From 5988a659281eb354e7c427444fe4018ea59e32ad Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Sun, 24 May 2015 21:47:35 +0200 Subject: [PATCH] bpf.2: wfix (multiple) Signed-off-by: Michael Kerrisk --- man2/bpf.2 | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/man2/bpf.2 b/man2/bpf.2 index 998f2deaa..ae0cb7288 100644 --- a/man2/bpf.2 +++ b/man2/bpf.2 @@ -32,8 +32,9 @@ bpf - perform a command on an extended BPF map or program .BI "int bpf(int cmd, union bpf_attr *attr, unsigned int size); .SH DESCRIPTION +The .BR bpf() -syscall is a multiplexor for a range of different operations on extended +system call is a multiplexor for a range of different operations on extended Berkeley Packet Filter which can be characterized as "universal in-kernel virtual machine". The extended BPF (or eBPF) is similar to @@ -86,9 +87,10 @@ event A event B event C on eth0 on eth1 map_1 map_2 .fi .in -.SS Syscall Arguments +.SS Arguments +The .BR bpf () -syscall operation is determined by +system call operation is determined by .IR cmd which can be one of the following: .TP @@ -96,16 +98,16 @@ which can be one of the following: Create a map with the given type and attributes and return map FD .TP .B BPF_MAP_LOOKUP_ELEM -Lookup element by key in a given map and return its value +Look up element by key in a given map and return its value .TP .B BPF_MAP_UPDATE_ELEM Create or update element (key/value pair) in a given map .TP .B BPF_MAP_DELETE_ELEM -Lookup and delete element by key in a given map +Look up and delete element by key in a given map .TP .B BPF_MAP_GET_NEXT_KEY -Lookup element by key in a given map and return key of next element +Look up element by key in a given map and return key of next element .TP .B BPF_PROG_LOAD Verify and load BPF program @@ -160,8 +162,8 @@ Any map type has the following attributes: . key size in bytes . value size in bytes -The following wrapper functions demonstrate how this syscall can be used to -access the maps. +The following wrapper functions demonstrate how this system +call can be used to access the maps. The functions use the .IR cmd argument to invoke different operations. @@ -182,14 +184,15 @@ int bpf_create_map(enum bpf_map_type map_type, int key_size, } .fi +The .BR bpf () -syscall creates a map of +system call creates a map of .I map_type type and given attributes .IR key_size , .IR value_size , .IR max_entries . -On success it returns a process-local file descriptor. +On success, it returns a process-local file descriptor. On error, \-1 is returned and .I errno is set to @@ -285,14 +288,15 @@ int bpf_lookup_elem(int fd, void *key, void *value) } .fi +The .BR bpf () -syscall looks up an element with a given +system call looks up an element with a given .I key in a map .IR fd . -If an element is found it returns zero and stores element's value into +If an element is found, it returns zero and stores element's value into .I value. -If no element is found it returns \-1 and sets +If no element is found, it returns \-1 and sets .I errno to .BR ENOENT . @@ -326,7 +330,7 @@ which can have one of 3 possible values: #define BPF_EXIST 2 /* update existing element */ .fi -On success it returns zero. +On success, it returns zero. On error, \-1 is returned and .I errno is set to @@ -374,7 +378,7 @@ The call deletes an element in a map with a given .IR key . Returns zero on success. -If the element is not found it returns \-1 and sets +If the element is not found, it returns \-1 and sets .I errno to .BR ENOENT . @@ -678,8 +682,7 @@ is set appropriately. .SH ERRORS .TP .B EPERM -.BR bpf() -syscall was made without sufficient privilege +The call was made without sufficient privilege (without the .B CAP_SYS_ADMIN capability). @@ -740,7 +743,7 @@ This may be because it may have accessed a disallowed memory region or an uninitialized stack/register or because the function contraints don't match the actual types or because there was a misaligned memory access. -In such case it is recommended to call +In this case, it is recommended to call .BR bpf () again with .I log_level = 1 @@ -767,5 +770,5 @@ These commands may be used only by a privileged process (one having the .B CAP_SYS_ADMIN capability). .SH SEE ALSO -Both classic and extended BPF are explained in +Both classic and extended BPF are explained in the kernel source file .IR Documentation/networking/filter.txt .