libbpf

package module
v0.0.0-...-814bc28 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 1, 2021 License: Apache-2.0 Imports: 4 Imported by: 4

README

libbpf

KubeArmor bpf library

One will only be able to go get and to use this go module (library) setting the CGO_LDFLAGS environment variable, since this is based on the aqua security libbpfgo that is a cgo wrapper of the C libbpf.

So be aware that using this library in your go code turns it into cgo code.

General Dependencies

Ubuntu

linux-tools-generic

libelf-dev

zlib1g-dev

clang

Using this library

One way is to use the shared library libbpf.so if it is already installed.

❯ CGO_LDFLAGS="/usr/lib/libbpf.so" go get github.com/kubearmor/libbpf

However, currently, the most common is to use the libbpf.a (static version). To do so, follow the steps below.

  • Clone this repository.

    ❯ git clone github.com/kubearmor/libbpf

  • Inside the repository folder, run make to download the C libbpf code and compile it.

    ❯ make

    This will generate the static libbpf.a file and the vmlinux.h and bpf/*.h headers inside ./include.

  • Now one is able to make correct use of this library. Be sure to use absolute paths.

    ❯ CGO_LDFLAGS="/path_to_this_repo/include/libbpf.a" CGO_CFLAGS="-I /path_to_this_repo/include" go get github.com/kubearmor/libbpf

The same environment variable need to be set when building the final application that uses this library.

❯ CGO_LDFLAGS="/path_to_this_repo/include/libbpf.a" CGO_CFLAGS="-I /path_to_this_repo/include" go build

Testing it

The use cases inside tests can be tested using make.

❯ make run-tests

KABPFMapElement interface

To satisfy KABPFMapElement interface, it's necessary to implement the following methods for an XXMapElem.

func (pme *XXMapElem) KeyPointer() unsafe.Pointer {
	...
}

func (pme *XXMapElem) ValuePointer() unsafe.Pointer {
	...
}

func (pme *XXMapElem) SetFoundValue(value []byte) {
	...
}

func (pme *XXMapElem) MapName() string {
	return "map_name"
}

Examples can also be found in tests.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types 

type KABPFLink struct {
	// contains filtered or unexported fields
}

KubeArmor BPFLink wrapper structure

func (*KABPFLink) Destroy 

func (l *KABPFLink) Destroy() error

Destroy link

func (*KABPFLink) EventName 

func (l *KABPFLink) EventName() string

Get attached event name

func (*KABPFLink) EventType 

func (l *KABPFLink) EventType() KABPFLinkType

Get attached event type

func (*KABPFLink) Program 

func (l *KABPFLink) Program() *KABPFProgram

Get program pointer to which link belongs

type KABPFLinkType 

type KABPFLinkType uint32

KABPFLinkType type 

const (
	KABPFLinkTypeUnspec KABPFLinkType = iota
	KABPFLinkTypeLSM
	KABPFLinkTypeKprobe
	KABPFLinkTypeKretprobe
	KABPFLinkTypeRawTracepoint
	KABPFLinkTypeTracepoint
)

KABPFLinkType constants

type KABPFMap 

type KABPFMap struct {
	// contains filtered or unexported fields
}

KubeArmor BPFMap wrapper structure

func (*KABPFMap) DeleteElement 

func (m *KABPFMap) DeleteElement(elem KABPFMapElement) error

Delete map element

func (*KABPFMap) FD 

func (m *KABPFMap) FD() int

Get map fd

func (*KABPFMap) InitPerfBuf 

func (m *KABPFMap) InitPerfBuf(eventsChan chan []byte, lostChan chan uint64, pageCnt int) (*KABPFPerfBuffer, error)

Initialize perf buffer

func (*KABPFMap) InitRingBuf 

func (m *KABPFMap) InitRingBuf(eventsChan chan []byte) (*KABPFRingBuffer, error)

Initialize ring buffer

func (*KABPFMap) IsPinned 

func (m *KABPFMap) IsPinned() bool

Check if map is pinned

func (*KABPFMap) KeySize 

func (m *KABPFMap) KeySize() int

Get map key size

func (*KABPFMap) LookupElement 

func (m *KABPFMap) LookupElement(elem KABPFMapElement) ([]byte, error)

Lookup map element The elem will have its value updated

func (*KABPFMap) MaxEntries 

func (m *KABPFMap) MaxEntries() uint32

Get map max entries

func (*KABPFMap) Name 

func (m *KABPFMap) Name() string

Get map name

func (*KABPFMap) Object 

func (m *KABPFMap) Object() *KABPFObject

Get object pointer to which map belongs

func (*KABPFMap) Pin 

func (m *KABPFMap) Pin(pinPath string) error

Pin map

func (*KABPFMap) PinPath 

func (m *KABPFMap) PinPath() string

Get map pin path

func (*KABPFMap) SetMaxEntries 

func (m *KABPFMap) SetMaxEntries(maxEntries uint32) error

Set map max entries

func (*KABPFMap) SetPinPath 

func (m *KABPFMap) SetPinPath(pinPath string) error

Set map pin path

func (*KABPFMap) Unpin 

func (m *KABPFMap) Unpin(pinPath string) error

Unpin map

func (*KABPFMap) UpdateElement 

func (m *KABPFMap) UpdateElement(elem KABPFMapElement) error

Update map element

func (*KABPFMap) ValueSize 

func (m *KABPFMap) ValueSize() int

Get map value size

type KABPFMapElement 

type KABPFMapElement interface {
	KeyPointer() unsafe.Pointer
	ValuePointer() unsafe.Pointer
	MapName() string

	SetFoundValue(value []byte)
}

KubeArmor BPFMap Element interface

type KABPFObject 

type KABPFObject struct {
	// contains filtered or unexported fields
}

KubeArmor BPFObject wrapper structure

func OpenObjectFromFile 

func OpenObjectFromFile(bpfObjFile string) (*KABPFObject, error)

Open object file

func (*KABPFObject) Close 

func (o *KABPFObject) Close()

Close object

func (*KABPFObject) FindMapByName 

func (o *KABPFObject) FindMapByName(mapName string) (*KABPFMap, error)

Get map from object

func (*KABPFObject) FindProgramByName 

func (o *KABPFObject) FindProgramByName(progName string) (*KABPFProgram, error)

Get program from object

func (*KABPFObject) InitPerfBuf 

func (o *KABPFObject) InitPerfBuf(mapName string, eventsChan chan []byte, lostChan chan uint64, pageCnt int) (*KABPFPerfBuffer, error)

Initialize perf buffer

func (*KABPFObject) InitRingBuf 

func (o *KABPFObject) InitRingBuf(mapName string, eventsChan chan []byte) (*KABPFRingBuffer, error)

Initialize ring buffer

func (*KABPFObject) Load 

func (o *KABPFObject) Load() error

Load object

type KABPFPerfBuffer 

type KABPFPerfBuffer struct {
	// contains filtered or unexported fields
}

KubeArmor PerfBuffer wrapper structure

func (*KABPFPerfBuffer) Free 

func (pb *KABPFPerfBuffer) Free()

Free perf buffer

func (*KABPFPerfBuffer) Map 

func (pb *KABPFPerfBuffer) Map() *KABPFMap

Get map pointer to which perf buffer relates

func (*KABPFPerfBuffer) StartPoll 

func (pb *KABPFPerfBuffer) StartPoll()

Start to poll perf buffer

func (*KABPFPerfBuffer) StopPoll 

func (pb *KABPFPerfBuffer) StopPoll()

Stop to poll perf buffer

type KABPFProgType 

type KABPFProgType uint32

KABPFProgType type 

const (
	KABPFProgTypeUnspec                KABPFProgType = unix.BPF_PROG_TYPE_UNSPEC
	KABPFProgTypeSocketFilter          KABPFProgType = unix.BPF_PROG_TYPE_SOCKET_FILTER
	KABPFProgTypeKprobe                KABPFProgType = unix.BPF_PROG_TYPE_KPROBE
	KABPFProgTypeSchedCls              KABPFProgType = unix.BPF_PROG_TYPE_SCHED_CLS
	KABPFProgTypeSchedAct              KABPFProgType = unix.BPF_PROG_TYPE_SCHED_ACT
	KABPFProgTypeTracepoint            KABPFProgType = unix.BPF_PROG_TYPE_TRACEPOINT
	KABPFProgTypeXDP                   KABPFProgType = unix.BPF_PROG_TYPE_XDP
	KABPFProgTypePerfEvent             KABPFProgType = unix.BPF_PROG_TYPE_PERF_EVENT
	KABPFProgTypeCgroupSKB             KABPFProgType = unix.BPF_PROG_TYPE_CGROUP_SKB
	KABPFProgTypeCgroupSock            KABPFProgType = unix.BPF_PROG_TYPE_CGROUP_SOCK
	KABPFProgTypeLwtIn                 KABPFProgType = unix.BPF_PROG_TYPE_LWT_IN
	KABPFProgTypeLwtOut                KABPFProgType = unix.BPF_PROG_TYPE_LWT_OUT
	KABPFProgTypeLwtXmit               KABPFProgType = unix.BPF_PROG_TYPE_LWT_XMIT
	KABPFProgTypeSockOps               KABPFProgType = unix.BPF_PROG_TYPE_SOCK_OPS
	KABPFProgTypeSkSKB                 KABPFProgType = unix.BPF_PROG_TYPE_SK_SKB
	KABPFProgTypeCgroupDevice          KABPFProgType = unix.BPF_PROG_TYPE_CGROUP_DEVICE
	KABPFProgTypeSkMsg                 KABPFProgType = unix.BPF_PROG_TYPE_SK_MSG
	KABPFProgTypeRawTracepoint         KABPFProgType = unix.BPF_PROG_TYPE_RAW_TRACEPOINT
	KABPFProgTypeCgroupSockAddr        KABPFProgType = unix.BPF_PROG_TYPE_CGROUP_SOCK_ADDR
	KABPFProgTypeLwtSeg6Local          KABPFProgType = unix.BPF_PROG_TYPE_LWT_SEG6LOCAL
	KABPFProgTypeLircMode2             KABPFProgType = unix.BPF_PROG_TYPE_LIRC_MODE2
	KABPFProgTypeSkReuseport           KABPFProgType = unix.BPF_PROG_TYPE_SK_REUSEPORT
	KABPFProgTypeFlowDissector         KABPFProgType = unix.BPF_PROG_TYPE_FLOW_DISSECTOR
	KABPFProgTypeCgroupSysctl          KABPFProgType = unix.BPF_PROG_TYPE_CGROUP_SYSCTL
	KABPFProgTypeRawTracepointWritable KABPFProgType = unix.BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE
	KABPFProgTypeCgroupSockopt         KABPFProgType = unix.BPF_PROG_TYPE_CGROUP_SOCKOPT
	KABPFProgTypeTracing               KABPFProgType = unix.BPF_PROG_TYPE_TRACING
	KABPFProgTypeStructOps             KABPFProgType = unix.BPF_PROG_TYPE_STRUCT_OPS
	KABPFProgTypeExt                   KABPFProgType = unix.BPF_PROG_TYPE_EXT
	KABPFProgTypeLSM                   KABPFProgType = unix.BPF_PROG_TYPE_LSM
	KABPFProgTypeSkLookup              KABPFProgType = unix.BPF_PROG_TYPE_SK_LOOKUP
)

KABPFProgType constants

type KABPFProgram 

type KABPFProgram struct {
	// contains filtered or unexported fields
}

KubeArmor BPFProgram wrapper structure

func (*KABPFProgram) AttachKprobe 

func (p *KABPFProgram) AttachKprobe(eventName string) (*KABPFLink, error)

Attach Kprobe This should be used for kernels > 4.17

func (*KABPFProgram) AttachKretprobe 

func (p *KABPFProgram) AttachKretprobe(eventName string) (*KABPFLink, error)

Attach Kretprobe This should be used for kernels > 4.17

func (*KABPFProgram) AttachLSM 

func (p *KABPFProgram) AttachLSM() (*KABPFLink, error)

Attach LSM

func (*KABPFProgram) AttachRawTracepoint 

func (p *KABPFProgram) AttachRawTracepoint(eventName string) (*KABPFLink, error)

Attach Raw Tracepoint

func (*KABPFProgram) AttachTracepoint 

func (p *KABPFProgram) AttachTracepoint(category, eventName string) (*KABPFLink, error)

Attach Tracepoint

func (*KABPFProgram) FD 

func (p *KABPFProgram) FD() int

Get program fd

func (*KABPFProgram) GetType 

func (p *KABPFProgram) GetType() KABPFProgType

Get program type

func (*KABPFProgram) Name 

func (p *KABPFProgram) Name() string

Get program name

func (*KABPFProgram) Object 

func (p *KABPFProgram) Object() *KABPFObject

Get object pointer to which program belongs

type KABPFRingBuffer 

type KABPFRingBuffer struct {
	// contains filtered or unexported fields
}

KubeArmor RingBuffer wrapper structure

func (*KABPFRingBuffer) Free 

func (rb *KABPFRingBuffer) Free()

Free ring buffer

func (*KABPFRingBuffer) Map 

func (rb *KABPFRingBuffer) Map() *KABPFMap

Get map pointer to which ring buffer relates

func (*KABPFRingBuffer) StartPoll 

func (rb *KABPFRingBuffer) StartPoll()

Start to poll ring buffer

func (*KABPFRingBuffer) StopPoll 

func (rb *KABPFRingBuffer) StopPoll()

Stop to poll ring buffer

Source Files

View all Source files

Directories

Path Synopsis
tests module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.