diff --git a/.aspell.en.pws b/.aspell.en.pws index fd3dc61e..1665828c 100644 --- a/.aspell.en.pws +++ b/.aspell.en.pws @@ -209,3 +209,4 @@ UID GID decl inlining +backend diff --git a/data/feature-versions.yaml b/data/feature-versions.yaml index a1dfe092..1cea25cb 100644 --- a/data/feature-versions.yaml +++ b/data/feature-versions.yaml @@ -2062,3 +2062,27 @@ - name: bpf_arena_free_pages version: v6.9 commit: 317460317a02a1af512697e6e964298dedd8a163 + - name: bpf_iter_bits_destroy + version: v6.11 + commit: 4665415975b0827e9646cab91c61d02a6b364d59 + - name: bpf_iter_bits_new + version: v6.11 + commit: 4665415975b0827e9646cab91c61d02a6b364d59 + - name: bpf_iter_bits_next + version: v6.11 + commit: 4665415975b0827e9646cab91c61d02a6b364d59 + - name: bpf_xdp_flow_lookup + version: v6.11 + commit: 391bb6594fd3a567efb1cd3efc8136c78c4c9e31 + - name: hid_bpf_hw_output_report + version: v6.10 + commit: 5599f80196612efde96dbe6ef18f6ecc0cb4ba19 + - name: hid_bpf_input_report + version: v6.10 + commit: 9be50ac30a83896a753ab9f64e941763bb7900be + - name: hid_bpf_try_input_report + version: v6.11 + commit: 9acbb7ba4589d4715141d4e14230a828ddc95f3d + - name: bpf_sk_assign_tcp_reqsk + version: v6.11 + commit: e472f88891abbc535a5e16a68a104073985f6061 diff --git a/data/kfuncs.yaml b/data/kfuncs.yaml index c31dd8cf..836af73e 100644 --- a/data/kfuncs.yaml +++ b/data/kfuncs.yaml @@ -188,6 +188,12 @@ sets: - name: bpf_wq_start - name: bpf_preempt_disable - name: bpf_preempt_enable + - name: bpf_iter_bits_new + flags: [KF_ITER_NEW] + - name: bpf_iter_bits_next + flags: [KF_ITER_NEXT, KF_RET_NULL] + - name: bpf_iter_bits_destroy + flags: [KF_ITER_DESTROY] program_types: - BPF_PROG_TYPE_UNSPEC @@ -356,6 +362,17 @@ sets: funcs: - name: hid_bpf_get_data flags: [KF_RET_NULL] + - name: hid_bpf_allocate_context + flags: [KF_ACQUIRE, KF_RET_NULL, KF_SLEEPABLE] + - name: hid_bpf_release_context + flags: [KF_RELEASE, KF_SLEEPABLE] + - name: hid_bpf_hw_request + flags: [KF_SLEEPABLE] + - name: hid_bpf_hw_output_report + flags: [KF_SLEEPABLE] + - name: hid_bpf_input_report + flags: [KF_SLEEPABLE] + - name: hid_bpf_try_input_report program_types: - BPF_PROG_TYPE_TRACING - BPF_PROG_TYPE_LSM @@ -368,6 +385,8 @@ sets: - name: hid_bpf_release_context flags: [KF_RELEASE] - name: hid_bpf_hw_request + - name: hid_bpf_hw_output_report + - name: hid_bpf_input_report program_types: - BPF_PROG_TYPE_SYSCALL @@ -410,3 +429,17 @@ sets: flags: [KF_TRUSTED_ARGS, KF_SLEEPABLE] program_types: - BPF_PROG_TYPE_UNSPEC + + bpf_kfunc_check_set_tcp_reqsk: + funcs: + - name: bpf_sk_assign_tcp_reqsk + flags: [KF_TRUSTED_ARGS] + program_types: + - BPF_PROG_TYPE_SCHED_CLS + + nf_ft_kfunc_set: + funcs: + - name: bpf_xdp_flow_lookup + flags: [KF_TRUSTED_ARGS, KF_RET_NULL] + program_types: + - BPF_PROG_TYPE_XDP diff --git a/docs/linux/concepts/dynptrs.md b/docs/linux/concepts/dynptrs.md index 5f1d51f4..1ffbe98f 100644 --- a/docs/linux/concepts/dynptrs.md +++ b/docs/linux/concepts/dynptrs.md @@ -26,6 +26,7 @@ The following functions create or manipulate dynptrs: * [`bpf_dynptr_clone`](../kfuncs/bpf_dynptr_clone.md) - Clones a dynptr. The new dynptr points to the same underlying data and has the same metadata as the original dynptr. The following functions are not dynptr centric, but do require dynptrs in their arguments: + * [`bpf_ringbuf_submit_dynptr`](../helper-function/bpf_ringbuf_submit_dynptr.md) - Submits a dynptr to a ring buffer. * [`bpf_ringbuf_discard_dynptr`](../helper-function/bpf_ringbuf_discard_dynptr.md) - Discards a dynptr from a ring buffer. * [`bpf_user_ringbuf_drain`](../helper-function/bpf_user_ringbuf_drain.md) - Drains samples from a user ring buffer and invokes a callback for each sample, with a dynptr containing the sample data. diff --git a/docs/linux/kfuncs/SUMMARY.md b/docs/linux/kfuncs/SUMMARY.md index 9fec001b..c64373bd 100644 --- a/docs/linux/kfuncs/SUMMARY.md +++ b/docs/linux/kfuncs/SUMMARY.md @@ -84,6 +84,10 @@ - [`bpf_iter_task_vma_new`](bpf_iter_task_vma_new.md) - [`bpf_iter_task_vma_next`](bpf_iter_task_vma_next.md) - [`bpf_iter_task_vma_destroy`](bpf_iter_task_vma_destroy.md) +- Kfuncs for bits + - [`bpf_iter_bits_new`](bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](bpf_iter_bits_next.md) + - [`bpf_iter_bits_destroy`](bpf_iter_bits_destroy.md) - Kfuncs for open coded task cGroup iterators - [`bpf_iter_css_task_new`](bpf_iter_css_task_new.md) - [`bpf_iter_css_task_next`](bpf_iter_css_task_next.md) @@ -160,6 +164,8 @@ - Foo over UDP KFuncs - [`bpf_skb_set_fou_encap`](bpf_skb_set_fou_encap.md) - [`bpf_skb_get_fou_encap`](bpf_skb_get_fou_encap.md) +- SYNCookie KFuncs + - [`bpf_sk_assign_tcp_reqsk`](bpf_sk_assign_tcp_reqsk.md) - Connection tracking KFuncs - [`bpf_ct_set_nat_info`](bpf_ct_set_nat_info.md) - [`bpf_xdp_ct_alloc`](bpf_xdp_ct_alloc.md) @@ -172,6 +178,8 @@ - [`bpf_ct_change_timeout`](bpf_ct_change_timeout.md) - [`bpf_ct_set_status`](bpf_ct_set_status.md) - [`bpf_ct_change_status`](bpf_ct_change_status.md) +- XDP KFuncs + - [`bpf_xdp_flow_lookup`](bpf_xdp_flow_lookup.md) - XFRM KFuncs - [`bpf_skb_get_xfrm_info`](bpf_skb_get_xfrm_info.md) - [`bpf_skb_set_xfrm_info`](bpf_skb_set_xfrm_info.md) @@ -183,6 +191,9 @@ - [`hid_bpf_allocate_context`](hid_bpf_allocate_context.md) - [`hid_bpf_release_context`](hid_bpf_release_context.md) - [`hid_bpf_hw_request`](hid_bpf_hw_request.md) + - [`hid_bpf_hw_output_report`](hid_bpf_hw_output_report.md) + - [`hid_bpf_input_report`](hid_bpf_input_report.md) + - [`hid_bpf_try_input_report`](hid_bpf_try_input_report.md) - KProbe session Kfuncs - [`bpf_session_cookie`](bpf_session_cookie.md) - [`bpf_session_is_return`](bpf_session_is_return.md) diff --git a/docs/linux/kfuncs/bpf_crypto_decrypt.md b/docs/linux/kfuncs/bpf_crypto_decrypt.md index 5d4f61ad..c5c1256d 100644 --- a/docs/linux/kfuncs/bpf_crypto_decrypt.md +++ b/docs/linux/kfuncs/bpf_crypto_decrypt.md @@ -27,7 +27,7 @@ Decrypts provided buffer using IV data and the crypto context. Crypto context mu Return 0 on success, or a negative error code on failure. -`#!c int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr_kern *src, const struct bpf_dynptr_kern *dst, const struct bpf_dynptr_kern *siv)` +`#!c int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr *src, const struct bpf_dynptr *dst, const struct bpf_dynptr *siv__nullable)` ## Usage diff --git a/docs/linux/kfuncs/bpf_crypto_encrypt.md b/docs/linux/kfuncs/bpf_crypto_encrypt.md index 1203bee0..72862533 100644 --- a/docs/linux/kfuncs/bpf_crypto_encrypt.md +++ b/docs/linux/kfuncs/bpf_crypto_encrypt.md @@ -27,7 +27,7 @@ Encrypts provided buffer using IV data and the crypto context. Crypto context mu Return 0 on success, or a negative error code on failure. -`#!c int bpf_crypto_encrypt(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr_kern *src, const struct bpf_dynptr_kern *dst, const struct bpf_dynptr_kern *siv)` +`#!c int bpf_crypto_encrypt(struct bpf_crypto_ctx *ctx, const struct bpf_dynptr *src, const struct bpf_dynptr *dst, const struct bpf_dynptr *siv__nullable)` ## Usage diff --git a/docs/linux/kfuncs/bpf_dynptr_adjust.md b/docs/linux/kfuncs/bpf_dynptr_adjust.md index bd9cdd79..56f01670 100644 --- a/docs/linux/kfuncs/bpf_dynptr_adjust.md +++ b/docs/linux/kfuncs/bpf_dynptr_adjust.md @@ -15,7 +15,7 @@ Adjusts the dynptr to reflect the new [start, end) interval. It advances the offset of the dynptr by `start` bytes, and if end is less than the size of the dynptr, then this will trim the dynptr accordingly. -`#!c int bpf_dynptr_adjust(struct bpf_dynptr_kern *ptr, u32 start, u32 end)` +`#!c int bpf_dynptr_adjust(const struct bpf_dynptr *p, u32 start, u32 end)` ## Usage diff --git a/docs/linux/kfuncs/bpf_dynptr_clone.md b/docs/linux/kfuncs/bpf_dynptr_clone.md index 808eb97a..198ae63d 100644 --- a/docs/linux/kfuncs/bpf_dynptr_clone.md +++ b/docs/linux/kfuncs/bpf_dynptr_clone.md @@ -22,7 +22,7 @@ Any writes to a dynptr will be reflected across all instances (by 'instance', th Changing the view of the dynptr (for example advancing the offset or trimming the size) will only affect that dynptr and not affect any other instances. -`#!c int bpf_dynptr_clone(struct bpf_dynptr_kern *ptr, struct bpf_dynptr_kern *clone__uninit)` +`#!c int bpf_dynptr_clone(const struct bpf_dynptr *p, struct bpf_dynptr *clone__uninit)` ## Usage diff --git a/docs/linux/kfuncs/bpf_dynptr_from_skb.md b/docs/linux/kfuncs/bpf_dynptr_from_skb.md index fad462e5..99070757 100644 --- a/docs/linux/kfuncs/bpf_dynptr_from_skb.md +++ b/docs/linux/kfuncs/bpf_dynptr_from_skb.md @@ -17,7 +17,7 @@ For bpf program types that don't support writes on skb data, the dynptr is read- For reads and writes through the [`bpf_dynptr_read()`](../helper-function/bpf_dynptr_read.md) and [`bpf_dynptr_write()`](../helper-function/bpf_dynptr_write.md) interfaces, reading and writing from/to data in the head as well as from/to non-linear paged buffers is supported. Data slices through the bpf_dynptr_data API are not supported; instead [`bpf_dynptr_slice()`](bpf_dynptr_slice.md) and [`bpf_dynptr_slice_rdwr()`](bpf_dynptr_slice_rdwr.md) should be used. -`#!c int bpf_dynptr_from_skb(struct sk_buff *skb, u64 flags, struct bpf_dynptr_kern *ptr__uninit)` +`#!c int bpf_dynptr_from_skb(struct __sk_buff *s, u64 flags, struct bpf_dynptr *ptr__uninit)` ## Usage diff --git a/docs/linux/kfuncs/bpf_dynptr_from_xdp.md b/docs/linux/kfuncs/bpf_dynptr_from_xdp.md index e7d10096..9824970a 100644 --- a/docs/linux/kfuncs/bpf_dynptr_from_xdp.md +++ b/docs/linux/kfuncs/bpf_dynptr_from_xdp.md @@ -15,7 +15,7 @@ Get dynptrs whose underlying pointer points to a xdp_buff. For reads and writes on the dynptr, this includes reading/writing from/to and across fragments. Data slices through the [`bpf_dynptr_data`](../helper-function/bpf_dynptr_data.md) API are not supported; instead [`bpf_dynptr_slice()`](bpf_dynptr_slice.md) and [`bpf_dynptr_slice_rdwr()`](bpf_dynptr_slice_rdwr.md) should be used. -`#!c int bpf_dynptr_from_xdp(struct xdp_buff *xdp, u64 flags, struct bpf_dynptr_kern *ptr__uninit)` +`#!c int bpf_dynptr_from_xdp(struct xdp_md *x, u64 flags, struct bpf_dynptr *ptr__uninit)` ## Usage diff --git a/docs/linux/kfuncs/bpf_dynptr_is_null.md b/docs/linux/kfuncs/bpf_dynptr_is_null.md index 90300691..0dc79f29 100644 --- a/docs/linux/kfuncs/bpf_dynptr_is_null.md +++ b/docs/linux/kfuncs/bpf_dynptr_is_null.md @@ -16,7 +16,7 @@ Returns true if the dynptr is `null` / invalid (determined by whether `ptr->data the dynptr is a valid dynptr. -`#!c bool bpf_dynptr_is_null(struct bpf_dynptr_kern *ptr)` +`#!c bool bpf_dynptr_is_null(const struct bpf_dynptr *p)` ## Usage diff --git a/docs/linux/kfuncs/bpf_dynptr_is_rdonly.md b/docs/linux/kfuncs/bpf_dynptr_is_rdonly.md index 9a18f94f..14015006 100644 --- a/docs/linux/kfuncs/bpf_dynptr_is_rdonly.md +++ b/docs/linux/kfuncs/bpf_dynptr_is_rdonly.md @@ -15,7 +15,7 @@ Returns true if the dynptr is read-only `bpf_dynptr_is_rdonly` returns true if the dynptr is read-only, else false if the dynptr is read-writable. If the dynptr is null / invalid, false is returned by default. -`#!c bool bpf_dynptr_is_rdonly(struct bpf_dynptr_kern *ptr)` +`#!c bool bpf_dynptr_is_rdonly(const struct bpf_dynptr *p)` ## Usage diff --git a/docs/linux/kfuncs/bpf_dynptr_size.md b/docs/linux/kfuncs/bpf_dynptr_size.md index b373b54c..3a731ea7 100644 --- a/docs/linux/kfuncs/bpf_dynptr_size.md +++ b/docs/linux/kfuncs/bpf_dynptr_size.md @@ -13,7 +13,7 @@ Returns the number of usable bytes in a dynptr. ## Definition -`#!c __u32 bpf_dynptr_size(const struct bpf_dynptr_kern *ptr)` +`#!c __u32 bpf_dynptr_size(const struct bpf_dynptr *p)` ## Usage diff --git a/docs/linux/kfuncs/bpf_dynptr_slice.md b/docs/linux/kfuncs/bpf_dynptr_slice.md index 348951dc..429ee40c 100644 --- a/docs/linux/kfuncs/bpf_dynptr_slice.md +++ b/docs/linux/kfuncs/bpf_dynptr_slice.md @@ -15,7 +15,7 @@ Get a pointer to dynptr data up to `len` bytes for read only access. If the dynptr doesn't have continuous data up to `len` bytes, return NULL. -`#!c void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset, void *buffer__opt, u32 buffer__szk)` +`#!c void *bpf_dynptr_slice(const struct bpf_dynptr *p, u32 offset, void *buffer__opt, u32 buffer__szk)` !!! note The pointer returned by the kfunc may be NULL. Hence, it forces the user to do a NULL check on the pointer returned diff --git a/docs/linux/kfuncs/bpf_dynptr_slice_rdwr.md b/docs/linux/kfuncs/bpf_dynptr_slice_rdwr.md index 7c923d7c..fb92b2ee 100644 --- a/docs/linux/kfuncs/bpf_dynptr_slice_rdwr.md +++ b/docs/linux/kfuncs/bpf_dynptr_slice_rdwr.md @@ -15,7 +15,7 @@ Get a pointer to dynptr data up to `len` bytes for read write access. If the dynptr doesn't have continuous data up to `len` bytes, or the dynptr is read only, return `NULL`. -`#!c void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr_kern *ptr, u32 offset, void *buffer__opt, u32 buffer__szk)` +`#!c void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr *p, u32 offset, void *buffer__opt, u32 buffer__szk)` !!! note The pointer returned by the kfunc may be NULL. Hence, it forces the user to do a NULL check on the pointer returned diff --git a/docs/linux/kfuncs/bpf_get_file_xattr.md b/docs/linux/kfuncs/bpf_get_file_xattr.md index 1f34362c..67572c1e 100644 --- a/docs/linux/kfuncs/bpf_get_file_xattr.md +++ b/docs/linux/kfuncs/bpf_get_file_xattr.md @@ -21,7 +21,7 @@ For security reasons, only `name__str` with prefix "user." is allowed. 0 on success, a negative value on error. -`#!c int bpf_get_file_xattr(struct file *file, const char *name__str, struct bpf_dynptr_kern *value_ptr)` +`#!c int bpf_get_file_xattr(struct file *file, const char *name__str, struct bpf_dynptr *value_p)` !!! note This function may sleep, and therefore can only be used from [sleepable programs](../syscall/BPF_PROG_LOAD.md/#bpf_f_sleepable). diff --git a/docs/linux/kfuncs/bpf_get_fsverity_digest.md b/docs/linux/kfuncs/bpf_get_fsverity_digest.md index 615d30d4..3a43c80c 100644 --- a/docs/linux/kfuncs/bpf_get_fsverity_digest.md +++ b/docs/linux/kfuncs/bpf_get_fsverity_digest.md @@ -13,7 +13,7 @@ Get the `fs-verity` digest of a file. ## Definition -`#!c int bpf_get_fsverity_digest(struct file *file, struct bpf_dynptr_kern *digest_ptr)` +`#!c int bpf_get_fsverity_digest(struct file *file, struct bpf_dynptr *digest_p)` ## Usage diff --git a/docs/linux/kfuncs/bpf_iter_bits_destroy.md b/docs/linux/kfuncs/bpf_iter_bits_destroy.md new file mode 100644 index 00000000..80d1dc0f --- /dev/null +++ b/docs/linux/kfuncs/bpf_iter_bits_destroy.md @@ -0,0 +1,57 @@ +--- +title: "KFunc 'bpf_iter_bits_destroy'" +description: "This page documents the 'bpf_iter_bits_destroy' eBPF kfunc, including its definition, usage, program types that can use it, and examples." +--- +# KFunc `bpf_iter_bits_destroy` + + +[:octicons-tag-24: v6.11](https://github.com/torvalds/linux/commit/4665415975b0827e9646cab91c61d02a6b364d59) + + +Destroy a `bpf_iter_bits` + +## Definition + +Destroy the resource associated with the `bpf_iter_bits`. + +**Parameters** + +`it`: The `bpf_iter_bits` to be destroyed + + +`#!c void bpf_iter_bits_destroy(struct bpf_iter_bits *it)` + + +## Usage + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + +### Program types + +The following program types can make use of this kfunc: + + +- [`BPF_PROG_TYPE_CGROUP_SKB`](../program-type/BPF_PROG_TYPE_CGROUP_SKB.md) +- [`BPF_PROG_TYPE_CGROUP_SOCK_ADDR`](../program-type/BPF_PROG_TYPE_CGROUP_SOCK_ADDR.md) +- [`BPF_PROG_TYPE_LSM`](../program-type/BPF_PROG_TYPE_LSM.md) +- [`BPF_PROG_TYPE_LWT_IN`](../program-type/BPF_PROG_TYPE_LWT_IN.md) +- [`BPF_PROG_TYPE_LWT_OUT`](../program-type/BPF_PROG_TYPE_LWT_OUT.md) +- [`BPF_PROG_TYPE_LWT_SEG6LOCAL`](../program-type/BPF_PROG_TYPE_LWT_SEG6LOCAL.md) +- [`BPF_PROG_TYPE_LWT_XMIT`](../program-type/BPF_PROG_TYPE_LWT_XMIT.md) +- [`BPF_PROG_TYPE_NETFILTER`](../program-type/BPF_PROG_TYPE_NETFILTER.md) +- [`BPF_PROG_TYPE_SCHED_ACT`](../program-type/BPF_PROG_TYPE_SCHED_ACT.md) +- [`BPF_PROG_TYPE_SCHED_CLS`](../program-type/BPF_PROG_TYPE_SCHED_CLS.md) +- [`BPF_PROG_TYPE_SK_SKB`](../program-type/BPF_PROG_TYPE_SK_SKB.md) +- [`BPF_PROG_TYPE_SOCKET_FILTER`](../program-type/BPF_PROG_TYPE_SOCKET_FILTER.md) +- [`BPF_PROG_TYPE_STRUCT_OPS`](../program-type/BPF_PROG_TYPE_STRUCT_OPS.md) +- [`BPF_PROG_TYPE_SYSCALL`](../program-type/BPF_PROG_TYPE_SYSCALL.md) +- [`BPF_PROG_TYPE_TRACING`](../program-type/BPF_PROG_TYPE_TRACING.md) +- [`BPF_PROG_TYPE_XDP`](../program-type/BPF_PROG_TYPE_XDP.md) + + +### Example + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + diff --git a/docs/linux/kfuncs/bpf_iter_bits_new.md b/docs/linux/kfuncs/bpf_iter_bits_new.md new file mode 100644 index 00000000..1ef79933 --- /dev/null +++ b/docs/linux/kfuncs/bpf_iter_bits_new.md @@ -0,0 +1,65 @@ +--- +title: "KFunc 'bpf_iter_bits_new'" +description: "This page documents the 'bpf_iter_bits_new' eBPF kfunc, including its definition, usage, program types that can use it, and examples." +--- +# KFunc `bpf_iter_bits_new` + + +[:octicons-tag-24: v6.11](https://github.com/torvalds/linux/commit/4665415975b0827e9646cab91c61d02a6b364d59) + + +Initialize a new bits iterator for a given memory area + +## Definition + +This function initializes a new `bpf_iter_bits` structure for iterating over a memory area which is specified by the `unsafe_ptr__ign` and `nr_words`. It copies the data of the memory area to the newly created bpf_iter_bits `it` for subsequent iteration operations. + +**Parameters** + +`it`: The new bpf_iter_bits to be created + +`unsafe_ptr__ign`: A pointer pointing to a memory area to be iterated over + +`nr_words`: The size of the specified memory area, measured in 8-byte units. Due to the limitation of memalloc, it can't be greater than 512. + +**Return** + +On success, 0 is returned. On failure, `ERR` is returned. + + +`#!c int bpf_iter_bits_new(struct bpf_iter_bits *it, const u64 *unsafe_ptr__ign, u32 nr_words)` + + +## Usage + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + +### Program types + +The following program types can make use of this kfunc: + + +- [`BPF_PROG_TYPE_CGROUP_SKB`](../program-type/BPF_PROG_TYPE_CGROUP_SKB.md) +- [`BPF_PROG_TYPE_CGROUP_SOCK_ADDR`](../program-type/BPF_PROG_TYPE_CGROUP_SOCK_ADDR.md) +- [`BPF_PROG_TYPE_LSM`](../program-type/BPF_PROG_TYPE_LSM.md) +- [`BPF_PROG_TYPE_LWT_IN`](../program-type/BPF_PROG_TYPE_LWT_IN.md) +- [`BPF_PROG_TYPE_LWT_OUT`](../program-type/BPF_PROG_TYPE_LWT_OUT.md) +- [`BPF_PROG_TYPE_LWT_SEG6LOCAL`](../program-type/BPF_PROG_TYPE_LWT_SEG6LOCAL.md) +- [`BPF_PROG_TYPE_LWT_XMIT`](../program-type/BPF_PROG_TYPE_LWT_XMIT.md) +- [`BPF_PROG_TYPE_NETFILTER`](../program-type/BPF_PROG_TYPE_NETFILTER.md) +- [`BPF_PROG_TYPE_SCHED_ACT`](../program-type/BPF_PROG_TYPE_SCHED_ACT.md) +- [`BPF_PROG_TYPE_SCHED_CLS`](../program-type/BPF_PROG_TYPE_SCHED_CLS.md) +- [`BPF_PROG_TYPE_SK_SKB`](../program-type/BPF_PROG_TYPE_SK_SKB.md) +- [`BPF_PROG_TYPE_SOCKET_FILTER`](../program-type/BPF_PROG_TYPE_SOCKET_FILTER.md) +- [`BPF_PROG_TYPE_STRUCT_OPS`](../program-type/BPF_PROG_TYPE_STRUCT_OPS.md) +- [`BPF_PROG_TYPE_SYSCALL`](../program-type/BPF_PROG_TYPE_SYSCALL.md) +- [`BPF_PROG_TYPE_TRACING`](../program-type/BPF_PROG_TYPE_TRACING.md) +- [`BPF_PROG_TYPE_XDP`](../program-type/BPF_PROG_TYPE_XDP.md) + + +### Example + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + diff --git a/docs/linux/kfuncs/bpf_iter_bits_next.md b/docs/linux/kfuncs/bpf_iter_bits_next.md new file mode 100644 index 00000000..37a7f33f --- /dev/null +++ b/docs/linux/kfuncs/bpf_iter_bits_next.md @@ -0,0 +1,65 @@ +--- +title: "KFunc 'bpf_iter_bits_next'" +description: "This page documents the 'bpf_iter_bits_next' eBPF kfunc, including its definition, usage, program types that can use it, and examples." +--- +# KFunc `bpf_iter_bits_next` + + +[:octicons-tag-24: v6.11](https://github.com/torvalds/linux/commit/4665415975b0827e9646cab91c61d02a6b364d59) + + +Get the next bit in a `bpf_iter_bits` + +## Definition + +This function returns a pointer to a number representing the value of the next bit in the bits. + +**Parameters** + +`it`: The `bpf_iter_bits` to be checked + +**Return** + +If there are no further bits available, it returns `NULL`. + + +`#!c int *bpf_iter_bits_next(struct bpf_iter_bits *it)` + +!!! note + The pointer returned by the kfunc may be NULL. Hence, it forces the user to do a NULL check on the pointer returned + from the kfunc before making use of it (dereferencing or passing to another helper). + + +## Usage + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + +### Program types + +The following program types can make use of this kfunc: + + +- [`BPF_PROG_TYPE_CGROUP_SKB`](../program-type/BPF_PROG_TYPE_CGROUP_SKB.md) +- [`BPF_PROG_TYPE_CGROUP_SOCK_ADDR`](../program-type/BPF_PROG_TYPE_CGROUP_SOCK_ADDR.md) +- [`BPF_PROG_TYPE_LSM`](../program-type/BPF_PROG_TYPE_LSM.md) +- [`BPF_PROG_TYPE_LWT_IN`](../program-type/BPF_PROG_TYPE_LWT_IN.md) +- [`BPF_PROG_TYPE_LWT_OUT`](../program-type/BPF_PROG_TYPE_LWT_OUT.md) +- [`BPF_PROG_TYPE_LWT_SEG6LOCAL`](../program-type/BPF_PROG_TYPE_LWT_SEG6LOCAL.md) +- [`BPF_PROG_TYPE_LWT_XMIT`](../program-type/BPF_PROG_TYPE_LWT_XMIT.md) +- [`BPF_PROG_TYPE_NETFILTER`](../program-type/BPF_PROG_TYPE_NETFILTER.md) +- [`BPF_PROG_TYPE_SCHED_ACT`](../program-type/BPF_PROG_TYPE_SCHED_ACT.md) +- [`BPF_PROG_TYPE_SCHED_CLS`](../program-type/BPF_PROG_TYPE_SCHED_CLS.md) +- [`BPF_PROG_TYPE_SK_SKB`](../program-type/BPF_PROG_TYPE_SK_SKB.md) +- [`BPF_PROG_TYPE_SOCKET_FILTER`](../program-type/BPF_PROG_TYPE_SOCKET_FILTER.md) +- [`BPF_PROG_TYPE_STRUCT_OPS`](../program-type/BPF_PROG_TYPE_STRUCT_OPS.md) +- [`BPF_PROG_TYPE_SYSCALL`](../program-type/BPF_PROG_TYPE_SYSCALL.md) +- [`BPF_PROG_TYPE_TRACING`](../program-type/BPF_PROG_TYPE_TRACING.md) +- [`BPF_PROG_TYPE_XDP`](../program-type/BPF_PROG_TYPE_XDP.md) + + +### Example + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + diff --git a/docs/linux/kfuncs/bpf_sk_assign_tcp_reqsk.md b/docs/linux/kfuncs/bpf_sk_assign_tcp_reqsk.md new file mode 100644 index 00000000..23fc28aa --- /dev/null +++ b/docs/linux/kfuncs/bpf_sk_assign_tcp_reqsk.md @@ -0,0 +1,64 @@ +--- +title: "KFunc 'bpf_sk_assign_tcp_reqsk'" +description: "This page documents the 'bpf_sk_assign_tcp_reqsk' eBPF kfunc, including its definition, usage, program types that can use it, and examples." +--- +# KFunc `bpf_sk_assign_tcp_reqsk` + + +[:octicons-tag-24: v6.11](https://github.com/torvalds/linux/commit/e472f88891abbc535a5e16a68a104073985f6061) + + +Assign custom parameters used to validate SYN cookies. + +## Definition + +`bpf_sk_assign_tcp_reqsk()` takes `skb`, a listener `sk`, and `struct bpf_tcp_req_attrs` and allocates `reqsk` and configures it. Then, bpf_sk_assign_tcp_reqsk() links `reqsk` with `skb` and the listener. + + +`#!c int bpf_sk_assign_tcp_reqsk(struct __sk_buff *s, struct sock *sk, struct bpf_tcp_req_attrs *attrs, int attrs__sz)` + + +## Usage + +Under SYN Flood, the TCP stack generates SYN Cookie to remain stateless for the connection request until a valid ACK is responded to the SYN+ACK. + +The cookie contains two kinds of host-specific bits, a timestamp and secrets, so only can it be validated by the generator. It means SYN Cookie consumes network resources between the client and the server; intermediate nodes must remember which nodes to route ACK for the cookie. + +SYN Proxy reduces such unwanted resource allocation by handling 3WHS at the edge network. After SYN Proxy completes 3WHS, it forwards SYN to the backend server and completes another 3WHS. However, since the server's ISN differs from the cookie, the proxy must manage the ISN mappings and fix up SEQ/ACK numbers in every packet for each connection. If a proxy node goes down, all the connections through it are terminated. Keeping a state at proxy is painful from that perspective. + +This kfunc allows BPF to validate an arbitrary SYN Cookie on the backend server, the proxy doesn't need not restore SYN nor pass it. After validating ACK, the proxy node just needs to forward it, and then the server can do the lightweight validation (e.g. check if ACK came from proxy nodes, etc) +and create a connection from the ACK. + +The arguments supplied to the kfunc can be derived from the SYN Cookie. + +See also: [patch set](https://lore.kernel.org/all/20240115205514.68364-1-kuniyu@amazon.com/) + +### Program types + +The following program types can make use of this kfunc: + + +- [`BPF_PROG_TYPE_SCHED_CLS`](../program-type/BPF_PROG_TYPE_SCHED_CLS.md) + + +### Example + +```c +struct bpf_tcp_req_attrs attrs = { + .mss = mss, + .wscale_ok = wscale_ok, + .rcv_wscale = rcv_wscale, /* Server's WScale < 15 */ + .snd_wscale = snd_wscale, /* Client's WScale < 15 */ + .tstamp_ok = tstamp_ok, + .rcv_tsval = tsval, + .rcv_tsecr = tsecr, /* Server's Initial TSval */ + .usec_ts_ok = usec_ts_ok, + .sack_ok = sack_ok, + .ecn_ok = ecn_ok, +} + +skc = bpf_skc_lookup_tcp(...); +sk = (struct sock *)bpf_skc_to_tcp_sock(skc); +bpf_sk_assign_tcp_reqsk(skb, sk, attrs, sizeof(attrs)); +bpf_sk_release(skc); +``` diff --git a/docs/linux/kfuncs/bpf_verify_pkcs7_signature.md b/docs/linux/kfuncs/bpf_verify_pkcs7_signature.md index 5a0ae234..0af8ba87 100644 --- a/docs/linux/kfuncs/bpf_verify_pkcs7_signature.md +++ b/docs/linux/kfuncs/bpf_verify_pkcs7_signature.md @@ -15,7 +15,7 @@ Verify a PKCS#7 signature Verify the PKCS#7 signature `sig_ptr` against the supplied `data_ptr` with keys in a keyring referenced by `trusted_keyring`. -`#!c int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr, struct bpf_dynptr_kern *sig_ptr, struct bpf_key *trusted_keyring)` +`#!c int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_p, struct bpf_dynptr *sig_p, struct bpf_key *trusted_keyring)` !!! note This function may sleep, and therefore can only be used from [sleepable programs](../syscall/BPF_PROG_LOAD.md/#bpf_f_sleepable). diff --git a/docs/linux/kfuncs/bpf_wq_set_callback_impl.md b/docs/linux/kfuncs/bpf_wq_set_callback_impl.md index 1e381add..39a3e15d 100644 --- a/docs/linux/kfuncs/bpf_wq_set_callback_impl.md +++ b/docs/linux/kfuncs/bpf_wq_set_callback_impl.md @@ -25,7 +25,7 @@ The callback will be called asynchronously sometime after the current eBPF progr Return `0` on success, or a negative error code on failure. -`#!c int bpf_wq_set_callback_impl(struct bpf_wq *wq, int (callback_fn)(void * , int * , struct bpf_wq * ), unsigned int flags, void *aux__ign)` +`#!c int bpf_wq_set_callback_impl(struct bpf_wq *wq, int (callback_fn)(void * , int * , void * ), unsigned int flags, void *aux__ign)` ## Usage diff --git a/docs/linux/kfuncs/bpf_xdp_flow_lookup.md b/docs/linux/kfuncs/bpf_xdp_flow_lookup.md new file mode 100644 index 00000000..df5add6b --- /dev/null +++ b/docs/linux/kfuncs/bpf_xdp_flow_lookup.md @@ -0,0 +1,190 @@ +--- +title: "KFunc 'bpf_xdp_flow_lookup'" +description: "This page documents the 'bpf_xdp_flow_lookup' eBPF kfunc, including its definition, usage, program types that can use it, and examples." +--- +# KFunc `bpf_xdp_flow_lookup` + + +[:octicons-tag-24: v6.11](https://github.com/torvalds/linux/commit/391bb6594fd3a567efb1cd3efc8136c78c4c9e31) + + +Perform the lookup of a given flow-table entry based on a fib tuple of incoming traffic. + +## Definition + + +`#!c struct flow_offload_tuple_rhash *bpf_xdp_flow_lookup(struct xdp_md *ctx, struct bpf_fib_lookup *fib_tuple, struct bpf_flowtable_opts *opts, u32 opts_len)` + +!!! note + The pointer returned by the kfunc may be NULL. Hence, it forces the user to do a NULL check on the pointer returned + from the kfunc before making use of it (dereferencing or passing to another helper). + + +## Usage + +`bpf_xdp_flow_lookup` can be used as building block to offload in xdp the processing of sw flowtable when hw flowtable is not available. + +See also: [patch set](https://lore.kernel.org/bpf/cover.1719698275.git.lorenzo@kernel.org/) + +### Program types + +The following program types can make use of this kfunc: + + +- [`BPF_PROG_TYPE_XDP`](../program-type/BPF_PROG_TYPE_XDP.md) + + +### Example + +[Source](https://github.com/torvalds/linux/blob/c77e572d3a8c0e21c5dca4cc2883c7cd8cbe981f/tools/testing/selftests/bpf/progs/xdp_flowtable.c) + +```c +// SPDX-License-Identifier: GPL-2.0 +#define BPF_NO_KFUNC_PROTOTYPES +#include +#include +#include + +#define ETH_P_IP 0x0800 +#define ETH_P_IPV6 0x86dd +#define IP_MF 0x2000 /* "More Fragments" */ +#define IP_OFFSET 0x1fff /* "Fragment Offset" */ +#define AF_INET 2 +#define AF_INET6 10 + +struct bpf_flowtable_opts___local { + s32 error; +}; + +struct flow_offload_tuple_rhash * +bpf_xdp_flow_lookup(struct xdp_md *, struct bpf_fib_lookup *, + struct bpf_flowtable_opts___local *, u32) __ksym; + +struct { + __uint(type, BPF_MAP_TYPE_ARRAY); + __type(key, __u32); + __type(value, __u32); + __uint(max_entries, 1); +} stats SEC(".maps"); + +static bool xdp_flowtable_offload_check_iphdr(struct iphdr *iph) +{ + /* ip fragmented traffic */ + if (iph->frag_off & bpf_htons(IP_MF | IP_OFFSET)) + return false; + + /* ip options */ + if (iph->ihl * 4 != sizeof(*iph)) + return false; + + if (iph->ttl <= 1) + return false; + + return true; +} + +static bool xdp_flowtable_offload_check_tcp_state(void *ports, void *data_end, + u8 proto) +{ + if (proto == IPPROTO_TCP) { + struct tcphdr *tcph = ports; + + if (tcph + 1 > data_end) + return false; + + if (tcph->fin || tcph->rst) + return false; + } + + return true; +} + +struct flow_ports___local { + __be16 source, dest; +} __attribute__((preserve_access_index)); + +SEC("xdp.frags") +int xdp_flowtable_do_lookup(struct xdp_md *ctx) +{ + void *data_end = (void *)(long)ctx->data_end; + struct bpf_flowtable_opts___local opts = {}; + struct flow_offload_tuple_rhash *tuplehash; + struct bpf_fib_lookup tuple = { + .ifindex = ctx->ingress_ifindex, + }; + void *data = (void *)(long)ctx->data; + struct ethhdr *eth = data; + struct flow_ports___local *ports; + __u32 *val, key = 0; + + if (eth + 1 > data_end) + return XDP_DROP; + + switch (eth->h_proto) { + case bpf_htons(ETH_P_IP): { + struct iphdr *iph = data + sizeof(*eth); + + ports = (struct flow_ports___local *)(iph + 1); + if (ports + 1 > data_end) + return XDP_PASS; + + /* sanity check on ip header */ + if (!xdp_flowtable_offload_check_iphdr(iph)) + return XDP_PASS; + + if (!xdp_flowtable_offload_check_tcp_state(ports, data_end, + iph->protocol)) + return XDP_PASS; + + tuple.family = AF_INET; + tuple.tos = iph->tos; + tuple.l4_protocol = iph->protocol; + tuple.tot_len = bpf_ntohs(iph->tot_len); + tuple.ipv4_src = iph->saddr; + tuple.ipv4_dst = iph->daddr; + tuple.sport = ports->source; + tuple.dport = ports->dest; + break; + } + case bpf_htons(ETH_P_IPV6): { + struct in6_addr *src = (struct in6_addr *)tuple.ipv6_src; + struct in6_addr *dst = (struct in6_addr *)tuple.ipv6_dst; + struct ipv6hdr *ip6h = data + sizeof(*eth); + + ports = (struct flow_ports___local *)(ip6h + 1); + if (ports + 1 > data_end) + return XDP_PASS; + + if (ip6h->hop_limit <= 1) + return XDP_PASS; + + if (!xdp_flowtable_offload_check_tcp_state(ports, data_end, + ip6h->nexthdr)) + return XDP_PASS; + + tuple.family = AF_INET6; + tuple.l4_protocol = ip6h->nexthdr; + tuple.tot_len = bpf_ntohs(ip6h->payload_len); + *src = ip6h->saddr; + *dst = ip6h->daddr; + tuple.sport = ports->source; + tuple.dport = ports->dest; + break; + } + default: + return XDP_PASS; + } + + tuplehash = bpf_xdp_flow_lookup(ctx, &tuple, &opts, sizeof(opts)); + if (!tuplehash) + return XDP_PASS; + + val = bpf_map_lookup_elem(&stats, &key); + if (val) + __sync_add_and_fetch(val, 1); + + return XDP_PASS; +} + +char _license[] SEC("license") = "GPL"; +``` diff --git a/docs/linux/kfuncs/hid_bpf_attach_prog.md b/docs/linux/kfuncs/hid_bpf_attach_prog.md index cded593f..6565d67f 100644 --- a/docs/linux/kfuncs/hid_bpf_attach_prog.md +++ b/docs/linux/kfuncs/hid_bpf_attach_prog.md @@ -4,12 +4,13 @@ description: "This page documents the 'hid_bpf_attach_prog' eBPF kfunc, includin --- # KFunc `hid_bpf_attach_prog` - -[:octicons-tag-24: v6.3](https://github.com/torvalds/linux/commit/f5c27da4e3c8a2e42fb4f41a0c685debcb9af294) - +[:octicons-tag-24: v6.3](https://github.com/torvalds/linux/commit/f5c27da4e3c8a2e42fb4f41a0c685debcb9af294) - [:octicons-tag-24: v6.11](https://github.com/torvalds/linux/commit/4a86220e046da009bef0948e9f51d1d26d68f93c) Attach the given `prog_fd` to the given HID device +!!! warning + This kfunc has been removed in [:octicons-tag-24: v6.11](https://github.com/torvalds/linux/commit/4a86220e046da009bef0948e9f51d1d26d68f93c) HID eBPF programs are now attached as [`BPF_PROG_TYPE_STRUCT_OPS`](../program-type/BPF_PROG_TYPE_STRUCT_OPS.md). + ## Definition **Parameters** diff --git a/docs/linux/kfuncs/hid_bpf_hw_output_report.md b/docs/linux/kfuncs/hid_bpf_hw_output_report.md new file mode 100644 index 00000000..10f3e822 --- /dev/null +++ b/docs/linux/kfuncs/hid_bpf_hw_output_report.md @@ -0,0 +1,48 @@ +--- +title: "KFunc 'hid_bpf_hw_output_report'" +description: "This page documents the 'hid_bpf_hw_output_report' eBPF kfunc, including its definition, usage, program types that can use it, and examples." +--- +# KFunc `hid_bpf_hw_output_report` + + +[:octicons-tag-24: v6.10](https://github.com/torvalds/linux/commit/5599f80196612efde96dbe6ef18f6ecc0cb4ba19) + + +Send an output report to a HID device + +## Definition + +**Parameters** + +`ctx`: the HID-BPF context previously allocated in `hid_bpf_allocate_context()` + +`buf`: a `PTR_TO_MEM` buffer + +`buf__sz`: the size of the data to transfer + +**Returns** + +Returns the number of bytes transferred on success, a negative error code otherwise. + + +`#!c int hid_bpf_hw_output_report(struct hid_bpf_ctx *ctx, __u8 *buf, size_t buf__sz)` + + +## Usage + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + +### Program types + +The following program types can make use of this kfunc: + + +- [`BPF_PROG_TYPE_SYSCALL`](../program-type/BPF_PROG_TYPE_SYSCALL.md) + + +### Example + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + diff --git a/docs/linux/kfuncs/hid_bpf_input_report.md b/docs/linux/kfuncs/hid_bpf_input_report.md new file mode 100644 index 00000000..56ef2fa2 --- /dev/null +++ b/docs/linux/kfuncs/hid_bpf_input_report.md @@ -0,0 +1,51 @@ +--- +title: "KFunc 'hid_bpf_input_report'" +description: "This page documents the 'hid_bpf_input_report' eBPF kfunc, including its definition, usage, program types that can use it, and examples." +--- +# KFunc `hid_bpf_input_report` + + +[:octicons-tag-24: v6.10](https://github.com/torvalds/linux/commit/9be50ac30a83896a753ab9f64e941763bb7900be) + + +Inject a HID report in the kernel from a HID device + +## Definition + +**Parameters** + +`ctx`: the HID-BPF context previously allocated in `hid_bpf_allocate_context()` + +`type`: the type of the report (`HID_INPUT_REPORT`, `HID_FEATURE_REPORT`, `HID_OUTPUT_REPORT`) + +`buf`: a `PTR_TO_MEM` buffer + +`buf__sz`: the size of the data to transfer + + +**Returns** + +Returns `0` on success, a negative error code otherwise. This function will wait for the device to be available before injecting the event, thus needs to be called in sleepable context. + + +`#!c int hid_bpf_input_report(struct hid_bpf_ctx *ctx, hid_report_type type, u8 *buf, const size_t buf__sz)` + + +## Usage + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + +### Program types + +The following program types can make use of this kfunc: + + +- [`BPF_PROG_TYPE_SYSCALL`](../program-type/BPF_PROG_TYPE_SYSCALL.md) + + +### Example + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + diff --git a/docs/linux/kfuncs/hid_bpf_try_input_report.md b/docs/linux/kfuncs/hid_bpf_try_input_report.md new file mode 100644 index 00000000..78bd1828 --- /dev/null +++ b/docs/linux/kfuncs/hid_bpf_try_input_report.md @@ -0,0 +1,51 @@ +--- +title: "KFunc 'hid_bpf_try_input_report'" +description: "This page documents the 'hid_bpf_try_input_report' eBPF kfunc, including its definition, usage, program types that can use it, and examples." +--- +# KFunc `hid_bpf_try_input_report` + + +[:octicons-tag-24: v6.11](https://github.com/torvalds/linux/commit/9acbb7ba4589d4715141d4e14230a828ddc95f3d) + + +Inject a HID report in the kernel from a HID device + +## Definition + +**Parameters** + +`ctx`: the HID-BPF context previously allocated in `hid_bpf_allocate_context()` + +`type`: the type of the report (`HID_INPUT_REPORT`, `HID_FEATURE_REPORT`, `HID_OUTPUT_REPORT`) + +`buf`: a `PTR_TO_MEM` buffer + +`buf__sz`: the size of the data to transfer + +**Returns** + +Returns `0` on success, a negative error code otherwise. This function will immediately fail if the device is not available, thus can be safely used in IRQ context. + + +`#!c int hid_bpf_try_input_report(struct hid_bpf_ctx *ctx, hid_report_type type, u8 *buf, const size_t buf__sz)` + + +## Usage + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + +### Program types + +The following program types can make use of this kfunc: + + +- [`BPF_PROG_TYPE_LSM`](../program-type/BPF_PROG_TYPE_LSM.md) +- [`BPF_PROG_TYPE_TRACING`](../program-type/BPF_PROG_TYPE_TRACING.md) + + +### Example + +!!! example "Docs could be improved" + This part of the docs is incomplete, contributions are very welcome + diff --git a/docs/linux/kfuncs/index.md b/docs/linux/kfuncs/index.md index 68115cb9..f7051600 100644 --- a/docs/linux/kfuncs/index.md +++ b/docs/linux/kfuncs/index.md @@ -163,6 +163,12 @@ These kfuncs allow you to take a reference to a cGroup and store them as kptrs i - [`bpf_iter_task_next`](bpf_iter_task_next.md) - [`bpf_iter_task_destroy`](bpf_iter_task_destroy.md) +## Kfuncs for bits + +- [`bpf_iter_bits_new`](bpf_iter_bits_new.md) +- [`bpf_iter_bits_next`](bpf_iter_bits_next.md) +- [`bpf_iter_bits_destroy`](bpf_iter_bits_destroy.md) + ## Kfuncs for dynamic pointers - [`bpf_dynptr_adjust`](bpf_dynptr_adjust.md) @@ -254,6 +260,10 @@ These kfuncs allow you to take a reference to a cGroup and store them as kptrs i - [`bpf_skb_set_fou_encap`](bpf_skb_set_fou_encap.md) - [`bpf_skb_get_fou_encap`](bpf_skb_get_fou_encap.md) +## SYNCookie KFuncs + +- [`bpf_sk_assign_tcp_reqsk`](bpf_sk_assign_tcp_reqsk.md) + ## Connection tracking KFuncs - [`bpf_ct_set_nat_info`](bpf_ct_set_nat_info.md) @@ -268,6 +278,10 @@ These kfuncs allow you to take a reference to a cGroup and store them as kptrs i - [`bpf_ct_set_status`](bpf_ct_set_status.md) - [`bpf_ct_change_status`](bpf_ct_change_status.md) +## XDP KFuncs + +- [`bpf_xdp_flow_lookup`](bpf_xdp_flow_lookup.md) + ## XFRM KFuncs - [`bpf_skb_get_xfrm_info`](bpf_skb_get_xfrm_info.md) @@ -282,6 +296,9 @@ These kfuncs allow you to take a reference to a cGroup and store them as kptrs i - [`hid_bpf_allocate_context`](hid_bpf_allocate_context.md) - [`hid_bpf_release_context`](hid_bpf_release_context.md) - [`hid_bpf_hw_request`](hid_bpf_hw_request.md) +- [`hid_bpf_hw_output_report`](hid_bpf_hw_output_report.md) +- [`hid_bpf_input_report`](hid_bpf_input_report.md) +- [`hid_bpf_try_input_report`](hid_bpf_try_input_report.md) ## KProbe session Kfuncs - [`bpf_session_cookie`](bpf_session_cookie.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_CGROUP_SKB.md b/docs/linux/program-type/BPF_PROG_TYPE_CGROUP_SKB.md index 51804635..2b631aaf 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_CGROUP_SKB.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_CGROUP_SKB.md @@ -341,6 +341,9 @@ char _license[] SEC("license") = "GPL"; - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_CGROUP_SOCK_ADDR.md b/docs/linux/program-type/BPF_PROG_TYPE_CGROUP_SOCK_ADDR.md index 79b842af..8ccfd7cf 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_CGROUP_SOCK_ADDR.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_CGROUP_SOCK_ADDR.md @@ -424,6 +424,9 @@ cGroup socket buffer programs are attached to cGroups via the [`BPF_PROG_ATTACH` - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_LSM.md b/docs/linux/program-type/BPF_PROG_TYPE_LSM.md index 6bf22261..74aeb116 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_LSM.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_LSM.md @@ -226,6 +226,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) - [`bpf_get_file_xattr`](../kfuncs/bpf_get_file_xattr.md) - [`bpf_get_fsverity_digest`](../kfuncs/bpf_get_fsverity_digest.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) @@ -271,6 +274,12 @@ Not all helper functions are available in all program types. These are the helpe - [`cgroup_rstat_flush`](../kfuncs/cgroup_rstat_flush.md) - [`cgroup_rstat_updated`](../kfuncs/cgroup_rstat_updated.md) - [`crash_kexec`](../kfuncs/crash_kexec.md) + - [`hid_bpf_allocate_context`](../kfuncs/hid_bpf_allocate_context.md) - [`hid_bpf_get_data`](../kfuncs/hid_bpf_get_data.md) + - [`hid_bpf_hw_output_report`](../kfuncs/hid_bpf_hw_output_report.md) + - [`hid_bpf_hw_request`](../kfuncs/hid_bpf_hw_request.md) + - [`hid_bpf_input_report`](../kfuncs/hid_bpf_input_report.md) + - [`hid_bpf_release_context`](../kfuncs/hid_bpf_release_context.md) + - [`hid_bpf_try_input_report`](../kfuncs/hid_bpf_try_input_report.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_LWT_IN.md b/docs/linux/program-type/BPF_PROG_TYPE_LWT_IN.md index 856c6cc7..b132fcb1 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_LWT_IN.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_LWT_IN.md @@ -233,6 +233,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_LWT_OUT.md b/docs/linux/program-type/BPF_PROG_TYPE_LWT_OUT.md index 59e2ebcf..60acdb53 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_LWT_OUT.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_LWT_OUT.md @@ -230,6 +230,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_LWT_XMIT.md b/docs/linux/program-type/BPF_PROG_TYPE_LWT_XMIT.md index af5257aa..757db9e2 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_LWT_XMIT.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_LWT_XMIT.md @@ -183,6 +183,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_NETFILTER.md b/docs/linux/program-type/BPF_PROG_TYPE_NETFILTER.md index 46ce5a70..49343b4c 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_NETFILTER.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_NETFILTER.md @@ -250,6 +250,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_SCHED_CLS.md b/docs/linux/program-type/BPF_PROG_TYPE_SCHED_CLS.md index e416118f..85a2bd49 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_SCHED_CLS.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_SCHED_CLS.md @@ -249,6 +249,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) @@ -282,6 +285,7 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_rcu_read_unlock`](../kfuncs/bpf_rcu_read_unlock.md) - [`bpf_rdonly_cast`](../kfuncs/bpf_rdonly_cast.md) - [`bpf_refcount_acquire_impl`](../kfuncs/bpf_refcount_acquire_impl.md) + - [`bpf_sk_assign_tcp_reqsk`](../kfuncs/bpf_sk_assign_tcp_reqsk.md) - [`bpf_skb_ct_alloc`](../kfuncs/bpf_skb_ct_alloc.md) - [`bpf_skb_ct_lookup`](../kfuncs/bpf_skb_ct_lookup.md) - [`bpf_skb_get_fou_encap`](../kfuncs/bpf_skb_get_fou_encap.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_SK_SKB.md b/docs/linux/program-type/BPF_PROG_TYPE_SK_SKB.md index 1968b5da..68a173be 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_SK_SKB.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_SK_SKB.md @@ -270,6 +270,9 @@ out: - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_SOCKET_FILTER.md b/docs/linux/program-type/BPF_PROG_TYPE_SOCKET_FILTER.md index 34b094b7..e5d67bc0 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_SOCKET_FILTER.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_SOCKET_FILTER.md @@ -149,6 +149,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_STRUCT_OPS.md b/docs/linux/program-type/BPF_PROG_TYPE_STRUCT_OPS.md index 6d48024d..f36cc039 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_STRUCT_OPS.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_STRUCT_OPS.md @@ -394,6 +394,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_SYSCALL.md b/docs/linux/program-type/BPF_PROG_TYPE_SYSCALL.md index a55bfc07..493cc7d6 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_SYSCALL.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_SYSCALL.md @@ -201,6 +201,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) @@ -227,6 +230,8 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_wq_start`](../kfuncs/bpf_wq_start.md) - [`hid_bpf_allocate_context`](../kfuncs/hid_bpf_allocate_context.md) - [`hid_bpf_attach_prog`](../kfuncs/hid_bpf_attach_prog.md) + - [`hid_bpf_hw_output_report`](../kfuncs/hid_bpf_hw_output_report.md) - [`hid_bpf_hw_request`](../kfuncs/hid_bpf_hw_request.md) + - [`hid_bpf_input_report`](../kfuncs/hid_bpf_input_report.md) - [`hid_bpf_release_context`](../kfuncs/hid_bpf_release_context.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_TRACING.md b/docs/linux/program-type/BPF_PROG_TYPE_TRACING.md index 6b54c177..cf379c26 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_TRACING.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_TRACING.md @@ -531,6 +531,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) @@ -581,5 +584,11 @@ Not all helper functions are available in all program types. These are the helpe - [`cgroup_rstat_flush`](../kfuncs/cgroup_rstat_flush.md) - [`cgroup_rstat_updated`](../kfuncs/cgroup_rstat_updated.md) - [`crash_kexec`](../kfuncs/crash_kexec.md) + - [`hid_bpf_allocate_context`](../kfuncs/hid_bpf_allocate_context.md) - [`hid_bpf_get_data`](../kfuncs/hid_bpf_get_data.md) + - [`hid_bpf_hw_output_report`](../kfuncs/hid_bpf_hw_output_report.md) + - [`hid_bpf_hw_request`](../kfuncs/hid_bpf_hw_request.md) + - [`hid_bpf_input_report`](../kfuncs/hid_bpf_input_report.md) + - [`hid_bpf_release_context`](../kfuncs/hid_bpf_release_context.md) + - [`hid_bpf_try_input_report`](../kfuncs/hid_bpf_try_input_report.md) diff --git a/docs/linux/program-type/BPF_PROG_TYPE_XDP.md b/docs/linux/program-type/BPF_PROG_TYPE_XDP.md index 9fc2dad1..dce2fce2 100644 --- a/docs/linux/program-type/BPF_PROG_TYPE_XDP.md +++ b/docs/linux/program-type/BPF_PROG_TYPE_XDP.md @@ -440,6 +440,9 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_dynptr_size`](../kfuncs/bpf_dynptr_size.md) - [`bpf_dynptr_slice`](../kfuncs/bpf_dynptr_slice.md) - [`bpf_dynptr_slice_rdwr`](../kfuncs/bpf_dynptr_slice_rdwr.md) + - [`bpf_iter_bits_destroy`](../kfuncs/bpf_iter_bits_destroy.md) + - [`bpf_iter_bits_new`](../kfuncs/bpf_iter_bits_new.md) + - [`bpf_iter_bits_next`](../kfuncs/bpf_iter_bits_next.md) - [`bpf_iter_css_destroy`](../kfuncs/bpf_iter_css_destroy.md) - [`bpf_iter_css_new`](../kfuncs/bpf_iter_css_new.md) - [`bpf_iter_css_next`](../kfuncs/bpf_iter_css_next.md) @@ -486,6 +489,7 @@ Not all helper functions are available in all program types. These are the helpe - [`bpf_wq_start`](../kfuncs/bpf_wq_start.md) - [`bpf_xdp_ct_alloc`](../kfuncs/bpf_xdp_ct_alloc.md) - [`bpf_xdp_ct_lookup`](../kfuncs/bpf_xdp_ct_lookup.md) + - [`bpf_xdp_flow_lookup`](../kfuncs/bpf_xdp_flow_lookup.md) - [`bpf_xdp_metadata_rx_hash`](../kfuncs/bpf_xdp_metadata_rx_hash.md) - [`bpf_xdp_metadata_rx_timestamp`](../kfuncs/bpf_xdp_metadata_rx_timestamp.md) - [`bpf_xdp_metadata_rx_vlan_tag`](../kfuncs/bpf_xdp_metadata_rx_vlan_tag.md) diff --git a/go.mod b/go.mod index 11d1858b..59e736c8 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module ebpf.io/docs go 1.22 require ( - github.com/cilium/ebpf v0.12.3 + github.com/cilium/ebpf v0.16.1-0.20240926143702-66cfe6188980 golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 golang.org/x/net v0.27.0 gopkg.in/yaml.v3 v3.0.1 diff --git a/go.sum b/go.sum index cd7beb30..9eeaf1a9 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,9 @@ github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4= github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM= +github.com/cilium/ebpf v0.16.1-0.20240926135643-1c26ad85bc7a h1:u0SVDXRa3qvmZz/ANZtDORZjog6qQWAQgQe9gC64aag= +github.com/cilium/ebpf v0.16.1-0.20240926135643-1c26ad85bc7a/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE= +github.com/cilium/ebpf v0.16.1-0.20240926143702-66cfe6188980 h1:p17c8JC8cegCCuvlIe2jK1O9niXzygXwAx2jPooI6hE= +github.com/cilium/ebpf v0.16.1-0.20240926143702-66cfe6188980/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE= github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= diff --git a/tools/kfunc-gen/main.go b/tools/kfunc-gen/main.go index fae55906..48eba271 100644 --- a/tools/kfunc-gen/main.go +++ b/tools/kfunc-gen/main.go @@ -39,6 +39,21 @@ const ( progKfuncRefEnd = `` ) +// List of kfuncs which only exists for the selftests, and are not actually supposed to be used +var testKfuncs = []string{ + "bpf_fentry_test1", + "bpf_modify_return_test", + "bpf_modify_return_test2", + "bpf_modify_return_test_tp", + "bpf_kfunc_call_memb_release", + "bpf_kfunc_call_test_release", +} + +// List of kfuncs which are known to have been removed +var removeKfuncs = []string{ + "hid_bpf_attach_prog", +} + func main() { flag.Parse() @@ -54,13 +69,62 @@ func main() { panic(err) } + var allDataKfuncs []kfunc + for _, set := range kfuncsConfig.Sets { + allDataKfuncs = append(allDataKfuncs, set.Funcs...) + } + spec, err := btf.LoadSpec(*projectroot + "/tools/kfunc-gen/vmlinux") if err != nil { panic(err) } + throw := false + + var allBTFKfuncs []*btf.Func + iter := spec.Iterate() + for iter.Next() { + switch t := (iter.Type).(type) { + case *btf.Func: + if slices.Contains(t.Tags, "bpf_kfunc") { + // Ignore test functions + if slices.Contains(testKfuncs, t.Name) { + continue + } + + allBTFKfuncs = append(allBTFKfuncs, t) + if !slices.ContainsFunc(allDataKfuncs, func(k kfunc) bool { + return k.Name == t.Name + }) { + fmt.Printf("Missing kfunc in data file: '%s', possibly newly added\n", t.Name) + throw = true + } + } + } + } + for _, k := range allDataKfuncs { + if slices.Contains(removeKfuncs, k.Name) { + continue + } + + if !slices.ContainsFunc(allBTFKfuncs, func(f *btf.Func) bool { + return f.Name == k.Name + }) { + fmt.Printf("Missing kfunc in BTF: '%s', possibly deleted from kernel\n", k.Name) + throw = true + } + } + + if throw { + os.Exit(1) + } + for _, set := range kfuncsConfig.Sets { for _, kfunc := range set.Funcs { + if slices.Contains(removeKfuncs, kfunc.Name) { + continue + } + file, err := os.OpenFile(*projectroot+"/docs/linux/kfuncs/"+kfunc.Name+".md", os.O_RDWR, 0644) if err != nil { panic(err) diff --git a/tools/kfunc-gen/vmlinux b/tools/kfunc-gen/vmlinux index a5700564..14aea8c8 100644 Binary files a/tools/kfunc-gen/vmlinux and b/tools/kfunc-gen/vmlinux differ diff --git a/tools/kfunc-gen/vmlinux-update.md b/tools/kfunc-gen/vmlinux-update.md index b806d27d..3d204e46 100644 --- a/tools/kfunc-gen/vmlinux-update.md +++ b/tools/kfunc-gen/vmlinux-update.md @@ -5,19 +5,21 @@ The current VMLinux blob is created from the v6.10-RC2 tag of the Linux kernel. 1. Clone cilium/ci-kernels 2. Patch `config` with the following values (To compile in all Kfuncs defined in the kernel (so far)): ``` - # CONFIG_HID=y - # CONFIG_HID_BPF=y - # CONFIG_NET_FOU=y - # CONFIG_TCP_CONG_BBR=y - # CONFIG_TCP_CONG_DCTCP=y - # CONFIG_XFRM=y - # CONFIG_XFRM_INTERFACE=y - # CONFIG_FS_VERITY=y - # CONFIG_MODULE_SIG=y - # CONFIG_MODULE_SIG_FORMAT=y - # CONFIG_SYSTEM_DATA_VERIFICATION=y - # CONFIG_FPROBE=y - # CONFIG_CRYPTO=y + CONFIG_HID=y + CONFIG_HID_BPF=y + CONFIG_TCP_CONG_BBR=y + CONFIG_TCP_CONG_DCTCP=y + CONFIG_XFRM=y + CONFIG_XFRM_INTERFACE=y + CONFIG_FS_VERITY=y + CONFIG_MODULE_SIG=y + CONFIG_MODULE_SIG_FORMAT=y + CONFIG_SYSTEM_DATA_VERIFICATION=y + CONFIG_CRYPTO=y + CONFIG_NF_TABLES=y + CONFIG_NF_FLOW_TABLE=y + CONFIG_MMU=y + CONFIG_64BIT=y ``` 3. Run `./buildx.sh {latest tag} amd64 vmlinux --tag foo:vmlinux` 4. Run `echo "FROM foo:vmlinux" | "$docker" buildx build --quiet --output="$tmp" - &> /dev/null` diff --git a/tools/version-finder/patterns.yaml b/tools/version-finder/patterns.yaml index a30ad584..df298fb2 100644 --- a/tools/version-finder/patterns.yaml +++ b/tools/version-finder/patterns.yaml @@ -729,3 +729,10 @@ patterns: - name: bpf_session_cookie - name: bpf_arena_alloc_pages - name: bpf_arena_free_pages + - name: bpf_iter_bits_destroy + - name: bpf_iter_bits_new + - name: bpf_iter_bits_next + - name: bpf_xdp_flow_lookup + - name: hid_bpf_hw_output_report + - name: hid_bpf_input_report + - name: hid_bpf_try_input_report