpfObjects
*BpfPrograms
*BpfMaps

See ebpf.CollectionSpec.LoadAndAssign documentation for details.

Types

type BpfDirectionT 

type BpfDirectionT uint32
const (
	BpfDirectionTINGRESS       BpfDirectionT = 0
	BpfDirectionTEGRESS        BpfDirectionT = 1
	BpfDirectionTMAX_DIRECTION BpfDirectionT = 2
)

type BpfDnsFlowId added in v0.3.2 

type BpfDnsFlowId struct {
	SrcPort  uint16
	DstPort  uint16
	SrcIp    [16]uint8
	DstIp    [16]uint8
	Id       uint16
	Protocol uint8
}

type BpfDnsRecordT added in v0.3.2 

type BpfDnsRecordT struct {
	Id      uint16
	Flags   uint16
	Latency uint64
	Errno   uint8
}

type BpfFilterActionT 

type BpfFilterActionT uint32
const (
	BpfFilterActionTACCEPT             BpfFilterActionT = 0
	BpfFilterActionTREJECT             BpfFilterActionT = 1
	BpfFilterActionTMAX_FILTER_ACTIONS BpfFilterActionT = 2
)

type BpfFilterKeyT 

type BpfFilterKeyT struct {
	PrefixLen uint32
	IpData    [16]uint8
}

type BpfFilterValueT 

type BpfFilterValueT struct {
	Protocol     uint8
	DstPortStart uint16
	DstPortEnd   uint16
	DstPort1     uint16
	DstPort2     uint16
	SrcPortStart uint16
	SrcPortEnd   uint16
	SrcPort1     uint16
	SrcPort2     uint16
	PortStart    uint16
	PortEnd      uint16
	Port1        uint16
	Port2        uint16
	IcmpType     uint8
	IcmpCode     uint8
	Direction    BpfDirectionT
	Action       BpfFilterActionT
	Ip           [16]uint8
}

type BpfFlowId added in v0.3.0 

type BpfFlowId BpfFlowIdT

type BpfFlowIdT added in v0.3.0 

type BpfFlowIdT struct {
	EthProtocol       uint16
	Direction         uint8
	SrcMac            [6]uint8
	DstMac            [6]uint8
	SrcIp             [16]uint8
	DstIp             [16]uint8
	SrcPort           uint16
	DstPort           uint16
	TransportProtocol uint8
	IcmpType          uint8
	IcmpCode          uint8
	IfIndex           uint32
}

type BpfFlowMetrics added in v0.3.0 

type BpfFlowMetrics BpfFlowMetricsT

type BpfFlowMetricsT added in v0.3.0 

type BpfFlowMetricsT struct {
	Packets         uint32
	Bytes           uint64
	StartMonoTimeTs uint64
	EndMonoTimeTs   uint64
	Flags           uint16
	Errno           uint8
	Dscp            uint8
	PktDrops        BpfPktDropsT
	DnsRecord       BpfDnsRecordT
	FlowRtt         uint64
}

type BpfFlowRecordT added in v0.3.0 

type BpfFlowRecordT struct {
	Id      BpfFlowId
	Metrics BpfFlowMetrics
}

type BpfGlobalCountersKeyT 

type BpfGlobalCountersKeyT uint32
const (
	BpfGlobalCountersKeyTHASHMAP_FLOWS_DROPPED_KEY BpfGlobalCountersKeyT = 0
	BpfGlobalCountersKeyTFILTER_REJECT_KEY         BpfGlobalCountersKeyT = 1
	BpfGlobalCountersKeyTFILTER_ACCEPT_KEY         BpfGlobalCountersKeyT = 2
	BpfGlobalCountersKeyTFILTER_NOMATCH_KEY        BpfGlobalCountersKeyT = 3
	BpfGlobalCountersKeyTMAX_DROPPED_FLOWS_KEY     BpfGlobalCountersKeyT = 4
)

type BpfMapSpecs added in v0.3.0 

type BpfMapSpecs struct {
	AggregatedFlows *ebpf.MapSpec `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.MapSpec `ebpf:"direct_flows"`
	DnsFlows        *ebpf.MapSpec `ebpf:"dns_flows"`
	FilterMap       *ebpf.MapSpec `ebpf:"filter_map"`
	GlobalCounters  *ebpf.MapSpec `ebpf:"global_counters"`
	PacketRecord    *ebpf.MapSpec `ebpf:"packet_record"`
}

BpfMapSpecs contains maps before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type BpfMaps added in v0.3.0 

type BpfMaps struct {
	AggregatedFlows *ebpf.Map `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.Map `ebpf:"direct_flows"`
	DnsFlows        *ebpf.Map `ebpf:"dns_flows"`
	FilterMap       *ebpf.Map `ebpf:"filter_map"`
	GlobalCounters  *ebpf.Map `ebpf:"global_counters"`
	PacketRecord    *ebpf.Map `ebpf:"packet_record"`
}

BpfMaps contains all maps after they have been loaded into the kernel.

It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*BpfMaps) Close added in v0.3.0 

func (m *BpfMaps) Close() error

type BpfObjects added in v0.3.0 

type BpfObjects struct {
	BpfPrograms
	BpfMaps
}

BpfObjects contains all objects after they have been loaded into the kernel.

It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*BpfObjects) Close added in v0.3.0 

func (o *BpfObjects) Close() error

type BpfPktDropsT added in v0.3.2 

type BpfPktDropsT struct {
	Packets         uint32
	Bytes           uint64
	LatestFlags     uint16
	LatestState     uint8
	LatestDropCause uint32
}

type BpfProgramSpecs added in v0.3.0 

type BpfProgramSpecs struct {
	KfreeSkb            *ebpf.ProgramSpec `ebpf:"kfree_skb"`
	TcEgressFlowParse   *ebpf.ProgramSpec `ebpf:"tc_egress_flow_parse"`
	TcEgressPcaParse    *ebpf.ProgramSpec `ebpf:"tc_egress_pca_parse"`
	TcIngressFlowParse  *ebpf.ProgramSpec `ebpf:"tc_ingress_flow_parse"`
	TcIngressPcaParse   *ebpf.ProgramSpec `ebpf:"tc_ingress_pca_parse"`
	TcpRcvFentry        *ebpf.ProgramSpec `ebpf:"tcp_rcv_fentry"`
	TcpRcvKprobe        *ebpf.ProgramSpec `ebpf:"tcp_rcv_kprobe"`
	TcxEgressFlowParse  *ebpf.ProgramSpec `ebpf:"tcx_egress_flow_parse"`
	TcxEgressPcaParse   *ebpf.ProgramSpec `ebpf:"tcx_egress_pca_parse"`
	TcxIngressFlowParse *ebpf.ProgramSpec `ebpf:"tcx_ingress_flow_parse"`
	TcxIngressPcaParse  *ebpf.ProgramSpec `ebpf:"tcx_ingress_pca_parse"`
}

BpfSpecs contains programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type BpfPrograms added in v0.3.0 

type BpfPrograms struct {
	KfreeSkb            *ebpf.Program `ebpf:"kfree_skb"`
	TcEgressFlowParse   *ebpf.Program `ebpf:"tc_egress_flow_parse"`
	TcEgressPcaParse    *ebpf.Program `ebpf:"tc_egress_pca_parse"`
	TcIngressFlowParse  *ebpf.Program `ebpf:"tc_ingress_flow_parse"`
	TcIngressPcaParse   *ebpf.Program `ebpf:"tc_ingress_pca_parse"`
	TcpRcvFentry        *ebpf.Program `ebpf:"tcp_rcv_fentry"`
	TcpRcvKprobe        *ebpf.Program `ebpf:"tcp_rcv_kprobe"`
	TcxEgressFlowParse  *ebpf.Program `ebpf:"tcx_egress_flow_parse"`
	TcxEgressPcaParse   *ebpf.Program `ebpf:"tcx_egress_pca_parse"`
	TcxIngressFlowParse *ebpf.Program `ebpf:"tcx_ingress_flow_parse"`
	TcxIngressPcaParse  *ebpf.Program `ebpf:"tcx_ingress_pca_parse"`
}

BpfPrograms contains all programs after they have been loaded into the kernel.

It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*BpfPrograms) Close added in v0.3.0 

func (p *BpfPrograms) Close() error

type BpfSpecs added in v0.3.0 

type BpfSpecs struct {
	BpfProgramSpecs
	BpfMapSpecs
}

BpfSpecs contains maps and programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type Filter 

type Filter struct {
	// contains filtered or unexported fields
}

func NewFilter 

func NewFilter(objects *BpfObjects, cfg *FilterConfig) *Filter

func (*Filter) ProgramFilter 

func (f *Filter) ProgramFilter() error

type FilterConfig 

type FilterConfig struct {
	FilterDirection       string
	FilterIPCIDR          string
	FilterProtocol        string
	FilterSourcePort      intstr.IntOrString
	FilterDestinationPort intstr.IntOrString
	FilterPort            intstr.IntOrString
	FilterIcmpType        int
	FilterIcmpCode        int
	FilterPeerIP          string
	FilterAction          string
}

type FlowFetcher added in v0.2.1 

type FlowFetcher struct {
	// contains filtered or unexported fields
}

FlowFetcher reads and forwards the Flows from the Traffic Control hooks in the eBPF kernel space. It provides access both to flows that are aggregated in the kernel space (via PerfCPU hashmap) and to flows that are forwarded by the kernel via ringbuffer because could not be aggregated in the map

func NewFlowFetcher added in v0.2.1 

func NewFlowFetcher(cfg *FlowFetcherConfig) (*FlowFetcher, error)

nolint:cyclop

func (*FlowFetcher) AttachTCX 

func (m *FlowFetcher) AttachTCX(iface ifaces.Interface) error

func (*FlowFetcher) Close added in v0.2.1 

func (m *FlowFetcher) Close() error

Close the eBPF fetcher from the system. We don't need a "Close(iface)" method because the filters and qdiscs are automatically removed when the interface is down nolint:cyclop

func (*FlowFetcher) DeleteMapsStaleEntries added in v0.3.2 

func (m *FlowFetcher) DeleteMapsStaleEntries(timeOut time.Duration)

DeleteMapsStaleEntries Look for any stale entries in the features maps and delete them

func (*FlowFetcher) LookupAndDeleteMap added in v0.2.1 

func (m *FlowFetcher) LookupAndDeleteMap(met *metrics.Metrics) map[BpfFlowId][]BpfFlowMetrics

LookupAndDeleteMap reads all the entries from the eBPF map and removes them from it. TODO: detect whether BatchLookupAndDelete is supported (Kernel>=5.6) and use it selectively Supported Lookup/Delete operations by kernel: https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md

func (*FlowFetcher) ReadGlobalCounter 

func (m *FlowFetcher) ReadGlobalCounter(met *metrics.Metrics)

ReadGlobalCounter reads the global counter and updates drop flows counter metrics

func (*FlowFetcher) ReadRingBuf added in v0.2.1 

func (m *FlowFetcher) ReadRingBuf() (ringbuf.Record, error)

func (*FlowFetcher) Register added in v0.2.1 

func (m *FlowFetcher) Register(iface ifaces.Interface) error

Register and links the eBPF fetcher into the system. The program should invoke Unregister before exiting.

type FlowFetcherConfig added in v0.3.2 

type FlowFetcherConfig struct {
	EnableIngress    bool
	EnableEgress     bool
	Debug            bool
	Sampling         int
	CacheMaxSize     int
	PktDrops         bool
	DNSTracker       bool
	DNSTrackerPort   uint16
	EnableRTT        bool
	EnableFlowFilter bool
	EnablePCA        bool
	FilterConfig     *FilterConfig
}

type PacketFetcher added in v0.3.3 

type PacketFetcher struct {
	// contains filtered or unexported fields
}

It provides access to packets from the kernel space (via PerfCPU hashmap)

func NewPacketFetcher added in v0.3.3 

func NewPacketFetcher(cfg *FlowFetcherConfig) (*PacketFetcher, error)

func (*PacketFetcher) AttachTCX 

func (p *PacketFetcher) AttachTCX(iface ifaces.Interface) error

func (*PacketFetcher) Close added in v0.3.3 

func (p *PacketFetcher) Close() error

Close the eBPF fetcher from the system. We don't need an "Close(iface)" method because the filters and qdiscs are automatically removed when the interface is down

func (*PacketFetcher) LookupAndDeleteMap added in v0.3.3 

func (p *PacketFetcher) LookupAndDeleteMap(met *metrics.Metrics) map[int][]*byte

func (*PacketFetcher) ReadPerf added in v0.3.3 

func (p *PacketFetcher) ReadPerf() (perf.Record, error)

func (*PacketFetcher) Register added in v0.3.3 

func (p *PacketFetcher) Register(iface ifaces.Interface) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.