1 package ebpf 2 3 import ( 4 "github.com/cilium/ebpf/internal/unix" 5 ) 6 7 //go:generate stringer -output types_string.go -type=MapType,ProgramType,PinType 8 9 // MapType indicates the type map structure 10 // that will be initialized in the kernel. 11 type MapType uint32 12 13 // Max returns the latest supported MapType. 14 func (MapType) Max() MapType { 15 return maxMapType - 1 16 } 17 18 // All the various map types that can be created 19 const ( 20 UnspecifiedMap MapType = iota 21 // Hash is a hash map 22 Hash 23 // Array is an array map 24 Array 25 // ProgramArray - A program array map is a special kind of array map whose map 26 // values contain only file descriptors referring to other eBPF 27 // programs. Thus, both the key_size and value_size must be 28 // exactly four bytes. This map is used in conjunction with the 29 // TailCall helper. 30 ProgramArray 31 // PerfEventArray - A perf event array is used in conjunction with PerfEventRead 32 // and PerfEventOutput calls, to read the raw bpf_perf_data from the registers. 33 PerfEventArray 34 // PerCPUHash - This data structure is useful for people who have high performance 35 // network needs and can reconcile adds at the end of some cycle, so that 36 // hashes can be lock free without the use of XAdd, which can be costly. 37 PerCPUHash 38 // PerCPUArray - This data structure is useful for people who have high performance 39 // network needs and can reconcile adds at the end of some cycle, so that 40 // hashes can be lock free without the use of XAdd, which can be costly. 41 // Each CPU gets a copy of this hash, the contents of all of which can be reconciled 42 // later. 43 PerCPUArray 44 // StackTrace - This holds whole user and kernel stack traces, it can be retrieved with 45 // GetStackID 46 StackTrace 47 // CGroupArray - This is a very niche structure used to help SKBInCGroup determine 48 // if an skb is from a socket belonging to a specific cgroup 49 CGroupArray 50 // LRUHash - This allows you to create a small hash structure that will purge the 51 // least recently used items rather than thow an error when you run out of memory 52 LRUHash 53 // LRUCPUHash - This is NOT like PerCPUHash, this structure is shared among the CPUs, 54 // it has more to do with including the CPU id with the LRU calculation so that if a 55 // particular CPU is using a value over-and-over again, then it will be saved, but if 56 // a value is being retrieved a lot but sparsely across CPUs it is not as important, basically 57 // giving weight to CPU locality over overall usage. 58 LRUCPUHash 59 // LPMTrie - This is an implementation of Longest-Prefix-Match Trie structure. It is useful, 60 // for storing things like IP addresses which can be bit masked allowing for keys of differing 61 // values to refer to the same reference based on their masks. See wikipedia for more details. 62 LPMTrie 63 // ArrayOfMaps - Each item in the array is another map. The inner map mustn't be a map of maps 64 // itself. 65 ArrayOfMaps 66 // HashOfMaps - Each item in the hash map is another map. The inner map mustn't be a map of maps 67 // itself. 68 HashOfMaps 69 // DevMap - Specialized map to store references to network devices. 70 DevMap 71 // SockMap - Specialized map to store references to sockets. 72 SockMap 73 // CPUMap - Specialized map to store references to CPUs. 74 CPUMap 75 // XSKMap - Specialized map for XDP programs to store references to open sockets. 76 XSKMap 77 // SockHash - Specialized hash to store references to sockets. 78 SockHash 79 // CGroupStorage - Special map for CGroups. 80 CGroupStorage 81 // ReusePortSockArray - Specialized map to store references to sockets that can be reused. 82 ReusePortSockArray 83 // PerCPUCGroupStorage - Special per CPU map for CGroups. 84 PerCPUCGroupStorage 85 // Queue - FIFO storage for BPF programs. 86 Queue 87 // Stack - LIFO storage for BPF programs. 88 Stack 89 // SkStorage - Specialized map for local storage at SK for BPF programs. 90 SkStorage 91 // DevMapHash - Hash-based indexing scheme for references to network devices. 92 DevMapHash 93 // StructOpsMap - This map holds a kernel struct with its function pointer implemented in a BPF 94 // program. 95 StructOpsMap 96 // RingBuf - Similar to PerfEventArray, but shared across all CPUs. 97 RingBuf 98 // InodeStorage - Specialized local storage map for inodes. 99 InodeStorage 100 // TaskStorage - Specialized local storage map for task_struct. 101 TaskStorage 102 // maxMapType - Bound enum of MapTypes, has to be last in enum. 103 maxMapType 104 ) 105 106 // hasPerCPUValue returns true if the Map stores a value per CPU. 107 func (mt MapType) hasPerCPUValue() bool { 108 return mt == PerCPUHash || mt == PerCPUArray || mt == LRUCPUHash || mt == PerCPUCGroupStorage 109 } 110 111 // canStoreMap returns true if the map type accepts a map fd 112 // for update and returns a map id for lookup. 113 func (mt MapType) canStoreMap() bool { 114 return mt == ArrayOfMaps || mt == HashOfMaps 115 } 116 117 // canStoreProgram returns true if the map type accepts a program fd 118 // for update and returns a program id for lookup. 119 func (mt MapType) canStoreProgram() bool { 120 return mt == ProgramArray 121 } 122 123 // hasBTF returns true if the map type supports BTF key/value metadata. 124 func (mt MapType) hasBTF() bool { 125 switch mt { 126 case PerfEventArray, CGroupArray, StackTrace, ArrayOfMaps, HashOfMaps, DevMap, 127 DevMapHash, CPUMap, XSKMap, SockMap, SockHash, Queue, Stack, RingBuf: 128 return false 129 default: 130 return true 131 } 132 } 133 134 // ProgramType of the eBPF program 135 type ProgramType uint32 136 137 // Max return the latest supported ProgramType. 138 func (ProgramType) Max() ProgramType { 139 return maxProgramType - 1 140 } 141 142 // eBPF program types 143 const ( 144 UnspecifiedProgram ProgramType = iota 145 SocketFilter 146 Kprobe 147 SchedCLS 148 SchedACT 149 TracePoint 150 XDP 151 PerfEvent 152 CGroupSKB 153 CGroupSock 154 LWTIn 155 LWTOut 156 LWTXmit 157 SockOps 158 SkSKB 159 CGroupDevice 160 SkMsg 161 RawTracepoint 162 CGroupSockAddr 163 LWTSeg6Local 164 LircMode2 165 SkReuseport 166 FlowDissector 167 CGroupSysctl 168 RawTracepointWritable 169 CGroupSockopt 170 Tracing 171 StructOps 172 Extension 173 LSM 174 SkLookup 175 Syscall 176 maxProgramType 177 ) 178 179 // AttachType of the eBPF program, needed to differentiate allowed context accesses in 180 // some newer program types like CGroupSockAddr. Should be set to AttachNone if not required. 181 // Will cause invalid argument (EINVAL) at program load time if set incorrectly. 182 type AttachType uint32 183 184 //go:generate stringer -type AttachType -trimprefix Attach 185 186 // AttachNone is an alias for AttachCGroupInetIngress for readability reasons. 187 const AttachNone AttachType = 0 188 189 const ( 190 AttachCGroupInetIngress AttachType = iota 191 AttachCGroupInetEgress 192 AttachCGroupInetSockCreate 193 AttachCGroupSockOps 194 AttachSkSKBStreamParser 195 AttachSkSKBStreamVerdict 196 AttachCGroupDevice 197 AttachSkMsgVerdict 198 AttachCGroupInet4Bind 199 AttachCGroupInet6Bind 200 AttachCGroupInet4Connect 201 AttachCGroupInet6Connect 202 AttachCGroupInet4PostBind 203 AttachCGroupInet6PostBind 204 AttachCGroupUDP4Sendmsg 205 AttachCGroupUDP6Sendmsg 206 AttachLircMode2 207 AttachFlowDissector 208 AttachCGroupSysctl 209 AttachCGroupUDP4Recvmsg 210 AttachCGroupUDP6Recvmsg 211 AttachCGroupGetsockopt 212 AttachCGroupSetsockopt 213 AttachTraceRawTp 214 AttachTraceFEntry 215 AttachTraceFExit 216 AttachModifyReturn 217 AttachLSMMac 218 AttachTraceIter 219 AttachCgroupInet4GetPeername 220 AttachCgroupInet6GetPeername 221 AttachCgroupInet4GetSockname 222 AttachCgroupInet6GetSockname 223 AttachXDPDevMap 224 AttachCgroupInetSockRelease 225 AttachXDPCPUMap 226 AttachSkLookup 227 AttachXDP 228 AttachSkSKBVerdict 229 AttachSkReuseportSelect 230 AttachSkReuseportSelectOrMigrate 231 AttachPerfEvent 232 ) 233 234 // AttachFlags of the eBPF program used in BPF_PROG_ATTACH command 235 type AttachFlags uint32 236 237 // PinType determines whether a map is pinned into a BPFFS. 238 type PinType int 239 240 // Valid pin types. 241 // 242 // Mirrors enum libbpf_pin_type. 243 const ( 244 PinNone PinType = iota 245 // Pin an object by using its name as the filename. 246 PinByName 247 ) 248 249 // LoadPinOptions control how a pinned object is loaded. 250 type LoadPinOptions struct { 251 // Request a read-only or write-only object. The default is a read-write 252 // object. Only one of the flags may be set. 253 ReadOnly bool 254 WriteOnly bool 255 256 // Raw flags for the syscall. Other fields of this struct take precedence. 257 Flags uint32 258 } 259 260 // Marshal returns a value suitable for BPF_OBJ_GET syscall file_flags parameter. 261 func (lpo *LoadPinOptions) Marshal() uint32 { 262 if lpo == nil { 263 return 0 264 } 265 266 flags := lpo.Flags 267 if lpo.ReadOnly { 268 flags |= unix.BPF_F_RDONLY 269 } 270 if lpo.WriteOnly { 271 flags |= unix.BPF_F_WRONLY 272 } 273 return flags 274 } 275 276 // BatchOptions batch map operations options 277 // 278 // Mirrors libbpf struct bpf_map_batch_opts 279 // Currently BPF_F_FLAG is the only supported 280 // flag (for ElemFlags). 281 type BatchOptions struct { 282 ElemFlags uint64 283 Flags uint64 284 } 285