Functions
Link-related functions
int	bpf_link_detach (int link_fd)
	Detach a link. More...

int	bpf_link_get_fd_by_id (__u32 id)
	Get a file descriptor referring to a link with a given ID. More...

int	bpf_link_get_next_id (__u32 start_id, __u32 *next_id)
	Look for the next link ID greater than a given ID. More...

Map-related functions
int	bpf_map_create (enum bpf_map_type map_type, const char map_name, __u32 key_size, __u32 value_size, __u32 max_entries, const struct bpf_map_create_opts opts)
	Create a new map. More...

int	bpf_map_delete_elem (int fd, const void *key)
	Look up and delete an element by key in a specified map. More...

int	bpf_map_get_fd_by_id (__u32 id)
	Get a file descriptor referring to a map with a given ID. More...

int	bpf_map_get_next_id (__u32 start_id, __u32 *next_id)
	Look for the next map ID greater than a given ID. More...

int	bpf_map_get_next_key (int fd, const void key, void next_key)
	Look up an element by key in a map and get the next key. If the specific key is not found, the first key in the map is passed back. More...

int	bpf_map_lookup_elem (int fd, const void key, void value)
	Look up an element by key in a specified map and return its value. More...

int	bpf_map_update_elem (int fd, const void key, const void value, __u64 flags)
	Create or update an element (key/value pair) in a specified map. More...

int	bpf_map_lookup_batch (int fd, void in_batch, void out_batch, void keys, void values, __u32 count, const struct bpf_map_batch_opts opts)
	bpf_map_lookup_batch() allows for batch lookup of BPF map elements. More...

int	bpf_map_lookup_and_delete_batch (int fd, void in_batch, void out_batch, void keys, void values, __u32 count, const struct bpf_map_batch_opts opts)
	bpf_map_lookup_and_delete_batch() allows for batch lookup and deletion of BPF map elements where each element is deleted after being retrieved. More...

int	bpf_map_update_batch (int fd, const void keys, const void values, __u32 count, const struct bpf_map_batch_opts opts)
	bpf_map_update_batch() updates multiple elements in a map by specifying keys and their corresponding values. More...

int	bpf_map_delete_batch (int fd, const void keys, __u32 count, const struct bpf_map_batch_opts *opts)
	bpf_map_delete_batch() allows for batch deletion of multiple elements in a BPF map. More...

Object-related functions
int	bpf_obj_get (const char *pathname)
	Get a file descriptor for a pinned object by pin path. More...

int	bpf_obj_get_info_by_fd (int bpf_fd, void info, __u32 info_len)
	Obtain information about the eBPF object referred to by bpf_fd. This function populates up to info_len bytes of info, which will be in one of the following formats depending on the eBPF object type of bpf_fd: More...

int	bpf_obj_pin (int fd, const char *pathname)
	Pin an eBPF program or map referred to by fd to the provided pathname. More...

Program-related functions
int	bpf_prog_bind_map (int prog_fd, int map_fd, const struct bpf_prog_bind_opts *opts)
	Bind a map to a program so that it holds a reference on the map. More...

int	bpf_prog_get_fd_by_id (__u32 id)
	Get a file descriptor referring to a program with a given ID. More...

int	bpf_prog_get_next_id (__u32 start_id, __u32 *next_id)
	Look for the next program ID greater than a given ID. More...

int	bpf_prog_load (enum bpf_prog_type prog_type, const char prog_name, const char license, const struct bpf_insn insns, size_t insn_cnt, const struct bpf_prog_load_opts opts)
	Load (but do not attach) an eBPF programs. More...

Function Documentation

◆ bpf_link_detach()

int bpf_link_detach ( int link_fd )

Detach a link.

Parameters

[in] link_fd File descriptor of link to detach.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

Exceptions

EBADF The file descriptor was not found.

See also: bpf_link__destroy; bpf_link__disconnect

◆ bpf_link_get_fd_by_id()

int bpf_link_get_fd_by_id ( __u32 id )

Get a file descriptor referring to a link with a given ID.

Parameters

[in] id ID of link to find.

Returns: A new file descriptor that refers to the link. The caller should call _close() on the fd to close this when done. A negative value indicates an error occurred and errno was set.

Exceptions

ENOENT No link with the specified ID was found.

◆ bpf_link_get_next_id()

int bpf_link_get_next_id	(	__u32	start_id,
		__u32 *	next_id
	)

Look for the next link ID greater than a given ID.

Parameters

[in]	start_id	ID to look for an ID after. The start_id need not exist.
[out]	next_id	Pointer to where to write the next ID.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

Exceptions

ENOENT No more IDs found.

◆ bpf_map_create()

int bpf_map_create	(	enum bpf_map_type	map_type,
		const char *	map_name,
		__u32	key_size,
		__u32	value_size,
		__u32	max_entries,
		const struct bpf_map_create_opts *	opts
	)

Create a new map.

Parameters

[in]	map_type	Type of outer map to create.
[in]	map_name	Optionally, the name to use for the map.
[in]	key_size	Size in bytes of keys.
[in]	value_size	Size in bytes of values.
[in]	max_entries	Maximum number of entries in the map.
[in]	opts	Structure of options using which a map gets created.

Returns: A new file descriptor that refers to the map. The caller should call _close() on the fd to close this when done. A negative value indicates an error occurred and errno was set.

Exceptions

EINVAL	An invalid argument was provided.
ENOMEM	Out of memory.

◆ bpf_map_delete_batch()

int bpf_map_delete_batch	(	int	fd,
		const void *	keys,
		__u32 *	count,
		const struct bpf_map_batch_opts *	opts
	)

bpf_map_delete_batch() allows for batch deletion of multiple elements in a BPF map.

Parameters

[in]	fd	BPF map file descriptor.
[in]	keys	pointer to an array of count keys.
[in,out]	count	input and output parameter; on input count represents the number of elements in the map to delete in batch.
[in]	opts	options for configuring the way the batch deletion works.

Return values

0	The operation was successful.
EINVAL	An invalid argument was provided.
ENOENT	The key was not found.

◆ bpf_map_delete_elem()

int bpf_map_delete_elem	(	int	fd,
		const void *	key
	)

Look up and delete an element by key in a specified map.

Parameters

[in]	fd	File descriptor of map to update.
[in]	key	Pointer to key to look up.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

Exceptions

EINVAL	An invalid argument was provided.
EBADF	The file descriptor was not found.
ENOMEM	Out of memory.

◆ bpf_map_get_fd_by_id()

int bpf_map_get_fd_by_id ( __u32 id )

Get a file descriptor referring to a map with a given ID.

Parameters

[in] id ID of map to find.

Returns: A new file descriptor that refers to the map. The caller should call _close() on the fd to close this when done. A negative value indicates an error occurred and errno was set.

Exceptions

ENOENT No map with the specified ID was found.

◆ bpf_map_get_next_id()

int bpf_map_get_next_id	(	__u32	start_id,
		__u32 *	next_id
	)

Look for the next map ID greater than a given ID.

Parameters

[in]	start_id	ID to look for an ID after. The start_id need not exist.
[out]	next_id	Pointer to where to write the next ID.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

Exceptions

ENOENT No more IDs found.

◆ bpf_map_get_next_key()

int bpf_map_get_next_key	(	int	fd,
		const void *	key,
		void *	next_key
	)

Look up an element by key in a map and get the next key. If the specific key is not found, the first key in the map is passed back.

Parameters

[in]	fd	File descriptor of map.
[in]	key	Pointer to key to look up.
[out]	next_key	Pointer to memory in which to write the next key.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

Exceptions

EINVAL	An invalid argument was provided.
EBADF	The file descriptor was not found.
ENOMEM	Out of memory.

◆ bpf_map_lookup_and_delete_batch()

int bpf_map_lookup_and_delete_batch	(	int	fd,
		void *	in_batch,
		void *	out_batch,
		void *	keys,
		void *	values,
		__u32 *	count,
		const struct bpf_map_batch_opts *	opts
	)

bpf_map_lookup_and_delete_batch() allows for batch lookup and deletion of BPF map elements where each element is deleted after being retrieved.

Parameters

[in]	fd	BPF map file descriptor.
[in]	in_batch	address of the first element in batch to read, can pass NULL to get address of the first element in out_batch. If not NULL, must be large enough to hold a key. For BPF_MAP_TYPE_{HASH, PERCPU_HASH, LRU_HASH, LRU_PERCPU_HASH}, the memory size must be at least 4 bytes wide regardless of key size.
[out]	out_batch	output parameter that should be passed to next call as in_batch.
[out]	keys	pointer to an array of count keys.
[out]	values	pointer to an array of count values.For per-CPU maps, the size of the array should be at least count * value_size * number of logical CPUs. In case of per-CPU maps, the value_size is rounded up to the nearest multiple of 8 bytes.
[in,out]	count	input and output parameter; on input it's the number of elements in the map to read and delete in batch; on output it represents the number of elements that were successfully read and deleted.
	opts	options for configuring the way the batch lookup and delete works.

Return values

0	The operation was successful.
EINVAL	An invalid argument was provided.
ENOENT	No more entries found, or the key-value pair was not found.

◆ bpf_map_lookup_batch()

int bpf_map_lookup_batch	(	int	fd,
		void *	in_batch,
		void *	out_batch,
		void *	keys,
		void *	values,
		__u32 *	count,
		const struct bpf_map_batch_opts *	opts
	)

bpf_map_lookup_batch() allows for batch lookup of BPF map elements.

The parameter in_batch is the address of the first element in the batch to read. out_batch is an output parameter that should be passed as in_batch to subsequent calls to bpf_map_lookup_batch(). NULL can be passed for in_batch to indicate that the batched lookup starts from the beginning of the map. Both in_batch and out_batch must point to memory large enough to hold a single key, except for maps of type BPF_MAP_TYPE_{HASH, PERCPU_HASH, LRU_HASH, LRU_PERCPU_HASH}, for which the memory size must be atleast 4 bytes wide regardless of key size.

The keys and values are output parameters which must point to memory large enough to hold count items based on the key and value size of the map map_fd. The keys buffer must be of key_size * count. The values buffer must be of value_size * count.

Parameters

[in]	fd	BPF map file descriptor.
[in]	in_batch	address of the first element in batch to read, can pass NULL to indicate that the batched lookup starts from the beginning of the map.
[out]	out_batch	output parameter that should be passed to next call as in_batch.
[out]	keys	pointer to an array large enough for count keys.
[out]	values	pointer to an array large enough for count values. For per-CPU maps, the size of the array should be at least count * value_size * number of logical CPUs. In case of per-CPU maps, the value_size is rounded up to the nearest multiple of 8 bytes.
[in,out]	count	input and output parameter; on input it's the number of elements in the map to read in batch; on output it's the number of elements that were successfully read.
[in]	opts	options for configuring the way the batch lookup works.

Return values

0	The operation was successful.
EINVAL	An invalid argument was provided.
ENOENT	No more entries found, or the key was not found.

◆ bpf_map_lookup_elem()

int bpf_map_lookup_elem	(	int	fd,
		const void *	key,
		void *	value
	)

Look up an element by key in a specified map and return its value.

Parameters

[in]	fd	File descriptor of map.
[in]	key	Pointer to key to look up.
[out]	value	Pointer to memory in which to write the value.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

Exceptions

EINVAL	An invalid argument was provided.
EBADF	The file descriptor was not found.
ENOMEM	Out of memory.

◆ bpf_map_update_batch()

int bpf_map_update_batch	(	int	fd,
		const void *	keys,
		const void *	values,
		__u32 *	count,
		const struct bpf_map_batch_opts *	opts
	)

bpf_map_update_batch() updates multiple elements in a map by specifying keys and their corresponding values.

The keys and values parameters must point to memory large enough to hold count items based on the key and value size of the map.

The opts parameter can be used to control how bpf_map_update_batch() should handle keys that either do or do not already exist in the map. In particular the flags parameter of bpf_map_batch_opts can be one of the following:

Note that count is an input and output parameter, where on output it represents how many elements were successfully updated.

BPF_ANY Create new elements or update existing.

BPF_NOEXIST Create new elements only if they do not exist.

BPF_EXIST Update existing elements.

Parameters

[in]	fd	BPF map file descriptor.
[in]	keys	pointer to an array of count keys.
[in]	values	pointer to an array of count values. For per-CPU maps, the size of the array should be at least count * value_size * number of logical CPUs. In case of per-CPU maps, the value_size is rounded up to the nearest multiple of 8 bytes.
[in,out]	count	input and output parameter; on input it's the number of elements in the map to update in batch; count represents the number of updated elements if the output count value is not equal to the input count value.
[in]	opts	options for configuring the way the batch update works.

Return values

0	The operation was successful.
EINVAL	An invalid argument was provided.
ENOMEM	Out of memory.

◆ bpf_map_update_elem()

int bpf_map_update_elem	(	int	fd,
		const void *	key,
		const void *	value,
		__u64	flags
	)

Create or update an element (key/value pair) in a specified map.

Parameters

[in]	fd	File descriptor of map.
[in]	key	Pointer to key.
[in]	value	Pointer to value.
[in]	flags	Flags (currently 0).

Exceptions

EINVAL	An invalid argument was provided.
EBADF	The file descriptor was not found.
ENOMEM	Out of memory.

◆ bpf_obj_get()

int bpf_obj_get ( const char * pathname )

Get a file descriptor for a pinned object by pin path.

Parameters

[in] pathname Pin path for the object.

Returns: A new file descriptor for the pinned object. The caller should call _close() on the fd to close this when done. A negative value indicates an error occurred and errno was set.

◆ bpf_obj_get_info_by_fd()

int bpf_obj_get_info_by_fd	(	int	bpf_fd,
		void *	info,
		__u32 *	info_len
	)

Obtain information about the eBPF object referred to by bpf_fd. This function populates up to info_len bytes of info, which will be in one of the following formats depending on the eBPF object type of bpf_fd:

Parameters

[in]	bpf_fd	File descriptor referring to an eBPF object.
[out]	info	Pointer to memory in which to write the info obtained.
[in,out]	info_len	On input, contains the maximum number of bytes to write into the info. On output, contains the actual number of bytes written.

Return values

0	The operation was successful.
-EFAULT	A pointer passed in the input info was invalid.
<0	An error occured, and errno was set.

◆ bpf_obj_pin()

int bpf_obj_pin	(	int	fd,
		const char *	pathname
	)

Pin an eBPF program or map referred to by fd to the provided pathname.

Parameters

[in]	fd	File descriptor referring to the program or map to pin.
[in]	pathname	Path name to pin the object to.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

◆ bpf_prog_bind_map()

int bpf_prog_bind_map	(	int	prog_fd,
		int	map_fd,
		const struct bpf_prog_bind_opts *	opts
	)

Bind a map to a program so that it holds a reference on the map.

Parameters

[in]	prog_fd	File descriptor of program to bind map to.
[in]	map_fd	File descriptor of map to bind.
[in]	opts	Optional set of options affecting the bind operation.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

◆ bpf_prog_get_fd_by_id()

int bpf_prog_get_fd_by_id ( __u32 id )

Get a file descriptor referring to a program with a given ID.

Parameters

[in] id ID of program to find.

Returns: A new file descriptor that refers to the program. The caller should call _close() on the fd to close this when done. A negative value indicates an error occurred and errno was set.

Exceptions

ENOENT No program with the specified ID was found.

◆ bpf_prog_get_next_id()

int bpf_prog_get_next_id	(	__u32	start_id,
		__u32 *	next_id
	)

Look for the next program ID greater than a given ID.

Parameters

[in]	start_id	ID to look for an ID after. The start_id need not exist.
[out]	next_id	Pointer to where to write the next ID.

Return values

0	The operation was successful.
<0	An error occured, and errno was set.

Exceptions

ENOENT No more IDs found.

◆ bpf_prog_load()

int bpf_prog_load	(	enum bpf_prog_type	prog_type,
		const char *	prog_name,
		const char *	license,
		const struct bpf_insn *	insns,
		size_t	insn_cnt,
		const struct bpf_prog_load_opts *	opts
	)

Load (but do not attach) an eBPF programs.

Parameters

[in]	prog_type	Program type to use for loading eBPF programs.
[in]	prog_name	Program name.
[in]	license	License string (unused).
[in]	insns	Array of eBPF instructions.
[in]	insn_cnt	Count of instructions in the array.
[in]	opts	Additional options, or NULL to use default options.

Returns: A new file descriptor that refers to the program. The caller should call _close() on the fd to close this when done. A negative value indicates an error occurred and errno was set.

Exceptions

EACCES	The program failed verification.
EINVAL	One or more parameters are incorrect.
ENOMEM	Out of memory.

See also: bpf_load_program; bpf_load_program_xattr; bpf_object__close; bpf_program__attach

Functions

Function Documentation

◆ bpf_link_detach()

◆ bpf_link_get_fd_by_id()

◆ bpf_link_get_next_id()

◆ bpf_map_create()

◆ bpf_map_delete_batch()

◆ bpf_map_delete_elem()

◆ bpf_map_get_fd_by_id()

◆ bpf_map_get_next_id()

◆ bpf_map_get_next_key()

◆ bpf_map_lookup_and_delete_batch()

◆ bpf_map_lookup_batch()

◆ bpf_map_lookup_elem()

◆ bpf_map_update_batch()

◆ bpf_map_update_elem()

◆ bpf_obj_get()

◆ bpf_obj_get_info_by_fd()

◆ bpf_obj_pin()

◆ bpf_prog_bind_map()

◆ bpf_prog_get_fd_by_id()

◆ bpf_prog_get_next_id()

◆ bpf_prog_load()