1 /* 2 * Copyright (c) 2015 PLUMgrid, Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 /* eBPF mini library */ 17 18 #ifndef LIBBPF_H 19 #define LIBBPF_H 20 21 #include "compat/linux/bpf.h" 22 #include <stdint.h> 23 #include <sys/types.h> 24 25 #ifdef __cplusplus 26 extern "C" { 27 #endif 28 29 enum bpf_probe_attach_type { 30 BPF_PROBE_ENTRY, 31 BPF_PROBE_RETURN 32 }; 33 34 int bpf_create_map(enum bpf_map_type map_type, const char *name, 35 int key_size, int value_size, int max_entries, 36 int map_flags); 37 int bpf_update_elem(int fd, void *key, void *value, unsigned long long flags); 38 int bpf_lookup_elem(int fd, void *key, void *value); 39 int bpf_delete_elem(int fd, void *key); 40 int bpf_get_first_key(int fd, void *key, size_t key_size); 41 int bpf_get_next_key(int fd, void *key, void *next_key); 42 43 /* 44 * Load a BPF program, and return the FD of the loaded program. 45 * 46 * On newer Kernels, the parameter name is used to identify the loaded program 47 * for inspection and debugging. It could be different from the function name. 48 * 49 * If log_level has value greater than 0, or the load failed, it will enable 50 * extra logging of loaded BPF bytecode and register status, and will print the 51 * logging message to stderr. In such cases: 52 * - If log_buf and log_buf_size are provided, it will use and also write the 53 * log messages to the provided log_buf. If log_buf is insufficient in size, 54 * it will not to any additional memory allocation. 55 * - Otherwise, it will allocate an internal temporary buffer for log message 56 * printing, and continue to attempt increase that allocated buffer size if 57 * initial attemp was insufficient in size. 58 */ 59 int bpf_prog_load(enum bpf_prog_type prog_type, const char *name, 60 const struct bpf_insn *insns, int insn_len, 61 const char *license, unsigned kern_version, 62 int log_level, char *log_buf, unsigned log_buf_size); 63 64 int bpf_attach_socket(int sockfd, int progfd); 65 66 /* create RAW socket. If name is not NULL/a non-empty null-terminated string, 67 * bind the raw socket to the interface 'name' */ 68 int bpf_open_raw_sock(const char *name); 69 70 typedef void (*perf_reader_raw_cb)(void *cb_cookie, void *raw, int raw_size); 71 typedef void (*perf_reader_lost_cb)(void *cb_cookie, uint64_t lost); 72 73 int bpf_attach_kprobe(int progfd, enum bpf_probe_attach_type attach_type, 74 const char *ev_name, const char *fn_name, uint64_t fn_offset); 75 int bpf_detach_kprobe(const char *ev_name); 76 77 int bpf_attach_uprobe(int progfd, enum bpf_probe_attach_type attach_type, 78 const char *ev_name, const char *binary_path, 79 uint64_t offset, pid_t pid); 80 int bpf_detach_uprobe(const char *ev_name); 81 82 int bpf_attach_tracepoint(int progfd, const char *tp_category, 83 const char *tp_name); 84 int bpf_detach_tracepoint(const char *tp_category, const char *tp_name); 85 86 int bpf_attach_raw_tracepoint(int progfd, char *tp_name); 87 88 void * bpf_open_perf_buffer(perf_reader_raw_cb raw_cb, 89 perf_reader_lost_cb lost_cb, void *cb_cookie, 90 int pid, int cpu, int page_cnt); 91 92 /* attached a prog expressed by progfd to the device specified in dev_name */ 93 int bpf_attach_xdp(const char *dev_name, int progfd, uint32_t flags); 94 95 // attach a prog expressed by progfd to run on a specific perf event. The perf 96 // event will be created using the perf_event_attr pointer provided. 97 int bpf_attach_perf_event_raw(int progfd, void *perf_event_attr, pid_t pid, 98 int cpu, int group_fd, unsigned long extra_flags); 99 // attach a prog expressed by progfd to run on a specific perf event, with 100 // certain sample period or sample frequency 101 int bpf_attach_perf_event(int progfd, uint32_t ev_type, uint32_t ev_config, 102 uint64_t sample_period, uint64_t sample_freq, 103 pid_t pid, int cpu, int group_fd); 104 105 int bpf_open_perf_event(uint32_t type, uint64_t config, int pid, int cpu); 106 107 int bpf_close_perf_event_fd(int fd); 108 109 int bpf_obj_pin(int fd, const char *pathname); 110 int bpf_obj_get(const char *pathname); 111 int bpf_obj_get_info(int prog_map_fd, void *info, uint32_t *info_len); 112 int bpf_prog_compute_tag(const struct bpf_insn *insns, int prog_len, 113 unsigned long long *tag); 114 int bpf_prog_get_tag(int fd, unsigned long long *tag); 115 int bpf_prog_get_next_id(uint32_t start_id, uint32_t *next_id); 116 int bpf_prog_get_fd_by_id(uint32_t id); 117 int bpf_map_get_fd_by_id(uint32_t id); 118 119 #define LOG_BUF_SIZE 65536 120 121 // Put non-static/inline functions in their own section with this prefix + 122 // fn_name to enable discovery by the bcc library. 123 #define BPF_FN_PREFIX ".bpf.fn." 124 125 /* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */ 126 127 #define BPF_ALU64_REG(OP, DST, SRC) \ 128 ((struct bpf_insn) { \ 129 .code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \ 130 .dst_reg = DST, \ 131 .src_reg = SRC, \ 132 .off = 0, \ 133 .imm = 0 }) 134 135 #define BPF_ALU32_REG(OP, DST, SRC) \ 136 ((struct bpf_insn) { \ 137 .code = BPF_ALU | BPF_OP(OP) | BPF_X, \ 138 .dst_reg = DST, \ 139 .src_reg = SRC, \ 140 .off = 0, \ 141 .imm = 0 }) 142 143 /* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */ 144 145 #define BPF_ALU64_IMM(OP, DST, IMM) \ 146 ((struct bpf_insn) { \ 147 .code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \ 148 .dst_reg = DST, \ 149 .src_reg = 0, \ 150 .off = 0, \ 151 .imm = IMM }) 152 153 #define BPF_ALU32_IMM(OP, DST, IMM) \ 154 ((struct bpf_insn) { \ 155 .code = BPF_ALU | BPF_OP(OP) | BPF_K, \ 156 .dst_reg = DST, \ 157 .src_reg = 0, \ 158 .off = 0, \ 159 .imm = IMM }) 160 161 /* Short form of mov, dst_reg = src_reg */ 162 163 #define BPF_MOV64_REG(DST, SRC) \ 164 ((struct bpf_insn) { \ 165 .code = BPF_ALU64 | BPF_MOV | BPF_X, \ 166 .dst_reg = DST, \ 167 .src_reg = SRC, \ 168 .off = 0, \ 169 .imm = 0 }) 170 171 /* Short form of mov, dst_reg = imm32 */ 172 173 #define BPF_MOV64_IMM(DST, IMM) \ 174 ((struct bpf_insn) { \ 175 .code = BPF_ALU64 | BPF_MOV | BPF_K, \ 176 .dst_reg = DST, \ 177 .src_reg = 0, \ 178 .off = 0, \ 179 .imm = IMM }) 180 181 /* BPF_LD_IMM64 macro encodes single 'load 64-bit immediate' insn */ 182 #define BPF_LD_IMM64(DST, IMM) \ 183 BPF_LD_IMM64_RAW(DST, 0, IMM) 184 185 #define BPF_LD_IMM64_RAW(DST, SRC, IMM) \ 186 ((struct bpf_insn) { \ 187 .code = BPF_LD | BPF_DW | BPF_IMM, \ 188 .dst_reg = DST, \ 189 .src_reg = SRC, \ 190 .off = 0, \ 191 .imm = (__u32) (IMM) }), \ 192 ((struct bpf_insn) { \ 193 .code = 0, /* zero is reserved opcode */ \ 194 .dst_reg = 0, \ 195 .src_reg = 0, \ 196 .off = 0, \ 197 .imm = ((__u64) (IMM)) >> 32 }) 198 199 #define BPF_PSEUDO_MAP_FD 1 200 201 /* pseudo BPF_LD_IMM64 insn used to refer to process-local map_fd */ 202 #define BPF_LD_MAP_FD(DST, MAP_FD) \ 203 BPF_LD_IMM64_RAW(DST, BPF_PSEUDO_MAP_FD, MAP_FD) 204 205 206 /* Direct packet access, R0 = *(uint *) (skb->data + imm32) */ 207 208 #define BPF_LD_ABS(SIZE, IMM) \ 209 ((struct bpf_insn) { \ 210 .code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \ 211 .dst_reg = 0, \ 212 .src_reg = 0, \ 213 .off = 0, \ 214 .imm = IMM }) 215 216 /* Memory load, dst_reg = *(uint *) (src_reg + off16) */ 217 218 #define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \ 219 ((struct bpf_insn) { \ 220 .code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \ 221 .dst_reg = DST, \ 222 .src_reg = SRC, \ 223 .off = OFF, \ 224 .imm = 0 }) 225 226 /* Memory store, *(uint *) (dst_reg + off16) = src_reg */ 227 228 #define BPF_STX_MEM(SIZE, DST, SRC, OFF) \ 229 ((struct bpf_insn) { \ 230 .code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM, \ 231 .dst_reg = DST, \ 232 .src_reg = SRC, \ 233 .off = OFF, \ 234 .imm = 0 }) 235 236 /* Memory store, *(uint *) (dst_reg + off16) = imm32 */ 237 238 #define BPF_ST_MEM(SIZE, DST, OFF, IMM) \ 239 ((struct bpf_insn) { \ 240 .code = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM, \ 241 .dst_reg = DST, \ 242 .src_reg = 0, \ 243 .off = OFF, \ 244 .imm = IMM }) 245 246 /* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */ 247 248 #define BPF_JMP_REG(OP, DST, SRC, OFF) \ 249 ((struct bpf_insn) { \ 250 .code = BPF_JMP | BPF_OP(OP) | BPF_X, \ 251 .dst_reg = DST, \ 252 .src_reg = SRC, \ 253 .off = OFF, \ 254 .imm = 0 }) 255 256 /* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */ 257 258 #define BPF_JMP_IMM(OP, DST, IMM, OFF) \ 259 ((struct bpf_insn) { \ 260 .code = BPF_JMP | BPF_OP(OP) | BPF_K, \ 261 .dst_reg = DST, \ 262 .src_reg = 0, \ 263 .off = OFF, \ 264 .imm = IMM }) 265 266 /* Raw code statement block */ 267 268 #define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \ 269 ((struct bpf_insn) { \ 270 .code = CODE, \ 271 .dst_reg = DST, \ 272 .src_reg = SRC, \ 273 .off = OFF, \ 274 .imm = IMM }) 275 276 /* Program exit */ 277 278 #define BPF_EXIT_INSN() \ 279 ((struct bpf_insn) { \ 280 .code = BPF_JMP | BPF_EXIT, \ 281 .dst_reg = 0, \ 282 .src_reg = 0, \ 283 .off = 0, \ 284 .imm = 0 }) 285 286 #ifdef __cplusplus 287 } 288 #endif 289 290 #endif 291