bpf

package

v0.0.0-...-94f4200 Latest Latest Go to latest Published: May 8, 2020 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ti-mo/conntracct

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func Select(kr string) (*bytes.Reader, kernel.Kernel, error)
func Sysctls(verbose bool) error
type Config
type Consumer
- func NewConsumer(name string, events chan Event, mode ConsumerMode) *Consumer
type ConsumerMode
type ConsumerStats
- func (s *ConsumerStats) Get() ConsumerStats
type CurvePoint
type Event
- func (e *Event) String() string
type Probe
- func NewProbe(cfg Config) (*Probe, error)
type ProbeStats
- func (s *ProbeStats) Get() ProbeStats

Constants ¶

View Source

const EventLength = 104

EventLength is the length of the struct sent by BPF.

Variables ¶

This section is empty.

Functions ¶

func Select ¶

func Select(kr string) (*bytes.Reader, kernel.Kernel, error)

Select returns a bytes.Reader holding the BPF program to be used for the given kernel release kr. Returns the bytes.Reader of the selected probe and the kernel.Kernel it was built against.

func Sysctls ¶

func Sysctls(verbose bool) error

Sysctls applies a list of sysctls on the machine. When verbose is true, logs any changes made to stdout.

Types ¶

type Config ¶

type Config struct {
	// Curve* are curve points representing update intervals
	// when flows reach a certain age. For example, when a flow
	// is 0ms old, it will send an event every 20s. When it reaches
	// an age of 1 minute, it will send an event every 60s, etc.
	Curve0 CurvePoint
	Curve1 CurvePoint
	Curve2 CurvePoint
}

Config is a configuration object for the acct BPF probe.

type Consumer ¶

type Consumer struct {
	// contains filtered or unexported fields
}

A Consumer of accounting events.

func NewConsumer ¶

func NewConsumer(name string, events chan Event, mode ConsumerMode) *Consumer

NewConsumer returns a new Consumer.

func (*Consumer) Events ¶

func (ac *Consumer) Events() <-chan Event

Events returns the consumer's Event channel.

func (*Consumer) Name ¶

func (ac *Consumer) Name() string

Name returns the consumer's name.

func (*Consumer) Stats ¶

func (ac *Consumer) Stats() *ConsumerStats

Stats returns a reference to the Consumer's ConsumerStats structure. This structure is updated using sync/atomic. Use the ConsumerStats' Get() methods to obtain a copy created using atomic loads.

func (*Consumer) WantDestroy ¶

func (ac *Consumer) WantDestroy() bool

WantDestroy returns whether or not this consumer wants to receive destroy events.

func (*Consumer) WantUpdate ¶

func (ac *Consumer) WantUpdate() bool

WantUpdate returns whether or not this consumer wants to receive update events.

type ConsumerMode ¶

type ConsumerMode uint8

ConsumerMode defines whether the consumer receives updates, destroys, or both.

const (
	ConsumerUpdate  ConsumerMode = 1
	ConsumerDestroy ConsumerMode = 2
	ConsumerAll     ConsumerMode = (ConsumerUpdate | ConsumerDestroy)
)

Kind of events the consumer subscribes to.

type ConsumerStats ¶

type ConsumerStats struct {
	// amount of events received by the consumer
	EventsReceived uint64 `json:"events_received"`
	// amount of events that could not be received by the consumer
	EventsLost uint64 `json:"events_lost"`
	// length of the consumer's event queue
	EventQueueLength uint64 `json:"event_queue_length"`
}

ConsumerStats holds various statistics and information about the BPF consumer.

func (*ConsumerStats) Get ¶

func (s *ConsumerStats) Get() ConsumerStats

Get returns a copy of the ConsumerStats structure created using atomic loads. The values can be inconsistent with each other, as they are written and read concurrently without locks.

type CurvePoint ¶

type CurvePoint struct {
	Age  time.Duration
	Rate time.Duration
}

A CurvePoint represents an age/rate pair. It defines the update rate of a flow that is older than the given age.

type Event ¶

type Event struct {
	Start       uint64 `json:"start"`     // epoch timestamp of flow start
	Timestamp   uint64 `json:"timestamp"` // ktime of event, relative to machine boot time
	FlowID      uint32 `json:"flow_id"`
	Connmark    uint32 `json:"connmark"`
	SrcAddr     net.IP `json:"src_addr"`
	DstAddr     net.IP `json:"dst_addr"`
	PacketsOrig uint64 `json:"packets_orig"`
	BytesOrig   uint64 `json:"bytes_orig"`
	PacketsRet  uint64 `json:"packets_ret"`
	BytesRet    uint64 `json:"bytes_ret"`
	SrcPort     uint16 `json:"src_port"`
	DstPort     uint16 `json:"dst_port"`
	NetNS       uint32 `json:"netns"`
	Proto       uint8  `json:"proto"`
	// contains filtered or unexported fields
}

Event is an accounting event delivered to userspace from the Probe.

func (*Event) String ¶

func (e *Event) String() string

String returns a readable string representation of the Event.

type Probe ¶

type Probe struct {
	// contains filtered or unexported fields
}

Probe is an instance of a BPF probe running in the kernel.

func NewProbe ¶

func NewProbe(cfg Config) (*Probe, error)

NewProbe instantiates a Probe using the given Config. Loads the BPF program into the kernel but does not attach its kprobes yet.

func (*Probe) GetConsumer ¶

func (ap *Probe) GetConsumer(name string) *Consumer

GetConsumer looks up and returns an Consumer registered in an Probe based on its name. Returns nil if consumer does not exist in probe.

func (*Probe) Kernel ¶

func (ap *Probe) Kernel() kernel.Kernel

Kernel returns the target kernel structure of the selected probe.

func (*Probe) RegisterConsumer ¶

func (ap *Probe) RegisterConsumer(ac *Consumer) error

RegisterConsumer registers an Consumer in an Probe.

func (*Probe) RemoveConsumer ¶

func (ap *Probe) RemoveConsumer(ac *Consumer) error

RemoveConsumer removes an Consumer from the Probe's consumer list.

func (*Probe) Start ¶

func (ap *Probe) Start() error

Start attaches the BPF program's kprobes and starts polling the perf ring buffer.

func (*Probe) Stats ¶

func (ap *Probe) Stats() ProbeStats

Stats returns a snapshot copy of the Probe's statistics.

func (*Probe) Stop ¶

func (ap *Probe) Stop() error

Stop stops the BPF program and releases all its related resources. Closes all Probe's channels. Can only be called after Start().

type ProbeStats ¶

type ProbeStats struct {
	// total amount of events received from kernel
	PerfEventsTotal uint64 `json:"perf_events_total"`
	// total amount of bytes read from the BPF perf buffer(s)
	PerfBytesTotal uint64 `json:"perf_bytes_total"`

	// amount of update events received from the kernel
	PerfEventsUpdate uint64 `json:"perf_events_update"`
	// amount of overwritten (lost) events from the perf update buffer
	PerfEventsUpdateLost uint64 `json:"perf_events_update_lost"`
	// amount of destroy events received from the kernel
	PerfEventsDestroy uint64 `json:"perf_events_destroy"`
	// amount of overwritten (lost) events from the perf destroy buffer
	PerfEventsDestroyLost uint64 `json:"perf_events_destroy_lost"`
}

ProbeStats holds various statistics and information about the BPF probe.

func (*ProbeStats) Get ¶

func (s *ProbeStats) Get() ProbeStats

Get returns a copy of the Stats structure created using atomic loads. The values can be inconsistent with each other, as they are written and read concurrently without locks.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL