ebpf

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DirectionUnset is a convenience value to specify an unset/removed direction field
	DirectionUnset = 0xFF
	// DirectionIngress and DirectionEgress values according to field 61 in https://www.iana.org/assignments/ipfix/ipfix.xhtml
	DirectionIngress = 0
	DirectionEgress  = 1

	InterfaceUnset = 0xFFFFFFFF
)

Variables

This section is empty.

Functions

func LoadNet 

func LoadNet() (*ebpf.CollectionSpec, error)

LoadNet returns the embedded CollectionSpec for Net.

func LoadNetObjects 

func LoadNetObjects(obj interface{}, opts *ebpf.CollectionOptions) error

LoadNetObjects loads Net and converts it into a struct.

The following types are suitable as obj argument: 

*NetObjects
*NetPrograms
*NetMaps

See ebpf.CollectionSpec.LoadAndAssign documentation for details.

func LoadNetSk added in v1.5.0 

func LoadNetSk() (*ebpf.CollectionSpec, error)

LoadNetSk returns the embedded CollectionSpec for NetSk.

func LoadNetSkObjects added in v1.5.0 

func LoadNetSkObjects(obj interface{}, opts *ebpf.CollectionOptions) error

LoadNetSkObjects loads NetSk and converts it into a struct.

The following types are suitable as obj argument: 

*NetSkObjects
*NetSkPrograms
*NetSkMaps

See ebpf.CollectionSpec.LoadAndAssign documentation for details.

Types

type FlowFetcher 

type FlowFetcher struct {
	// contains filtered or unexported fields
}

FlowFetcher reads and forwards the Flows from the Traffic Control hooks in the eBPF kernel space. It provides access both to flows that are aggregated in the kernel space (via PerfCPU hashmap) and to flows that are forwarded by the kernel via ringbuffer because could not be aggregated in the map

func NewFlowFetcher 

func NewFlowFetcher(
	sampling, cacheMaxSize int,
	ingress, egress bool,
) (*FlowFetcher, error)

func (*FlowFetcher) Close 

func (m *FlowFetcher) Close() error

Close the eBPF fetcher from the system. We don't need an "Close(iface)" method because the filters and qdiscs are automatically removed when the interface is down

func (*FlowFetcher) LookupAndDeleteMap 

func (m *FlowFetcher) LookupAndDeleteMap() map[NetFlowId][]NetFlowMetrics

LookupAndDeleteMap reads all the entries from the eBPF map and removes them from it. It returns a map where the key For synchronization purposes, we get/delete a whole snapshot of the flows map. This way we avoid missing packets that could be updated on the ebpf side while we process/aggregate them here Changing this method invocation by BatchLookupAndDelete could improve performance TODO: detect whether BatchLookupAndDelete is supported (Kernel>=5.6) and use it selectively Supported Lookup/Delete operations by kernel: https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md Race conditions here causes that some flows are lost in high-load scenarios

func (*FlowFetcher) ReadRingBuf 

func (m *FlowFetcher) ReadRingBuf() (ringbuf.Record, error)

func (*FlowFetcher) Register 

func (m *FlowFetcher) Register(iface ifaces.Interface) error

Register and links the eBPF fetcher into the system. The program should invoke Unregister before exiting.

type IPAddr 

type IPAddr [net.IPv6len]uint8

IPAddr encodes v4 and v6 IPs with a fixed length. IPv4 addresses are encoded as IPv6 addresses with prefix ::ffff/96 as described in https://datatracker.ietf.org/doc/html/rfc4038#section-4.2 (same behavior as Go's net.IP type)

func (*IPAddr) IP 

func (ia *IPAddr) IP() net.IP

IP returns the net.IP equivalent object

func (*IPAddr) IntEncodeV4 

func (ia *IPAddr) IntEncodeV4() uint32

IntEncodeV4 encodes an IPv4 address as an integer (in network encoding, big endian). It assumes that the passed IP is already IPv4. Otherwise it would just encode the last 4 bytes of an IPv6 address

func (*IPAddr) MarshalJSON 

func (ia *IPAddr) MarshalJSON() ([]byte, error)

type NetFlowId 

type NetFlowId NetFlowIdT

func (*NetFlowId) DstIP 

func (fi *NetFlowId) DstIP() *IPAddr

DstIP is never null. Returned as pointer for efficiency.

func (*NetFlowId) SrcIP 

func (fi *NetFlowId) SrcIP() *IPAddr

SrcIP is never null. Returned as pointer for efficiency.

type NetFlowIdT 

type NetFlowIdT struct {
	SrcIp             struct{ In6U struct{ U6Addr8 [16]uint8 } }
	DstIp             struct{ In6U struct{ U6Addr8 [16]uint8 } }
	EthProtocol       uint16
	Direction         uint8
	SrcPort           uint16
	DstPort           uint16
	TransportProtocol uint8
	IfIndex           uint32
}

type NetFlowMetrics 

type NetFlowMetrics NetFlowMetricsT

func (*NetFlowMetrics) Accumulate 

func (fm *NetFlowMetrics) Accumulate(src *NetFlowMetrics)

type NetFlowMetricsT 

type NetFlowMetricsT struct {
	Packets         uint32
	Bytes           uint64
	StartMonoTimeNs uint64
	EndMonoTimeNs   uint64
	Flags           uint16
	Errno           uint8
}

type NetFlowRecordT 

type NetFlowRecordT struct {
	Id      NetFlowId
	Metrics NetFlowMetrics
}

func ReadFrom 

func ReadFrom(reader io.Reader) (NetFlowRecordT, error)

ReadFrom reads a Record from a binary source, in LittleEndian order

type NetMapSpecs 

type NetMapSpecs struct {
	AggregatedFlows *ebpf.MapSpec `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.MapSpec `ebpf:"direct_flows"`
}

NetMapSpecs contains maps before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type NetMaps 

type NetMaps struct {
	AggregatedFlows *ebpf.Map `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.Map `ebpf:"direct_flows"`
}

NetMaps contains all maps after they have been loaded into the kernel.

It can be passed to LoadNetObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetMaps) Close 

func (m *NetMaps) Close() error

type NetObjects 

type NetObjects struct {
	NetPrograms
	NetMaps
}

NetObjects contains all objects after they have been loaded into the kernel.

It can be passed to LoadNetObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetObjects) Close 

func (o *NetObjects) Close() error

type NetProgramSpecs 

type NetProgramSpecs struct {
	EgressFlowParse  *ebpf.ProgramSpec `ebpf:"egress_flow_parse"`
	IngressFlowParse *ebpf.ProgramSpec `ebpf:"ingress_flow_parse"`
}

NetSpecs contains programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type NetPrograms 

type NetPrograms struct {
	EgressFlowParse  *ebpf.Program `ebpf:"egress_flow_parse"`
	IngressFlowParse *ebpf.Program `ebpf:"ingress_flow_parse"`
}

NetPrograms contains all programs after they have been loaded into the kernel.

It can be passed to LoadNetObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetPrograms) Close 

func (p *NetPrograms) Close() error

type NetSkFlowId added in v1.5.0 

type NetSkFlowId NetSkFlowIdT

type NetSkFlowIdT added in v1.5.0 

type NetSkFlowIdT struct {
	SrcIp             struct{ In6U struct{ U6Addr8 [16]uint8 } }
	DstIp             struct{ In6U struct{ U6Addr8 [16]uint8 } }
	EthProtocol       uint16
	Direction         uint8
	SrcPort           uint16
	DstPort           uint16
	TransportProtocol uint8
	IfIndex           uint32
}

type NetSkFlowMetrics added in v1.5.0 

type NetSkFlowMetrics NetSkFlowMetricsT

type NetSkFlowMetricsT added in v1.5.0 

type NetSkFlowMetricsT struct {
	Packets         uint32
	Bytes           uint64
	StartMonoTimeNs uint64
	EndMonoTimeNs   uint64
	Flags           uint16
	Errno           uint8
}

type NetSkFlowRecordT added in v1.5.0 

type NetSkFlowRecordT struct {
	Id      NetSkFlowId
	Metrics NetSkFlowMetrics
}

type NetSkMapSpecs added in v1.5.0 

type NetSkMapSpecs struct {
	AggregatedFlows *ebpf.MapSpec `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.MapSpec `ebpf:"direct_flows"`
}

NetSkMapSpecs contains maps before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type NetSkMaps added in v1.5.0 

type NetSkMaps struct {
	AggregatedFlows *ebpf.Map `ebpf:"aggregated_flows"`
	DirectFlows     *ebpf.Map `ebpf:"direct_flows"`
}

NetSkMaps contains all maps after they have been loaded into the kernel.

It can be passed to LoadNetSkObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetSkMaps) Close added in v1.5.0 

func (m *NetSkMaps) Close() error

type NetSkObjects added in v1.5.0 

type NetSkObjects struct {
	NetSkPrograms
	NetSkMaps
}

NetSkObjects contains all objects after they have been loaded into the kernel.

It can be passed to LoadNetSkObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetSkObjects) Close added in v1.5.0 

func (o *NetSkObjects) Close() error

type NetSkProgramSpecs added in v1.5.0 

type NetSkProgramSpecs struct {
	SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"`
}

NetSkSpecs contains programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type NetSkPrograms added in v1.5.0 

type NetSkPrograms struct {
	SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"`
}

NetSkPrograms contains all programs after they have been loaded into the kernel.

It can be passed to LoadNetSkObjects or ebpf.CollectionSpec.LoadAndAssign.

func (*NetSkPrograms) Close added in v1.5.0 

func (p *NetSkPrograms) Close() error

type NetSkSpecs added in v1.5.0 

type NetSkSpecs struct {
	NetSkProgramSpecs
	NetSkMapSpecs
}

NetSkSpecs contains maps and programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type NetSpecs 

type NetSpecs struct {
	NetProgramSpecs
	NetMapSpecs
}

NetSpecs contains maps and programs before they are loaded into the kernel.

It can be passed ebpf.CollectionSpec.Assign.

type Record 

type Record struct {
	NetFlowRecordT

	// Attrs of the flow record: source/destination, Interface, Beyla IP, etc...
	Attrs RecordAttrs
}

Record contains accumulated metrics from a flow, with extra metadata that is added from the user space

func NewRecord 

func NewRecord(
	key NetFlowId,
	metrics NetFlowMetrics,
) *Record

type RecordAttrs added in v1.4.0 

type RecordAttrs struct {
	// SrcName and DstName might be set from several sources along the processing/decoration pipeline:
	// - K8s entity
	// - Host name
	// - IP
	SrcName string
	DstName string

	Interface string
	// BeylaIP provides information about the source of the flow (the Agent that traced it)
	BeylaIP  string
	Metadata map[string]string
}

type SockFlowFetcher added in v1.5.0 

type SockFlowFetcher struct {
	// contains filtered or unexported fields
}

SockFlowFetcher reads and forwards the Flows from the eBPF kernel space with a socket filter implementation. It provides access both to flows that are aggregated in the kernel space (via PerfCPU hashmap) and to flows that are forwarded by the kernel via ringbuffer because could not be aggregated in the map

func NewSockFlowFetcher added in v1.5.0 

func NewSockFlowFetcher(
	sampling, cacheMaxSize int,
) (*SockFlowFetcher, error)

func (*SockFlowFetcher) Close added in v1.5.0 

func (m *SockFlowFetcher) Close() error

Close any resources that are taken up by the socket filter, the filter itself and some maps.

func (*SockFlowFetcher) LookupAndDeleteMap added in v1.5.0 

func (m *SockFlowFetcher) LookupAndDeleteMap() map[NetFlowId][]NetFlowMetrics

LookupAndDeleteMap reads all the entries from the eBPF map and removes them from it. It returns a map where the key For synchronization purposes, we get/delete a whole snapshot of the flows map. This way we avoid missing packets that could be updated on the ebpf side while we process/aggregate them here Changing this method invocation by BatchLookupAndDelete could improve performance TODO: detect whether BatchLookupAndDelete is supported (Kernel>=5.6) and use it selectively Supported Lookup/Delete operations by kernel: https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md Race conditions here causes that some flows are lost in high-load scenarios

func (*SockFlowFetcher) ReadRingBuf added in v1.5.0 

func (m *SockFlowFetcher) ReadRingBuf() (ringbuf.Record, error)

func (*SockFlowFetcher) Register added in v1.5.0 

func (m *SockFlowFetcher) Register(_ ifaces.Interface) error

Noop because socket filters don't require special registration for different network interfaces

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.