1BPFTOOL-CGROUP(8) BPFTOOL-CGROUP(8)
2
6 bpftool-cgroup - tool for inspection and simple manipulation of eBPF
7 progs
8
10 bpftool [OPTIONS] cgroup COMMAND
11 OPTIONS := { { -j | --json } [{ -p | --pretty }] | { -f | --bpffs }
13 }
14 COMMANDS := { show | list | tree | attach | detach | help }
16
18 bpftool cgroup { show | list } CGROUP [effective]
19 bpftool cgroup tree [CGROUP_ROOT] [effective]
20 bpftool cgroup attach CGROUP ATTACH_TYPE PROG [ATTACH_FLAGS]
21 bpftool cgroup detach CGROUP ATTACH_TYPE PROG
22 bpftool cgroup help
23 PROG := { id PROG_ID | pinned FILE | tag PROG_TAG }
25 ATTACH_TYPE := { ingress | egress | sock_create | sock_ops | device |
26 bind4 | bind6 | post_bind4 | post_bind6 | connect4 | connect6 |
27 getpeername4 | getpeername6 | getsockname4 | getsockname6 | sendmsg4 |
28 sendmsg6 | recvmsg4 | recvmsg6 | sysctl | getsockopt | setsockopt }
29 ATTACH_FLAGS := { multi | override }
30
33 bpftool cgroup { show | list } CGROUP [effective]
34 List all programs attached to the cgroup CGROUP.
35 Output will start with program ID followed by attach type,
37 attach flags and program name.
38 If effective is specified retrieve effective programs that
40 will execute for events within a cgroup. This includes inher‐
41 ited along with attached ones.
42 bpftool cgroup tree [CGROUP_ROOT] [effective]
44 Iterate over all cgroups in CGROUP_ROOT and list all attached
45 programs. If CGROUP_ROOT is not specified, bpftool uses
46 cgroup v2 mountpoint.
47 The output is similar to the output of cgroup show/list com‐
49 mands: it starts with absolute cgroup path, followed by pro‐
50 gram ID, attach type, attach flags and program name.
51 If effective is specified retrieve effective programs that
53 will execute for events within a cgroup. This includes inher‐
54 ited along with attached ones.
55 bpftool cgroup attach CGROUP ATTACH_TYPE PROG [ATTACH_FLAGS]
57 Attach program PROG to the cgroup CGROUP with attach type
58 ATTACH_TYPE and optional ATTACH_FLAGS.
59 ATTACH_FLAGS can be one of: override if a sub-cgroup installs
61 some bpf program, the program in this cgroup yields to
62 sub-cgroup program; multi if a sub-cgroup installs some bpf
63 program, that cgroup program gets run in addition to the pro‐
64 gram in this cgroup.
65 Only one program is allowed to be attached to a cgroup with
67 no attach flags or the override flag. Attaching another pro‐
68 gram will release old program and attach the new one.
69 Multiple programs are allowed to be attached to a cgroup with
71 multi. They are executed in FIFO order (those that were
72 attached first, run first).
73 Non-default ATTACH_FLAGS are supported by kernel version 4.14
75 and later.
76 ATTACH_TYPE can be on of: ingress ingress path of the inet
78 socket (since 4.10); egress egress path of the inet socket
79 (since 4.10); sock_create opening of an inet socket (since
80 4.10); sock_ops various socket operations (since 4.12);
81 device device access (since 4.15); bind4 call to bind(2) for
82 an inet4 socket (since 4.17); bind6 call to bind(2) for an
83 inet6 socket (since 4.17); post_bind4 return from bind(2) for
84 an inet4 socket (since 4.17); post_bind6 return from bind(2)
85 for an inet6 socket (since 4.17); connect4 call to connect(2)
86 for an inet4 socket (since 4.17); connect6 call to connect(2)
87 for an inet6 socket (since 4.17); sendmsg4 call to sendto(2),
88 sendmsg(2), sendmmsg(2) for an unconnected udp4 socket (since
89 4.18); sendmsg6 call to sendto(2), sendmsg(2), sendmmsg(2)
90 for an unconnected udp6 socket (since 4.18); recvmsg4 call to
91 recvfrom(2), recvmsg(2), recvmmsg(2) for an unconnected udp4
92 socket (since 5.2); recvmsg6 call to recvfrom(2), recvmsg(2),
93 recvmmsg(2) for an unconnected udp6 socket (since 5.2);
94 sysctl sysctl access (since 5.2); getsockopt call to getsock‐
95 opt (since 5.3); setsockopt call to setsockopt (since 5.3);
96 getpeername4 call to getpeername(2) for an inet4 socket
97 (since 5.8); getpeername6 call to getpeername(2) for an inet6
98 socket (since 5.8); getsockname4 call to getsockname(2) for
99 an inet4 socket (since 5.8); getsockname6 call to getsock‐
100 name(2) for an inet6 socket (since 5.8).
101 bpftool cgroup detach CGROUP ATTACH_TYPE PROG
103 Detach PROG from the cgroup CGROUP and attach type
104 ATTACH_TYPE.
105 bpftool prog help
107 Print short help message.
108
110 -h, --help
111 Print short help message (similar to bpftool help).
112 -V, --version
114 Print version number (similar to bpftool version), and
115 optional features that were included when bpftool was com‐
116 piled. Optional features include linking against libbfd to
117 provide the disassembler for JIT-ted programs (bpftool prog
118 dump jited) and usage of BPF skeletons (some features like
119 bpftool prog profile or showing pids associated to BPF
120 objects may rely on it).
121 -j, --json
123 Generate JSON output. For commands that cannot produce JSON,
124 this option has no effect.
125 -p, --pretty
127 Generate human-readable JSON output. Implies -j.
128 -d, --debug
130 Print all logs available, even debug-level information. This
131 includes logs from libbpf as well as from the verifier, when
132 attempting to load programs.
133 -f, --bpffs
135 Show file names of pinned programs.
136
138 # mount -t bpf none /sys/fs/bpf/
139 # mkdir /sys/fs/cgroup/test.slice
140 # bpftool prog load ./device_cgroup.o /sys/fs/bpf/prog
141 # bpftool cgroup attach /sys/fs/cgroup/test.slice/ device id 1 allow_multi
142 # bpftool cgroup list /sys/fs/cgroup/test.slice/
145 ID AttachType AttachFlags Name
147 1 device allow_multi bpf_prog1
148 # bpftool cgroup detach /sys/fs/cgroup/test.slice/ device id 1
150 # bpftool cgroup list /sys/fs/cgroup/test.slice/
151 ID AttachType AttachFlags Name
154
156 bpf(2), bpf-helpers(7), bpftool(8), bpftool-btf(8), bpftool-fea‐
157 ture(8), bpftool-gen(8), bpftool-iter(8), bpftool-link(8),
158 bpftool-map(8), bpftool-net(8), bpftool-perf(8), bpftool-prog(8),
159 bpftool-struct_ops(8)
160 BPFTOOL-CGROUP(8)