hello-libbpfgo
hello-libbpfgo copied to clipboard
mozillazg
Examples for libbpf, aquasecurity/libbpfgo and cilium/ebpf
hello-libbpfgo
|Build examples|
Examples for libbpf, aquasecurity/libbpfgo <https://github.com/aquasecurity/libbpfgo>__ and cilium/ebpf <https://github.com/cilium/ebpf>__.
setup develop env
.. code-block:: shell
$ vagrant up
Program Types
Examples by program type:
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| Program Type | Attach Type | ELF Section Name | Examples |
+===========================================+========================================+==================================+=======================+
| BPF_PROG_TYPE_CGROUP_DEVICE | BPF_CGROUP_DEVICE | cgroup/dev | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_CGROUP_SKB | | cgroup/skb | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET_EGRESS | cgroup_skb/egress | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET_INGRESS | cgroup_skb/ingress | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_CGROUP_SOCKOPT | BPF_CGROUP_GETSOCKOPT | cgroup/getsockopt | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_SETSOCKOPT | cgroup/setsockopt | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_CGROUP_SOCK_ADDR | BPF_CGROUP_INET4_BIND | cgroup/bind4 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET4_CONNECT | cgroup/connect4 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET4_GETPEERNAME | cgroup/getpeername4 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET4_GETSOCKNAME | cgroup/getsockname4 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET6_BIND | cgroup/bind6 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET6_CONNECT | cgroup/connect6 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET6_GETPEERNAME | cgroup/getpeername6 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET6_GETSOCKNAME | cgroup/getsockname6 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_UDP4_RECVMSG | cgroup/recvmsg4 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_UDP4_SENDMSG | cgroup/sendmsg4 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_UDP6_RECVMSG | cgroup/recvmsg6 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_UDP6_SENDMSG | cgroup/sendmsg6 | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_CGROUP_SOCK | BPF_CGROUP_INET4_POST_BIND | cgroup/post_bind4 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET6_POST_BIND | cgroup/post_bind6 | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET_SOCK_CREATE | cgroup/sock_create | |
-
+ +----------------------------------+-----------------------+
| | | cgroup/sock | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_CGROUP_INET_SOCK_RELEASE | cgroup/sock_release | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_CGROUP_SYSCTL | BPF_CGROUP_SYSCTL | cgroup/sysctl | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_EXT | | freplace+ | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_FLOW_DISSECTOR | BPF_FLOW_DISSECTOR | flow_dissector | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_KPROBE | | kprobe+ |28_ 29_ |
-
+ +----------------------------------+-----------------------+
| | | kretprobe+ |28_ 29_ |
-
+ +----------------------------------+-----------------------+
| | | ksyscall+ |30_ 31_ |
-
+ +----------------------------------+-----------------------+
| | | kretsyscall+ |30_ 31_ |
-
+ +----------------------------------+-----------------------+
| | | uprobe+ | |
-
+ +----------------------------------+-----------------------+
| | | uprobe.s+ | |
-
+ +----------------------------------+-----------------------+
| | | uretprobe+ | |
-
+ +----------------------------------+-----------------------+
| | | uretprobe.s+ | |
-
+ +----------------------------------+-----------------------+
| | | usdt+ | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_TRACE_KPROBE_MULTI | kprobe.multi+ | |
-
+ +----------------------------------+-----------------------+
| | | kretprobe.multi+ | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_LIRC_MODE2 | BPF_LIRC_MODE2 | lirc_mode2 | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_LSM | BPF_LSM_CGROUP | lsm_cgroup+ | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_LSM_MAC | lsm+ |26_ |
-
+ +----------------------------------+-----------------------+
| | | lsm.s+ | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_LWT_IN | | lwt_in | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_LWT_OUT | | lwt_out | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_LWT_SEG6LOCAL | | lwt_seg6local | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_LWT_XMIT | | lwt_xmit | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_PERF_EVENT | | perf_event | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE | | raw_tp.w+ | |
-
+ +----------------------------------+-----------------------+
| | | raw_tracepoint.w+ | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_RAW_TRACEPOINT | | raw_tp+ |12_ 13_ |
-
+ +----------------------------------+ +
| | | raw_tracepoint+ | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SCHED_ACT | | action | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SCHED_CLS | | classifier |21_ 25_ |
-
+ +----------------------------------+ +
| | | tc | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SK_LOOKUP | BPF_SK_LOOKUP | sk_lookup | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SK_MSG | BPF_SK_MSG_VERDICT | sk_msg | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SK_REUSEPORT | BPF_SK_REUSEPORT_SELECT_OR_MIGRATE | sk_reuseport/migrate | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_SK_REUSEPORT_SELECT | sk_reuseport | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SK_SKB | | sk_skb | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_SK_SKB_STREAM_PARSER | sk_skb/stream_parser | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_SK_SKB_STREAM_VERDICT | sk_skb/stream_verdict | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SOCKET_FILTER | | socket |18_ 19_ 20_ |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SOCK_OPS | BPF_CGROUP_SOCK_OPS | sockops | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_STRUCT_OPS | | struct_ops+ | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_SYSCALL | | syscall | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_TRACEPOINT | | tp+ |04_ 07_ 14_ |
-
+ +----------------------------------+`35`_ `36`_ `37`_ +
| | | tracepoint+ | |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_TRACING | BPF_MODIFY_RETURN | fmod_ret+ | |
-
+ +----------------------------------+-----------------------+
| | | fmod_ret.s+ | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_TRACE_FENTRY | fentry+ |32_ |
-
+ +----------------------------------+-----------------------+
| | | fentry.s+ | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_TRACE_FEXIT | fexit+ |32_ |
-
+ +----------------------------------+-----------------------+
| | | fexit.s+ | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_TRACE_ITER | iter+ |34_ |
-
+ +----------------------------------+-----------------------+
| | | iter.s+ | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_TRACE_RAW_TP | tp_btf+ |16_ 17_ |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
| BPF_PROG_TYPE_XDP | BPF_XDP_CPUMAP | xdp.frags/cpumap | |
-
+ +----------------------------------+-----------------------+
| | | xdp/cpumap | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_XDP_DEVMAP | xdp.frags/devmap | |
-
+ +----------------------------------+-----------------------+
| | | xdp/devmap | |
-
+----------------------------------------+----------------------------------+-----------------------+
| | BPF_XDP | xdp.frags | |
-
+ +----------------------------------+-----------------------+
| | | xdp |33_ |
+-------------------------------------------+----------------------------------------+----------------------------------+-----------------------+
.. |Build examples| image:: https://github.com/mozillazg/hello-libbpfgo/actions/workflows/build.yml/badge.svg?branch=master :target: https://github.com/mozillazg/hello-libbpfgo/actions/workflows/build.yml
.. _04: 04-tracepoint .. _07: 07-tracepoint-args .. _12: 12-raw-tracepoint-args .. _13: 13-raw-tracepoint-args-sched_switch .. _14: 14-tracepoint-args-sched_switch .. _16: 16-btf-raw-tracepoint-args .. _17: 17-btf-raw-tracepoint-args-sched_switch .. _18: 18-socket-filter-capture-icmp-traffic-kernel-parse .. _19: 19-socket-filter-capture-icmp-traffic-userspace-parse .. _20: 20-socket-filter-capture-icmp-traffic-kernel-parse-without-llvm-load .. _21: 21-tc-parse-packet-with-bpf_skb_load_bytes .. _25: 25-tc-parse-packet-with-direct-memory-access .. _26: 26-lsm-path_chmod .. _28: 28-kprobe-hello .. _29: 29-kprobe-hello-with-macro .. _30: 30-ksyscall-hello .. _31: 31-ksyscall-hello-with-macro .. _32: 32-fentry-hello .. _33: 33-xdp-hello .. _34: 34-iter-task-hello .. _35: 35-tracepoint-args-use-custom-struct .. _36: 36-tracepoint-args-sched_switch-use-custom-struct .. _37: 37-tracepoint-sched_process_exec
https://mozillazg.com/tag/libbpf.html
mozillazg