Lines Matching +full:five +full:- +full:cell
1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
21 #define BPF_DW 0x18 /* double word (64-bit) */
30 #define BPF_TO_LE 0x00 /* convert to little-endian */
31 #define BPF_TO_BE 0x08 /* convert to big-endian */
62 /* BPF has 10 general purpose 64-bit registers and stack frame. */
90 /* BPF syscall commands, see bpf(2) man-page for details. */
260 /* cgroup-bpf attach flags used in BPF_PROG_ATTACH command
264 * BPF_F_ALLOW_OVERRIDE: If a sub-cgroup installs some bpf program,
265 * the program in this cgroup yields to sub-cgroup program.
267 * BPF_F_ALLOW_MULTI: If a sub-cgroup installs some bpf program,
278 * The programs of sub-cgroup are executed first, then programs of
288 * A cgroup with MULTI or OVERRIDE flag allows any attach flags in sub-cgroups.
289 * A cgroup with NONE doesn't allow any programs in sub-cgroups.
291 * cgrp1 (MULTI progs A, B) ->
292 * cgrp2 (OVERRIDE prog C) ->
293 * cgrp3 (MULTI prog D) ->
294 * cgrp4 (OVERRIDE prog E) ->
330 * Verifier does sub-register def/use analysis and identifies instructions whose
331 * def only matters for low 32-bit, high 32-bit is never referenced later
332 * through implicit zero extension. Therefore verifier notifies JIT back-ends
333 * that it is safe to ignore clearing high 32-bit for these instructions. This
334 * saves some back-ends a lot of code-gen. However such optimization is not
335 * necessary on some arches, for example x86_64, arm64 etc, whose JIT back-ends
341 * 32-bit for those instructions who has been identified as safe to ignore them.
390 /* when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative
400 BPF_F_LOCK = 4, /* spin_lock-ed map_lookup/map_update */
423 /* Zero-initialize hash function seed. This should only be used for testing. */
433 /* Enable memory-mapping BPF map */
501 __u32 btf_vmlinux_value_type_id;/* BTF type_id of a kernel-
558 __u32 attach_btf_id; /* in-kernel BTF type id to attach to */
712 * --filename include/uapi/linux/bpf.h > /tmp/bpf-helpers.rst
713 * $ rst2man /tmp/bpf-helpers.rst > /tmp/bpf-helpers.7
714 * $ man /tmp/bpf-helpers.7
774 * This helper is a "printk()-like" facility for debugging. It
779 * limited to five).
792 * telnet-470 [001] .N.. 419421.045894: 0x00000001: <formatted msg>
817 * helper will return **-EINVAL** (but print nothing) if it
833 * Get a pseudo-random number.
836 * pseudo-random internal state, and cannot be used to infer the
841 * A random 32-bit unsigned value.
858 * **BPF_F_INVALIDATE_HASH** (set *skb*\ **->hash**, *skb*\
859 * **->swhash** and *skb*\ **->l4hash** to 0).
882 * which does not update the checksum in-place, but offers more
911 * the checksum is to be computed against a pseudo-header.
914 * which does not update the checksum in-place, but offers more
985 * A 64-bit integer containing the current tgid and pid, and
987 * *current_task*\ **->tgid << 32 \|**
988 * *current_task*\ **->pid**.
992 * A 64-bit integer containing the current GID and UID, and
1001 * helper makes sure that the *buf* is NUL-terminated. On failure,
1014 * based on a user-provided identifier for all traffic coming from
1017 * *Documentation/admin-guide/cgroup-v1/net_cls.rst*.
1023 * run on cgroups, which is a cgroup-v2-only feature (a socket can
1075 * in *key*\ **->remote_ipv4** or *key*\ **->remote_ipv6**. Also,
1076 * this struct exposes the *key*\ **->tunnel_id**, which is
1154 * is the number of available CPUs, and each cell contains a value
1204 * identifier retrieved is a user-provided tag, similar to the
1210 * (see also **tc-bpf(8)**), or alternatively on conventional
1278 * manipulated with *skb*\ **->data** and *skb*\ **->data_end**
1309 * generating a variety of graphs (such as flame graphs or off-cpu
1367 * and retrieving arbitrary TLVs (Type-Length-Value headers) from
1413 * comes down to setting *skb*\ **->pkt_type** to *type*, except
1415 * **->pkt_type** beside this helper. Using a helper here allows
1450 * Retrieve the hash of the packet, *skb*\ **->hash**. If it is
1453 * directly with *skb*\ **->hash**.
1462 * The 32-bit hash.
1475 * security mechanism because of TOC-TOU attacks, but rather to
1476 * debug, divert, and manipulate execution of semi-cooperative
1525 * Pull in non-linear data in case the *skb* is non-linear and not
1534 * are within packet boundaries (test on *skb*\ **->data_end**) is
1536 * data is in non-linear parts of the *skb*. On failure the
1537 * program can just bail out, or in the case of a non-linear
1541 * to pull in once the non-linear parts, then retesting and
1561 * Add the checksum *csum* into *skb*\ **->csum** in case the
1573 * Invalidate the current *skb*\ **->hash**. It can be used after
1613 * Adjust (move) *xdp_md*\ **->data** by *delta* bytes. Note that
1649 * A 8-byte long non-decreasing number on success, or 0 if the
1657 * A 8-byte long non-decreasing number.
1664 * A 8-byte long non-decreasing number.
1670 * time-wait or a request socket instead), **overflowuid** value
1676 * Set the full hash for *skb* (set the field *skb*\ **->hash**)
1811 * Adjust the address pointed by *xdp_md*\ **->data_meta** by
1813 * operation modifies the address stored in *xdp_md*\ **->data**,
1817 * The use of *xdp_md*\ **->data_meta** is optional and programs
1823 * this up for further post-processing. Since TC works with socket
1845 * available CPUs, and each cell contains a value relative to one
1857 * **->enabled** and *buf*\ **->running**, respectively) are
1977 * **bpf_sock->bpf_sock_ops_cb_flags & ~BPF_SOCK_OPS_RTO_CB_FLAG)**
1988 * Code **-EINVAL** if the socket is not a full TCP socket;
2028 * *bytes* will be sent and the eBPF program will be re-run with
2036 * a non-zero value, this is not a problem because data is not
2051 * 1-byte long message segments. Obviously, this is bad for
2061 * For socket policies, pull in non-linear data from user space
2062 * for *msg* and set pointers *msg*\ **->data** and *msg*\
2063 * **->data_end** to *start* and *end* bytes offsets into *msg*,
2099 * domain (*addr*\ **->sa_family**) must be **AF_INET** (or
2101 * or **sin6_port**) which triggers IP_BIND_ADDRESS_NO_PORT-like
2103 * port as long as 4-tuple is unique. Passing non-zero port might
2110 * Adjust (move) *xdp_md*\ **->data_end** by *delta* bytes. It is
2125 * **ip-xfrm(8)**) at *index* in XFRM "security path" for *skb*.
2168 * The non-negative copied *buf* length equal to or less than
2187 * in socket filters where *skb*\ **->data** does not always point
2347 * End.X action: Endpoint with Layer-3 cross-connect.
2421 * to the same 64-bit id.
2431 * A 64-bit integer containing the current cgroup id based
2483 * and if non-**NULL**, released via **bpf_sk_release**\ ().
2491 * **sizeof**\ (*tuple*\ **->ipv4**)
2493 * **sizeof**\ (*tuple*\ **->ipv6**)
2496 * If the *netns* is a negative signed 32-bit integer, then the
2500 * If *netns* is any other signed 32-bit value greater than or
2503 * range of 32-bit integers are reserved for future use.
2513 * result is from *reuse*\ **->socks**\ [] using the hash of the
2520 * and if non-**NULL**, released via **bpf_sk_release**\ ().
2528 * **sizeof**\ (*tuple*\ **->ipv4**)
2530 * **sizeof**\ (*tuple*\ **->ipv6**)
2533 * If the *netns* is a negative signed 32-bit integer, then the
2537 * If *netns* is any other signed 32-bit value greater than or
2540 * range of 32-bit integers are reserved for future use.
2550 * result is from *reuse*\ **->socks**\ [] using the hash of the
2556 * non-**NULL** pointer that was returned from
2646 * allowed inside a spinlock-ed region.
2669 * * **bpf_spin_lock** is not allowed in inner maps of map-in-map.
2718 * and if non-**NULL**, released via **bpf_sk_release**\ ().
2730 * result is from *reuse*\ **->socks**\ [] using the hash of the
2753 * The buffer is always NUL terminated, unless it's zero-sized.
2761 * **-E2BIG** if the buffer wasn't big enough (*buf* will contain
2773 * The buffer is always NUL terminated, unless it's zero-sized.
2777 * **-E2BIG** if the buffer wasn't big enough (*buf* will contain
2780 * **-EINVAL** if current value was unavailable, e.g. because
2781 * sysctl is uninitialized and read returns -EIO for it.
2791 * The buffer is always NUL terminated, unless it's zero-sized.
2795 * **-E2BIG** if the buffer wasn't big enough (*buf* will contain
2798 * **-EINVAL** if sysctl is being read.
2813 * **-E2BIG** if the *buf_len* is too big.
2815 * **-EINVAL** if sysctl is being read.
2825 * optional '**-**' sign.
2827 * Five least significant bits of *flags* encode base, other bits
2836 * **-EINVAL** if no valid digits were found or unsupported base
2839 * **-ERANGE** if resulting value was out of range.
2850 * Five least significant bits of *flags* encode base, other bits
2859 * **-EINVAL** if no valid digits were found or unsupported base
2862 * **-ERANGE** if resulting value was out of range.
2866 * Get a bpf-local-storage from a *sk*.
2876 * the *map*. The *map* is used as the bpf-local-storage
2877 * "type". The bpf-local-storage "type" (i.e. the *map*) is
2878 * searched against all bpf-local-storages residing at *sk*.
2884 * used such that a new bpf-local-storage will be
2887 * the initial value of a bpf-local-storage. If *value* is
2888 * **NULL**, the new bpf-local-storage will be zero initialized.
2890 * A bpf-local-storage pointer is returned on success.
2893 * a new bpf-local-storage.
2897 * Delete a bpf-local-storage from a *sk*.
2901 * **-ENOENT** if the bpf-local-storage cannot be found.
2902 * **-EINVAL** if sk is not a fullsock (e.g. a request_sock).
2911 * **-EBUSY** if work queue under nmi is full.
2913 * **-EINVAL** if *sig* is invalid.
2915 * **-EPERM** if no permission to send the *sig*.
2917 * **-EAGAIN** if bpf program can try again.
2937 * **-EINVAL** SYN cookie cannot be issued due to error
2939 * **-ENOENT** SYN cookie should not be issued (no SYN flood)
2941 * **-EOPNOTSUPP** kernel configuration does not enable SYN cookies
2943 * **-EPROTONOSUPPORT** IP packet version is not 4 or 6
2962 * *ctx* is a pointer to in-kernel struct sk_buff.
2989 * string length is larger than *size*, just *size*-1 bytes are
3004 * ctx->di);
3019 * *current*\ **->mm->arg_start** and *current*\
3020 * **->mm->env_start**: using this helper and the return value,
3037 * Send out a tcp-ack. *tp* is the in-kernel struct **tcp_sock**.
3048 * **-EBUSY** if work queue under nmi is full.
3050 * **-EINVAL** if *sig* is invalid.
3052 * **-EPERM** if no permission to send the *sig*.
3054 * **-EAGAIN** if bpf program can try again.
3076 * **-EINVAL** if arguments invalid or **size** not a multiple
3079 * **-ENOENT** if architecture does not support branch records.
3088 * **-EINVAL** if dev and inum supplied don't match dev_t and inode number
3091 * **-ENOENT** if pidns does not exists for the current task.
3110 * *ctx* is a pointer to in-kernel struct xdp_buff.
3128 * A 8-byte long opaque number.
3167 * **-EINVAL** if specified *flags* are not supported.
3169 * **-ENOENT** if the socket is unavailable for assignment.
3171 * **-ENETUNREACH** if the socket is unreachable (wrong netns).
3173 * **-EOPNOTSUPP** if the operation is not supported, for example
3176 * **-ESOCKTNOSUPPORT** if the socket type is not supported
3192 * that are not v6-only can be selected for IPv4 packets.
3205 * load-balancing within reuseport group for the socket
3208 * On success *ctx->sk* will point to the selected socket.
3213 * * **-EAFNOSUPPORT** if socket family (*sk->family*) is
3214 * not compatible with packet family (*ctx->family*).
3216 * * **-EEXIST** if socket has been already selected,
3220 * * **-EINVAL** if unsupported flags were specified.
3222 * * **-EPROTOTYPE** if socket L4 protocol
3223 * (*sk->protocol*) doesn't match packet protocol
3224 * (*ctx->protocol*).
3226 * * **-ESOCKTNOSUPPORT** if socket is not in allowed
3257 * **-EBUSY** if per-CPU memory copy buffer is busy, can try again
3260 * **-EINVAL** if arguments are invalid, or if *fmt* is invalid/unsupported.
3262 * **-E2BIG** if *fmt* contains too many format specifiers.
3264 * **-EOVERFLOW** if an overflow happened: The same object will be tried again.
3274 * **-EOVERFLOW** if an overflow happened: The same object will be tried again.
3280 * *sk* must be a non-**NULL** pointer to a socket, e.g. one
3380 * * **BPF_CSUM_LEVEL_INC**: Increases skb->csum_level for skbs
3382 * * **BPF_CSUM_LEVEL_DEC**: Decreases skb->csum_level for skbs
3384 * * **BPF_CSUM_LEVEL_RESET**: Resets skb->csum_level to 0 and
3386 * * **BPF_CSUM_LEVEL_QUERY**: No-op, returns the current
3387 * skb->csum_level.
3390 * case of **BPF_CSUM_LEVEL_QUERY**, the current skb->csum_level
3391 * is returned or the error code -EACCES in case the skb is not
3428 * the current task; all other tasks will return -EOPNOTSUPP.
3456 * The non-negative copied *buf* length equal to or less than
3465 * *skops*\ **->skb_data**. The comment in **struct bpf_sock_ops**
3467 * *skops*\ **->op**.
3477 * the 2nd byte which is "kind-length" of a TCP
3478 * header option and the "kind-length" also
3479 * includes the first 2 bytes "kind" and "kind-length"
3488 * Note, kind-length must be 0 for regular option.
3490 * Searching for No-Op (0) and End-of-Option-List (1) are
3499 * saved_syn packet or the just-received syn packet.
3506 * **-EINVAL** if a parameter is invalid.
3508 * **-ENOMSG** if the option is not found.
3510 * **-ENOENT** if no syn packet is available when
3513 * **-ENOSPC** if there is not enough space. Only *len* number of
3516 * **-EFAULT** on failure to parse the header options in the
3519 * **-EPERM** if the helper cannot be used under the current
3520 * *skops*\ **->op**.
3528 * includes the kind, kind-length, and the actual
3529 * option data. The *len* must be at least kind-length
3530 * long. The kind-length does not have to be 4 byte
3532 * and setting the 4 bytes aligned value to th->doff.
3543 * **-EINVAL** If param is invalid.
3545 * **-ENOSPC** if there is not enough space in the header.
3548 * **-EEXIST** if the option already exists.
3550 * **-EFAULT** on failrue to parse the existing header options.
3552 * **-EPERM** if the helper cannot be used under the current
3553 * *skops*\ **->op**.
3570 * **-EINVAL** if a parameter is invalid.
3572 * **-ENOSPC** if there is not enough space in the header.
3574 * **-EPERM** if the helper cannot be used under the current
3575 * *skops*\ **->op**.
3589 * the *map*. The *map* is used as the bpf-local-storage
3590 * "type". The bpf-local-storage "type" (i.e. the *map*) is
3611 * **-ENOENT** if the bpf_local_storage cannot be found.
3634 * Use BTF to store a string representation of *ptr*->ptr in *str*,
3635 * using *ptr*->type_id. This value should specify the type
3636 * that *ptr*->ptr points to. LLVM __builtin_btf_type_id(type, 1)
3639 * stored in the first *str_size* - 1 bytes of *str*. Safe copy of
3660 * show zero-valued struct/union members; they
3671 * *ptr*->ptr, using *ptr*->type_id as per bpf_snprintf_btf().
3761 * The function expects a non-NULL pointer to a socket, and invokes the
4004 BPF_F_CURRENT_NETNS = (-1L),
4107 /* user accessible mirror of in-kernel sk_buff.
4161 /* user accessible mirror of in-kernel xfrm_state.
4176 * The values are binary compatible with their TC_ACT_* counter-part to
4186 /* 3-6 reserved */
4307 __u32 ingress_ifindex; /* rxq->dev->ifindex */
4308 __u32 rx_queue_index; /* rxq->queue_index */
4310 __u32 egress_ifindex; /* txq->dev->ifindex */
4313 /* DEVMAP map-value layout
4315 * The struct data-layout of map-value is a configuration interface.
4326 /* CPUMAP map-value layout
4328 * The struct data-layout of map-value is a configuration interface.
4373 * Note that the directly accessible bytes (data_end - data)
4491 __u32 user_family; /* Allows 4-byte read, but no write. */
4492 __u32 user_ip4; /* Allows 1,2,4-byte read and 4-byte write.
4495 __u32 user_ip6[4]; /* Allows 1,2,4,8-byte read and 4,8-byte write.
4498 __u32 user_port; /* Allows 1,2,4-byte read and 4-byte write.
4501 __u32 family; /* Allows 4-byte read, but no write */
4502 __u32 type; /* Allows 4-byte read, but no write */
4503 __u32 protocol; /* Allows 4-byte read, but no write */
4504 __u32 msg_src_ip4; /* Allows 1,2,4-byte read and 4-byte write.
4507 __u32 msg_src_ip6[4]; /* Allows 1,2,4,8-byte read and 4,8-byte write.
4602 * called under sock_ops->op == BPF_SOCK_OPS_PARSE_HDR_OPT_CB
4610 * mode and required the active side to resend the bpf-written
4611 * options. The active side can keep writing the bpf-options until
4622 * sock_ops->op == BPF_SOCK_OPS_PARSE_HDR_OPT_CB.
4632 * sock_ops->op == BPF_SOCK_OPS_HDR_OPT_LEN_CB. Then
4634 * under sock_ops->op == BPF_SOCK_OPS_WRITE_HDR_OPT_CB.
4653 BPF_SOCK_OPS_TIMEOUT_INIT, /* Should return SYN-RTO value to use or
4654 * -1 if default value should be used
4657 * window (in packets) or -1 if default
4707 * sock_ops->skb_data:
4721 * sock_ops->skb_data:
4725 * sock_ops->skb_tcp_flags:
4736 * sock_ops->skb_data:
4741 * earlier bpf-progs.
4743 * sock_ops->skb_tcp_flags:
4756 * earlier bpf-progs.
4794 * 1. the just-received SYN packet (only available when writing the
4808 * If the bpf-prog does not need the IP[46] header, the
4809 * bpf-prog can avoid parsing the IP header by using
4810 * TCP_BPF_SYN. Otherwise, the bpf-prog can get both
4814 * -ENOSPC: Not enough space in optval. Only optlen number of
4816 * -ENOENT: The SYN skb is not available now and the earlier SYN pkt
4898 /* set if lookup is to consider L4 data - e.g., FIB rules */
4903 /* total length of packet from network header - used for MTU check */
5012 * Allows 1,2,4-byte read, but no write.
5015 * Allows 1,2,4-byte read an 4-byte write.
5052 * via the bpf_snprintf_btf() helper described above. A flags field -
5054 * (rather than its mode of display) - is included for future use.
5055 * Display flags - BTF_F_* - are passed to bpf_snprintf_btf separately.
5065 * - BTF_F_COMPACT: no formatting around type information
5066 * - BTF_F_NONAME: no struct/union member names/types
5067 * - BTF_F_PTR_RAW: show raw (unobfuscated) pointer values;
5069 * - BTF_F_ZERO: show zero-valued struct/union members; they