diff --git a/man7/bpf-helpers.7 b/man7/bpf-helpers.7
index 6f07f476e..741988d61 100644
--- a/man7/bpf-helpers.7
+++ b/man7/bpf-helpers.7
@@ -1,41 +1,16 @@
 .\" Man page generated from reStructuredText.
-.\" Copyright (C) All BPF authors and contributors from 2014 to present.
-.\" See git log include/uapi/linux/bpf.h in kernel tree for details.
-.\"
-.\" %%%LICENSE_START(VERBATIM)
-.\" Permission is granted to make and distribute verbatim copies of this
-.\" manual provided the copyright notice and this permission notice are
-.\" preserved on all copies.
-.\"
-.\" Permission is granted to copy and distribute modified versions of this
-.\" manual under the conditions for verbatim copying, provided that the
-.\" entire resulting derived work is distributed under the terms of a
-.\" permission notice identical to this one.
-.\"
-.\" Since the Linux kernel and libraries are constantly changing, this
-.\" manual page may be incorrect or out-of-date.  The author(s) assume no
-.\" responsibility for errors or omissions, or for damages resulting from
-.\" the use of the information contained herein.  The author(s) may not
-.\" have taken the same level of care in the production of this manual,
-.\" which is licensed free of charge, as they might when working
-.\" professionally.
-.\"
-.\" Formatted or processed versions of this manual, if unaccompanied by
-.\" the source, must acknowledge the copyright and authors of this work.
-.\" %%%LICENSE_END
-.\"
-.\" Please do not edit this file. It was generated from the documentation
-.\" located in file include/uapi/linux/bpf.h of the Linux kernel sources
-.\" (helpers description), and from scripts/bpf_helpers_doc.py in the same
-.\" repository (header and footer).
-.TH BPF-HELPERS 7 2019-03-06 "Linux" "Linux Programmer's Manual"
+.
+.TH BPF-HELPERS 7 "" "" ""
 .SH NAME
 BPF-HELPERS \- list of eBPF helper functions
+.
 .nr rst2man-indent-level 0
+.
 .de1 rstReportMargin
 \\$1 \\n[an-margin]
 level \\n[rst2man-indent-level]
 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
 \\n[rst2man-indent0]
 \\n[rst2man-indent1]
 \\n[rst2man-indent2]
@@ -55,6 +30,64 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
+.\" Copyright (C) All BPF authors and contributors from 2014 to present.
+.
+.\" See git log include/uapi/linux/bpf.h in kernel tree for details.
+.
+.\" 
+.
+.\" %%%LICENSE_START(VERBATIM)
+.
+.\" Permission is granted to make and distribute verbatim copies of this
+.
+.\" manual provided the copyright notice and this permission notice are
+.
+.\" preserved on all copies.
+.
+.\" 
+.
+.\" Permission is granted to copy and distribute modified versions of this
+.
+.\" manual under the conditions for verbatim copying, provided that the
+.
+.\" entire resulting derived work is distributed under the terms of a
+.
+.\" permission notice identical to this one.
+.
+.\" 
+.
+.\" Since the Linux kernel and libraries are constantly changing, this
+.
+.\" manual page may be incorrect or out-of-date.  The author(s) assume no
+.
+.\" responsibility for errors or omissions, or for damages resulting from
+.
+.\" the use of the information contained herein.  The author(s) may not
+.
+.\" have taken the same level of care in the production of this manual,
+.
+.\" which is licensed free of charge, as they might when working
+.
+.\" professionally.
+.
+.\" 
+.
+.\" Formatted or processed versions of this manual, if unaccompanied by
+.
+.\" the source, must acknowledge the copyright and authors of this work.
+.
+.\" %%%LICENSE_END
+.
+.\" 
+.
+.\" Please do not edit this file. It was generated from the documentation
+.
+.\" located in file include/uapi/linux/bpf.h of the Linux kernel sources
+.
+.\" (helpers description), and from scripts/bpf_helpers_doc.py in the same
+.
+.\" repository (header and footer).
+.
 .SH DESCRIPTION
 .sp
 The extended Berkeley Packet Filter (eBPF) subsystem consists in programs
@@ -131,20 +164,6 @@ Delete entry with \fIkey\fP from \fImap\fP\&.
 0 on success, or a negative error in case of failure.
 .UNINDENT
 .TP
-.B \fBint bpf_map_push_elem(struct bpf_map *\fP\fImap\fP\fB, const void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP
-.INDENT 7.0
-.TP
-.B Description
-Push an element \fIvalue\fP in \fImap\fP\&. \fIflags\fP is one of:
-.sp
-\fBBPF_EXIST\fP
-If the queue/stack is full, the oldest element is removed to
-make room for this.
-.TP
-.B Return
-0 on success, or a negative error in case of failure.
-.UNINDENT
-.TP
 .B \fBint bpf_probe_read(void *\fP\fIdst\fP\fB, u32\fP \fIsize\fP\fB, const void *\fP\fIsrc\fP\fB)\fP
 .INDENT 7.0
 .TP
@@ -178,6 +197,8 @@ arguments (as an eBPF helpers, the total number of arguments is
 limited to five).
 .sp
 Each time the helper is called, it appends a line to the trace.
+Lines are discarded while \fI/sys/kernel/debug/tracing/trace\fP is
+open, use \fI/sys/kernel/debug/tracing/trace_pipe\fP to avoid this.
 The format of the trace is customizable, and the exact output
 one will get depends on the options set in
 \fI/sys/kernel/debug/tracing/trace_options\fP (see also the
@@ -284,7 +305,7 @@ associated to \fIskb\fP, at \fIoffset\fP\&. \fIflags\fP are a combination of
 checksum for the packet after storing the bytes) and
 \fBBPF_F_INVALIDATE_HASH\fP (set \fIskb\fP\fB\->hash\fP, \fIskb\fP\fB\->swhash\fP and \fIskb\fP\fB\->l4hash\fP to 0).
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -313,7 +334,7 @@ which does not update the checksum in\-place, but offers more
 flexibility and can handle sizes larger than 2 or 4 for the
 checksum to update.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -349,7 +370,7 @@ which does not update the checksum in\-place, but offers more
 flexibility and can handle sizes larger than 2 or 4 for the
 checksum to update.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -412,7 +433,7 @@ the eBPF program. Conversely, \fBbpf_redirect\fP() is more
 efficient, but it is handled through an action code where the
 redirection happens only after the eBPF program has returned.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -468,7 +489,7 @@ The net_cls cgroup provides an interface to tag network packets
 based on a user\-provided identifier for all traffic coming from
 the tasks belonging to the related cgroup. See also the related
 kernel documentation, available from the Linux sources in file
-\fIDocumentation/cgroup\-v1/net_cls.txt\fP\&.
+\fIDocumentation/admin\-guide/cgroup\-v1/net_cls.rst\fP\&.
 .sp
 The Linux kernel has two versions for cgroups: there are
 cgroups v1 and cgroups v2. Both are available to users, who can
@@ -495,7 +516,7 @@ the checksum. Note that if \fIvlan_proto\fP is different from
 \fBETH_P_8021Q\fP and \fBETH_P_8021AD\fP, it is considered to
 be \fBETH_P_8021Q\fP\&.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -511,7 +532,7 @@ direct packet access.
 .B Description
 Pop a VLAN header from the packet associated to \fIskb\fP\&.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -719,7 +740,7 @@ The realm of the route for the packet associated to \fIskb\fP, or 0
 if none was found.
 .UNINDENT
 .TP
-.B \fBint bpf_perf_event_output(struct pt_reg *\fP\fIctx\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB, void *\fP\fIdata\fP\fB, u64\fP \fIsize\fP\fB)\fP
+.B \fBint bpf_perf_event_output(struct pt_regs *\fP\fIctx\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB, void *\fP\fIdata\fP\fB, u64\fP \fIsize\fP\fB)\fP
 .INDENT 7.0
 .TP
 .B Description
@@ -793,7 +814,7 @@ at once from a packet into the eBPF stack.
 0 on success, or a negative error in case of failure.
 .UNINDENT
 .TP
-.B \fBint bpf_get_stackid(struct pt_reg *\fP\fIctx\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB)\fP
+.B \fBint bpf_get_stackid(struct pt_regs *\fP\fIctx\fP\fB, struct bpf_map *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB)\fP
 .INDENT 7.0
 .TP
 .B Description
@@ -940,7 +961,7 @@ The size for GSO target is adapted as well.
 All values for \fIflags\fP are reserved for future usage, and must
 be left at zero.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -1092,7 +1113,7 @@ slow path, the helper itself can afford to be slow: it
 implicitly linearizes, unclones and drops offloads from the
 \fIskb\fP\&.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -1132,7 +1153,7 @@ detects writes and adds a prologue that is calling
 \fBbpf_skb_pull_data()\fP to effectively unclone the \fIskb\fP from
 the very beginning in case it is indeed cloned.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -1199,7 +1220,7 @@ for redirection into a layer 2 device.
 All values for \fIflags\fP are reserved for future usage, and must
 be left at zero.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -1218,7 +1239,7 @@ it is possible to use a negative value for \fIdelta\fP\&. This helper
 can be used to prepare the packet for pushing or popping
 headers.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -1250,6 +1271,7 @@ the following snippet:
 .ft C
 SEC("kprobe/sys_open")
 void bpf_sys_open(struct pt_regs *ctx)
+{
         char buf[PATHLEN]; // PATHLEN is defined to 256
         int res = bpf_probe_read_str(buf, sizeof(buf),
                                      ctx\->di);
@@ -1258,6 +1280,7 @@ void bpf_sys_open(struct pt_regs *ctx)
         // userspace via bpf_perf_event_output(); we
         // can use res (the string length) as event
         // size, after checking its boundaries.
+}
 .ft P
 .fi
 .UNINDENT
@@ -1288,8 +1311,8 @@ retrieve the cookie (generated by the kernel) of this socket.
 If no cookie has been set yet, generate a new cookie. Once
 generated, the socket cookie remains stable for the life of the
 socket. This helper can be useful for monitoring per socket
-networking traffic statistics as it provides a unique socket
-identifier per namespace.
+networking traffic statistics as it provides a global socket
+identifier that can be assumed unique.
 .TP
 .B Return
 A 8\-byte long non\-decreasing number on success, or 0 if the
@@ -1301,7 +1324,7 @@ socket field is missing inside \fIskb\fP\&.
 .TP
 .B Description
 Equivalent to bpf_get_socket_cookie() helper that accepts
-\fIskb\fP, but gets socket from \fBstruct bpf_sock_addr\fP contex.
+\fIskb\fP, but gets socket from \fBstruct bpf_sock_addr\fP context.
 .TP
 .B Return
 A 8\-byte long non\-decreasing number.
@@ -1312,7 +1335,7 @@ A 8\-byte long non\-decreasing number.
 .TP
 .B Description
 Equivalent to bpf_get_socket_cookie() helper that accepts
-\fIskb\fP, but gets socket from \fBstruct bpf_sock_ops\fP contex.
+\fIskb\fP, but gets socket from \fBstruct bpf_sock_ops\fP context.
 .TP
 .B Return
 A 8\-byte long non\-decreasing number.
@@ -1337,6 +1360,7 @@ Set the full hash for \fIskb\fP (set the field \fIskb\fP\fB\->hash\fP)
 to value \fIhash\fP\&.
 .TP
 .B Return
+0
 .UNINDENT
 .TP
 .B \fBint bpf_setsockopt(struct bpf_sock_ops *\fP\fIbpf_socket\fP\fB, int\fP \fIlevel\fP\fB, int\fP \fIoptname\fP\fB, char *\fP\fIoptval\fP\fB, int\fP \fIoptlen\fP\fB)\fP
@@ -1377,17 +1401,37 @@ It supports the following \fIlevel\fPs:
 Grow or shrink the room for data in the packet associated to
 \fIskb\fP by \fIlen_diff\fP, and according to the selected \fImode\fP\&.
 .sp
-There is a single supported mode at this time:
+There are two supported modes at this time:
 .INDENT 7.0
 .IP \(bu 2
+\fBBPF_ADJ_ROOM_MAC\fP: Adjust room at the mac layer
+(room space is added or removed below the layer 2 header).
+.IP \(bu 2
 \fBBPF_ADJ_ROOM_NET\fP: Adjust room at the network layer
 (room space is added or removed below the layer 3 header).
 .UNINDENT
 .sp
-All values for \fIflags\fP are reserved for future usage, and must
-be left at zero.
+The following flags are supported at this time:
+.INDENT 7.0
+.IP \(bu 2
+\fBBPF_F_ADJ_ROOM_FIXED_GSO\fP: Do not adjust gso_size.
+Adjusting mss in this way is not allowed for datagrams.
+.IP \(bu 2
+\fBBPF_F_ADJ_ROOM_ENCAP_L3_IPV4\fP,
+\fBBPF_F_ADJ_ROOM_ENCAP_L3_IPV6\fP:
+Any new space is reserved to hold a tunnel header.
+Configure skb offsets and other fields accordingly.
+.IP \(bu 2
+\fBBPF_F_ADJ_ROOM_ENCAP_L4_GRE\fP,
+\fBBPF_F_ADJ_ROOM_ENCAP_L4_UDP\fP:
+Use with ENCAP_L3 flags to further specify the tunnel type.
+.IP \(bu 2
+\fBBPF_F_ADJ_ROOM_ENCAP_L2\fP(\fIlen\fP):
+Use with ENCAP_L3/L4 flags to further specify the tunnel
+type; \fIlen\fP is the length of the inner MAC header.
+.UNINDENT
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -1408,8 +1452,11 @@ ports), or to CPUs (for redirecting XDP frames to another CPU;
 but this is only implemented for native XDP (with driver
 support) as of this writing).
 .sp
-All values for \fIflags\fP are reserved for future usage, and must
-be left at zero.
+The lower two bits of \fIflags\fP are used as the return code if
+the map lookup fails. This is so that the return value can be
+one of the XDP program return codes up to XDP_TX, as chosen by
+the caller. Any higher bits in the \fIflags\fP argument must be
+unset.
 .sp
 When used to redirect packets to net devices, this helper
 provides a high performance increase over \fBbpf_redirect\fP().
@@ -1485,7 +1532,7 @@ Having this scratch space generic and programmable allows for
 more flexibility as the user is free to store whatever meta
 data they need.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -1596,7 +1643,7 @@ It supports the following \fIlevel\fPs:
 0 on success, or a negative error in case of failure.
 .UNINDENT
 .TP
-.B \fBint bpf_override_return(struct pt_reg *\fP\fIregs\fP\fB, u64\fP \fIrc\fP\fB)\fP
+.B \fBint bpf_override_return(struct pt_regs *\fP\fIregs\fP\fB, u64\fP \fIrc\fP\fB)\fP
 .INDENT 7.0
 .TP
 .B Description
@@ -1622,6 +1669,7 @@ the CONFIG_FUNCTION_ERROR_INJECTION option. As of this writing,
 x86 architecture is the only one to support this feature.
 .TP
 .B Return
+0
 .UNINDENT
 .TP
 .B \fBint bpf_sock_ops_cb_flags_set(struct bpf_sock_ops *\fP\fIbpf_sock\fP\fB, int\fP \fIargval\fP\fB)\fP
@@ -1642,7 +1690,7 @@ this helper must be used for updates in order to return an
 error if an eBPF program tries to set a callback that is not
 supported in the current kernel.
 .sp
-The supported callback values that \fIargval\fP can combine are:
+\fIargval\fP is a flag array which can combine these flags:
 .INDENT 7.0
 .IP \(bu 2
 \fBBPF_SOCK_OPS_RTO_CB_FLAG\fP (retransmission time out)
@@ -1650,6 +1698,17 @@ The supported callback values that \fIargval\fP can combine are:
 \fBBPF_SOCK_OPS_RETRANS_CB_FLAG\fP (retransmission)
 .IP \(bu 2
 \fBBPF_SOCK_OPS_STATE_CB_FLAG\fP (TCP state change)
+.IP \(bu 2
+\fBBPF_SOCK_OPS_RTT_CB_FLAG\fP (every RTT)
+.UNINDENT
+.sp
+Therefore, this function can be used to clear a callback flag by
+setting the appropriate bit to zero. e.g. to disable the RTO
+callback:
+.INDENT 7.0
+.TP
+.B \fBbpf_sock_ops_cb_flags_set(bpf_sock,\fP
+\fBbpf_sock\->bpf_sock_ops_cb_flags & ~BPF_SOCK_OPS_RTO_CB_FLAG)\fP
 .UNINDENT
 .sp
 Here are some examples of where one could call such eBPF
@@ -1730,6 +1789,7 @@ a non\-zero value, this is not a problem because data is not
 being buffered for \fIbytes\fP and is sent as it is received.
 .TP
 .B Return
+0
 .UNINDENT
 .TP
 .B \fBint bpf_msg_cork_bytes(struct sk_msg_buff *\fP\fImsg\fP\fB, u32\fP \fIbytes\fP\fB)\fP
@@ -1751,6 +1811,7 @@ prevent the eBPF program to be called again until \fIbytes\fP have
 been accumulated.
 .TP
 .B Return
+0
 .UNINDENT
 .TP
 .B \fBint bpf_msg_pull_data(struct sk_msg_buff *\fP\fImsg\fP\fB, u32\fP \fIstart\fP\fB, u32\fP \fIend\fP\fB, u64\fP \fIflags\fP\fB)\fP
@@ -1774,7 +1835,7 @@ set the start and end pointer to given values. Data will be
 copied if necessary (i.e. if data was not linear and if start
 and end pointers do not point to the same chunk).
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -1816,7 +1877,7 @@ Adjust (move) \fIxdp_md\fP\fB\->data_end\fP by \fIdelta\fP bytes. It is
 only possible to shrink the packet as of this writing,
 therefore \fIdelta\fP must be a negative integer.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -2046,9 +2107,23 @@ the IPv6 header is computed by the kernel.
 Only works if \fIskb\fP contains an IPv6 packet. Insert a
 Segment Routing Header (\fBstruct ipv6_sr_hdr\fP) inside
 the IPv6 header.
+.TP
+.B \fBBPF_LWT_ENCAP_IP\fP
+IP encapsulation (GRE/GUE/IPIP/etc). The outer header
+must be IPv4 or IPv6, followed by zero or more
+additional headers, up to \fBLWT_BPF_MAX_HEADROOM\fP
+total bytes in all prepended headers. Please note that
+if \fBskb_is_gso\fP(\fIskb\fP) is true, no more than two
+headers can be prepended, and the inner header, if
+present, should be either GRE or UDP/GUE.
 .UNINDENT
 .sp
-A call to this helper is susceptible to change the underlaying
+\fBBPF_LWT_ENCAP_SEG6\fP* types can be called by BPF programs
+of type \fBBPF_PROG_TYPE_LWT_IN\fP; \fBBPF_LWT_ENCAP_IP\fP type can
+be called by bpf programs of types \fBBPF_PROG_TYPE_LWT_IN\fP and
+\fBBPF_PROG_TYPE_LWT_XMIT\fP\&.
+.sp
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -2067,7 +2142,7 @@ associated to \fIskb\fP, at \fIoffset\fP\&. Only the flags, tag and TLVs
 inside the outermost IPv6 Segment Routing Header can be
 modified through this helper.
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -2087,7 +2162,7 @@ Segment Routing Header contained in the packet associated to
 after the segments are accepted. \fIdelta\fP can be as well
 positive (growing) as negative (shrinking).
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -2117,15 +2192,15 @@ Type of \fIparam\fP: \fBint\fP\&.
 .TP
 .B \fBSEG6_LOCAL_ACTION_END_B6\fP
 End.B6 action: Endpoint bound to an SRv6 policy.
-Type of param: \fBstruct ipv6_sr_hdr\fP\&.
+Type of \fIparam\fP: \fBstruct ipv6_sr_hdr\fP\&.
 .TP
 .B \fBSEG6_LOCAL_ACTION_END_B6_ENCAP\fP
 End.B6.Encap action: Endpoint bound to an SRv6
 encapsulation policy.
-Type of param: \fBstruct ipv6_sr_hdr\fP\&.
+Type of \fIparam\fP: \fBstruct ipv6_sr_hdr\fP\&.
 .UNINDENT
 .sp
-A call to this helper is susceptible to change the underlaying
+A call to this helper is susceptible to change the underlying
 packet buffer. Therefore, at load time, all checks on pointers
 previously done by the verifier are invalidated and must be
 performed again, if the helper is used in combination with
@@ -2135,6 +2210,29 @@ direct packet access.
 0 on success, or a negative error in case of failure.
 .UNINDENT
 .TP
+.B \fBint bpf_rc_repeat(void *\fP\fIctx\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+This helper is used in programs implementing IR decoding, to
+report a successfully decoded repeat key message. This delays
+the generation of a key up event for previously generated
+key down event.
+.sp
+Some IR protocols like NEC have a special IR message for
+repeating last button, for when a button is held down.
+.sp
+The \fIctx\fP should point to the lirc sample as passed into
+the program.
+.sp
+This helper is only available is the kernel was compiled with
+the \fBCONFIG_BPF_LIRC_MODE2\fP configuration option set to
+"\fBy\fP".
+.TP
+.B Return
+0
+.UNINDENT
+.TP
 .B \fBint bpf_rc_keydown(void *\fP\fIctx\fP\fB, u32\fP \fIprotocol\fP\fB, u64\fP \fIscancode\fP\fB, u32\fP \fItoggle\fP\fB)\fP
 .INDENT 7.0
 .TP
@@ -2162,31 +2260,10 @@ the \fBCONFIG_BPF_LIRC_MODE2\fP configuration option set to
 "\fBy\fP".
 .TP
 .B Return
+0
 .UNINDENT
 .TP
-.B \fBint bpf_rc_repeat(void *\fP\fIctx\fP\fB)\fP
-.INDENT 7.0
-.TP
-.B Description
-This helper is used in programs implementing IR decoding, to
-report a successfully decoded repeat key message. This delays
-the generation of a key up event for previously generated
-key down event.
-.sp
-Some IR protocols like NEC have a special IR message for
-repeating last button, for when a button is held down.
-.sp
-The \fIctx\fP should point to the lirc sample as passed into
-the program.
-.sp
-This helper is only available is the kernel was compiled with
-the \fBCONFIG_BPF_LIRC_MODE2\fP configuration option set to
-"\fBy\fP".
-.TP
-.B Return
-.UNINDENT
-.TP
-.B \fBuint64_t bpf_skb_cgroup_id(struct sk_buff *\fP\fIskb\fP\fB)\fP
+.B \fBu64 bpf_skb_cgroup_id(struct sk_buff *\fP\fIskb\fP\fB)\fP
 .INDENT 7.0
 .TP
 .B Description
@@ -2206,6 +2283,49 @@ and is available only if the kernel was compiled with the
 The id is returned or 0 in case the id could not be retrieved.
 .UNINDENT
 .TP
+.B \fBu64 bpf_get_current_cgroup_id(void)\fP
+.INDENT 7.0
+.TP
+.B Return
+A 64\-bit integer containing the current cgroup id based
+on the cgroup within which the current task is running.
+.UNINDENT
+.TP
+.B \fBvoid *bpf_get_local_storage(void *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Get the pointer to the local storage area.
+The type and the size of the local storage is defined
+by the \fImap\fP argument.
+The \fIflags\fP meaning is specific for each map type,
+and has to be 0 for cgroup local storage.
+.sp
+Depending on the BPF program type, a local storage area
+can be shared between multiple instances of the BPF program,
+running simultaneously.
+.sp
+A user should care about the synchronization by himself.
+For example, by using the \fBBPF_STX_XADD\fP instruction to alter
+the shared data.
+.TP
+.B Return
+A pointer to the local storage area.
+.UNINDENT
+.TP
+.B \fBint bpf_sk_select_reuseport(struct sk_reuseport_md *\fP\fIreuse\fP\fB, struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Select a \fBSO_REUSEPORT\fP socket from a
+\fBBPF_MAP_TYPE_REUSEPORT_ARRAY\fP \fImap\fP\&.
+It checks the selected socket is matching the incoming
+request in the socket buffer.
+.TP
+.B Return
+0 on success, or a negative error in case of failure.
+.UNINDENT
+.TP
 .B \fBu64 bpf_skb_ancestor_cgroup_id(struct sk_buff *\fP\fIskb\fP\fB, int\fP \fIancestor_level\fP\fB)\fP
 .INDENT 7.0
 .TP
@@ -2228,49 +2348,6 @@ The format of returned id and helper limitations are same as in
 The id is returned or 0 in case the id could not be retrieved.
 .UNINDENT
 .TP
-.B \fBu64 bpf_get_current_cgroup_id(void)\fP
-.INDENT 7.0
-.TP
-.B Return
-A 64\-bit integer containing the current cgroup id based
-on the cgroup within which the current task is running.
-.UNINDENT
-.TP
-.B \fBvoid* get_local_storage(void *\fP\fImap\fP\fB, u64\fP \fIflags\fP\fB)\fP
-.INDENT 7.0
-.TP
-.B Description
-Get the pointer to the local storage area.
-The type and the size of the local storage is defined
-by the \fImap\fP argument.
-The \fIflags\fP meaning is specific for each map type,
-and has to be 0 for cgroup local storage.
-.sp
-Depending on the BPF program type, a local storage area
-can be shared between multiple instances of the BPF program,
-running simultaneously.
-.sp
-A user should care about the synchronization by themself.
-For example, by using the \fBBPF_STX_XADD\fP instruction to alter
-the shared data.
-.TP
-.B Return
-A pointer to the local storage area.
-.UNINDENT
-.TP
-.B \fBint bpf_sk_select_reuseport(struct sk_reuseport_md *\fP\fIreuse\fP\fB, struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIkey\fP\fB, u64\fP \fIflags\fP\fB)\fP
-.INDENT 7.0
-.TP
-.B Description
-Select a \fBSO_REUSEPORT\fP socket from a
-\fBBPF_MAP_TYPE_REUSEPORT_ARRAY\fP \fImap\fP\&.
-It checks the selected socket is matching the incoming
-request in the socket buffer.
-.TP
-.B Return
-0 on success, or a negative error in case of failure.
-.UNINDENT
-.TP
 .B \fBstruct bpf_sock *bpf_sk_lookup_tcp(void *\fP\fIctx\fP\fB, struct bpf_sock_tuple *\fP\fItuple\fP\fB, u32\fP \fItuple_size\fP\fB, u64\fP \fInetns\fP\fB, u64\fP \fIflags\fP\fB)\fP
 .INDENT 7.0
 .TP
@@ -2311,7 +2388,8 @@ This helper is available only if the kernel was compiled with
 .B Return
 Pointer to \fBstruct bpf_sock\fP, or \fBNULL\fP in case of failure.
 For sockets with reuseport option, the \fBstruct bpf_sock\fP
-result is from \fBreuse\->socks\fP[] using the hash of the tuple.
+result is from \fIreuse\fP\fB\->socks\fP[] using the hash of the
+tuple.
 .UNINDENT
 .TP
 .B \fBstruct bpf_sock *bpf_sk_lookup_udp(void *\fP\fIctx\fP\fB, struct bpf_sock_tuple *\fP\fItuple\fP\fB, u32\fP \fItuple_size\fP\fB, u64\fP \fInetns\fP\fB, u64\fP \fIflags\fP\fB)\fP
@@ -2354,7 +2432,8 @@ This helper is available only if the kernel was compiled with
 .B Return
 Pointer to \fBstruct bpf_sock\fP, or \fBNULL\fP in case of failure.
 For sockets with reuseport option, the \fBstruct bpf_sock\fP
-result is from \fBreuse\->socks\fP[] using the hash of the tuple.
+result is from \fIreuse\fP\fB\->socks\fP[] using the hash of the
+tuple.
 .UNINDENT
 .TP
 .B \fBint bpf_sk_release(struct bpf_sock *\fP\fIsock\fP\fB)\fP
@@ -2369,6 +2448,22 @@ non\-\fBNULL\fP pointer that was returned from
 0 on success, or a negative error in case of failure.
 .UNINDENT
 .TP
+.B \fBint bpf_map_push_elem(struct bpf_map *\fP\fImap\fP\fB, const void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Push an element \fIvalue\fP in \fImap\fP\&. \fIflags\fP is one of:
+.INDENT 7.0
+.TP
+.B \fBBPF_EXIST\fP
+If the queue/stack is full, the oldest element is
+removed to make room for this.
+.UNINDENT
+.TP
+.B Return
+0 on success, or a negative error in case of failure.
+.UNINDENT
+.TP
 .B \fBint bpf_map_pop_elem(struct bpf_map *\fP\fImap\fP\fB, void *\fP\fIvalue\fP\fB)\fP
 .INDENT 7.0
 .TP
@@ -2440,6 +2535,411 @@ the \fBCONFIG_BPF_LIRC_MODE2\fP configuration option set to
 "\fBy\fP".
 .TP
 .B Return
+0
+.UNINDENT
+.TP
+.B \fBint bpf_spin_lock(struct bpf_spin_lock *\fP\fIlock\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Acquire a spinlock represented by the pointer \fIlock\fP, which is
+stored as part of a value of a map. Taking the lock allows to
+safely update the rest of the fields in that value. The
+spinlock can (and must) later be released with a call to
+\fBbpf_spin_unlock\fP(\fIlock\fP).
+.sp
+Spinlocks in BPF programs come with a number of restrictions
+and constraints:
+.INDENT 7.0
+.IP \(bu 2
+\fBbpf_spin_lock\fP objects are only allowed inside maps of
+types \fBBPF_MAP_TYPE_HASH\fP and \fBBPF_MAP_TYPE_ARRAY\fP (this
+list could be extended in the future).
+.IP \(bu 2
+BTF description of the map is mandatory.
+.IP \(bu 2
+The BPF program can take ONE lock at a time, since taking two
+or more could cause dead locks.
+.IP \(bu 2
+Only one \fBstruct bpf_spin_lock\fP is allowed per map element.
+.IP \(bu 2
+When the lock is taken, calls (either BPF to BPF or helpers)
+are not allowed.
+.IP \(bu 2
+The \fBBPF_LD_ABS\fP and \fBBPF_LD_IND\fP instructions are not
+allowed inside a spinlock\-ed region.
+.IP \(bu 2
+The BPF program MUST call \fBbpf_spin_unlock\fP() to release
+the lock, on all execution paths, before it returns.
+.IP \(bu 2
+The BPF program can access \fBstruct bpf_spin_lock\fP only via
+the \fBbpf_spin_lock\fP() and \fBbpf_spin_unlock\fP()
+helpers. Loading or storing data into the \fBstruct
+bpf_spin_lock\fP \fIlock\fP\fB;\fP field of a map is not allowed.
+.IP \(bu 2
+To use the \fBbpf_spin_lock\fP() helper, the BTF description
+of the map value must be a struct and have \fBstruct
+bpf_spin_lock\fP \fIanyname\fP\fB;\fP field at the top level.
+Nested lock inside another struct is not allowed.
+.IP \(bu 2
+The \fBstruct bpf_spin_lock\fP \fIlock\fP field in a map value must
+be aligned on a multiple of 4 bytes in that value.
+.IP \(bu 2
+Syscall with command \fBBPF_MAP_LOOKUP_ELEM\fP does not copy
+the \fBbpf_spin_lock\fP field to user space.
+.IP \(bu 2
+Syscall with command \fBBPF_MAP_UPDATE_ELEM\fP, or update from
+a BPF program, do not update the \fBbpf_spin_lock\fP field.
+.IP \(bu 2
+\fBbpf_spin_lock\fP cannot be on the stack or inside a
+networking packet (it can only be inside of a map values).
+.IP \(bu 2
+\fBbpf_spin_lock\fP is available to root only.
+.IP \(bu 2
+Tracing programs and socket filter programs cannot use
+\fBbpf_spin_lock\fP() due to insufficient preemption checks
+(but this may change in the future).
+.IP \(bu 2
+\fBbpf_spin_lock\fP is not allowed in inner maps of map\-in\-map.
+.UNINDENT
+.TP
+.B Return
+0
+.UNINDENT
+.TP
+.B \fBint bpf_spin_unlock(struct bpf_spin_lock *\fP\fIlock\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Release the \fIlock\fP previously locked by a call to
+\fBbpf_spin_lock\fP(\fIlock\fP).
+.TP
+.B Return
+0
+.UNINDENT
+.TP
+.B \fBstruct bpf_sock *bpf_sk_fullsock(struct bpf_sock *\fP\fIsk\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+This helper gets a \fBstruct bpf_sock\fP pointer such
+that all the fields in this \fBbpf_sock\fP can be accessed.
+.TP
+.B Return
+A \fBstruct bpf_sock\fP pointer on success, or \fBNULL\fP in
+case of failure.
+.UNINDENT
+.TP
+.B \fBstruct bpf_tcp_sock *bpf_tcp_sock(struct bpf_sock *\fP\fIsk\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+This helper gets a \fBstruct bpf_tcp_sock\fP pointer from a
+\fBstruct bpf_sock\fP pointer.
+.TP
+.B Return
+A \fBstruct bpf_tcp_sock\fP pointer on success, or \fBNULL\fP in
+case of failure.
+.UNINDENT
+.TP
+.B \fBint bpf_skb_ecn_set_ce(struct sk_buf *\fP\fIskb\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Set ECN (Explicit Congestion Notification) field of IP header
+to \fBCE\fP (Congestion Encountered) if current value is \fBECT\fP
+(ECN Capable Transport). Otherwise, do nothing. Works with IPv6
+and IPv4.
+.TP
+.B Return
+1 if the \fBCE\fP flag is set (either by the current helper call
+or because it was already present), 0 if it is not set.
+.UNINDENT
+.TP
+.B \fBstruct bpf_sock *bpf_get_listener_sock(struct bpf_sock *\fP\fIsk\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Return a \fBstruct bpf_sock\fP pointer in \fBTCP_LISTEN\fP state.
+\fBbpf_sk_release\fP() is unnecessary and not allowed.
+.TP
+.B Return
+A \fBstruct bpf_sock\fP pointer on success, or \fBNULL\fP in
+case of failure.
+.UNINDENT
+.TP
+.B \fBstruct bpf_sock *bpf_skc_lookup_tcp(void *\fP\fIctx\fP\fB, struct bpf_sock_tuple *\fP\fItuple\fP\fB, u32\fP \fItuple_size\fP\fB, u64\fP \fInetns\fP\fB, u64\fP \fIflags\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Look for TCP socket matching \fItuple\fP, optionally in a child
+network namespace \fInetns\fP\&. The return value must be checked,
+and if non\-\fBNULL\fP, released via \fBbpf_sk_release\fP().
+.sp
+This function is identical to \fBbpf_sk_lookup_tcp\fP(), except
+that it also returns timewait or request sockets. Use
+\fBbpf_sk_fullsock\fP() or \fBbpf_tcp_sock\fP() to access the
+full structure.
+.sp
+This helper is available only if the kernel was compiled with
+\fBCONFIG_NET\fP configuration option.
+.TP
+.B Return
+Pointer to \fBstruct bpf_sock\fP, or \fBNULL\fP in case of failure.
+For sockets with reuseport option, the \fBstruct bpf_sock\fP
+result is from \fIreuse\fP\fB\->socks\fP[] using the hash of the
+tuple.
+.UNINDENT
+.TP
+.B \fBint bpf_tcp_check_syncookie(struct bpf_sock *\fP\fIsk\fP\fB, void *\fP\fIiph\fP\fB, u32\fP \fIiph_len\fP\fB, struct tcphdr *\fP\fIth\fP\fB, u32\fP \fIth_len\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Check whether \fIiph\fP and \fIth\fP contain a valid SYN cookie ACK for
+the listening socket in \fIsk\fP\&.
+.sp
+\fIiph\fP points to the start of the IPv4 or IPv6 header, while
+\fIiph_len\fP contains \fBsizeof\fP(\fBstruct iphdr\fP) or
+\fBsizeof\fP(\fBstruct ip6hdr\fP).
+.sp
+\fIth\fP points to the start of the TCP header, while \fIth_len\fP
+contains \fBsizeof\fP(\fBstruct tcphdr\fP).
+.TP
+.B Return
+0 if \fIiph\fP and \fIth\fP are a valid SYN cookie ACK, or a negative
+error otherwise.
+.UNINDENT
+.TP
+.B \fBint bpf_sysctl_get_name(struct bpf_sysctl *\fP\fIctx\fP\fB, char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB, u64\fP \fIflags\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Get name of sysctl in /proc/sys/ and copy it into provided by
+program buffer \fIbuf\fP of size \fIbuf_len\fP\&.
+.sp
+The buffer is always NUL terminated, unless it\(aqs zero\-sized.
+.sp
+If \fIflags\fP is zero, full name (e.g. "net/ipv4/tcp_mem") is
+copied. Use \fBBPF_F_SYSCTL_BASE_NAME\fP flag to copy base name
+only (e.g. "tcp_mem").
+.TP
+.B Return
+Number of character copied (not including the trailing NUL).
+.sp
+\fB\-E2BIG\fP if the buffer wasn\(aqt big enough (\fIbuf\fP will contain
+truncated name in this case).
+.UNINDENT
+.TP
+.B \fBint bpf_sysctl_get_current_value(struct bpf_sysctl *\fP\fIctx\fP\fB, char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Get current value of sysctl as it is presented in /proc/sys
+(incl. newline, etc), and copy it as a string into provided
+by program buffer \fIbuf\fP of size \fIbuf_len\fP\&.
+.sp
+The whole value is copied, no matter what file position user
+space issued e.g. sys_read at.
+.sp
+The buffer is always NUL terminated, unless it\(aqs zero\-sized.
+.TP
+.B Return
+Number of character copied (not including the trailing NUL).
+.sp
+\fB\-E2BIG\fP if the buffer wasn\(aqt big enough (\fIbuf\fP will contain
+truncated name in this case).
+.sp
+\fB\-EINVAL\fP if current value was unavailable, e.g. because
+sysctl is uninitialized and read returns \-EIO for it.
+.UNINDENT
+.TP
+.B \fBint bpf_sysctl_get_new_value(struct bpf_sysctl *\fP\fIctx\fP\fB, char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Get new value being written by user space to sysctl (before
+the actual write happens) and copy it as a string into
+provided by program buffer \fIbuf\fP of size \fIbuf_len\fP\&.
+.sp
+User space may write new value at file position > 0.
+.sp
+The buffer is always NUL terminated, unless it\(aqs zero\-sized.
+.TP
+.B Return
+Number of character copied (not including the trailing NUL).
+.sp
+\fB\-E2BIG\fP if the buffer wasn\(aqt big enough (\fIbuf\fP will contain
+truncated name in this case).
+.sp
+\fB\-EINVAL\fP if sysctl is being read.
+.UNINDENT
+.TP
+.B \fBint bpf_sysctl_set_new_value(struct bpf_sysctl *\fP\fIctx\fP\fB, const char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Override new value being written by user space to sysctl with
+value provided by program in buffer \fIbuf\fP of size \fIbuf_len\fP\&.
+.sp
+\fIbuf\fP should contain a string in same form as provided by user
+space on sysctl write.
+.sp
+User space may write new value at file position > 0. To override
+the whole sysctl value file position should be set to zero.
+.TP
+.B Return
+0 on success.
+.sp
+\fB\-E2BIG\fP if the \fIbuf_len\fP is too big.
+.sp
+\fB\-EINVAL\fP if sysctl is being read.
+.UNINDENT
+.TP
+.B \fBint bpf_strtol(const char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB, u64\fP \fIflags\fP\fB, long *\fP\fIres\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Convert the initial part of the string from buffer \fIbuf\fP of
+size \fIbuf_len\fP to a long integer according to the given base
+and save the result in \fIres\fP\&.
+.sp
+The string may begin with an arbitrary amount of white space
+(as determined by \fBisspace\fP(3)) followed by a single
+optional \(aq\fB\-\fP\(aq sign.
+.sp
+Five least significant bits of \fIflags\fP encode base, other bits
+are currently unused.
+.sp
+Base must be either 8, 10, 16 or 0 to detect it automatically
+similar to user space \fBstrtol\fP(3).
+.TP
+.B Return
+Number of characters consumed on success. Must be positive but
+no more than \fIbuf_len\fP\&.
+.sp
+\fB\-EINVAL\fP if no valid digits were found or unsupported base
+was provided.
+.sp
+\fB\-ERANGE\fP if resulting value was out of range.
+.UNINDENT
+.TP
+.B \fBint bpf_strtoul(const char *\fP\fIbuf\fP\fB, size_t\fP \fIbuf_len\fP\fB, u64\fP \fIflags\fP\fB, unsigned long *\fP\fIres\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Convert the initial part of the string from buffer \fIbuf\fP of
+size \fIbuf_len\fP to an unsigned long integer according to the
+given base and save the result in \fIres\fP\&.
+.sp
+The string may begin with an arbitrary amount of white space
+(as determined by \fBisspace\fP(3)).
+.sp
+Five least significant bits of \fIflags\fP encode base, other bits
+are currently unused.
+.sp
+Base must be either 8, 10, 16 or 0 to detect it automatically
+similar to user space \fBstrtoul\fP(3).
+.TP
+.B Return
+Number of characters consumed on success. Must be positive but
+no more than \fIbuf_len\fP\&.
+.sp
+\fB\-EINVAL\fP if no valid digits were found or unsupported base
+was provided.
+.sp
+\fB\-ERANGE\fP if resulting value was out of range.
+.UNINDENT
+.TP
+.B \fBvoid *bpf_sk_storage_get(struct bpf_map *\fP\fImap\fP\fB, struct bpf_sock *\fP\fIsk\fP\fB, void *\fP\fIvalue\fP\fB, u64\fP \fIflags\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Get a bpf\-local\-storage from a \fIsk\fP\&.
+.sp
+Logically, it could be thought of getting the value from
+a \fImap\fP with \fIsk\fP as the \fBkey\fP\&.  From this
+perspective,  the usage is not much different from
+\fBbpf_map_lookup_elem\fP(\fImap\fP, \fB&\fP\fIsk\fP) except this
+helper enforces the key must be a full socket and the map must
+be a \fBBPF_MAP_TYPE_SK_STORAGE\fP also.
+.sp
+Underneath, the value is stored locally at \fIsk\fP instead of
+the \fImap\fP\&.  The \fImap\fP is used as the bpf\-local\-storage
+"type". The bpf\-local\-storage "type" (i.e. the \fImap\fP) is
+searched against all bpf\-local\-storages residing at \fIsk\fP\&.
+.sp
+An optional \fIflags\fP (\fBBPF_SK_STORAGE_GET_F_CREATE\fP) can be
+used such that a new bpf\-local\-storage will be
+created if one does not exist.  \fIvalue\fP can be used
+together with \fBBPF_SK_STORAGE_GET_F_CREATE\fP to specify
+the initial value of a bpf\-local\-storage.  If \fIvalue\fP is
+\fBNULL\fP, the new bpf\-local\-storage will be zero initialized.
+.TP
+.B Return
+A bpf\-local\-storage pointer is returned on success.
+.sp
+\fBNULL\fP if not found or there was an error in adding
+a new bpf\-local\-storage.
+.UNINDENT
+.TP
+.B \fBint bpf_sk_storage_delete(struct bpf_map *\fP\fImap\fP\fB, struct bpf_sock *\fP\fIsk\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Delete a bpf\-local\-storage from a \fIsk\fP\&.
+.TP
+.B Return
+0 on success.
+.sp
+\fB\-ENOENT\fP if the bpf\-local\-storage cannot be found.
+.UNINDENT
+.TP
+.B \fBint bpf_send_signal(u32\fP \fIsig\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Send signal \fIsig\fP to the current task.
+.TP
+.B Return
+0 on success or successfully queued.
+.sp
+\fB\-EBUSY\fP if work queue under nmi is full.
+.sp
+\fB\-EINVAL\fP if \fIsig\fP is invalid.
+.sp
+\fB\-EPERM\fP if no permission to send the \fIsig\fP\&.
+.sp
+\fB\-EAGAIN\fP if bpf program can try again.
+.UNINDENT
+.TP
+.B \fBs64 bpf_tcp_gen_syncookie(struct bpf_sock *\fP\fIsk\fP\fB, void *\fP\fIiph\fP\fB, u32\fP \fIiph_len\fP\fB, struct tcphdr *\fP\fIth\fP\fB, u32\fP \fIth_len\fP\fB)\fP
+.INDENT 7.0
+.TP
+.B Description
+Try to issue a SYN cookie for the packet with corresponding
+IP/TCP headers, \fIiph\fP and \fIth\fP, on the listening socket in \fIsk\fP\&.
+.sp
+\fIiph\fP points to the start of the IPv4 or IPv6 header, while
+\fIiph_len\fP contains \fBsizeof\fP(\fBstruct iphdr\fP) or
+\fBsizeof\fP(\fBstruct ip6hdr\fP).
+.sp
+\fIth\fP points to the start of the TCP header, while \fIth_len\fP
+contains the length of the TCP header.
+.TP
+.B Return
+On success, lower 32 bits hold the generated SYN cookie in
+followed by 16 bits which hold the MSS value for that cookie,
+and the top 16 bits are unused.
+.sp
+On failure, the returned value is one of the following:
+.sp
+\fB\-EINVAL\fP SYN cookie cannot be issued due to error
+.sp
+\fB\-ENOENT\fP SYN cookie should not be issued (no SYN flood)
+.sp
+\fB\-EOPNOTSUPP\fP kernel configuration does not enable SYN cookies
+.sp
+\fB\-EPROTONOSUPPORT\fP IP packet version is not 4 or 6
 .UNINDENT
 .UNINDENT
 .SH EXAMPLES
@@ -2527,3 +3027,4 @@ pointers for network processing are listed in function
 \fBsocket\fP(7),
 \fBtc\-bpf\fP(8)
 .\" Generated by docutils manpage writer.
+.