mirror of https://github.com/mkerrisk/man-pages
bpf.2: wfix (multiple)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
1148d9343f
commit
5988a65928
41
man2/bpf.2
41
man2/bpf.2
|
@ -32,8 +32,9 @@ bpf - perform a command on an extended BPF map or program
|
|||
.BI "int bpf(int cmd, union bpf_attr *attr, unsigned int size);
|
||||
|
||||
.SH DESCRIPTION
|
||||
The
|
||||
.BR bpf()
|
||||
syscall is a multiplexor for a range of different operations on extended
|
||||
system call is a multiplexor for a range of different operations on extended
|
||||
Berkeley Packet Filter which can be characterized as
|
||||
"universal in-kernel virtual machine".
|
||||
The extended BPF (or eBPF) is similar to
|
||||
|
@ -86,9 +87,10 @@ event A event B event C on eth0 on eth1
|
|||
map_1 map_2
|
||||
.fi
|
||||
.in
|
||||
.SS Syscall Arguments
|
||||
.SS Arguments
|
||||
The
|
||||
.BR bpf ()
|
||||
syscall operation is determined by
|
||||
system call operation is determined by
|
||||
.IR cmd
|
||||
which can be one of the following:
|
||||
.TP
|
||||
|
@ -96,16 +98,16 @@ which can be one of the following:
|
|||
Create a map with the given type and attributes and return map FD
|
||||
.TP
|
||||
.B BPF_MAP_LOOKUP_ELEM
|
||||
Lookup element by key in a given map and return its value
|
||||
Look up element by key in a given map and return its value
|
||||
.TP
|
||||
.B BPF_MAP_UPDATE_ELEM
|
||||
Create or update element (key/value pair) in a given map
|
||||
.TP
|
||||
.B BPF_MAP_DELETE_ELEM
|
||||
Lookup and delete element by key in a given map
|
||||
Look up and delete element by key in a given map
|
||||
.TP
|
||||
.B BPF_MAP_GET_NEXT_KEY
|
||||
Lookup element by key in a given map and return key of next element
|
||||
Look up element by key in a given map and return key of next element
|
||||
.TP
|
||||
.B BPF_PROG_LOAD
|
||||
Verify and load BPF program
|
||||
|
@ -160,8 +162,8 @@ Any map type has the following attributes:
|
|||
. key size in bytes
|
||||
. value size in bytes
|
||||
|
||||
The following wrapper functions demonstrate how this syscall can be used to
|
||||
access the maps.
|
||||
The following wrapper functions demonstrate how this system
|
||||
call can be used to access the maps.
|
||||
The functions use the
|
||||
.IR cmd
|
||||
argument to invoke different operations.
|
||||
|
@ -182,14 +184,15 @@ int bpf_create_map(enum bpf_map_type map_type, int key_size,
|
|||
}
|
||||
.fi
|
||||
|
||||
The
|
||||
.BR bpf ()
|
||||
syscall creates a map of
|
||||
system call creates a map of
|
||||
.I map_type
|
||||
type and given attributes
|
||||
.IR key_size ,
|
||||
.IR value_size ,
|
||||
.IR max_entries .
|
||||
On success it returns a process-local file descriptor.
|
||||
On success, it returns a process-local file descriptor.
|
||||
On error, \-1 is returned and
|
||||
.I errno
|
||||
is set to
|
||||
|
@ -285,14 +288,15 @@ int bpf_lookup_elem(int fd, void *key, void *value)
|
|||
}
|
||||
.fi
|
||||
|
||||
The
|
||||
.BR bpf ()
|
||||
syscall looks up an element with a given
|
||||
system call looks up an element with a given
|
||||
.I key
|
||||
in a map
|
||||
.IR fd .
|
||||
If an element is found it returns zero and stores element's value into
|
||||
If an element is found, it returns zero and stores element's value into
|
||||
.I value.
|
||||
If no element is found it returns \-1 and sets
|
||||
If no element is found, it returns \-1 and sets
|
||||
.I errno
|
||||
to
|
||||
.BR ENOENT .
|
||||
|
@ -326,7 +330,7 @@ which can have one of 3 possible values:
|
|||
#define BPF_EXIST 2 /* update existing element */
|
||||
.fi
|
||||
|
||||
On success it returns zero.
|
||||
On success, it returns zero.
|
||||
On error, \-1 is returned and
|
||||
.I errno
|
||||
is set to
|
||||
|
@ -374,7 +378,7 @@ The call deletes an element in a map
|
|||
with a given
|
||||
.IR key .
|
||||
Returns zero on success.
|
||||
If the element is not found it returns \-1 and sets
|
||||
If the element is not found, it returns \-1 and sets
|
||||
.I errno
|
||||
to
|
||||
.BR ENOENT .
|
||||
|
@ -678,8 +682,7 @@ is set appropriately.
|
|||
.SH ERRORS
|
||||
.TP
|
||||
.B EPERM
|
||||
.BR bpf()
|
||||
syscall was made without sufficient privilege
|
||||
The call was made without sufficient privilege
|
||||
(without the
|
||||
.B CAP_SYS_ADMIN
|
||||
capability).
|
||||
|
@ -740,7 +743,7 @@ This may be because it may have
|
|||
accessed a disallowed memory region or an uninitialized stack/register or
|
||||
because the function contraints don't match the actual types or because
|
||||
there was a misaligned memory access.
|
||||
In such case it is recommended to call
|
||||
In this case, it is recommended to call
|
||||
.BR bpf ()
|
||||
again with
|
||||
.I log_level = 1
|
||||
|
@ -767,5 +770,5 @@ These commands may be used only by a privileged process (one having the
|
|||
.B CAP_SYS_ADMIN
|
||||
capability).
|
||||
.SH SEE ALSO
|
||||
Both classic and extended BPF are explained in
|
||||
Both classic and extended BPF are explained in the kernel source file
|
||||
.IR Documentation/networking/filter.txt .
|
||||
|
|
Loading…
Reference in New Issue