* Description
* Retrieve the realm or the route, that is to say the
* **tclassid** field of the destination for the *skb*. The
- * indentifier retrieved is a user-provided tag, similar to the
+ * identifier retrieved is a user-provided tag, similar to the
* one used with the net_cls cgroup (see description for
* **bpf_get_cgroup_classid**\ () helper), but here this tag is
* held by a route (a destination entry), not by a task.
* The realm of the route for the packet associated to *skb*, or 0
* if none was found.
*
- * int bpf_perf_event_output(struct pt_reg *ctx, struct bpf_map *map, u64 flags, void *data, u64 size)
- * Description
- * Write raw *data* blob into a special BPF perf event held by
- * *map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This perf
- * event must have the following attributes: **PERF_SAMPLE_RAW**
- * as **sample_type**, **PERF_TYPE_SOFTWARE** as **type**, and
+ * int bpf_perf_event_output(struct pt_reg *ctx, struct bpf_map *map, u64 flags, void *data, u64
+ *size) Description Write raw *data* blob into a special BPF perf event held by *map* of type
+ ***BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This perf event must have the following attributes:
+ ***PERF_SAMPLE_RAW** as **sample_type**, **PERF_TYPE_SOFTWARE** as **type**, and
* **PERF_COUNT_SW_BPF_OUTPUT** as **config**.
*
* The *flags* are used to indicate the index in *map* for which
* Return
* 0
*
- * int bpf_setsockopt(struct bpf_sock_ops *bpf_socket, int level, int optname, char *optval, int optlen)
- * Description
- * Emulate a call to **setsockopt()** on the socket associated to
- * *bpf_socket*, which must be a full socket. The *level* at
- * which the option resides and the name *optname* of the option
- * must be specified, see **setsockopt(2)** for more information.
- * The option value of length *optlen* is pointed by *optval*.
+ * int bpf_setsockopt(struct bpf_sock_ops *bpf_socket, int level, int optname, char *optval, int
+ *optlen) Description Emulate a call to **setsockopt()** on the socket associated to *bpf_socket*,
+ *which must be a full socket. The *level* at which the option resides and the name *optname* of the
+ *option must be specified, see **setsockopt(2)** for more information. The option value of length
+ **optlen* is pointed by *optval*.
*
* This helper actually implements a subset of **setsockopt()**.
* It supports the following *level*\ s:
* Return
* 0 on success, or a negative error in case of failure.
*
- * int bpf_perf_event_read_value(struct bpf_map *map, u64 flags, struct bpf_perf_event_value *buf, u32 buf_size)
- * Description
- * Read the value of a perf event counter, and store it into *buf*
- * of size *buf_size*. This helper relies on a *map* of type
+ * int bpf_perf_event_read_value(struct bpf_map *map, u64 flags, struct bpf_perf_event_value *buf,
+ *u32 buf_size) Description Read the value of a perf event counter, and store it into *buf* of size
+ **buf_size*. This helper relies on a *map* of type
* **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. The nature of the perf event
* counter is selected when *map* is updated with perf event file
* descriptors. The *map* is an array whose size is the number of
* the time running for event since last normalization. The
* enabled and running times are accumulated since the perf event
* open. To achieve scaling factor between two invocations of an
- * eBPF program, users can can use CPU id as the key (which is
- * typical for perf array usage model) to remember the previous
- * value and do the calculation inside the eBPF program.
+ * eBPF program, users can use CPU id as the key (which is typical
+ * for perf array usage model) to remember the previous value and
+ * do the calculation inside the eBPF program.
* Return
* 0 on success, or a negative error in case of failure.
*
- * int bpf_perf_prog_read_value(struct bpf_perf_event_data *ctx, struct bpf_perf_event_value *buf, u32 buf_size)
- * Description
- * For en eBPF program attached to a perf event, retrieve the
- * value of the event counter associated to *ctx* and store it in
- * the structure pointed by *buf* and of size *buf_size*. Enabled
- * and running times are also stored in the structure (see
- * description of helper **bpf_perf_event_read_value**\ () for
- * more details).
- * Return
- * 0 on success, or a negative error in case of failure.
+ * int bpf_perf_prog_read_value(struct bpf_perf_event_data *ctx, struct bpf_perf_event_value *buf,
+ *u32 buf_size) Description For en eBPF program attached to a perf event, retrieve the value of the
+ *event counter associated to *ctx* and store it in the structure pointed by *buf* and of size
+ **buf_size*. Enabled and running times are also stored in the structure (see description of helper
+ ***bpf_perf_event_read_value**\ () for more details). Return 0 on success, or a negative error in
+ *case of failure.
*
- * int bpf_getsockopt(struct bpf_sock_ops *bpf_socket, int level, int optname, char *optval, int optlen)
- * Description
- * Emulate a call to **getsockopt()** on the socket associated to
- * *bpf_socket*, which must be a full socket. The *level* at
- * which the option resides and the name *optname* of the option
- * must be specified, see **getsockopt(2)** for more information.
- * The retrieved value is stored in the structure pointed by
- * *opval* and of length *optlen*.
+ * int bpf_getsockopt(struct bpf_sock_ops *bpf_socket, int level, int optname, char *optval, int
+ *optlen) Description Emulate a call to **getsockopt()** on the socket associated to *bpf_socket*,
+ *which must be a full socket. The *level* at which the option resides and the name *optname* of the
+ *option must be specified, see **getsockopt(2)** for more information. The retrieved value is
+ *stored in the structure pointed by *opval* and of length *optlen*.
*
* This helper actually implements a subset of **getsockopt()**.
* It supports the following *level*\ s:
* The first argument is the context *regs* on which the kprobe
* works.
*
- * This helper works by setting setting the PC (program counter)
+ * This helper works by setting the PC (program counter)
* to an override function which is run in place of the original
* probed function. This means the probed function is not run at
* all. The replacement function just returns with the required
* Return
* 0 on success, or a negative error in case of failure.
*
- * int bpf_skb_get_xfrm_state(struct sk_buff *skb, u32 index, struct bpf_xfrm_state *xfrm_state, u32 size, u64 flags)
- * Description
- * Retrieve the XFRM state (IP transform framework, see also
+ * int bpf_skb_get_xfrm_state(struct sk_buff *skb, u32 index, struct bpf_xfrm_state *xfrm_state, u32
+ *size, u64 flags) Description Retrieve the XFRM state (IP transform framework, see also
* **ip-xfrm(8)**) at *index* in XFRM "security path" for *skb*.
*
* The retrieved value is stored in the **struct bpf_xfrm_state**
* A non-negative value equal to or less than *size* on success,
* or a negative error in case of failure.
*
- * int bpf_skb_load_bytes_relative(const struct sk_buff *skb, u32 offset, void *to, u32 len, u32 start_header)
- * Description
- * This helper is similar to **bpf_skb_load_bytes**\ () in that
- * it provides an easy way to load *len* bytes from *offset*
- * from the packet associated to *skb*, into the buffer pointed
- * by *to*. The difference to **bpf_skb_load_bytes**\ () is that
- * a fifth argument *start_header* exists in order to select a
- * base offset to start from. *start_header* can be one of:
+ * int bpf_skb_load_bytes_relative(const struct sk_buff *skb, u32 offset, void *to, u32 len, u32
+ *start_header) Description This helper is similar to **bpf_skb_load_bytes**\ () in that it provides
+ *an easy way to load *len* bytes from *offset* from the packet associated to *skb*, into the buffer
+ *pointed by *to*. The difference to **bpf_skb_load_bytes**\ () is that a fifth argument
+ **start_header* exists in order to select a base offset to start from. *start_header* can be one
+ *of:
*
* **BPF_HDR_START_MAC**
* Base offset to load data from is *skb*'s mac header.
* * > 0 one of **BPF_FIB_LKUP_RET_** codes explaining why the
* packet is not forwarded or needs assist from full stack
*
- * int bpf_sock_hash_update(struct bpf_sock_ops_kern *skops, struct bpf_map *map, void *key, u64 flags)
- * Description
- * Add an entry to, or update a sockhash *map* referencing sockets.
- * The *skops* is used as a new value for the entry associated to
- * *key*. *flags* is one of:
+ * int bpf_sock_hash_update(struct bpf_sock_ops_kern *skops, struct bpf_map *map, void *key, u64
+ *flags) Description Add an entry to, or update a sockhash *map* referencing sockets. The *skops* is
+ *used as a new value for the entry associated to *key*. *flags* is one of:
*
* **BPF_NOEXIST**
* The entry for *key* must not exist in the map.
* Description
* This helper is used in programs implementing policies at the
* skb socket level. If the sk_buff *skb* is allowed to pass (i.e.
- * if the verdeict eBPF program returns **SK_PASS**), redirect it
+ * if the verdict eBPF program returns **SK_PASS**), redirect it
* to the socket referenced by *map* (of type
* **BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and
* egress interfaces can be used for redirection. The
* Return
* A pointer to the local storage area.
*
- * int bpf_sk_select_reuseport(struct sk_reuseport_md *reuse, struct bpf_map *map, void *key, u64 flags)
- * Description
- * Select a **SO_REUSEPORT** socket from a
+ * int bpf_sk_select_reuseport(struct sk_reuseport_md *reuse, struct bpf_map *map, void *key, u64
+ *flags) Description Select a **SO_REUSEPORT** socket from a
* **BPF_MAP_TYPE_REUSEPORT_ARRAY** *map*.
* It checks the selected socket is matching the incoming
* request in the socket buffer.
* Return
* 0 on success, or a negative error in case of failure.
*
- * struct bpf_sock *bpf_sk_lookup_tcp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64 netns, u64 flags)
- * Description
- * Look for TCP socket matching *tuple*, optionally in a child
- * network namespace *netns*. The return value must be checked,
- * and if non-**NULL**, released via **bpf_sk_release**\ ().
+ * struct bpf_sock *bpf_sk_lookup_tcp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64
+ *netns, u64 flags) Description Look for TCP socket matching *tuple*, optionally in a child network
+ *namespace *netns*. The return value must be checked, and if non-**NULL**, released via
+ ***bpf_sk_release**\ ().
*
* The *ctx* should point to the context of the program, such as
* the skb or socket (depending on the hook in use). This is used
* For sockets with reuseport option, the **struct bpf_sock**
* result is from **reuse->socks**\ [] using the hash of the tuple.
*
- * struct bpf_sock *bpf_sk_lookup_udp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64 netns, u64 flags)
- * Description
- * Look for UDP socket matching *tuple*, optionally in a child
- * network namespace *netns*. The return value must be checked,
- * and if non-**NULL**, released via **bpf_sk_release**\ ().
+ * struct bpf_sock *bpf_sk_lookup_udp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64
+ *netns, u64 flags) Description Look for UDP socket matching *tuple*, optionally in a child network
+ *namespace *netns*. The return value must be checked, and if non-**NULL**, released via
+ ***bpf_sk_release**\ ().
*
* The *ctx* should point to the context of the program, such as
* the skb or socket (depending on the hook in use). This is used
* provide backwards compatibility with existing SCHED_CLS and SCHED_ACT
* programs.
*
- * XDP is handled seprately, see XDP_*.
+ * XDP is handled separately, see XDP_*.
*/
enum bpf_ret_code {
BPF_OK = 0,
/* User bpf_sock_addr struct to access socket fields and sockaddr struct passed
* by user and intended to be used by socket (e.g. to bind to, depends on
- * attach attach type).
+ * attach type).
*/
struct bpf_sock_addr {
__u32 user_family; /* Allows 4-byte read, but no write. */
projects / thirdparty / suricata.git / commitdiff
