title | description | hide |
---|---|---|
Helper functions |
This page is an overview of all available eBPF helper functions in the linux kernel. It provides a categorization of the helper functions by their purpose. |
toc |
Helper functions are functions defined by the kernel which can be invoked from eBPF programs. These helper functions allow eBPF programs to interact with the kernel as if calling a function. The kernel places restrictions on the usage of these helper functions to prevent misuse. Check the pages of the individual calls for details on its usage.
Helper functions can have a large variety of purposes. This page attempts to categorize them by function.
These are helpers with the primary purpose involves the interaction with a map.
These helpers can be used on a lot of different maps, especially the generic map types like array and hash maps.
- bpf_map_lookup_elem
- bpf_map_update_elem
- bpf_map_delete_elem
- bpf_for_each_map_elem
- bpf_map_lookup_percpu_elem
- bpf_spin_lock
- bpf_spin_unlock
These helpers are used with BPF_MAP_TYPE_PERF_EVENT_ARRAY
maps.
These helpers are used with BPF_MAP_TYPE_PROG_ARRAY
maps.
These helpers are used to manage timers.
These helpers are used with BPF_MAP_TYPE_QUEUE
and BPF_MAP_TYPE_STACK
maps.
These helpers are used with BPF_MAP_TYPE_RINGBUF
maps.
- bpf_ringbuf_output
- bpf_ringbuf_reserve
- bpf_ringbuf_submit
- bpf_ringbuf_discard
- bpf_ringbuf_query
- bpf_ringbuf_reserve_dynptr
- bpf_ringbuf_submit_dynptr
- bpf_ringbuf_discard_dynptr
These helpers are used with BPF_MAP_TYPE_SOCKMAP
These helpers are used with BPF_MAP_TYPE_SOCKHASH
These helpers are used with BPF_MAP_TYPE_TASK_STORAGE
maps.
These helpers are used with BPF_MAP_TYPE_INODE_STORAGE
maps.
These helpers are used with BPF_MAP_TYPE_SK_STORAGE
maps.
These helpers are used with BPF_MAP_TYPE_CGROUP_STORAGE
and BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE
maps.
These helpers are used with BPF_MAP_TYPE_CGRP_STORAGE
maps.
These helpers are related to BPF_MAP_TYPE_USER_RINGBUF
maps.
These helpers are used in probing and tracing functions like kprobes, tracepoints and uprobes.
These helpers are used to read from or write to kernel or userspace memory.
- bpf_probe_read
- bpf_probe_write_user
- bpf_probe_read_str
- bpf_get_stack
- bpf_probe_read_user
- bpf_probe_read_kernel
- bpf_probe_read_user_str
- bpf_probe_read_kernel_str
- bpf_copy_from_user
- bpf_copy_from_user_task
- bpf_copy_from_user_task
- bpf_find_vma
These helpers are used to influence processes.
These helpers return information specific to BPF_PROG_TYPE_TRACING
programs.
These helpers return information specific to BPF_PROG_TYPE_PERF_EVENT
programs.
These helpers return information from the kernel which is otherwise not available to eBPF programs.
These helpers return time information.
These helpers return information about processes, particularly the one for which the current eBPF program is invoked.
- bpf_get_current_pid_tgid
- bpf_get_current_uid_gid
- bpf_get_current_comm
- bpf_get_cgroup_classid
- bpf_get_ns_current_pid_tgid
- bpf_get_current_task
- bpf_get_stackid
- bpf_current_task_under_cgroup
- bpf_get_current_cgroup_id
- bpf_get_current_ancestor_cgroup_id
- bpf_get_task_stack
- bpf_get_current_task_btf
- bpf_task_pt_regs
These helpers return information about the current state of the CPU.
- bpf_get_smp_processor_id
- bpf_get_numa_node_id
- bpf_read_branch_records
- bpf_get_branch_snapshot
- bpf_per_cpu_ptr
- bpf_this_cpu_ptr
These helpers are used to print logs from an eBPF program which will appear in the kernel tracing log.
These helpers are used to print logs to the sequence files used by eBPF iterator programs.
These helpers are related to networking.
These helpers read from, write to, or modify socket buffers in some way.
- bpf_skb_store_bytes
- bpf_skb_load_bytes
- bpf_skb_vlan_push
- bpf_skb_vlan_pop
- bpf_skb_get_tunnel_key
- bpf_skb_set_tunnel_key
- bpf_skb_get_tunnel_opt
- bpf_skb_set_tunnel_opt
- bpf_skb_change_proto
- bpf_skb_change_type
- bpf_skb_under_cgroup
- bpf_skb_change_tail
- bpf_skb_pull_data
- bpf_skb_adjust_room
- bpf_skb_change_head
- bpf_skb_get_xfrm_state
- bpf_skb_load_bytes_relative
- bpf_skb_cgroup_id
- bpf_skb_ancestor_cgroup_id
- bpf_skb_ecn_set_ce
- bpf_skb_cgroup_classid
- bpf_skb_set_tstamp
- bpf_set_hash
- bpf_get_hash_recalc
- bpf_set_hash_invalid
These helpers calculate and/or update checksums.
These helpers redirect the flow of packets in some way.
- bpf_clone_redirect
- bpf_redirect
- bpf_redirect_map
- bpf_sk_redirect_map
- bpf_msg_redirect_map
- bpf_redirect_peer
- bpf_sk_redirect_hash
- bpf_msg_redirect_hash
- bpf_redirect_neigh
- bpf_sk_assign
- bpf_sk_select_reuseport
These helpers are specific to BPF_PROG_TYPE_XDP
programs.
- bpf_xdp_adjust_head
- bpf_xdp_adjust_tail
- bpf_xdp_adjust_meta
- bpf_xdp_get_buff_len
- bpf_xdp_load_bytes
- bpf_xdp_store_bytes
These helpers are specific to BPF_PROG_TYPE_SK_MSG
programs.
These helpers are specific to BPF_PROG_TYPE_LWT_*
programs.
These helpers are related to syn cookies.
- bpf_tcp_check_syncookie
- bpf_tcp_gen_syncookie
- bpf_tcp_raw_gen_syncookie_ipv4
- bpf_tcp_raw_gen_syncookie_ipv6
- bpf_tcp_raw_check_syncookie_ipv4
- bpf_tcp_raw_check_syncookie_ipv6
These helpers are related to socket.
- bpf_sk_lookup_tcp
- bpf_sk_lookup_udp
- bpf_sk_release
- bpf_sk_fullsock
- bpf_sk_cgroup_id
- bpf_sk_ancestor_cgroup_id
- bpf_get_socket_cookie
- bpf_get_socket_uid
- bpf_setsockopt
- bpf_getsockopt
- bpf_sock_ops_cb_flags_set
- bpf_tcp_sock
- bpf_get_listener_sock
- bpf_tcp_send_ack
- bpf_skc_lookup_tcp
- bpf_skc_to_tcp6_sock
- bpf_skc_to_tcp_sock
- bpf_skc_to_tcp_timewait_sock
- bpf_skc_to_tcp_request_sock
- bpf_skc_to_udp6_sock
- bpf_skc_to_mptcp_sock
- bpf_skc_to_unix_sock
- bpf_bind
These helpers are specific to BPF_PROG_TYPE_SOCK_OPS
programs.
These helpers are specific to BPF_PROG_TYPE_LIRC_MODE2
programs.
These helpers are specific to BPF_PROG_TYPE_SYSCALL
programs.
These helpers are specific to BPF_PROG_TYPE_LSM
programs.
These helpers are specific to BPF_PROG_TYPE_CGROUP_SYSCTL
programs.
These helpers are related to dynamic pointers
These helpers are used to execute loops.
These helpers are smaller utility functions which don't really fit in elsewhere.