Skip to content

Releases: cilium/ebpf

v0.7.0: Honeygopher Edition

11 Oct 12:30
Compare
Choose a tag to compare

The cilium/ebpf project now has a mascot, the Honeygopher! Thank you, Vadim Shchekoldin!

New Packages

  • Package ringbuf allows reading from a BPF_MAP_TYPE_RINGBUF map.
  • Package features implements the equivalent of bpftool feature probe for discovering BPF-related kernel features using native Go. Note that support for probing availability of BPF helpers is pending.
  • Package rlimit provides a convenient API to lift the RLIMIT_MEMLOCK constraint on kernels before 5.11.

Breaking Changes

  • Deprecations
    • StructOpts has been changed to alias the new StructOpsMap and will be removed in 0.8.0
      by @ti-mo in #381
    • perf.IsClosed() has been deprecated and will be removed in 0.8.0
      by @lmb in #397
    • Collection.Assign() has been removed after a sunset period
      by @ti-mo in #371

Features

  • elf: support cgroup getsockname/getpeername prog by @zf1575192187 in #350
  • MapType probe API by @rgo3 in #321
  • link/uprobe: support filtering by pid by @mmat11 in #342
  • Add support for freplace programs by @zeffron in #288
  • Export CollectionSpec.ByteOrder by @ti-mo in #361
  • Support ELF map definitions larger than bpf_map_def by @ti-mo in #362
  • Auto-populate tail-call and map-in-map maps from ELF/BTF by @ti-mo in #363
  • features: add HaveProgType API by @rgo3 in #355
  • feature: add call fixups for bpf_probe_read_kernel, etc by @xh4n3 in #367
  • cmd/bpf2go: use Go 1.16 embed to include BPF elfs by @lmb in #327
  • bpf2go: add support for bpf_tracing.h by @lmb in #369
  • features: support get map ids from program. by @arikachen in #391
  • Recognize sk_reuseport programs by @lmb in #393
  • btf: handle float relocation for CO-RE by @lmb in #403
  • Utility function to remove memlock rlimit by @folbricht in #392
  • BPF ring buffer by @mythi in #318

Bug Fixes

  • link/uprobe: handle ENOTSUPP from the kernel's prepare_uprobe() by @ti-mo in #351
  • Mark PerCPUCGroupStorage as per-cpu by @yadutaf in #341
  • link/kprobe: don't redeclare a new variable sp by @guodongzz in #365
  • Fix invalid usage of reflect.SliceHeader by @cuonglm in #376
  • program: don't retrieve map ids by default by @lmb in #395
  • link/uprobe: fix offsets for statically linked binaries by @mmat11 in #385
  • Add sync.Pool to reduce allocations for the default case in unmarshalBytes() by @rockdaboot in #420
  • Fix btf.FindType to avoid copy by @pippolo84 in #424
  • Fix missing close of fds from BPF{ProgLoad,MapCreate} by @pippolo84 in #428
  • Directly handle int32 and int64 types in unmarshalBytes() by @rockdaboot in #427

Examples

  • Add kprobepin example showing how to re-use a pinned map in a BPF prog by @ungureanuvladvictor in #364
  • examples: adapt uretprobe example to the new library version by @mmat11 in #389
  • CI: build examples by @lmb in #390
  • Add a script to update vendored libbpf headers for examples by @markpash in #394
  • Add an example for the RINGBUF map type by @pippolo84 in #412
  • Add a tracepoint example and a percpu example by @hao-lee in #402
  • examples - convert to new rlimit package for memlock removal by @ti-mo in #441

New Contributors

This release saw a record amount of new contributors! We'd like to wish everyone a warm welcome and thank you all for your support!

Full Changelog: v0.6.2...v0.7.0

Wrap SYS_BPF errors, user-provided uprobe offsets, support new map, program and flag types

12 Jul 13:01
Compare
Choose a tag to compare

Breaking changes

  • None

Features

  • Return friendly error when creating maps with BPF_F_MMAPABLE or BPF_F_INNER_MAP and the kernel doesn't support them.
  • Add support for StructOps, RingBuf, InodeStorage and TaskStorage map types.
  • Support many new BPF program types added over the course of 2019/2020 in the assembler.
  • Detect fentry, fmod_ret and fexit programs by their ELF section names.
  • link: support user-provided offsets for uprobe locations by specifying UprobeOptions.
  • link: support creating bpf_map_elem iterators
  • Wrap and propagate all errors generated by SYS_BPF, allowing the caller to retrieve

Bug Fixes

  • Fix flaky TestMapPin test on Go 1.17beta1

Deprecations

  • ebpf.ErrNotExist is now an alias to os.ErrNotExist and will be removed in a future release.

Examples

  • Docstring fixup in kprobe example

Contributors

Chris Tarazi
Lorenz Bauer
Mattia Meleleo
Mikko Ylinen
Robin Gögge
Tobias Klauser

Thank you for your work!

v0.6.1

11 Jun 13:21
Compare
Choose a tag to compare

Breaking changes

  • None

Features

  • link.Raw{At,De}tachProgram now wraps and returns the underlying error returned by the kernel. Note: this is not an API contract, so use at your own discretion. This was added temporarily for kernel feature detection purposes, and a proper feature detection API will replace this in the near future.
  • link.K(ret)probe now automatically prefixes the given symbol with the conventional prefix for syscall wrappers (e.g. __x64_ when running on amd64)

Examples

  • The kprobe example now hooks the sys_execve syscall wrapper by its common name rather than the x64 variant

Contributors

Aleksa Sarai
Lorenz Bauer
Nikolay Nikolaev
Robin Gögge

Thank you for your work!

CO-RE support

28 May 13:02
@lmb lmb
Compare
Choose a tag to compare

The library now supports most kinds of CO-RE relocations!

Breaking changes

  • None

Features

  • CO-RE relocations make writing portable kprobes a lot easier. We now have support for a good chunk of them.
  • kretprobes are a little more robust to kernel ABI changes.
  • uprobes and uretprobes are now supported.
  • ProgramOptions has a TargetBTF member which allows specifying a custom target. Use this to support distro kernels that don't have built in BTF.
  • raw_tp and tp_btf sections are now recognised.
  • compatibility with libbpf has increased.
  • PerfEventArray should now be useable without having to change PerfEventArray.MaxEntries.

Examples

  • The uprobe example uses the new API in link.

Contributors

Gilberto Bertin
Lorenz Bauer
Mattia
Mattia Meleleo
nevermosby
Timo Beckers

Thank you for your work!

K(ret)probe and Tracepoint support

08 Apr 15:29
ef54c30
Compare
Choose a tag to compare

This release brings support for attaching to k(ret)probes and tracepoints out of the box!
See the kprobe and tracepoint examples.

Breaking changes

  • All LoadPinned*() functions now take LoadPinOptions to control loader behaviour.
    Simply pass nil to load with default options.
    • LoadPinnedMap()
    • LoadPinnedProgram()
    • LoadPinnedCgroup()
    • LoadPinnedIter()
    • LoadPinnedRawLink()
    • LoadPinnedNetNs()

Bug fixes

  • Program.IsPinned() now behaves correctly on maps loaded from bpffs
  • Map.Pin() no longer clobbers the destination file if it already exists

Features

  • Attaching to k(ret)probes and tracepoints can now be done with link.Kprobe(), link.Kretprobe() and link.Tracepoint()
  • Programs of type Kprobe automatically get their KernelVersion fields populated by detecting the kernel version at runtime
  • MapOptions now contains a LoadPinOptions
  • ProgSpec now contains a Flags field, adding support for BPF_F_SLEEPABLE
  • Made BTF map loader more flexible by looping over Vars in a BTF data section
  • Pinned Maps and Programs can now be loaded from bpffs in read-or write-only mode
  • Added golangci-lint project configuration, running in CI

Examples

  • kprobe and tracepoint examples updated to use the new link.Kprobe() and link.Tracepoint() API
  • There is now an example for how to attach eBPF programs to uprobes

Contributors

Aditi Ghag
Florian Lehner
Lorenz Bauer
Mattia Meleleo
Mikko Ylinen
Timo Beckers
Vlad Ungureanu

Thank you for your work!

v0.4.0

18 Mar 15:22
@lmb lmb
Compare
Choose a tag to compare

Breaking changes

  • Map.Pin and Program.Pin only allow pinning to a single location on a BPFFS,
    repeated calls will move the pinned object rather than create additional pins.
    Clone the map or program if you need to pin to multiple paths.
  • The API of bpf2go generated programs has changed.

Bug fixes

  • bpf2go now passes -O2 and -mcpu=v1 to clang by default which means that
    programs should load out of the box.
  • Fix iterating an empty sockmap.
  • .data..percpu sections present in newer kernel BTF are now handled correctly.
  • Non-static constants work now thanks to more robust ELF relocation handling.
  • Various fixes to feature probes

Features

  • Map and Program have gained Unpin which removes a previous Pin.
  • BTF-style map definitions can now declare nested maps.
  • EnableStats allows collecting global run time stats for Programs.
  • Some Maps can now be modified using the Batch* methods.
  • Programs now have a Tag function which allows calculating the kernel "tag"
    of a program.
  • There is now a folder with examples

Contributors

  • Aditi Ghag
  • Bryce Kahle
  • Dmitry Savintsev
  • Florian Lehner
  • Iacopo Rozzo
  • Kornilios Kourtis
  • Lorenz Bauer
  • Mattia Meleleo
  • Mikko Ylinen
  • Nate Sweet
  • Takeru Hayasaka
  • Timo Beckers
  • Tobias Klauser
  • Tom Payne

Thank you for your work!

Add MapInfo and ProgramInfo

20 Nov 10:54
@lmb lmb
Compare
Choose a tag to compare

Allow accessing map and program metadata. This also removes the confusing MapABI and ProgramABI, which have been deprecated.

Users of MapABI and ProgramABI can migrate to the Type(), etc. getters on Map and Program directly.

Support LSM hook and add network namespace link

18 Nov 15:17
@lmb lmb
Compare
Choose a tag to compare

The library now understands lsm/ sections. There is a new link.NetNsLink which allows attaching sk_lookup and flow_dissector programs.

Some bugfixes in btf.

Deprecate MapABI and ProgramABI

06 Nov 16:34
@lmb lmb
Compare
Choose a tag to compare

This release deprecates MapABI and ProgramABI in favour of straight up getters on Map and Program.