1BPFTOOL-CGROUP(8)                                            BPFTOOL-CGROUP(8)
2
3
4

NAME

6       bpftool-cgroup  -  tool  for inspection and simple manipulation of eBPF
7       progs
8

SYNOPSIS

10          bpftool [OPTIONS] cgroup COMMAND
11
12          OPTIONS := { { -j | --json } [{ -p | --pretty }] | { -f | --bpffs  }
13          }
14
15          COMMANDS := { show | list | tree | attach | detach | help }
16

CGROUP COMMANDS

18       bpftool cgroup { show | list } CGROUP
19       bpftool cgroup tree [CGROUP_ROOT]
20       bpftool cgroup attach CGROUP ATTACH_TYPE PROG [ATTACH_FLAGS]
21       bpftool cgroup detach CGROUP ATTACH_TYPE PROG
22       bpftool cgroup help
23
24       PROG := { id PROG_ID | pinned FILE | tag PROG_TAG }
25       ATTACH_TYPE := { ingress | egress | sock_create | sock_ops | device |
26         bind4 | bind6 | post_bind4 | post_bind6 | connect4 | connect6 |
27         sendmsg4 | sendmsg6 }
28       ATTACH_FLAGS := { multi | override }
29
30

DESCRIPTION

32          bpftool cgroup { show | list } CGROUP
33                 List all programs attached to the cgroup CGROUP.
34
35                 Output  will  start  with program ID followed by attach type,
36                 attach flags and program name.
37
38          bpftool cgroup tree [CGROUP_ROOT]
39                 Iterate over all cgroups in CGROUP_ROOT and list all attached
40                 programs.  If  CGROUP_ROOT  is  not  specified,  bpftool uses
41                 cgroup v2 mountpoint.
42
43                 The output is similar to the output of cgroup show/list  com‐
44                 mands:  it starts with absolute cgroup path, followed by pro‐
45                 gram ID, attach type, attach flags and program name.
46
47          bpftool cgroup attach CGROUP ATTACH_TYPE PROG [ATTACH_FLAGS]
48                 Attach program PROG to the cgroup  CGROUP  with  attach  type
49                 ATTACH_TYPE and optional ATTACH_FLAGS.
50
51                 ATTACH_FLAGS can be one of: override if a sub-cgroup installs
52                 some bpf program,  the  program  in  this  cgroup  yields  to
53                 sub-cgroup  program;  multi if a sub-cgroup installs some bpf
54                 program, that cgroup program gets run in addition to the pro‐
55                 gram in this cgroup.
56
57                 Only  one  program is allowed to be attached to a cgroup with
58                 no attach flags or the override flag. Attaching another  pro‐
59                 gram will release old program and attach the new one.
60
61                 Multiple programs are allowed to be attached to a cgroup with
62                 multi. They are executed  in  FIFO  order  (those  that  were
63                 attached first, run first).
64
65                 Non-default ATTACH_FLAGS are supported by kernel version 4.14
66                 and later.
67
68                 ATTACH_TYPE can be on of: ingress ingress path  of  the  inet
69                 socket  (since  4.10);  egress egress path of the inet socket
70                 (since 4.10); sock_create opening of an  inet  socket  (since
71                 4.10);  sock_ops  various  socket  operations  (since  4.12);
72                 device device access (since 4.15); bind4 call to bind(2)  for
73                 an  inet4  socket  (since 4.17); bind6 call to bind(2) for an
74                 inet6 socket (since 4.17); post_bind4 return from bind(2) for
75                 an  inet4 socket (since 4.17); post_bind6 return from bind(2)
76                 for an inet6 socket (since 4.17); connect4 call to connect(2)
77                 for an inet4 socket (since 4.17); connect6 call to connect(2)
78                 for an inet6 socket (since 4.17); sendmsg4 call to sendto(2),
79                 sendmsg(2), sendmmsg(2) for an unconnected udp4 socket (since
80                 4.18); sendmsg6 call to  sendto(2),  sendmsg(2),  sendmmsg(2)
81                 for an unconnected udp6 socket (since 4.18).
82
83          bpftool cgroup detach CGROUP ATTACH_TYPE PROG
84                 Detach   PROG   from   the  cgroup  CGROUP  and  attach  type
85                 ATTACH_TYPE.
86
87          bpftool prog help
88                 Print short help message.
89

OPTIONS

91          -h, --help
92                 Print short generic help message (similar to bpftool help).
93
94          -v, --version
95                 Print version number (similar to bpftool version).
96
97          -j, --json
98                 Generate JSON output. For commands that cannot produce  JSON,
99                 this option has no effect.
100
101          -p, --pretty
102                 Generate human-readable JSON output. Implies -j.
103
104          -f, --bpffs
105                 Show file names of pinned programs.
106

EXAMPLES

108       # mount -t bpf none /sys/fs/bpf/
109       # mkdir /sys/fs/cgroup/test.slice
110       # bpftool prog load ./device_cgroup.o /sys/fs/bpf/prog
111       # bpftool cgroup attach /sys/fs/cgroup/test.slice/ device id 1 allow_multi
112
113
114       # bpftool cgroup list /sys/fs/cgroup/test.slice/
115
116          ID       AttachType      AttachFlags     Name
117          1        device          allow_multi     bpf_prog1
118
119       # bpftool cgroup detach /sys/fs/cgroup/test.slice/ device id 1
120       # bpftool cgroup list /sys/fs/cgroup/test.slice/
121
122
123          ID       AttachType      AttachFlags     Name
124

SEE ALSO

126          bpf(2), bpf-helpers(7), bpftool(8), bpftool-prog(8), bpftool-map(8),
127          bpftool-feature(8), bpftool-net(8), bpftool-perf(8)
128
129
130
131
132                                                             BPFTOOL-CGROUP(8)
Impressum