mirror of https://github.com/mkerrisk/man-pages
bpf.2: Minor fixes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
5988a65928
commit
16152abbda
54
man2/bpf.2
54
man2/bpf.2
|
@ -33,25 +33,25 @@ bpf - perform a command on an extended BPF map or program
|
|||
|
||||
.SH DESCRIPTION
|
||||
The
|
||||
.BR bpf()
|
||||
system call is a multiplexor for a range of different operations on extended
|
||||
.BR bpf ()
|
||||
system call performs a range of operations on extended
|
||||
Berkeley Packet Filter which can be characterized as
|
||||
"universal in-kernel virtual machine".
|
||||
"a universal in-kernel virtual machine".
|
||||
The extended BPF (or eBPF) is similar to
|
||||
the original BPF (or classic BPF) used to filter network packets.
|
||||
Both statically analyze the programs before loading them into the kernel to
|
||||
ensure that they cannot harm the running system.
|
||||
.P
|
||||
eBPF extends classic BPF in multiple ways including the ability to call
|
||||
in-kernel helper functions and access shared data structures like BPF maps.
|
||||
in-kernel helper functions and access shared data structures such as BPF maps.
|
||||
The programs can be written in a restricted C that is compiled into
|
||||
eBPF bytecode and executed on the in-kernel virtual machine or JITed into
|
||||
native code.
|
||||
eBPF bytecode and executed on the in-kernel virtual machine or
|
||||
just-in-time compiled into native code.
|
||||
.SS Extended BPF Design/Architecture
|
||||
.P
|
||||
BPF maps are a generic data structure for storage of different data types.
|
||||
A user process can create multiple maps (with key/value-pairs being
|
||||
opaque bytes of data) and access them via file descriptor.
|
||||
opaque bytes of data) and access them via file descriptors.
|
||||
BPF programs can access maps from inside the kernel in parallel.
|
||||
It's up to the user process and BPF program to decide what they store
|
||||
inside maps.
|
||||
|
@ -63,7 +63,7 @@ Each BPF program is a set of instructions that is safe to run until
|
|||
its completion.
|
||||
The BPF verifier statically determines that the program
|
||||
terminates and is safe to execute.
|
||||
During verification the program takes hold of maps that it intends to use,
|
||||
During verification, the program takes hold of maps that it intends to use,
|
||||
so selected maps cannot be removed until the program is unloaded.
|
||||
The program can be attached to different events.
|
||||
These events can be packets, tracing
|
||||
|
@ -152,16 +152,22 @@ union bpf_attr {
|
|||
} __attribute__((aligned(8)));
|
||||
.fi
|
||||
.SS BPF maps
|
||||
maps are a generic data structure for storage of different types
|
||||
and sharing data between kernel and userspace.
|
||||
Maps are a generic data structure for storage of different types
|
||||
and sharing data between kernel and user space.
|
||||
|
||||
Any map type has the following attributes:
|
||||
|
||||
. type
|
||||
. max number of elements
|
||||
. key size in bytes
|
||||
. value size in bytes
|
||||
Each map type has the following attributes:
|
||||
|
||||
.PD 0
|
||||
.IP * 3
|
||||
type
|
||||
.IP *
|
||||
max number of elements
|
||||
.IP *
|
||||
key size in bytes
|
||||
.IP *
|
||||
value size in bytes
|
||||
.PD
|
||||
.PP
|
||||
The following wrapper functions demonstrate how this system
|
||||
call can be used to access the maps.
|
||||
The functions use the
|
||||
|
@ -213,7 +219,7 @@ helper functions with a correctly initialized
|
|||
and that the program doesn't access map element
|
||||
.I value
|
||||
beyond the specified
|
||||
.I value_size.
|
||||
.IR value_size .
|
||||
For example, when a map is created with
|
||||
.IR "key_size = 8"
|
||||
and the program calls
|
||||
|
@ -268,7 +274,7 @@ enum bpf_map_type {
|
|||
|
||||
.I map_type
|
||||
selects one of the available map implementations in the kernel.
|
||||
For all map_types
|
||||
For all map types,
|
||||
programs access maps with the same
|
||||
.BR bpf_map_lookup_elem ()/
|
||||
.BR bpf_map_update_elem ()
|
||||
|
@ -437,7 +443,7 @@ be deleted automatically.
|
|||
.B BPF_PROG_LOAD
|
||||
This
|
||||
.IR cmd
|
||||
is used to load extended BPF program into the kernel.
|
||||
is used to load an extended BPF program into the kernel.
|
||||
|
||||
.nf
|
||||
char bpf_log_buf[LOG_BUF_SIZE];
|
||||
|
@ -474,7 +480,7 @@ enum bpf_prog_type {
|
|||
.in
|
||||
|
||||
By picking
|
||||
.I prog_type
|
||||
.IR prog_type ,
|
||||
the program author selects a set of helper functions callable from
|
||||
the program and the corresponding format of
|
||||
.I struct bpf_context
|
||||
|
@ -490,7 +496,7 @@ whereas some future types may not.
|
|||
The set of functions available to the programs under a given type may increase
|
||||
in the future.
|
||||
|
||||
Currently the set of functions for
|
||||
Currently, the set of functions for
|
||||
.B BPF_PROG_TYPE_SOCKET_FILTER
|
||||
is:
|
||||
|
||||
|
@ -507,7 +513,7 @@ bpf_map_delete_elem(map_fd, void *key)
|
|||
|
||||
and
|
||||
.I bpf_context
|
||||
is a pointer to
|
||||
is a pointer to a
|
||||
.IR "struct sk_buff" .
|
||||
Programs cannot access fields of
|
||||
.I sk_buff
|
||||
|
@ -611,7 +617,7 @@ which was received by prior call to
|
|||
* 3. attach prog_fd to raw socket via setsockopt()
|
||||
* 4. print number of received TCP/UDP packets every second
|
||||
*/
|
||||
int main(int ac, char **av)
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int sock, map_fd, prog_fd, key;
|
||||
long long value = 0, tcp_cnt, udp_cnt;
|
||||
|
@ -755,7 +761,7 @@ for the specific reason provided by the verifier.
|
|||
For
|
||||
.B BPF_MAP_LOOKUP_ELEM
|
||||
or
|
||||
.B BPF_MAP_DELETE_ELEM,
|
||||
.BR BPF_MAP_DELETE_ELEM ,
|
||||
indicates that the element with the given
|
||||
.I key
|
||||
was not found.
|
||||
|
|
Loading…
Reference in New Issue