Expand description
eBPF program types.
eBPF programs are loaded inside the kernel and attached to one or more hook points. Whenever the hook points are reached, the programs are executed.
Loading and attaching programs
When you call Bpf::load_file or Bpf::load, all the programs included
in the object code are parsed and relocated. Programs are not loaded
automatically though, since often you will need to do some application
specific setup before you can actually load them.
In order to load and attach a program, you need to retrieve it using Bpf::program_mut,
then call the load() and attach() methods, for example:
use aya::{Bpf, programs::KProbe};
use std::convert::TryInto;
let mut bpf = Bpf::load_file("ebpf_programs.o")?;
// intercept_wakeups is the name of the program we want to load
let program: &mut KProbe = bpf.program_mut("intercept_wakeups").unwrap().try_into()?;
program.load()?;
// intercept_wakeups will be called every time try_to_wake_up() is called
// inside the kernel
program.attach("try_to_wake_up", 0)?;The signature of the attach() method varies depending on what kind of
program you’re trying to attach.
Re-exports
pub use cgroup_skb::CgroupSkb;pub use cgroup_skb::CgroupSkbAttachType;pub use cgroup_sock_addr::CgroupSockAddr;pub use cgroup_sock_addr::CgroupSockAddrAttachType;pub use cgroup_sockopt::CgroupSockopt;pub use cgroup_sockopt::CgroupSockoptAttachType;pub use cgroup_sysctl::CgroupSysctl;pub use extension::Extension;pub use extension::ExtensionError;pub use fentry::FEntry;pub use fexit::FExit;pub use kprobe::KProbe;pub use kprobe::KProbeError;pub use links::Link;pub use links::OwnedLink;pub use lirc_mode2::LircMode2;pub use lsm::Lsm;pub use perf_event::PerfEvent;pub use perf_event::PerfEventScope;pub use perf_event::PerfTypeId;pub use perf_event::SamplePolicy;pub use tc::SchedClassifier;pub use tc::TcAttachType;pub use tc::TcError;pub use tp_btf::BtfTracePoint;pub use trace_point::TracePoint;pub use trace_point::TracePointError;pub use uprobe::UProbe;pub use uprobe::UProbeError;pub use xdp::Xdp;pub use xdp::XdpError;pub use xdp::XdpFlags;Modules
Cgroup skb programs.
Cgroup socket address programs.
Cgroup socket option programs.
Cgroup sysctl programs.
Extension programs.
Fentry programs.
Fexit programs.
Kernel space probes.
Program links.
Lirc programs.
LSM probes.
Perf attach links.
Perf event programs.
Network traffic control programs.
BTF-enabled raw tracepoints.
Tracepoint programs.
User space probes.
eXpress Data Path (XDP) programs.
Structs
Provides information about a loaded program, like name, id and statistics
A program that can be attached at a pre-defined kernel trace point, but also has an access to kernel internal arguments of trace points, which differentiates them from traditional tracepoint eBPF programs.
A program used to redirect incoming packets to a local socket.
A program used to intercept messages sent with sendmsg()/sendfile().
A program used to intercept ingress socket buffers.
A program used to work with sockets.
A program used to inspect and filter incoming packets on a socket.
Enums
Kind of probe program
eBPF program type.
Error type returned when working with programs.
The type returned when attaching a SocketFilter fails.