ebpf

package module
v0.0.0-...-6b70946 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2020 License: MIT Imports: 13 Imported by: 0

README

ebpf

Extended Berkeley Packet Filter (eBPF) assembler and virtual machine

Documentation

Overview

Package ebpf implements an eBPF assembler, disassembler and virtual machine.

Index

Constants

View Source 
const (
	PseudoMapFD    = R1 // BPF_PSEUDO_MAP_FD
	PseudoMapValue = R2 // BPF_PSEUDO_MAP_VALUE
	PseudoCall     = R1 // BPF_PSEUDO_CALL
)

Pseudo registers used by 64bit loads and jumps

Variables

View Source 
var (
	ErrNoProgram = errors.New("ebpf: no program is loaded")
)

Functions

func BuiltinProbeRead 

func BuiltinProbeRead(r1, r2, r3, r4, r5 uint64) uint64

func BuiltinStrcmp 

func BuiltinStrcmp(r1, r2, r3, r4, r5 uint64) uint64

func LoadELF 

func LoadELF(r io.ReaderAt) (map[string]Program, error)

LoadELF loads eBPF program(s) from an ELF file.

This function is not finished and work-in-progress. Expect breakage.

Types

type ALU64OpConstant 

type ALU64OpConstant struct {
	Op    ALUOp
	Dst   Register
	Value uint32
}

ALU64OpConstant executes Dst = Dst <Op> Value.

func (ALU64OpConstant) Assemble 

func (a ALU64OpConstant) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ALU64OpConstant) CString 

func (a ALU64OpConstant) CString() string

func (ALU64OpConstant) String 

func (a ALU64OpConstant) String() string

type ALU64OpRegister 

type ALU64OpRegister struct {
	Op  ALUOp
	Dst Register
	Src Register
}

ALU64OpRegister executes Dst = Dst <Op> Src.

func (ALU64OpRegister) Assemble 

func (a ALU64OpRegister) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ALU64OpRegister) CString 

func (a ALU64OpRegister) CString() string

func (ALU64OpRegister) String 

func (a ALU64OpRegister) String() string

type ALUOp 

type ALUOp uint16
const (
	ALUOpAdd        ALUOp = iota << 4 // 0x00
	ALUOpSub                          // 0x10
	ALUOpMul                          // 0x20
	ALUOpDiv                          // 0x30
	ALUOpOr                           // 0x40
	ALUOpAnd                          // 0x50
	ALUOpShiftLeft                    // 0x60
	ALUOpShiftRight                   // 0x70

	ALUOpMod                // 0x90
	ALUOpXor                // 0xa0
	ALUOpMove               // 0xb0
	ALUOpArithmicShiftRight // 0xc0

)

func (ALUOp) CString 

func (op ALUOp) CString() string

func (ALUOp) Mnemoic 

func (op ALUOp) Mnemoic() string

type ALUOpConstant 

type ALUOpConstant struct {
	Op    ALUOp
	Dst   Register
	Value uint32
}

ALUOpConstant executes Dst = Dst <Op> Value.

func (ALUOpConstant) Assemble 

func (a ALUOpConstant) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ALUOpConstant) CString 

func (a ALUOpConstant) CString() string

func (ALUOpConstant) String 

func (a ALUOpConstant) String() string

type ALUOpRegister 

type ALUOpRegister struct {
	Op  ALUOp
	Dst Register
	Src Register
}

ALUOpRegister executes Dst = Dst <Op> Src.

func (ALUOpRegister) Assemble 

func (a ALUOpRegister) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ALUOpRegister) CString 

func (a ALUOpRegister) CString() string

func (ALUOpRegister) String 

func (a ALUOpRegister) String() string

type ByteSwap 

type ByteSwap struct {
	Dst       Register
	ByteOrder binary.ByteOrder
	Size      uint8
}

func (ByteSwap) Assemble 

func (a ByteSwap) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (ByteSwap) CString 

func (a ByteSwap) CString() string

func (ByteSwap) String 

func (a ByteSwap) String() string

func (ByteSwap) Swap 

func (a ByteSwap) Swap(value uint64) uint64

type Call 

type Call uint32

Call function. 

const (
	Unspec Call = iota
	MapLookupElem
	MapUpdateElem
	MapDeleteElem
	ProbeRead
	KtimeGetNs
	TracePrintk
	GetPrandomU32
	GetSmpProcessorId
	SKBStoreBytes
	L3CsumReplace
	L4CsumReplace
	TailCall
	CloneRedirect
	GetCurrentPidTgid
	GetCurrentUidGid
	GetCurrentComm
	GetCgroupClassid
	SKBVlanPush
	SKBVlanPop
	SKBGetTunnelKey
	SKBSetTunnelKey
	PerfEventRead
	Redirect
	GetRouteRealm
	PerfEventOutput
	SKBLoadBytes
	GetStackid
	CsumDiff
	SKBGetTunnelOpt
	SKBSetTunnelOpt
	SKBChangeProto
	SKBChangeType
	SKBUnderCgroup
	GetHashRecalc
	GetCurrentTask
	ProbeWriteUser
	CurrentTaskUnderCgroup
	SKBChangeTail
	SKBPullData
	CsumUpdate
	SetHashInvalid
	GetNumaNodeId
	SKBChangeHead
	XDPAdjustHead
	ProbeReadStr
	GetSocketCookie
	GetSocketUid
	SetHash
	Setsockopt
	SKBAdjustRoom
	RedirectMap
	SkRedirectMap
	SockMapUpdate
	XDPAdjustMeta
	PerfEventReadValue
	PerfProgReadValue
	Getsockopt
	OverrideReturn
	SockOpsCbFlagsSet
	MsgRedirectMap
	MsgApplyBytes
	MsgCorkBytes
	MsgPullData
	Bind
	XDPAdjustTail
	SKBGetXfrmState
	GetStack
	SKBLoadBytesRelative
	FIBLookup
	SockHashUpdate
	MsgRedirectHash
	SkRedirectHash
	LwtPushEncap
	LwtSeg6StoreBytes
	LwtSeg6AdjustSrh
	LwtSeg6Action
	RcRepeat
	RcKeydown
	SKBCgroupId
	GetCurrentCgroupId
	GetLocalStorage
	SkSelectReuseport
	SKBAncestorCgroupId
	SkLookupTcp
	SkLookupUdp
	SkRelease
	MapPushElem
	MapPopElem
	MapPeekElem
	MsgPushData
	MsgPopData
	RcPointerRel
	SpinLock
	SpinUnlock
	SkFullsock
	TcpSock
	SKBEcnSetCe
	GetListenerSock
	SkcLookupTcp
	TcpCheckSyncookie
	SysctlGetName
	SysctlGetCurrentValue
	SysctlGetNewValue
	SysctlSetNewValue
	Strtol
	Strtoul
	SkStorageGet
	SkStorageDelete
	SendSignal
	TCPGenSynCookie
	SKBOutput
	ProbeReadUser
	ProbeReadKernel
	ProbeReadUserStr
	ProbeReadKernelStr
	TCPSendACK
	SendSignalThread
	Jiffies64
)

func (Call) Assemble 

func (a Call) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (Call) CString 

func (a Call) CString() string

func (Call) String 

func (a Call) String() string

type Exit 

type Exit struct{}

Exit the eBPF program and return the value of R0.

func (Exit) Assemble 

func (a Exit) Assemble() (RawInstruction, error)

func (Exit) String 

func (Exit) String() string

type Func 

type Func func(r1, r2, r3, r4, r5 uint64) uint64

type Instruction 

type Instruction interface {
	// Assemble assembles the Instruction into a RawInstruction.
	Assemble() (RawInstruction, error)

	// String returns the assembly.
	String() string
}

type Jump 

type Jump struct {
	Offset uint16
}

Jump skips the following Skip instructions in the program.

func (Jump) Assemble 

func (a Jump) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (Jump) String 

func (a Jump) String() string

String returns the instruction in assembler notation.

type JumpIf 

type JumpIf struct {
	Cond   JumpTest
	Dst    Register
	Value  uint32
	Offset uint16
}

JumpIf performs a conditional jump.

func (JumpIf) Assemble 

func (a JumpIf) Assemble() (RawInstruction, error)

func (JumpIf) String 

func (a JumpIf) String() string

type JumpIfX 

type JumpIfX struct {
	Cond     JumpTest
	Dst, Src Register
	Offset   uint16
}

func (JumpIfX) Assemble 

func (a JumpIfX) Assemble() (RawInstruction, error)

func (JumpIfX) String 

func (a JumpIfX) String() string

type JumpTest 

type JumpTest uint8

JumpTest is a comparison operator used in conditional jumps. 

const (
	JumpEqual                JumpTest = iota // K == A
	JumpGreater                              // K >  A
	JumpGreaterOrEqual                       // K >= A
	JumpSet                                  // K &  A
	JumpNotEqual                             // K != A
	JumpSignedGreater                        // K >  A
	JumpSignedGreaterOrEqual                 // K >= A
	JumpLess                                 // K <  A
	JumpLessOrEqual                          // K <= A
	JumpSignedLess                           // K <  A
	JumpSignedLessOrEqual                    // K <= A
)

Supported operators for conditional jumps.

func (JumpTest) CFormat 

func (cond JumpTest) CFormat() string

func (JumpTest) Match 

func (cond JumpTest) Match(dst, src uint64) bool

func (JumpTest) String 

func (cond JumpTest) String() string

type LoadAbsolute 

type LoadAbsolute struct {
	Dst, Src Register
	Value    uint64
	Size     uint8 // Size of the load value (in bytes).
}

func (LoadAbsolute) Assemble 

func (a LoadAbsolute) Assemble() (RawInstruction, error)

func (LoadAbsolute) String 

func (a LoadAbsolute) String() string

type LoadConstant 

type LoadConstant struct {
	Dst   Register
	Value uint64
	Size  uint8
}

func (LoadConstant) Assemble 

func (a LoadConstant) Assemble() (RawInstruction, error)

func (LoadConstant) String 

func (a LoadConstant) String() string

type LoadIndirect 

type LoadIndirect struct {
	Dst, Src Register
	Value    uint64
	Size     uint8 // Size of the load value (in bytes).
}

func (LoadIndirect) Assemble 

func (a LoadIndirect) Assemble() (RawInstruction, error)

func (LoadIndirect) String 

func (a LoadIndirect) String() string

type LoadRegister 

type LoadRegister struct {
	Dst, Src Register
	Offset   int16
	Size     uint8 // Size of the load value (in bytes).
}

func (LoadRegister) Assemble 

func (a LoadRegister) Assemble() (RawInstruction, error)

func (LoadRegister) String 

func (a LoadRegister) String() string

type Negate 

type Negate struct {
	Dst Register
}

Negate executes Dst = !Dst.

func (Negate) Assemble 

func (a Negate) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (Negate) CString 

func (a Negate) CString() string

func (Negate) String 

func (a Negate) String() string

type Negate64 

type Negate64 struct {
	Dst Register
}

Negate64 executes Dst = !Dst.

func (Negate64) Assemble 

func (a Negate64) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (Negate64) CString 

func (a Negate64) CString() string

func (Negate64) String 

func (a Negate64) String() string

type Opcode 

type Opcode uint8

func (Opcode) Mnemonic 

func (op Opcode) Mnemonic() string

Mnemonic returns the opcode mnemonic.

type Program 

type Program []Instruction

Program is a sequence of instructions.

func Assemble 

func Assemble(source string) (Program, error)

Assemble a program from source.

func Disassemble 

func Disassemble(data []byte) (Program, error)

Disassemble a slice of bytes containing an eBPF program.

func DisassembleReader 

func DisassembleReader(r io.Reader) (Program, error)

DisassembleReader disassembles an eBPF program from reader using the default byte order.

func DisassembleReaderOrder 

func DisassembleReaderOrder(r io.Reader, byteOrder binary.ByteOrder) (Program, error)

DisassembleReaderOrder is like DisassembleReader with a custom byte order.

func (Program) Assemble 

func (p Program) Assemble() ([]RawInstruction, error)

func (Program) Verify 

func (p Program) Verify() error

type RawInstruction 

type RawInstruction struct {
	// Operation to execute.
	Op        Opcode
	Dst, Src  Register
	Offset    int16
	Immediate uint64
}

A RawInstruction is a raw BPF virtual machine instruction.

func (RawInstruction) Assemble 

func (ri RawInstruction) Assemble() (RawInstruction, error)

Assemble implements the Instruction Assemble method.

func (RawInstruction) Disassemble 

func (ri RawInstruction) Disassemble() Instruction

Disassemble parses ri into an Instruction and returns it. If ri is not recognized by this package, ri itself is returned.

func (RawInstruction) String 

func (ri RawInstruction) String() string

type Register 

type Register uint8

Register is the source or destination Register. 

const (
	// Exit value Register.
	R0 Register = iota
	// Function argument registers.
	R1
	R2
	R3
	R4
	R5
	// Callee saved registers.
	R6
	R7
	R8
	R9
	// Read-only frame pointer to access Stack.
	R10
	// Named registers.
	RAX = R0
	RFP = R10
)

func (Register) CString 

func (r Register) CString() string

func (Register) String 

func (r Register) String() string

type StoreImmediate 

type StoreImmediate struct {
	Dst    Register
	Offset int16
	Value  uint32
	Size   uint8
}

func (StoreImmediate) Assemble 

func (a StoreImmediate) Assemble() (RawInstruction, error)

func (StoreImmediate) String 

func (a StoreImmediate) String() string

type StoreRegister 

type StoreRegister struct {
	Dst, Src Register
	Offset   int16
	Size     uint8
}

func (StoreRegister) Assemble 

func (a StoreRegister) Assemble() (RawInstruction, error)

func (StoreRegister) String 

func (a StoreRegister) String() string

type Tracer 

type Tracer interface {
	TraceStart()
	TracePre(instruction Instruction)
	TracePost(instruction Instruction)
	TraceEnded()
}

type VM 

type VM struct {
	// Register memory.
	Register [11]uint64

	// Stack memory.
	Stack [stackSize]byte

	// PC is the program counter.
	PC uint32

	// Tracer provides callbacks for the VM.
	Tracer
	// contains filtered or unexported fields
}

func New 

func New() *VM

func (*VM) Attach 

func (vm *VM) Attach(call Call, fn Func)

Attach a function.

func (*VM) AttachBuiltin 

func (vm *VM) AttachBuiltin()

func (*VM) Load 

func (vm *VM) Load(program Program) error

func (*VM) Run 

func (vm *VM) Run(memory []byte) (uint64, error)

Run the eBPF program that was loaded.

Source Files

View all Source files

Directories

Path Synopsis
cmd
ebpfasm
Command ebpfasm can assemble and disassemble eBPF programs.
 Command ebpfasm can assemble and disassemble eBPF programs.
ebpfrun
Command ebpfrun can evaluate eBPF programs in a (user space) virtual machine.
 Command ebpfrun can evaluate eBPF programs in a (user space) virtual machine.
internal
parser
Package parser contains the eBPF assembly parser and lexer.
 Package parser contains the eBPF assembly parser and lexer.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.