#include <stdint.h>

Data Structures
struct	xdp_md

struct	_bind_md

struct	bpf_sock_addr
	Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type. More...

struct	_bpf_sock_ops

Macros
#define	XDP_EXT_HELPER_FN_BASE 0xFFFF

#define	BPF_SOCK_ADDR_VERDICT_REJECT 0

#define	BPF_SOCK_ADDR_VERDICT_PROCEED 1

#define	SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF

Typedefs
typedef struct xdp_md	xdp_md_t

typedef enum _xdp_action	xdp_action_t

typedef xdp_action_t	xdp_hook_t(xdp_md_t *context)
	Handle an incoming packet as early as possible. More...

typedef enum _bind_operation	bind_operation_t

typedef struct _bind_md	bind_md_t

typedef enum _bind_action	bind_action_t

typedef bind_action_t	bind_hook_t(bind_md_t *context)
	Handle an AF_INET socket bind() request. More...

typedef struct bpf_sock_addr	bpf_sock_addr_t
	Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type. More...

typedef int	sock_addr_hook_t(bpf_sock_addr_t *context)
	Handle socket operation. Currently supports ingress/egress connection initialization. More...

typedef enum _bpf_sock_op_type	bpf_sock_op_type_t

typedef struct _bpf_sock_ops	bpf_sock_ops_t

typedef int	sock_ops_hook_t(bpf_sock_ops_t *context)
	Handle socket event notification. Currently notifies ingress/egress connection establishment and tear down. More...

Enumerations
enum	_xdp_action { XDP_PASS = 1 , XDP_DROP , XDP_TX }

enum	ebpf_nethook_helper_id_t { BPF_FUNC_xdp_adjust_head = XDP_EXT_HELPER_FN_BASE + 1 }

enum	_bind_operation { BIND_OPERATION_BIND , BIND_OPERATION_POST_BIND , BIND_OPERATION_UNBIND }

enum	_bind_action { BIND_PERMIT , BIND_DENY , BIND_REDIRECT }

enum	ebpf_sock_addr_helper_id_t { BPF_FUNC_sock_addr_get_current_pid_tgid = SOCK_ADDR_EXT_HELPER_FN_BASE + 1 }

enum	_bpf_sock_op_type { BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB , BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB , BPF_SOCK_OPS_CONNECTION_DELETED_CB }

Functions
int	bpf_xdp_adjust_head (xdp_md_t *ctx, int delta)
	Adjust XDP context data pointer. More...

uint64_t	bpf_sock_addr_get_current_pid_tgid (bpf_sock_addr_t *ctx)
	Get current pid and tgid (sock_addr specific only). More...

Macro Definition Documentation

◆ BPF_SOCK_ADDR_VERDICT_PROCEED

#define BPF_SOCK_ADDR_VERDICT_PROCEED 1

◆ BPF_SOCK_ADDR_VERDICT_REJECT

#define BPF_SOCK_ADDR_VERDICT_REJECT 0

◆ SOCK_ADDR_EXT_HELPER_FN_BASE

#define SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF

◆ XDP_EXT_HELPER_FN_BASE

#define XDP_EXT_HELPER_FN_BASE 0xFFFF

Typedef Documentation

◆ bind_action_t

typedef enum _bind_action bind_action_t

◆ bind_hook_t

typedef bind_action_t bind_hook_t(bind_md_t *context)

Handle an AF_INET socket bind() request.

Program type: EBPF_PROGRAM_TYPE_BIND

Parameters

[in] context Socket metadata.

Return values

BIND_PERMIT	Permit the bind operation.
BIND_DENY	Deny the bind operation.
BIND_REDIRECT	Change the bind endpoint.

◆ bind_md_t

typedef struct _bind_md bind_md_t

◆ bind_operation_t

typedef enum _bind_operation bind_operation_t

◆ bpf_sock_addr_t

typedef struct bpf_sock_addr bpf_sock_addr_t

Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.

◆ bpf_sock_op_type_t

typedef enum _bpf_sock_op_type bpf_sock_op_type_t

◆ bpf_sock_ops_t

typedef struct _bpf_sock_ops bpf_sock_ops_t

◆ sock_addr_hook_t

typedef int sock_addr_hook_t(bpf_sock_addr_t *context)

Handle socket operation. Currently supports ingress/egress connection initialization.

Program type: EBPF_PROGRAM_TYPE_CGROUP_SOCK_ADDR

Attach type(s): EBPF_ATTACH_TYPE_CGROUP_INET4_CONNECT EBPF_ATTACH_TYPE_CGROUP_INET6_CONNECT EBPF_ATTACH_TYPE_CGROUP_INET4_RECV_ACCEPT EBPF_ATTACH_TYPE_CGROUP_INET6_RECV_ACCEPT

Parameters

[in] context bpf_sock_addr_t

Return values

BPF_SOCK_ADDR_VERDICT_PROCEED	Block the socket operation.
BPF_SOCK_ADDR_VERDICT_REJECT	Allow the socket operation.

Any other return value other than the two mentioned above is treated as BPF_SOCK_ADDR_VERDICT_REJECT.

◆ sock_ops_hook_t

typedef int sock_ops_hook_t(bpf_sock_ops_t *context)

Handle socket event notification. Currently notifies ingress/egress connection establishment and tear down.

Program type: EBPF_PROGRAM_TYPE_SOCK_OPS

Attach type(s): EBPF_ATTACH_TYPE_CGROUP_SOCK_OPS

Parameters

[in] context bpf_sock_ops_t

Returns: 0 on success, or error value in case of failure.

◆ xdp_action_t

typedef enum _xdp_action xdp_action_t

◆ xdp_hook_t

typedef xdp_action_t xdp_hook_t(xdp_md_t *context)

Handle an incoming packet as early as possible.

Program type: EBPF_PROGRAM_TYPE_XDP

Parameters

[in] context Packet metadata.

Return values

XDP_PASS	Allow the packet to pass.
XDP_DROP	Drop the packet.
XDP_TX	Bounce the received packet back out the same NIC it arrived on.

◆ xdp_md_t

typedef struct xdp_md xdp_md_t

Enumeration Type Documentation

◆ _bind_action

enum _bind_action

Enumerator
BIND_PERMIT	Permit the bind operation.
BIND_DENY	Deny the bind operation.
BIND_REDIRECT	Change the bind endpoint.

◆ _bind_operation

enum _bind_operation

Enumerator
BIND_OPERATION_BIND	Entry to bind.
BIND_OPERATION_POST_BIND	After port allocation.
BIND_OPERATION_UNBIND	Release port.

◆ _bpf_sock_op_type

enum _bpf_sock_op_type

Enumerator
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB	Indicates when an active (outbound) connection is established.
BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB	Indicates when a passive (inbound) connection is established.
BPF_SOCK_OPS_CONNECTION_DELETED_CB	Indicates when a connection is deleted.

◆ _xdp_action

enum _xdp_action

Enumerator
XDP_PASS	Allow the packet to pass.
XDP_DROP	Drop the packet.
XDP_TX	Bounce the received packet back out the same NIC it arrived on.

◆ ebpf_nethook_helper_id_t

enum ebpf_nethook_helper_id_t

Enumerator
BPF_FUNC_xdp_adjust_head

◆ ebpf_sock_addr_helper_id_t

enum ebpf_sock_addr_helper_id_t

Enumerator
BPF_FUNC_sock_addr_get_current_pid_tgid

Function Documentation

◆ bpf_sock_addr_get_current_pid_tgid()

uint64_t bpf_sock_addr_get_current_pid_tgid ( bpf_sock_addr_t * ctx )

Get current pid and tgid (sock_addr specific only).

Parameters

[in] ctx Pointer to bpf_sock_addr_t context.

Returns: a 64-bit integer containing the current tgid and pid, and created as such:

current_task\ ->tgid << 32 | current_task\ ->pid.

◆ bpf_xdp_adjust_head()

int bpf_xdp_adjust_head	(	xdp_md_t *	ctx,
		int	delta
	)

Adjust XDP context data pointer.

Parameters

[in]	ctx	XDP context.
[in]	delta	Number of bytes to move the data pointer by.

Return values

0	The operation was successful.
<0	A failure occurred.

Data Structures

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

◆ BPF_SOCK_ADDR_VERDICT_PROCEED

◆ BPF_SOCK_ADDR_VERDICT_REJECT

◆ SOCK_ADDR_EXT_HELPER_FN_BASE

◆ XDP_EXT_HELPER_FN_BASE

Typedef Documentation

◆ bind_action_t

◆ bind_hook_t

◆ bind_md_t

◆ bind_operation_t

◆ bpf_sock_addr_t

◆ bpf_sock_op_type_t

◆ bpf_sock_ops_t

◆ sock_addr_hook_t

◆ sock_ops_hook_t

◆ xdp_action_t

◆ xdp_hook_t

◆ xdp_md_t

Enumeration Type Documentation

◆ _bind_action

◆ _bind_operation

◆ _bpf_sock_op_type

◆ _xdp_action

◆ ebpf_nethook_helper_id_t

◆ ebpf_sock_addr_helper_id_t

Function Documentation

◆ bpf_sock_addr_get_current_pid_tgid()

◆ bpf_xdp_adjust_head()