TC (Traffic Control) support for BPF packet filtering and QoS
TC (Traffic Control) support for BPF packet filtering and QoS
(add-clsact-qdisc ifname)Add clsact qdisc to a network interface.
The clsact qdisc is required before attaching TC BPF programs. It provides ingress and egress attachment points.
Parameters:
Returns the interface index.
Example: (add-clsact-qdisc "eth0")
Add clsact qdisc to a network interface. The clsact qdisc is required before attaching TC BPF programs. It provides ingress and egress attachment points. Parameters: - ifname: Interface name (e.g., "eth0") or interface index (integer) Returns the interface index. Example: (add-clsact-qdisc "eth0")
(attach-tc-filter ifname
prog-fd
direction
&
{:keys [prog-name priority auto-qdisc]
:or {prog-name "tc_bpf" priority 1 auto-qdisc true}})Attach TC BPF program as a filter on a network interface.
Parameters:
Returns a map with :ifindex and :direction for use with detach-tc-filter.
Example: (attach-tc-filter "eth0" prog-fd :ingress {:prog-name "my_filter" :priority 1})
Attach TC BPF program as a filter on a network interface.
Parameters:
- ifname: Interface name (e.g., "eth0") or interface index (integer)
- prog-fd: BPF program file descriptor
- direction: :ingress or :egress
- options: Map of options:
- :prog-name - Program name for identification (default "tc_bpf")
- :priority - Filter priority (default 1, lower = higher priority)
- :auto-qdisc - Automatically add clsact qdisc if needed (default true)
Returns a map with :ifindex and :direction for use with detach-tc-filter.
Example:
(attach-tc-filter "eth0" prog-fd :ingress {:prog-name "my_filter" :priority 1})(detach-tc-filter ifname direction priority)Detach TC BPF filter from a network interface.
Parameters:
Example: (detach-tc-filter "eth0" :ingress 1)
Or using the attachment info: (let [info (attach-tc-filter "eth0" prog-fd :ingress)] (detach-tc-filter (:ifindex info) (:direction info) (:priority info)))
Detach TC BPF filter from a network interface.
Parameters:
- ifname: Interface name (e.g., "eth0") or interface index (integer)
- direction: :ingress or :egress
- priority: Filter priority (must match the one used in attach-tc-filter)
Example:
(detach-tc-filter "eth0" :ingress 1)
Or using the attachment info:
(let [info (attach-tc-filter "eth0" prog-fd :ingress)]
(detach-tc-filter (:ifindex info) (:direction info) (:priority info)))(load-tc-program bytecode
prog-type
&
{:keys [prog-name license log-level log-size]
:or {license "GPL" log-level 0 log-size 0}})Load TC BPF program from bytecode.
Parameters:
Returns program file descriptor.
Example: (load-tc-program bytecode :sched-cls {:prog-name "tc_filter" :license "GPL"})
Load TC BPF program from bytecode.
Parameters:
- bytecode: BPF bytecode (byte array or vector of instruction maps)
- prog-type: Program type (:sched-cls or :sched-act)
- options: Map of options:
- :prog-name - Program name (optional)
- :license - License string (default "GPL")
- :log-level - Verifier log level (default 0)
- :log-size - Log buffer size (default 0)
Returns program file descriptor.
Example:
(load-tc-program bytecode :sched-cls {:prog-name "tc_filter" :license "GPL"})(remove-clsact-qdisc ifname)Remove clsact qdisc from a network interface.
This will also remove all attached TC BPF filters.
Parameters:
Example: (remove-clsact-qdisc "eth0")
Remove clsact qdisc from a network interface. This will also remove all attached TC BPF filters. Parameters: - ifname: Interface name (e.g., "eth0") or interface index (integer) Example: (remove-clsact-qdisc "eth0")
(setup-tc-egress ifname
bytecode
&
{:keys [prog-name priority]
:or {prog-name "tc_egress" priority 1}
:as options})Setup TC BPF filter on egress (outgoing packets).
Similar to setup-tc-ingress but for outgoing traffic.
Example: (def setup (setup-tc-egress "eth0" bytecode {:prog-name "egress_filter"}))
Setup TC BPF filter on egress (outgoing packets).
Similar to setup-tc-ingress but for outgoing traffic.
Example:
(def setup (setup-tc-egress "eth0" bytecode {:prog-name "egress_filter"}))(setup-tc-ingress ifname
bytecode
&
{:keys [prog-name priority]
:or {prog-name "tc_ingress" priority 1}
:as options})Setup TC BPF filter on ingress (incoming packets).
Convenience function that:
Parameters:
Returns a map with :prog-fd and :filter-info for cleanup.
Example: (def setup (setup-tc-ingress "eth0" bytecode {:prog-name "ingress_filter"})) ;; ... later ... (teardown-tc-filter setup)
Setup TC BPF filter on ingress (incoming packets).
Convenience function that:
1. Adds clsact qdisc if needed
2. Loads the BPF program
3. Attaches it to ingress
Parameters:
- ifname: Interface name
- bytecode: BPF bytecode
- options: Program and filter options
Returns a map with :prog-fd and :filter-info for cleanup.
Example:
(def setup (setup-tc-ingress "eth0" bytecode {:prog-name "ingress_filter"}))
;; ... later ...
(teardown-tc-filter setup)(teardown-tc-filter {:keys [prog-fd filter-info]})Teardown TC filter setup created by setup-tc-ingress or setup-tc-egress.
Parameters:
Example: (teardown-tc-filter setup)
Teardown TC filter setup created by setup-tc-ingress or setup-tc-egress. Parameters: - setup: Map returned by setup-tc-ingress/egress with :prog-fd and :filter-info Example: (teardown-tc-filter setup)
(with-tc-filter [binding attach-expr] & body)Attach TC filter and ensure detachment after use.
Example: (with-tc-filter [info (attach-tc-filter "eth0" prog-fd :ingress {:priority 1})] ;; TC filter is active (do-packet-processing))
Attach TC filter and ensure detachment after use.
Example:
(with-tc-filter [info (attach-tc-filter "eth0" prog-fd :ingress {:priority 1})]
;; TC filter is active
(do-packet-processing))(with-tc-program [prog-binding bytecode prog-type options iface-binding ifname
direction filter-options]
&
body)Load TC program, attach filter, and ensure cleanup.
Example: (with-tc-program [prog-fd bytecode :sched-cls {:prog-name "tc_filter"} info "eth0" :ingress {:priority 1}] ;; TC program is loaded and attached (process-packets))
Load TC program, attach filter, and ensure cleanup.
Example:
(with-tc-program [prog-fd bytecode :sched-cls {:prog-name "tc_filter"}
info "eth0" :ingress {:priority 1}]
;; TC program is loaded and attached
(process-packets))cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |