lb.programs.common

Liking cljdoc? Tell your friends :D

Clojure only.

add-imm
add-reg
assemble-program
BPF-F-PSEUDO-HDR
BPF-F-RECOMPUTE-CSUM
BPF-FUNC-csum-diff
BPF-FUNC-get-prandom-u32
BPF-FUNC-ktime-get-ns
BPF-FUNC-l3-csum-replace
BPF-FUNC-l4-csum-replace
BPF-FUNC-map-delete-elem
BPF-FUNC-map-lookup-elem
BPF-FUNC-map-update-elem
BPF-FUNC-redirect
BPF-FUNC-redirect-map
BPF-FUNC-ringbuf-discard
BPF-FUNC-ringbuf-reserve
BPF-FUNC-ringbuf-submit
BPF-FUNC-xdp-adjust-head
build-bounds-check
build-get-prandom-u32
build-ktime-get-ns
build-l3-csum-replace
build-l4-csum-replace
build-map-lookup
build-map-update
build-parse-eth
build-parse-ip
build-parse-ipv6
build-parse-l4
build-parse-l4-ipv6
build-random-mod-100
build-rate-limit-check
build-ringbuf-discard
build-ringbuf-reserve
build-ringbuf-submit
ETH-HLEN
ETH-P-IP
ETH-P-IP-BE
ETH-P-IPV6
ETH-P-IPV6-BE
flatten-instructions
FNV1A-64-OFFSET-BASIS-HI
FNV1A-64-OFFSET-BASIS-LO
FNV1A-64-PRIME-HI
FNV1A-64-PRIME-LO
HTTPS-PORT-BE
IP-HLEN-MIN
IPPROTO-ICMP
IPPROTO-ICMPV6
IPPROTO-TCP
IPPROTO-UDP
IPV6-HLEN
IPV6-OFF-DST
IPV6-OFF-HOP-LIMIT
IPV6-OFF-NEXT-HEADER
IPV6-OFF-SRC
ldx-b
ldx-dw
ldx-h
ldx-w
map-fd
MAX-SNI-LENGTH
MAX-TLS-EXTENSIONS
mov-imm
mov-reg
RATE-LIMIT-CONFIG-BACKEND
RATE-LIMIT-CONFIG-SRC
stx-b
stx-dw
stx-h
stx-w
sub-imm
sub-reg
TC-ACT-OK
TC-ACT-REDIRECT
TC-ACT-SHOT
tc-drop-all
tc-pass-all
TCP-HLEN-MIN
TLS-CONTENT-TYPE-HANDSHAKE
TLS-EXT-SNI
TLS-HANDSHAKE-CLIENT-HELLO
TLS-HANDSHAKE-HEADER-SIZE
TLS-HANDSHAKE-LENGTH-OFF
TLS-HANDSHAKE-TYPE-OFF
TLS-RECORD-CONTENT-TYPE-OFF
TLS-RECORD-HEADER-SIZE
TLS-RECORD-LENGTH-OFF
TLS-RECORD-VERSION-OFF
TLS-SNI-NAME-TYPE-HOSTNAME
TOKEN-SCALE
UDP-HLEN
XDP-ABORTED
XDP-DROP
xdp-drop-all
XDP-PASS
xdp-pass-all
XDP-REDIRECT
XDP-TX

Common eBPF program fragments and DSL utilities shared between XDP and TC programs.

Common eBPF program fragments and DSL utilities shared between XDP and TC programs.

raw docstring

add-imm^clj

(add-imm dst imm)

Add immediate to register.

Add immediate to register.

source raw docstring

add-reg^clj

(add-reg dst src)

Add register to register.

Add register to register.

source raw docstring

assemble-program^clj

(assemble-program & fragments)

Assemble a program from instruction fragments. Returns BPF bytecode ready for loading.

Assemble a program from instruction fragments.
Returns BPF bytecode ready for loading.

source raw docstring

build-bounds-check^clj

(build-bounds-check offset size fail-offset)

Generate instructions to check if accessing [data + offset, data + offset + size) is within packet bounds. Jumps forward by fail-offset if out of bounds.

Assumes: r6 = data start, r7 = data end Uses: r8 as scratch

Generate instructions to check if accessing [data + offset, data + offset + size)
is within packet bounds. Jumps forward by fail-offset if out of bounds.

Assumes: r6 = data start, r7 = data end
Uses: r8 as scratch

source raw docstring

build-get-prandom-u32^clj

(build-get-prandom-u32)

Get a pseudo-random 32-bit number. Result in r0.

Get a pseudo-random 32-bit number.
Result in r0.

source raw docstring

build-ktime-get-ns^clj

(build-ktime-get-ns)

Get current time in nanoseconds. Result in r0.

Get current time in nanoseconds.
Result in r0.

source raw docstring

build-l3-csum-replace^clj

(build-l3-csum-replace skb-reg csum-off old-reg new-reg)

Generate incremental IP checksum update.

skb-reg: Register containing skb/xdp_md pointer csum-off: Offset of checksum field in packet old-val: Old value (in register) new-val: New value (in register)

Generate incremental IP checksum update.

skb-reg: Register containing skb/xdp_md pointer
csum-off: Offset of checksum field in packet
old-val: Old value (in register)
new-val: New value (in register)

source raw docstring

build-l4-csum-replace^clj

(build-l4-csum-replace skb-reg csum-off old-reg new-reg flags)

Generate incremental L4 (TCP/UDP) checksum update.

skb-reg: Register containing skb/xdp_md pointer csum-off: Offset of checksum field in packet old-val: Old value (in register) new-val: New value (in register) flags: BPF_F flags (use BPF-F-PSEUDO-HDR for IP address changes)

Generate incremental L4 (TCP/UDP) checksum update.

skb-reg: Register containing skb/xdp_md pointer
csum-off: Offset of checksum field in packet
old-val: Old value (in register)
new-val: New value (in register)
flags: BPF_F flags (use BPF-F-PSEUDO-HDR for IP address changes)

source raw docstring

build-map-lookup^clj

(build-map-lookup map-fd key-stack-off)

Generate instructions for bpf_map_lookup_elem.

Args: map-fd: The map file descriptor (will be loaded as 64-bit immediate) key-stack-off: Stack offset where key is stored (negative)

Returns: instructions that leave result pointer in r0 (or NULL)

Generate instructions for bpf_map_lookup_elem.

Args:
  map-fd: The map file descriptor (will be loaded as 64-bit immediate)
  key-stack-off: Stack offset where key is stored (negative)

Returns: instructions that leave result pointer in r0 (or NULL)

source raw docstring

build-map-update^clj

(build-map-update map-fd key-stack-off value-stack-off flags)

Generate instructions for bpf_map_update_elem.

Args: map-fd: The map file descriptor key-stack-off: Stack offset where key is stored value-stack-off: Stack offset where value is stored flags: Update flags (0 = any, 1 = noexist, 2 = exist)

Generate instructions for bpf_map_update_elem.

Args:
  map-fd: The map file descriptor
  key-stack-off: Stack offset where key is stored
  value-stack-off: Stack offset where value is stored
  flags: Update flags (0 = any, 1 = noexist, 2 = exist)

source raw docstring

build-parse-eth^clj

(build-parse-eth pass-offset)

Parse Ethernet header and check for IPv4.

Assumes: r6 = data, r7 = data_end After: jumps forward by pass-offset if not IPv4 Uses: r8 as scratch

Parse Ethernet header and check for IPv4.

Assumes: r6 = data, r7 = data_end
After: jumps forward by pass-offset if not IPv4
Uses: r8 as scratch

source raw docstring

build-parse-ip^clj

(build-parse-ip pass-offset)

Parse IPv4 header, extract protocol and addresses.

Assumes: r6 = data, r7 = data_end, Ethernet header already validated Stores on stack: stack[-4] = protocol (1 byte as word) stack[-8] = src IP stack[-12] = dst IP stack[-16] = IP header length (bytes) Uses: r8, r9 as scratch

Parse IPv4 header, extract protocol and addresses.

Assumes: r6 = data, r7 = data_end, Ethernet header already validated
Stores on stack:
  stack[-4]  = protocol (1 byte as word)
  stack[-8]  = src IP
  stack[-12] = dst IP
  stack[-16] = IP header length (bytes)
Uses: r8, r9 as scratch

source raw docstring

build-parse-ipv6^clj

(build-parse-ipv6 pass-offset)

Parse IPv6 header, extract next header (protocol) and addresses.

IPv6 has a fixed 40-byte header (no options in base header).

Assumes: r6 = data, r7 = data_end, Ethernet header already validated Stores on stack (unified format with 16-byte addresses): stack[-4] = next header (protocol, 1 byte as word) stack[-20] = src IP (16 bytes, at stack[-20..-5]) stack[-36] = dst IP (16 bytes, at stack[-36..-21]) stack[-40] = header length (always 40 for base IPv6) Uses: r8, r9 as scratch

Parse IPv6 header, extract next header (protocol) and addresses.

IPv6 has a fixed 40-byte header (no options in base header).

Assumes: r6 = data, r7 = data_end, Ethernet header already validated
Stores on stack (unified format with 16-byte addresses):
  stack[-4]   = next header (protocol, 1 byte as word)
  stack[-20]  = src IP (16 bytes, at stack[-20..-5])
  stack[-36]  = dst IP (16 bytes, at stack[-36..-21])
  stack[-40]  = header length (always 40 for base IPv6)
Uses: r8, r9 as scratch

source raw docstring

build-parse-l4^clj

(build-parse-l4 pass-offset)

Parse TCP/UDP header to extract ports.

Assumes: stack[-16] = IP header length, r6 = data, r7 = data_end Stores on stack: stack[-20] = src port stack[-24] = dst port Uses: r8, r9

Parse TCP/UDP header to extract ports.

Assumes: stack[-16] = IP header length, r6 = data, r7 = data_end
Stores on stack:
  stack[-20] = src port
  stack[-24] = dst port
Uses: r8, r9

source raw docstring

build-parse-l4-ipv6^clj

(build-parse-l4-ipv6 pass-offset)

Parse TCP/UDP header to extract ports for IPv6.

IPv6 has fixed 40-byte header, so L4 is always at ETH_HLEN + 40.

Assumes: r6 = data, r7 = data_end, IPv6 header validated Stores on stack: stack[-44] = src port stack[-48] = dst port Uses: r8, r9

Parse TCP/UDP header to extract ports for IPv6.

IPv6 has fixed 40-byte header, so L4 is always at ETH_HLEN + 40.

Assumes: r6 = data, r7 = data_end, IPv6 header validated
Stores on stack:
  stack[-44] = src port
  stack[-48] = dst port
Uses: r8, r9

source raw docstring

build-random-mod-100^clj

(build-random-mod-100)

Generate random number in range [0, 99]. Result in r0. Uses: r0, r1 as scratch

Generate random number in range [0, 99].
Result in r0.
Uses: r0, r1 as scratch

source raw docstring

build-rate-limit-check^clj

(build-rate-limit-check config-map-fd
                        config-index
                        bucket-map-fd
                        key-stack-off
                        scratch-stack-off
                        skip-label
                        drop-label)

Generate BPF instructions for token bucket rate limit check.

This implements a token bucket algorithm:

Load config from config-map at config-index
If rate == 0, skip (rate limiting disabled)
Load/create bucket from bucket-map using key at key-stack-off
Calculate elapsed time since last update
Add tokens: new_tokens = old_tokens + elapsed_ns * rate / 1e9
Cap at burst
If tokens >= 1 (1000 scaled), consume and continue
Else jump to drop-label

Stack usage (relative to current-stack-off): offset 0-15: rate limit config (rate, burst) offset 16-31: bucket state (tokens, last_update)

Parameters: config-map-fd: FD for rate_limit_config array map config-index: 0 for source, 1 for backend bucket-map-fd: FD for rate_limit_src or rate_limit_backend LRU map key-stack-off: Stack offset where lookup key is stored scratch-stack-off: Stack offset for scratch space (needs 32 bytes) skip-label: Label to jump to if rate limiting disabled/passed drop-label: Label to jump to if rate limited

Generate BPF instructions for token bucket rate limit check.

This implements a token bucket algorithm:
1. Load config from config-map at config-index
2. If rate == 0, skip (rate limiting disabled)
3. Load/create bucket from bucket-map using key at key-stack-off
4. Calculate elapsed time since last update
5. Add tokens: new_tokens = old_tokens + elapsed_ns * rate / 1e9
6. Cap at burst
7. If tokens >= 1 (1000 scaled), consume and continue
8. Else jump to drop-label

Stack usage (relative to current-stack-off):
offset 0-15: rate limit config (rate, burst)
offset 16-31: bucket state (tokens, last_update)

Parameters:
config-map-fd: FD for rate_limit_config array map
config-index: 0 for source, 1 for backend
bucket-map-fd: FD for rate_limit_src or rate_limit_backend LRU map
key-stack-off: Stack offset where lookup key is stored
scratch-stack-off: Stack offset for scratch space (needs 32 bytes)
skip-label: Label to jump to if rate limiting disabled/passed
drop-label: Label to jump to if rate limited

source raw docstring

build-ringbuf-discard^clj

(build-ringbuf-discard ptr-reg)

Discard ring buffer reservation.

ptr-reg: Register containing pointer from reserve

Discard ring buffer reservation.

ptr-reg: Register containing pointer from reserve

source raw docstring

build-ringbuf-reserve^clj

(build-ringbuf-reserve ringbuf-fd size)

Reserve space in ring buffer.

ringbuf-fd: Ring buffer map FD size: Size to reserve

Returns ptr in r0 (or NULL on failure)

Reserve space in ring buffer.

ringbuf-fd: Ring buffer map FD
size: Size to reserve

Returns ptr in r0 (or NULL on failure)

source raw docstring

build-ringbuf-submit^clj

(build-ringbuf-submit ptr-reg)

Submit ring buffer entry.

ptr-reg: Register containing pointer from reserve

Submit ring buffer entry.

ptr-reg: Register containing pointer from reserve

source raw docstring

ETH-HLEN^clj

source

ETH-P-IP^clj

source

ETH-P-IP-BE^clj

source

ETH-P-IPV6^clj

source

ETH-P-IPV6-BE^clj

source

flatten-instructions^clj

(flatten-instructions & instruction-groups)

Flatten nested instruction vectors. Returns a flat vector of instructions.

Flatten nested instruction vectors.
Returns a flat vector of instructions.

source raw docstring

FNV1A-64-OFFSET-BASIS-HI^clj

source

FNV1A-64-OFFSET-BASIS-LO^clj

source

FNV1A-64-PRIME-HI^clj

source

FNV1A-64-PRIME-LO^clj

source

HTTPS-PORT-BE^clj

source

IP-HLEN-MIN^clj

source

IPPROTO-ICMP^clj

source

IPPROTO-ICMPV6^clj

source

IPPROTO-TCP^clj

source

IPPROTO-UDP^clj

source

IPV6-HLEN^clj

source

IPV6-OFF-DST^clj

source

IPV6-OFF-HOP-LIMIT^clj

source

IPV6-OFF-NEXT-HEADER^clj

source

IPV6-OFF-SRC^clj

source

ldx-b^clj

(ldx-b dst src off)

Load byte from memory.

Load byte from memory.

source raw docstring

ldx-dw^clj

(ldx-dw dst src off)

Load double-word (8 bytes) from memory.

Load double-word (8 bytes) from memory.

source raw docstring

ldx-h^clj

(ldx-h dst src off)

Load half-word (2 bytes) from memory.

Load half-word (2 bytes) from memory.

source raw docstring

ldx-w^clj

(ldx-w dst src off)

Load word (4 bytes) from memory.

Load word (4 bytes) from memory.

source raw docstring

map-fd^clj

(map-fd m)

Get the raw file descriptor for a map. This is needed when building eBPF programs that reference maps.

Get the raw file descriptor for a map.
This is needed when building eBPF programs that reference maps.

source raw docstring

MAX-SNI-LENGTH^clj

source

MAX-TLS-EXTENSIONS^clj

source

mov-imm^clj

(mov-imm dst imm)

Move immediate value to register.

Move immediate value to register.

source raw docstring

mov-reg^clj

(mov-reg dst src)

Move register to register.

Move register to register.

source raw docstring

RATE-LIMIT-CONFIG-BACKEND^clj

source

RATE-LIMIT-CONFIG-SRC^clj

source

stx-b^clj

(stx-b dst src off)

Store byte to memory. Signature: *(dst + off) = src

Store byte to memory.
Signature: *(dst + off) = src

source raw docstring

stx-dw^clj

(stx-dw dst src off)

Store double-word to memory. Signature: *(dst + off) = src

Store double-word to memory.
Signature: *(dst + off) = src

source raw docstring

stx-h^clj

(stx-h dst src off)

Store half-word to memory. Signature: *(dst + off) = src

Store half-word to memory.
Signature: *(dst + off) = src

source raw docstring

stx-w^clj

(stx-w dst src off)

Store word to memory. Signature: *(dst + off) = src

Store word to memory.
Signature: *(dst + off) = src

source raw docstring

sub-imm^clj

(sub-imm dst imm)

Subtract immediate from register.

Subtract immediate from register.

source raw docstring

sub-reg^clj

(sub-reg dst src)

Subtract register from register.

Subtract register from register.

source raw docstring

TC-ACT-OK^clj

source

TC-ACT-REDIRECT^clj

source

TC-ACT-SHOT^clj

source

tc-drop-all^clj

(tc-drop-all)

Simple TC program that drops all packets.

Simple TC program that drops all packets.

source raw docstring

tc-pass-all^clj

(tc-pass-all)

Simple TC program that passes all packets.

Simple TC program that passes all packets.

source raw docstring

TCP-HLEN-MIN^clj

source

TLS-CONTENT-TYPE-HANDSHAKE^clj

source

TLS-EXT-SNI^clj

source

TLS-HANDSHAKE-CLIENT-HELLO^clj

source

TLS-HANDSHAKE-HEADER-SIZE^clj

source

TLS-HANDSHAKE-LENGTH-OFF^clj

source

TLS-HANDSHAKE-TYPE-OFF^clj

source

TLS-RECORD-CONTENT-TYPE-OFF^clj

source

TLS-RECORD-HEADER-SIZE^clj

source

TLS-RECORD-LENGTH-OFF^clj

source

TLS-RECORD-VERSION-OFF^clj

source

TLS-SNI-NAME-TYPE-HOSTNAME^clj

source

TOKEN-SCALE^clj

source

UDP-HLEN^clj

source

XDP-ABORTED^clj

source

XDP-DROP^clj

source

xdp-drop-all^clj

(xdp-drop-all)

Simple XDP program that drops all packets.

Simple XDP program that drops all packets.

source raw docstring

XDP-PASS^clj

source

xdp-pass-all^clj

(xdp-pass-all)

Simple XDP program that passes all packets. Useful for testing XDP attachment.

Simple XDP program that passes all packets.
Useful for testing XDP attachment.

source raw docstring

XDP-REDIRECT^clj

source

XDP-TX^clj

source

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts

`Ctrl`+`k`	Jump to recent docs
`←`	Move to previous article
`→`	Move to next article
`Ctrl`+`/`	Jump to the search field

Raise an issue Browse cljdoc source Chat on Slack

× close