Low-level BPF syscall interface using Java Panama FFI (Java 21+)
Low-level BPF syscall interface using Java Panama FFI (Java 21+)
(allocate-zeroed size)Allocate zeroed memory segment
Allocate zeroed memory segment
(bpf-link-create-kprobe prog-fd function-name retprobe?)Create a BPF link for kprobe using BPF_LINK_CREATE (modern method) Returns link FD
Create a BPF link for kprobe using BPF_LINK_CREATE (modern method) Returns link FD
(bpf-syscall cmd attr-mem)Make a BPF syscall with the given command and attributes
Make a BPF syscall with the given command and attributes
(errno->keyword errno-num)Convert errno number to keyword
Convert errno number to keyword
(ioctl fd request)(ioctl fd request arg)Make an ioctl syscall
Make an ioctl syscall
(map-batch-attr->segment attr)Convert MapBatchAttr to MemorySegment for syscall
Layout (offsets for batch operations):
Convert MapBatchAttr to MemorySegment for syscall Layout (offsets for batch operations): - map_fd: offset 0 (u32) - batch union: offset 8 (u64) - in_batch: pointer - out_batch: pointer - keys: pointer - values: offset 16 (u64 pointer) - count: offset 24 (u32) - elem_flags: offset 32 (u64)
(map-create {:keys [map-type key-size value-size max-entries map-flags
inner-map-fd numa-node map-name map-ifindex btf-fd
btf-key-type-id btf-value-type-id btf-vmlinux-value-type-id
map-extra]
:or {map-flags 0}})Create a BPF map
Create a BPF map
(map-create-attr->segment attr)Convert MapCreateAttr to MemorySegment for syscall
Convert MapCreateAttr to MemorySegment for syscall
(map-delete-batch map-fd
keys-seg
count
&
{:keys [elem-flags] :or {elem-flags 0}})Batch delete elements from BPF map
Parameters:
Returns the number of elements successfully deleted.
Batch delete elements from BPF map Parameters: - map-fd: Map file descriptor - keys-seg: MemorySegment for keys array - count: Number of elements to delete - elem-flags: Flags for elements (default 0) Returns the number of elements successfully deleted.
(map-delete-elem map-fd key-seg)Delete element from BPF map
Delete element from BPF map
(map-elem-attr->segment attr)Convert MapElemAttr to MemorySegment for syscall
Convert MapElemAttr to MemorySegment for syscall
(map-get-next-key map-fd key-seg next-key-seg)Get next key in BPF map (for iteration)
Get next key in BPF map (for iteration)
(map-lookup-and-delete-batch map-fd
keys-seg
values-seg
count
&
{:keys [elem-flags] :or {elem-flags 0}})Batch lookup and delete elements in BPF map
Parameters:
Returns the number of elements successfully processed. Elements are deleted from the map after being read.
Batch lookup and delete elements in BPF map Parameters: - map-fd: Map file descriptor - keys-seg: MemorySegment for keys array - values-seg: MemorySegment for values array - count: Number of elements to lookup and delete - elem-flags: Flags for elements (default 0) Returns the number of elements successfully processed. Elements are deleted from the map after being read.
(map-lookup-and-delete-elem map-fd key-seg value-seg)Atomically lookup and delete element from BPF map.
This is required for stack and queue maps where pop operations must be atomic. Regular maps can also use this for atomic lookup-and-delete operations.
Atomically lookup and delete element from BPF map. This is required for stack and queue maps where pop operations must be atomic. Regular maps can also use this for atomic lookup-and-delete operations.
(map-lookup-batch map-fd
keys-seg
values-seg
count
&
{:keys [elem-flags] :or {elem-flags 0}})Batch lookup elements in BPF map
Parameters:
Returns the number of elements successfully looked up. The count field in the attr structure is updated with the actual count.
Batch lookup elements in BPF map Parameters: - map-fd: Map file descriptor - keys-seg: MemorySegment for keys array - values-seg: MemorySegment for values array - count: Number of elements to lookup - elem-flags: Flags for elements (default 0) Returns the number of elements successfully looked up. The count field in the attr structure is updated with the actual count.
(map-lookup-elem map-fd key-seg value-seg)Lookup element in BPF map
Lookup element in BPF map
(map-next-key-attr->segment attr)Convert MapNextKeyAttr to MemorySegment for syscall
Convert MapNextKeyAttr to MemorySegment for syscall
(map-update-batch map-fd
keys-seg
values-seg
count
&
{:keys [elem-flags] :or {elem-flags 0}})Batch update elements in BPF map
Parameters:
Returns the number of elements successfully updated.
Batch update elements in BPF map Parameters: - map-fd: Map file descriptor - keys-seg: MemorySegment for keys array - values-seg: MemorySegment for values array - count: Number of elements to update - elem-flags: Flags for elements (default 0, can be BPF_ANY, BPF_NOEXIST, BPF_EXIST) Returns the number of elements successfully updated.
(map-update-elem map-fd key-seg value-seg flags)Update element in BPF map
Update element in BPF map
(obj-get pathname & {:keys [file-flags] :or {file-flags 0}})Get BPF object from filesystem
Get BPF object from filesystem
(obj-pin pathname bpf-fd & {:keys [file-flags] :or {file-flags 0}})Pin BPF object to filesystem
Pin BPF object to filesystem
(obj-pin-attr->segment attr)Convert ObjPinAttr to MemorySegment for syscall
Convert ObjPinAttr to MemorySegment for syscall
(perf-event-open event-type config pid cpu group-fd flags)Open a perf event (used for kprobes/uprobes)
Open a perf event (used for kprobes/uprobes)
(prog-load {:keys [prog-type insn-cnt insns license log-level log-size log-buf
kern-version prog-flags prog-name prog-ifindex
expected-attach-type prog-btf-fd func-info-rec-size func-info
func-info-cnt line-info-rec-size line-info line-info-cnt
attach-btf-id attach-prog-fd]
:or {log-level 0 log-size 0 kern-version 0 prog-flags 0}})Load a BPF program
Load a BPF program
(prog-load-attr->segment attr)Convert ProgLoadAttr to MemorySegment for syscall
Convert ProgLoadAttr to MemorySegment for syscall
(prog-test-run
prog-fd
{:keys [data-in data-size-out ctx-in ctx-size-out repeat flags cpu]
:or {data-size-out nil ctx-in nil ctx-size-out 0 repeat 1 flags 0 cpu 0}})Run a BPF program in test mode with synthetic input.
This uses the BPF_PROG_TEST_RUN command to execute a BPF program without attaching it to a real hook.
Parameters:
Returns a map with:
Example:
;; Test an XDP program
(let [packet (byte-array [...])
result (prog-test-run prog-fd {:data-in packet :repeat 1000})]
(println "Return value:" (:retval result))
(println "Duration:" (:duration-ns result) "ns"))
Supported program types:
Run a BPF program in test mode with synthetic input.
This uses the BPF_PROG_TEST_RUN command to execute a BPF program
without attaching it to a real hook.
Parameters:
- prog-fd: Program file descriptor
- opts: Map with:
- :data-in - Input data as byte array (e.g., packet data)
- :data-size-out - Size of output buffer (default: size of data-in or 256)
- :ctx-in - Context data as byte array (program-type specific)
- :ctx-size-out - Size of context output buffer (default: 0)
- :repeat - Number of times to run (default: 1, for benchmarking)
- :flags - Test run flags (default: 0)
- :cpu - CPU to run on (default: 0, use -1 for any)
Returns a map with:
- :retval - Return value from BPF program (e.g., XDP_PASS=2, XDP_DROP=1)
- :data-out - Output data (byte array, modified packet)
- :ctx-out - Output context (byte array, if ctx-size-out > 0)
- :duration-ns - Execution time in nanoseconds (average if repeat > 1)
- :data-size-out - Actual size of output data
Example:
```clojure
;; Test an XDP program
(let [packet (byte-array [...])
result (prog-test-run prog-fd {:data-in packet :repeat 1000})]
(println "Return value:" (:retval result))
(println "Duration:" (:duration-ns result) "ns"))
```
Supported program types:
- XDP (xdp_md context)
- Sched CLS/ACT (sk_buff context)
- Socket filter
- Raw tracepoint
- Flow dissector(prog-test-run-attr->segment attr)Convert ProgTestRunAttr to MemorySegment for syscall.
bpf_attr for BPF_PROG_TEST_RUN layout: offset 0: prog_fd (u32) offset 4: retval (u32) - output offset 8: data_size_in (u32) offset 12: data_size_out (u32) - input/output offset 16: data_in (u64 pointer) offset 24: data_out (u64 pointer) offset 32: repeat (u32) offset 36: duration (u32) - output, nanoseconds offset 40: ctx_size_in (u32) offset 44: ctx_size_out (u32) - input/output offset 48: ctx_in (u64 pointer) offset 56: ctx_out (u64 pointer) offset 64: flags (u32) offset 68: cpu (u32)
Convert ProgTestRunAttr to MemorySegment for syscall. bpf_attr for BPF_PROG_TEST_RUN layout: offset 0: prog_fd (u32) offset 4: retval (u32) - output offset 8: data_size_in (u32) offset 12: data_size_out (u32) - input/output offset 16: data_in (u64 pointer) offset 24: data_out (u64 pointer) offset 32: repeat (u32) offset 36: duration (u32) - output, nanoseconds offset 40: ctx_size_in (u32) offset 44: ctx_size_out (u32) - input/output offset 48: ctx_in (u64 pointer) offset 56: ctx_out (u64 pointer) offset 64: flags (u32) offset 68: cpu (u32)
(raw-syscall nr & args)Make a raw syscall with variable arguments.
Parameters:
Returns the syscall result (may be negative on error)
Make a raw syscall with variable arguments. Parameters: - nr: syscall number - args: variable arguments (integers or MemorySegments) Returns the syscall result (may be negative on error)
(raw-tracepoint-attr->segment attr)Convert RawTracepointAttr to MemorySegment for syscall
Convert RawTracepointAttr to MemorySegment for syscall
(raw-tracepoint-open name prog-fd)Open a raw tracepoint and attach BPF program
Open a raw tracepoint and attach BPF program
(with-arena f)Execute function with a confined arena for memory allocations
Execute function with a confined arena for memory allocations
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |