ebpf: maze.io/x/ebpf Index | Files | Directories

package ebpf

import "maze.io/x/ebpf"

Package ebpf implements an eBPF assembler, disassembler and virtual machine.

Index

Package Files

builtin.go bytes_le.go constant.go doc.go elf.go instruction.go op.go op_alu.go op_byteswap.go op_call.go op_jump.go op_load.go program.go register.go vm.go

Constants

const (
    PseudoMapFD    = R1 // BPF_PSEUDO_MAP_FD
    PseudoMapValue = R2 // BPF_PSEUDO_MAP_VALUE
    PseudoCall     = R1 // BPF_PSEUDO_CALL
)

Pseudo registers used by 64bit loads and jumps

Variables

var (
    ErrNoProgram = errors.New("ebpf: no program is loaded")
)

func BuiltinProbeRead Uses

func BuiltinProbeRead(r1, r2, r3, r4, r5 uint64) uint64

func BuiltinStrcmp Uses

func BuiltinStrcmp(r1, r2, r3, r4, r5 uint64) uint64

func LoadELF Uses

func LoadELF(r io.ReaderAt) (map[string]Program, error)

LoadELF loads eBPF program(s) from an ELF file.

This function is not finished and work-in-progress. Expect breakage.

type ALU64OpConstant Uses

type ALU64OpConstant struct {
    Op    ALUOp
    Dst   Register
    Value uint32
}

ALU64OpConstant executes Dst = Dst <Op> Value.

func (ALU64OpConstant) Assemble Uses

func (a ALU64OpConstant) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ALU64OpConstant) CString Uses

func (a ALU64OpConstant) CString() string

func (ALU64OpConstant) String Uses

func (a ALU64OpConstant) String() string

type ALU64OpRegister Uses

type ALU64OpRegister struct {
    Op  ALUOp
    Dst Register
    Src Register
}

ALU64OpRegister executes Dst = Dst <Op> Src.

func (ALU64OpRegister) Assemble Uses

func (a ALU64OpRegister) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ALU64OpRegister) CString Uses

func (a ALU64OpRegister) CString() string

func (ALU64OpRegister) String Uses

func (a ALU64OpRegister) String() string

type ALUOp Uses

type ALUOp uint16
const (
    ALUOpAdd        ALUOp = iota << 4 // 0x00
    ALUOpSub                          // 0x10
    ALUOpMul                          // 0x20
    ALUOpDiv                          // 0x30
    ALUOpOr                           // 0x40
    ALUOpAnd                          // 0x50
    ALUOpShiftLeft                    // 0x60
    ALUOpShiftRight                   // 0x70

    ALUOpMod                // 0x90
    ALUOpXor                // 0xa0
    ALUOpMove               // 0xb0
    ALUOpArithmicShiftRight // 0xc0

)

func (ALUOp) CString Uses

func (op ALUOp) CString() string

func (ALUOp) Mnemoic Uses

func (op ALUOp) Mnemoic() string

type ALUOpConstant Uses

type ALUOpConstant struct {
    Op    ALUOp
    Dst   Register
    Value uint32
}

ALUOpConstant executes Dst = Dst <Op> Value.

func (ALUOpConstant) Assemble Uses

func (a ALUOpConstant) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ALUOpConstant) CString Uses

func (a ALUOpConstant) CString() string

func (ALUOpConstant) String Uses

func (a ALUOpConstant) String() string

type ALUOpRegister Uses

type ALUOpRegister struct {
    Op  ALUOp
    Dst Register
    Src Register
}

ALUOpRegister executes Dst = Dst <Op> Src.

func (ALUOpRegister) Assemble Uses

func (a ALUOpRegister) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ALUOpRegister) CString Uses

func (a ALUOpRegister) CString() string

func (ALUOpRegister) String Uses

func (a ALUOpRegister) String() string

type ByteSwap Uses

type ByteSwap struct {
    Dst       Register
    ByteOrder binary.ByteOrder
    Size      uint8
}

func (ByteSwap) Assemble Uses

func (a ByteSwap) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ByteSwap) CString Uses

func (a ByteSwap) CString() string

func (ByteSwap) String Uses

func (a ByteSwap) String() string

func (ByteSwap) Swap Uses

func (a ByteSwap) Swap(value uint64) uint64

type Call Uses

type Call uint32

Call function.

const (
    Unspec Call = iota
    MapLookupElem
    MapUpdateElem
    MapDeleteElem
    ProbeRead
    KtimeGetNs
    TracePrintk
    GetPrandomU32
    GetSmpProcessorId
    SKBStoreBytes
    L3CsumReplace
    L4CsumReplace
    TailCall
    CloneRedirect
    GetCurrentPidTgid
    GetCurrentUidGid
    GetCurrentComm
    GetCgroupClassid
    SKBVlanPush
    SKBVlanPop
    SKBGetTunnelKey
    SKBSetTunnelKey
    PerfEventRead
    Redirect
    GetRouteRealm
    PerfEventOutput
    SKBLoadBytes
    GetStackid
    CsumDiff
    SKBGetTunnelOpt
    SKBSetTunnelOpt
    SKBChangeProto
    SKBChangeType
    SKBUnderCgroup
    GetHashRecalc
    GetCurrentTask
    ProbeWriteUser
    CurrentTaskUnderCgroup
    SKBChangeTail
    SKBPullData
    CsumUpdate
    SetHashInvalid
    GetNumaNodeId
    SKBChangeHead
    XDPAdjustHead
    ProbeReadStr
    GetSocketCookie
    GetSocketUid
    SetHash
    Setsockopt
    SKBAdjustRoom
    RedirectMap
    SkRedirectMap
    SockMapUpdate
    XDPAdjustMeta
    PerfEventReadValue
    PerfProgReadValue
    Getsockopt
    OverrideReturn
    SockOpsCbFlagsSet
    MsgRedirectMap
    MsgApplyBytes
    MsgCorkBytes
    MsgPullData
    Bind
    XDPAdjustTail
    SKBGetXfrmState
    GetStack
    SKBLoadBytesRelative
    FIBLookup
    SockHashUpdate
    MsgRedirectHash
    SkRedirectHash
    LwtPushEncap
    LwtSeg6StoreBytes
    LwtSeg6AdjustSrh
    LwtSeg6Action
    RcRepeat
    RcKeydown
    SKBCgroupId
    GetCurrentCgroupId
    GetLocalStorage
    SkSelectReuseport
    SKBAncestorCgroupId
    SkLookupTcp
    SkLookupUdp
    SkRelease
    MapPushElem
    MapPopElem
    MapPeekElem
    MsgPushData
    MsgPopData
    RcPointerRel
    SpinLock
    SpinUnlock
    SkFullsock
    TcpSock
    SKBEcnSetCe
    GetListenerSock
    SkcLookupTcp
    TcpCheckSyncookie
    SysctlGetName
    SysctlGetCurrentValue
    SysctlGetNewValue
    SysctlSetNewValue
    Strtol
    Strtoul
    SkStorageGet
    SkStorageDelete
    SendSignal
    TCPGenSynCookie
    SKBOutput
    ProbeReadUser
    ProbeReadKernel
    ProbeReadUserStr
    ProbeReadKernelStr
    TCPSendACK
    SendSignalThread
    Jiffies64
)

func (Call) Assemble Uses

func (a Call) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (Call) CString Uses

func (a Call) CString() string

func (Call) String Uses

func (a Call) String() string

type Exit Uses

type Exit struct{}

Exit the eBPF program and return the value of R0.

func (Exit) Assemble Uses

func (a Exit) Assemble() (RawInstruction, error)

func (Exit) String Uses

func (Exit) String() string

type Func Uses

type Func func(r1, r2, r3, r4, r5 uint64) uint64

type Instruction Uses

type Instruction interface {
    // Assemble assembles the Instruction into a RawInstruction.
    Assemble() (RawInstruction, error)

    // String returns the assembly.
    String() string
}

type Jump Uses

type Jump struct {
    Offset uint16
}

Jump skips the following Skip instructions in the program.

func (Jump) Assemble Uses

func (a Jump) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (Jump) String Uses

func (a Jump) String() string

String returns the instruction in assembler notation.

type JumpIf Uses

type JumpIf struct {
    Cond   JumpTest
    Dst    Register
    Value  uint32
    Offset uint16
}

JumpIf performs a conditional jump.

func (JumpIf) Assemble Uses

func (a JumpIf) Assemble() (RawInstruction, error)

func (JumpIf) String Uses

func (a JumpIf) String() string

type JumpIfX Uses

type JumpIfX struct {
    Cond     JumpTest
    Dst, Src Register
    Offset   uint16
}

func (JumpIfX) Assemble Uses

func (a JumpIfX) Assemble() (RawInstruction, error)

func (JumpIfX) String Uses

func (a JumpIfX) String() string

type JumpTest Uses

type JumpTest uint8

JumpTest is a comparison operator used in conditional jumps.

const (
    JumpEqual                JumpTest = iota // K == A
    JumpGreater                              // K >  A
    JumpGreaterOrEqual                       // K >= A
    JumpSet                                  // K &  A
    JumpNotEqual                             // K != A
    JumpSignedGreater                        // K >  A
    JumpSignedGreaterOrEqual                 // K >= A
    JumpLess                                 // K <  A
    JumpLessOrEqual                          // K <= A
    JumpSignedLess                           // K <  A
    JumpSignedLessOrEqual                    // K <= A
)

Supported operators for conditional jumps.

func (JumpTest) CFormat Uses

func (cond JumpTest) CFormat() string

func (JumpTest) Match Uses

func (cond JumpTest) Match(dst, src uint64) bool

func (JumpTest) String Uses

func (cond JumpTest) String() string

type LoadAbsolute Uses

type LoadAbsolute struct {
    Dst, Src Register
    Value    uint64
    Size     uint8 // Size of the load value (in bytes).
}

func (LoadAbsolute) Assemble Uses

func (a LoadAbsolute) Assemble() (RawInstruction, error)

func (LoadAbsolute) String Uses

func (a LoadAbsolute) String() string

type LoadConstant Uses

type LoadConstant struct {
    Dst   Register
    Value uint64
    Size  uint8
}

func (LoadConstant) Assemble Uses

func (a LoadConstant) Assemble() (RawInstruction, error)

func (LoadConstant) String Uses

func (a LoadConstant) String() string

type LoadIndirect Uses

type LoadIndirect struct {
    Dst, Src Register
    Value    uint64
    Size     uint8 // Size of the load value (in bytes).
}

func (LoadIndirect) Assemble Uses

func (a LoadIndirect) Assemble() (RawInstruction, error)

func (LoadIndirect) String Uses

func (a LoadIndirect) String() string

type LoadRegister Uses

type LoadRegister struct {
    Dst, Src Register
    Offset   int16
    Size     uint8 // Size of the load value (in bytes).
}

func (LoadRegister) Assemble Uses

func (a LoadRegister) Assemble() (RawInstruction, error)

func (LoadRegister) String Uses

func (a LoadRegister) String() string

type Negate Uses

type Negate struct {
    Dst Register
}

Negate executes Dst = !Dst.

func (Negate) Assemble Uses

func (a Negate) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (Negate) CString Uses

func (a Negate) CString() string

func (Negate) String Uses

func (a Negate) String() string

type Negate64 Uses

type Negate64 struct {
    Dst Register
}

Negate64 executes Dst = !Dst.

func (Negate64) Assemble Uses

func (a Negate64) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (Negate64) CString Uses

func (a Negate64) CString() string

func (Negate64) String Uses

func (a Negate64) String() string

type Opcode Uses

type Opcode uint8

func (Opcode) Mnemonic Uses

func (op Opcode) Mnemonic() string

Mnemonic returns the opcode mnemonic.

type Program Uses

type Program []Instruction

Program is a sequence of instructions.

func Assemble Uses

func Assemble(source string) (Program, error)

Assemble a program from source.

func Disassemble Uses

func Disassemble(data []byte) (Program, error)

Disassemble a slice of bytes containing an eBPF program.

func DisassembleReader Uses

func DisassembleReader(r io.Reader) (Program, error)

DisassembleReader disassembles an eBPF program from reader using the default byte order.

func DisassembleReaderOrder Uses

func DisassembleReaderOrder(r io.Reader, byteOrder binary.ByteOrder) (Program, error)

DisassembleReaderOrder is like DisassembleReader with a custom byte order.

func (Program) Assemble Uses

func (p Program) Assemble() ([]RawInstruction, error)

func (Program) Verify Uses

func (p Program) Verify() error

type RawInstruction Uses

type RawInstruction struct {
    // Operation to execute.
    Op        Opcode
    Dst, Src  Register
    Offset    int16
    Immediate uint64
}

A RawInstruction is a raw BPF virtual machine instruction.

func (RawInstruction) Assemble Uses

func (ri RawInstruction) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (RawInstruction) Disassemble Uses

func (ri RawInstruction) Disassemble() Instruction

Disassemble parses ri into an Instruction and returns it. If ri is not recognized by this package, ri itself is returned.

func (RawInstruction) String Uses

func (ri RawInstruction) String() string

type Register Uses

type Register uint8

Register is the source or destination Register.

const (
    // Exit value Register.
    R0  Register = iota
    // Function argument registers.
    R1
    R2
    R3
    R4
    R5
    // Callee saved registers.
    R6
    R7
    R8
    R9
    // Read-only frame pointer to access Stack.
    R10
    // Named registers.
    RAX = R0
    RFP = R10
)

func (Register) CString Uses

func (r Register) CString() string

func (Register) String Uses

func (r Register) String() string

type StoreImmediate Uses

type StoreImmediate struct {
    Dst    Register
    Offset int16
    Value  uint32
    Size   uint8
}

func (StoreImmediate) Assemble Uses

func (a StoreImmediate) Assemble() (RawInstruction, error)

func (StoreImmediate) String Uses

func (a StoreImmediate) String() string

type StoreRegister Uses

type StoreRegister struct {
    Dst, Src Register
    Offset   int16
    Size     uint8
}

func (StoreRegister) Assemble Uses

func (a StoreRegister) Assemble() (RawInstruction, error)

func (StoreRegister) String Uses

func (a StoreRegister) String() string

type Tracer Uses

type Tracer interface {
    TraceStart()
    TracePre(instruction Instruction)
    TracePost(instruction Instruction)
    TraceEnded()
}

type VM Uses

type VM struct {
    // Register memory.
    Register [11]uint64

    // Stack memory.
    Stack [stackSize]byte

    // PC is the program counter.
    PC  uint32

    // Tracer provides callbacks for the VM.
    Tracer
    // contains filtered or unexported fields
}

func New Uses

func New() *VM

func (*VM) Attach Uses

func (vm *VM) Attach(call Call, fn Func)

Attach a function.

func (*VM) AttachBuiltin Uses

func (vm *VM) AttachBuiltin()

func (*VM) Load Uses

func (vm *VM) Load(program Program) error

func (*VM) Run Uses

func (vm *VM) Run(memory []byte) (uint64, error)

Run the eBPF program that was loaded.

Directories

PathSynopsis
cmd/ebpfasmCommand ebpfasm can assemble and disassemble eBPF programs.
cmd/ebpfrunCommand ebpfrun can evaluate eBPF programs in a (user space) virtual machine.
internal/parserPackage parser contains the eBPF assembly parser and lexer.

Package ebpf imports 13 packages (graph) and is imported by 2 packages. Updated 2020-04-01. Refresh now. Tools for package owners.