Releases: cilium/ebpf
v0.7.0: Honeygopher Edition
The cilium/ebpf
project now has a mascot, the Honeygopher! Thank you, Vadim Shchekoldin!
New Packages
- Package ringbuf allows reading from a
BPF_MAP_TYPE_RINGBUF
map. - Package features implements the equivalent of
bpftool feature probe
for discovering BPF-related kernel features using native Go. Note that support for probing availability of BPF helpers is pending. - Package rlimit provides a convenient API to lift the
RLIMIT_MEMLOCK
constraint on kernels before 5.11.
Breaking Changes
- Deprecations
Features
- elf: support cgroup getsockname/getpeername prog by @zf1575192187 in #350
- MapType probe API by @rgo3 in #321
- link/uprobe: support filtering by pid by @mmat11 in #342
- Add support for freplace programs by @zeffron in #288
- Export
CollectionSpec.ByteOrder
by @ti-mo in #361 - Support ELF map definitions larger than
bpf_map_def
by @ti-mo in #362 - Auto-populate tail-call and map-in-map maps from ELF/BTF by @ti-mo in #363
- features: add HaveProgType API by @rgo3 in #355
- feature: add call fixups for bpf_probe_read_kernel, etc by @xh4n3 in #367
- cmd/bpf2go: use Go 1.16 embed to include BPF elfs by @lmb in #327
- bpf2go: add support for bpf_tracing.h by @lmb in #369
- features: support get map ids from program. by @arikachen in #391
- Recognize sk_reuseport programs by @lmb in #393
- btf: handle float relocation for CO-RE by @lmb in #403
- Utility function to remove memlock rlimit by @folbricht in #392
- BPF ring buffer by @mythi in #318
Bug Fixes
- link/uprobe: handle ENOTSUPP from the kernel's prepare_uprobe() by @ti-mo in #351
- Mark PerCPUCGroupStorage as per-cpu by @yadutaf in #341
- link/kprobe: don't redeclare a new variable sp by @guodongzz in #365
- Fix invalid usage of reflect.SliceHeader by @cuonglm in #376
- program: don't retrieve map ids by default by @lmb in #395
- link/uprobe: fix offsets for statically linked binaries by @mmat11 in #385
- Add sync.Pool to reduce allocations for the default case in unmarshalBytes() by @rockdaboot in #420
- Fix btf.FindType to avoid copy by @pippolo84 in #424
- Fix missing close of fds from BPF{ProgLoad,MapCreate} by @pippolo84 in #428
- Directly handle int32 and int64 types in unmarshalBytes() by @rockdaboot in #427
Examples
- Add kprobepin example showing how to re-use a pinned map in a BPF prog by @ungureanuvladvictor in #364
- examples: adapt uretprobe example to the new library version by @mmat11 in #389
- CI: build examples by @lmb in #390
- Add a script to update vendored libbpf headers for examples by @markpash in #394
- Add an example for the RINGBUF map type by @pippolo84 in #412
- Add a tracepoint example and a percpu example by @hao-lee in #402
- examples - convert to new rlimit package for memlock removal by @ti-mo in #441
New Contributors
- @zf1575192187 made their first contribution in #350
- @sharjeelaziz made their first contribution in #349
- @zeffron made their first contribution in #352
- @yadutaf made their first contribution in #341
- @guodongzz made their first contribution in #365
- @xh4n3 made their first contribution in #367
- @cuonglm made their first contribution in #376
- @mabis made their first contribution in #378
- @arikachen made their first contribution in #391
- @markpash made their first contribution in #394
- @pippolo84 made their first contribution in #401
- @folbricht made their first contribution in #392
- @hao-lee made their first contribution in #414
- @rockdaboot made their first contribution in #420
- @mehrdadrad made their first contribution in #439
- @lizrice made their first contribution in #442
This release saw a record amount of new contributors! We'd like to wish everyone a warm welcome and thank you all for your support!
Full Changelog: v0.6.2...v0.7.0
Wrap SYS_BPF errors, user-provided uprobe offsets, support new map, program and flag types
Breaking changes
- None
Features
- Return friendly error when creating maps with
BPF_F_MMAPABLE
orBPF_F_INNER_MAP
and the kernel doesn't support them. - Add support for StructOps, RingBuf, InodeStorage and TaskStorage map types.
- Support many new BPF program types added over the course of 2019/2020 in the assembler.
- Detect
fentry
,fmod_ret
andfexit
programs by their ELF section names. - link: support user-provided offsets for uprobe locations by specifying
UprobeOptions
. - link: support creating bpf_map_elem iterators
- Wrap and propagate all errors generated by SYS_BPF, allowing the caller to retrieve
Bug Fixes
- Fix flaky TestMapPin test on Go 1.17beta1
Deprecations
ebpf.ErrNotExist
is now an alias toos.ErrNotExist
and will be removed in a future release.
Examples
- Docstring fixup in kprobe example
Contributors
Chris Tarazi
Lorenz Bauer
Mattia Meleleo
Mikko Ylinen
Robin Gögge
Tobias Klauser
Thank you for your work!
v0.6.1
Breaking changes
- None
Features
link.Raw{At,De}tachProgram
now wraps and returns the underlying error returned by the kernel. Note: this is not an API contract, so use at your own discretion. This was added temporarily for kernel feature detection purposes, and a proper feature detection API will replace this in the near future.link.K(ret)probe
now automatically prefixes the given symbol with the conventional prefix for syscall wrappers (e.g.__x64_
when running on amd64)
Examples
- The kprobe example now hooks the
sys_execve
syscall wrapper by its common name rather than the x64 variant
Contributors
Aleksa Sarai
Lorenz Bauer
Nikolay Nikolaev
Robin Gögge
Thank you for your work!
CO-RE support
The library now supports most kinds of CO-RE relocations!
Breaking changes
- None
Features
- CO-RE relocations make writing portable kprobes a lot easier. We now have support for a good chunk of them.
- kretprobes are a little more robust to kernel ABI changes.
- uprobes and uretprobes are now supported.
- ProgramOptions has a TargetBTF member which allows specifying a custom target. Use this to support distro kernels that don't have built in BTF.
raw_tp
andtp_btf
sections are now recognised.- compatibility with libbpf has increased.
- PerfEventArray should now be useable without having to change PerfEventArray.MaxEntries.
Examples
- The uprobe example uses the new API in link.
Contributors
Gilberto Bertin
Lorenz Bauer
Mattia
Mattia Meleleo
nevermosby
Timo Beckers
Thank you for your work!
K(ret)probe and Tracepoint support
This release brings support for attaching to k(ret)probes and tracepoints out of the box!
See the kprobe and tracepoint examples.
Breaking changes
- All
LoadPinned*()
functions now takeLoadPinOptions
to control loader behaviour.
Simply passnil
to load with default options.LoadPinnedMap()
LoadPinnedProgram()
LoadPinnedCgroup()
LoadPinnedIter()
LoadPinnedRawLink()
LoadPinnedNetNs()
Bug fixes
Program.IsPinned()
now behaves correctly on maps loaded from bpffsMap.Pin()
no longer clobbers the destination file if it already exists
Features
- Attaching to k(ret)probes and tracepoints can now be done with
link.Kprobe()
,link.Kretprobe(
) andlink.Tracepoint()
- Programs of type
Kprobe
automatically get theirKernelVersion
fields populated by detecting the kernel version at runtime MapOptions
now contains aLoadPinOptions
ProgSpec
now contains aFlags
field, adding support forBPF_F_SLEEPABLE
- Made BTF map loader more flexible by looping over
Var
s in a BTF data section - Pinned Maps and Programs can now be loaded from bpffs in read-or write-only mode
- Added golangci-lint project configuration, running in CI
Examples
- kprobe and tracepoint examples updated to use the new
link.Kprobe()
andlink.Tracepoint()
API - There is now an example for how to attach eBPF programs to uprobes
Contributors
Aditi Ghag
Florian Lehner
Lorenz Bauer
Mattia Meleleo
Mikko Ylinen
Timo Beckers
Vlad Ungureanu
Thank you for your work!
v0.4.0
Breaking changes
- Map.Pin and Program.Pin only allow pinning to a single location on a BPFFS,
repeated calls will move the pinned object rather than create additional pins.
Clone the map or program if you need to pin to multiple paths. - The API of bpf2go generated programs has changed.
Bug fixes
- bpf2go now passes
-O2
and-mcpu=v1
to clang by default which means that
programs should load out of the box. - Fix iterating an empty sockmap.
.data..percpu
sections present in newer kernel BTF are now handled correctly.- Non-static constants work now thanks to more robust ELF relocation handling.
- Various fixes to feature probes
Features
- Map and Program have gained Unpin which removes a previous Pin.
- BTF-style map definitions can now declare nested maps.
- EnableStats allows collecting global run time stats for Programs.
- Some Maps can now be modified using the Batch* methods.
- Programs now have a Tag function which allows calculating the kernel "tag"
of a program. - There is now a folder with examples
Contributors
- Aditi Ghag
- Bryce Kahle
- Dmitry Savintsev
- Florian Lehner
- Iacopo Rozzo
- Kornilios Kourtis
- Lorenz Bauer
- Mattia Meleleo
- Mikko Ylinen
- Nate Sweet
- Takeru Hayasaka
- Timo Beckers
- Tobias Klauser
- Tom Payne
Thank you for your work!
Add MapInfo and ProgramInfo
Allow accessing map and program metadata. This also removes the confusing MapABI and ProgramABI, which have been deprecated.
Users of MapABI and ProgramABI can migrate to the Type()
, etc. getters on Map
and Program
directly.
Support LSM hook and add network namespace link
The library now understands lsm/
sections. There is a new link.NetNsLink
which allows attaching sk_lookup and flow_dissector programs.
Some bugfixes in btf
.
Deprecate MapABI and ProgramABI
This release deprecates MapABI and ProgramABI in favour of straight up getters on Map and Program.