.\" Man page generated from reStructuredText.
.
.TH BPFTOOL-CGROUP 8 "" "" ""
.SH NAME
bpftool-cgroup \- tool for inspection and simple manipulation of eBPF progs
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.INDENT 0.0
.INDENT 3.5
\fBbpftool\fP [\fIOPTIONS\fP] \fBcgroup\fP \fICOMMAND\fP
.sp
\fIOPTIONS\fP := { { \fB\-j\fP | \fB\-\-json\fP } [{ \fB\-p\fP | \fB\-\-pretty\fP }] | { \fB\-f\fP | \fB\-\-bpffs\fP } }
.sp
\fICOMMANDS\fP :=
{ \fBshow\fP | \fBlist\fP | \fBtree\fP | \fBattach\fP | \fBdetach\fP | \fBhelp\fP }
.UNINDENT
.UNINDENT
.SH CGROUP COMMANDS
.nf
\fBbpftool\fP \fBcgroup\fP { \fBshow\fP | \fBlist\fP } \fICGROUP\fP [\fBeffective\fP]
\fBbpftool\fP \fBcgroup tree\fP [\fICGROUP_ROOT\fP] [\fBeffective\fP]
\fBbpftool\fP \fBcgroup attach\fP \fICGROUP\fP \fIATTACH_TYPE\fP \fIPROG\fP [\fIATTACH_FLAGS\fP]
\fBbpftool\fP \fBcgroup detach\fP \fICGROUP\fP \fIATTACH_TYPE\fP \fIPROG\fP
\fBbpftool\fP \fBcgroup help\fP

\fIPROG\fP := { \fBid\fP \fIPROG_ID\fP | \fBpinned\fP \fIFILE\fP | \fBtag\fP \fIPROG_TAG\fP }
\fIATTACH_TYPE\fP := { \fBingress\fP | \fBegress\fP | \fBsock_create\fP | \fBsock_ops\fP | \fBdevice\fP |
.in +2
\fBbind4\fP | \fBbind6\fP | \fBpost_bind4\fP | \fBpost_bind6\fP | \fBconnect4\fP | \fBconnect6\fP |
\fBgetpeername4\fP | \fBgetpeername6\fP | \fBgetsockname4\fP | \fBgetsockname6\fP | \fBsendmsg4\fP |
\fBsendmsg6\fP | \fBrecvmsg4\fP | \fBrecvmsg6\fP | \fBsysctl\fP | \fBgetsockopt\fP | \fBsetsockopt\fP |
\fBsock_release\fP }
.in -2
\fIATTACH_FLAGS\fP := { \fBmulti\fP | \fBoverride\fP }
.fi
.sp
.SH DESCRIPTION
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
.TP
.B \fBbpftool cgroup { show | list }\fP \fICGROUP\fP [\fBeffective\fP]
List all programs attached to the cgroup \fICGROUP\fP\&.
.sp
Output will start with program ID followed by attach type,
attach flags and program name.
.sp
If \fBeffective\fP is specified retrieve effective programs that
will execute for events within a cgroup. This includes
inherited along with attached ones.
.TP
.B \fBbpftool cgroup tree\fP [\fICGROUP_ROOT\fP] [\fBeffective\fP]
Iterate over all cgroups in \fICGROUP_ROOT\fP and list all
attached programs. If \fICGROUP_ROOT\fP is not specified,
bpftool uses cgroup v2 mountpoint.
.sp
The output is similar to the output of cgroup show/list
commands: it starts with absolute cgroup path, followed by
program ID, attach type, attach flags and program name.
.sp
If \fBeffective\fP is specified retrieve effective programs that
will execute for events within a cgroup. This includes
inherited along with attached ones.
.TP
.B \fBbpftool cgroup attach\fP \fICGROUP\fP \fIATTACH_TYPE\fP \fIPROG\fP [\fIATTACH_FLAGS\fP]
Attach program \fIPROG\fP to the cgroup \fICGROUP\fP with attach type
\fIATTACH_TYPE\fP and optional \fIATTACH_FLAGS\fP\&.
.sp
\fIATTACH_FLAGS\fP can be one of: \fBoverride\fP if a sub\-cgroup installs
some bpf program, the program in this cgroup yields to sub\-cgroup
program; \fBmulti\fP if a sub\-cgroup installs some bpf program,
that cgroup program gets run in addition to the program in this
cgroup.
.sp
Only one program is allowed to be attached to a cgroup with
no attach flags or the \fBoverride\fP flag. Attaching another
program will release old program and attach the new one.
.sp
Multiple programs are allowed to be attached to a cgroup with
\fBmulti\fP\&. They are executed in FIFO order (those that were
attached first, run first).
.sp
Non\-default \fIATTACH_FLAGS\fP are supported by kernel version 4.14
and later.
.sp
\fIATTACH_TYPE\fP can be on of:
\fBingress\fP ingress path of the inet socket (since 4.10);
\fBegress\fP egress path of the inet socket (since 4.10);
\fBsock_create\fP opening of an inet socket (since 4.10);
\fBsock_ops\fP various socket operations (since 4.12);
\fBdevice\fP device access (since 4.15);
\fBbind4\fP call to bind(2) for an inet4 socket (since 4.17);
\fBbind6\fP call to bind(2) for an inet6 socket (since 4.17);
\fBpost_bind4\fP return from bind(2) for an inet4 socket (since 4.17);
\fBpost_bind6\fP return from bind(2) for an inet6 socket (since 4.17);
\fBconnect4\fP call to connect(2) for an inet4 socket (since 4.17);
\fBconnect6\fP call to connect(2) for an inet6 socket (since 4.17);
\fBsendmsg4\fP call to sendto(2), sendmsg(2), sendmmsg(2) for an
unconnected udp4 socket (since 4.18);
\fBsendmsg6\fP call to sendto(2), sendmsg(2), sendmmsg(2) for an
unconnected udp6 socket (since 4.18);
\fBrecvmsg4\fP call to recvfrom(2), recvmsg(2), recvmmsg(2) for
an unconnected udp4 socket (since 5.2);
\fBrecvmsg6\fP call to recvfrom(2), recvmsg(2), recvmmsg(2) for
an unconnected udp6 socket (since 5.2);
\fBsysctl\fP sysctl access (since 5.2);
\fBgetsockopt\fP call to getsockopt (since 5.3);
\fBsetsockopt\fP call to setsockopt (since 5.3);
\fBgetpeername4\fP call to getpeername(2) for an inet4 socket (since 5.8);
\fBgetpeername6\fP call to getpeername(2) for an inet6 socket (since 5.8);
\fBgetsockname4\fP call to getsockname(2) for an inet4 socket (since 5.8);
\fBgetsockname6\fP call to getsockname(2) for an inet6 socket (since 5.8).
\fBsock_release\fP closing an userspace inet socket (since 5.9).
.TP
.B \fBbpftool cgroup detach\fP \fICGROUP\fP \fIATTACH_TYPE\fP \fIPROG\fP
Detach \fIPROG\fP from the cgroup \fICGROUP\fP and attach type
\fIATTACH_TYPE\fP\&.
.TP
.B \fBbpftool prog help\fP
Print short help message.
.UNINDENT
.UNINDENT
.UNINDENT
.SH OPTIONS
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
.TP
.B \-h\fP,\fB  \-\-help
Print short help message (similar to \fBbpftool help\fP).
.TP
.B \-V\fP,\fB  \-\-version
Print version number (similar to \fBbpftool version\fP), and optional
features that were included when bpftool was compiled. Optional
features include linking against libbfd to provide the disassembler
for JIT\-ted programs (\fBbpftool prog dump jited\fP) and usage of BPF
skeletons (some features like \fBbpftool prog profile\fP or showing
pids associated to BPF objects may rely on it).
.TP
.B \-j\fP,\fB  \-\-json
Generate JSON output. For commands that cannot produce JSON, this
option has no effect.
.TP
.B \-p\fP,\fB  \-\-pretty
Generate human\-readable JSON output. Implies \fB\-j\fP\&.
.TP
.B \-d\fP,\fB  \-\-debug
Print all logs available, even debug\-level information. This includes
logs from libbpf as well as from the verifier, when attempting to
load programs.
.TP
.B \-f\fP,\fB  \-\-bpffs
Show file names of pinned programs.
.UNINDENT
.UNINDENT
.UNINDENT
.SH EXAMPLES
.nf

\fB# mount \-t bpf none /sys/fs/bpf/\fP
\fB# mkdir /sys/fs/cgroup/test.slice\fP
\fB# bpftool prog load ./device_cgroup.o /sys/fs/bpf/prog\fP
\fB# bpftool cgroup attach /sys/fs/cgroup/test.slice/ device id 1 allow_multi\fP
.fi
.sp
.sp
\fB# bpftool cgroup list /sys/fs/cgroup/test.slice/\fP
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
ID       AttachType      AttachFlags     Name
1        device          allow_multi     bpf_prog1
.ft P
.fi
.UNINDENT
.UNINDENT
.nf

\fB# bpftool cgroup detach /sys/fs/cgroup/test.slice/ device id 1\fP
\fB# bpftool cgroup list /sys/fs/cgroup/test.slice/\fP
.fi
.sp
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
ID       AttachType      AttachFlags     Name
.ft P
.fi
.UNINDENT
.UNINDENT
.SH SEE ALSO
.INDENT 0.0
.INDENT 3.5
\fBbpf\fP(2),
\fBbpf\-helpers\fP(7),
\fBbpftool\fP(8),
\fBbpftool\-btf\fP(8),
\fBbpftool\-feature\fP(8),
\fBbpftool\-gen\fP(8),
\fBbpftool\-iter\fP(8),
\fBbpftool\-link\fP(8),
\fBbpftool\-map\fP(8),
\fBbpftool\-net\fP(8),
\fBbpftool\-perf\fP(8),
\fBbpftool\-prog\fP(8),
\fBbpftool\-struct_ops\fP(8)
.UNINDENT
.UNINDENT
.\" Generated by docutils manpage writer.
.