|
|
|
|
@ -103,6 +103,7 @@ enum bpf_cmd {
|
|
|
|
|
BPF_BTF_LOAD,
|
|
|
|
|
BPF_BTF_GET_FD_BY_ID,
|
|
|
|
|
BPF_TASK_FD_QUERY,
|
|
|
|
|
BPF_MAP_LOOKUP_AND_DELETE_ELEM,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum bpf_map_type {
|
|
|
|
|
@ -127,6 +128,9 @@ enum bpf_map_type {
|
|
|
|
|
BPF_MAP_TYPE_SOCKHASH,
|
|
|
|
|
BPF_MAP_TYPE_CGROUP_STORAGE,
|
|
|
|
|
BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
|
|
|
|
|
BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE,
|
|
|
|
|
BPF_MAP_TYPE_QUEUE,
|
|
|
|
|
BPF_MAP_TYPE_STACK,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum bpf_prog_type {
|
|
|
|
|
@ -461,6 +465,28 @@ union bpf_attr {
|
|
|
|
|
* Return
|
|
|
|
|
* 0 on success, or a negative error in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* int bpf_map_push_elem(struct bpf_map *map, const void *value, u64 flags)
|
|
|
|
|
* Description
|
|
|
|
|
* Push an element *value* in *map*. *flags* is one of:
|
|
|
|
|
*
|
|
|
|
|
* **BPF_EXIST**
|
|
|
|
|
* If the queue/stack is full, the oldest element is removed to
|
|
|
|
|
* make room for this.
|
|
|
|
|
* Return
|
|
|
|
|
* 0 on success, or a negative error in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* int bpf_map_pop_elem(struct bpf_map *map, void *value)
|
|
|
|
|
* Description
|
|
|
|
|
* Pop an element from *map*.
|
|
|
|
|
* Return
|
|
|
|
|
* 0 on success, or a negative error in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* int bpf_map_peek_elem(struct bpf_map *map, void *value)
|
|
|
|
|
* Description
|
|
|
|
|
* Get an element from *map* without removing it.
|
|
|
|
|
* Return
|
|
|
|
|
* 0 on success, or a negative error in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* int bpf_probe_read(void *dst, u32 size, const void *src)
|
|
|
|
|
* Description
|
|
|
|
|
* For tracing programs, safely attempt to read *size* bytes from
|
|
|
|
|
@ -1432,7 +1458,7 @@ union bpf_attr {
|
|
|
|
|
* Return
|
|
|
|
|
* 0 on success, or a negative error in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* int bpf_skb_adjust_room(struct sk_buff *skb, u32 len_diff, u32 mode, u64 flags)
|
|
|
|
|
* int bpf_skb_adjust_room(struct sk_buff *skb, s32 len_diff, u32 mode, u64 flags)
|
|
|
|
|
* Description
|
|
|
|
|
* Grow or shrink the room for data in the packet associated to
|
|
|
|
|
* *skb* by *len_diff*, and according to the selected *mode*.
|
|
|
|
|
@ -2143,6 +2169,94 @@ union bpf_attr {
|
|
|
|
|
* request in the skb.
|
|
|
|
|
* Return
|
|
|
|
|
* 0 on success, or a negative error in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* struct bpf_sock *bpf_sk_lookup_tcp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u32 netns, u64 flags)
|
|
|
|
|
* Description
|
|
|
|
|
* Look for TCP socket matching *tuple*, optionally in a child
|
|
|
|
|
* network namespace *netns*. The return value must be checked,
|
|
|
|
|
* and if non-NULL, released via **bpf_sk_release**\ ().
|
|
|
|
|
*
|
|
|
|
|
* The *ctx* should point to the context of the program, such as
|
|
|
|
|
* the skb or socket (depending on the hook in use). This is used
|
|
|
|
|
* to determine the base network namespace for the lookup.
|
|
|
|
|
*
|
|
|
|
|
* *tuple_size* must be one of:
|
|
|
|
|
*
|
|
|
|
|
* **sizeof**\ (*tuple*\ **->ipv4**)
|
|
|
|
|
* Look for an IPv4 socket.
|
|
|
|
|
* **sizeof**\ (*tuple*\ **->ipv6**)
|
|
|
|
|
* Look for an IPv6 socket.
|
|
|
|
|
*
|
|
|
|
|
* If the *netns* is zero, then the socket lookup table in the
|
|
|
|
|
* netns associated with the *ctx* will be used. For the TC hooks,
|
|
|
|
|
* this in the netns of the device in the skb. For socket hooks,
|
|
|
|
|
* this in the netns of the socket. If *netns* is non-zero, then
|
|
|
|
|
* it specifies the ID of the netns relative to the netns
|
|
|
|
|
* associated with the *ctx*.
|
|
|
|
|
*
|
|
|
|
|
* All values for *flags* are reserved for future usage, and must
|
|
|
|
|
* be left at zero.
|
|
|
|
|
*
|
|
|
|
|
* This helper is available only if the kernel was compiled with
|
|
|
|
|
* **CONFIG_NET** configuration option.
|
|
|
|
|
* Return
|
|
|
|
|
* Pointer to *struct bpf_sock*, or NULL in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* struct bpf_sock *bpf_sk_lookup_udp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u32 netns, u64 flags)
|
|
|
|
|
* Description
|
|
|
|
|
* Look for UDP socket matching *tuple*, optionally in a child
|
|
|
|
|
* network namespace *netns*. The return value must be checked,
|
|
|
|
|
* and if non-NULL, released via **bpf_sk_release**\ ().
|
|
|
|
|
*
|
|
|
|
|
* The *ctx* should point to the context of the program, such as
|
|
|
|
|
* the skb or socket (depending on the hook in use). This is used
|
|
|
|
|
* to determine the base network namespace for the lookup.
|
|
|
|
|
*
|
|
|
|
|
* *tuple_size* must be one of:
|
|
|
|
|
*
|
|
|
|
|
* **sizeof**\ (*tuple*\ **->ipv4**)
|
|
|
|
|
* Look for an IPv4 socket.
|
|
|
|
|
* **sizeof**\ (*tuple*\ **->ipv6**)
|
|
|
|
|
* Look for an IPv6 socket.
|
|
|
|
|
*
|
|
|
|
|
* If the *netns* is zero, then the socket lookup table in the
|
|
|
|
|
* netns associated with the *ctx* will be used. For the TC hooks,
|
|
|
|
|
* this in the netns of the device in the skb. For socket hooks,
|
|
|
|
|
* this in the netns of the socket. If *netns* is non-zero, then
|
|
|
|
|
* it specifies the ID of the netns relative to the netns
|
|
|
|
|
* associated with the *ctx*.
|
|
|
|
|
*
|
|
|
|
|
* All values for *flags* are reserved for future usage, and must
|
|
|
|
|
* be left at zero.
|
|
|
|
|
*
|
|
|
|
|
* This helper is available only if the kernel was compiled with
|
|
|
|
|
* **CONFIG_NET** configuration option.
|
|
|
|
|
* Return
|
|
|
|
|
* Pointer to *struct bpf_sock*, or NULL in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* int bpf_sk_release(struct bpf_sock *sk)
|
|
|
|
|
* Description
|
|
|
|
|
* Release the reference held by *sock*. *sock* must be a non-NULL
|
|
|
|
|
* pointer that was returned from bpf_sk_lookup_xxx\ ().
|
|
|
|
|
* Return
|
|
|
|
|
* 0 on success, or a negative error in case of failure.
|
|
|
|
|
*
|
|
|
|
|
* int bpf_msg_push_data(struct sk_buff *skb, u32 start, u32 len, u64 flags)
|
|
|
|
|
* Description
|
|
|
|
|
* For socket policies, insert *len* bytes into msg at offset
|
|
|
|
|
* *start*.
|
|
|
|
|
*
|
|
|
|
|
* If a program of type **BPF_PROG_TYPE_SK_MSG** is run on a
|
|
|
|
|
* *msg* it may want to insert metadata or options into the msg.
|
|
|
|
|
* This can later be read and used by any of the lower layer BPF
|
|
|
|
|
* hooks.
|
|
|
|
|
*
|
|
|
|
|
* This helper may fail if under memory pressure (a malloc
|
|
|
|
|
* fails) in these cases BPF programs will get an appropriate
|
|
|
|
|
* error and BPF programs will need to handle them.
|
|
|
|
|
*
|
|
|
|
|
* Return
|
|
|
|
|
* 0 on success, or a negative error in case of failure.
|
|
|
|
|
*/
|
|
|
|
|
#define __BPF_FUNC_MAPPER(FN) \
|
|
|
|
|
FN(unspec), \
|
|
|
|
|
@ -2228,7 +2342,14 @@ union bpf_attr {
|
|
|
|
|
FN(get_current_cgroup_id), \
|
|
|
|
|
FN(get_local_storage), \
|
|
|
|
|
FN(sk_select_reuseport), \
|
|
|
|
|
FN(skb_ancestor_cgroup_id),
|
|
|
|
|
FN(skb_ancestor_cgroup_id), \
|
|
|
|
|
FN(sk_lookup_tcp), \
|
|
|
|
|
FN(sk_lookup_udp), \
|
|
|
|
|
FN(sk_release), \
|
|
|
|
|
FN(map_push_elem), \
|
|
|
|
|
FN(map_pop_elem), \
|
|
|
|
|
FN(map_peek_elem), \
|
|
|
|
|
FN(msg_push_data),
|
|
|
|
|
|
|
|
|
|
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
|
|
|
|
|
* function eBPF program intends to call
|
|
|
|
|
@ -2398,6 +2519,23 @@ struct bpf_sock {
|
|
|
|
|
*/
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct bpf_sock_tuple {
|
|
|
|
|
union {
|
|
|
|
|
struct {
|
|
|
|
|
__be32 saddr;
|
|
|
|
|
__be32 daddr;
|
|
|
|
|
__be16 sport;
|
|
|
|
|
__be16 dport;
|
|
|
|
|
} ipv4;
|
|
|
|
|
struct {
|
|
|
|
|
__be32 saddr[4];
|
|
|
|
|
__be32 daddr[4];
|
|
|
|
|
__be16 sport;
|
|
|
|
|
__be16 dport;
|
|
|
|
|
} ipv6;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define XDP_PACKET_HEADROOM 256
|
|
|
|
|
|
|
|
|
|
/* User return codes for XDP prog type.
|
|
|
|
|
|
Stephen Hemminger