Architecture detection and platform-specific constants.

Provides runtime detection of CPU architecture and appropriate
syscall numbers, libc paths, and other platform-specific values.

BTF (BPF Type Format) parsing and type introspection

Cgroup v2 BPF program attachment for container and process control

BPF constants and enumerations from linux/bpf.h

Main API for clj-ebpf - eBPF programming in Clojure

Idiomatic Clojure DSL for BPF programming

ALU (Arithmetic Logic Unit) operations for BPF programs.

Provides 32-bit and 64-bit arithmetic operations:
- Arithmetic: add, sub, mul, div, mod, neg
- Bitwise: and, or, xor, lsh, rsh, arsh
- Data movement: mov
- Endianness conversion: end-to-be, end-to-le

;; Increment counter atomically
(atomic-add :dw :r1 :r2 0)  ; *r1 += r2

;; Fetch and add (returns old value in src register)
(atomic-fetch-add :dw :r1 :r2 0)  ; r2 = fetch_add(*r1, r2)

Atomic memory operations for BPF programs.

Provides thread-safe operations for concurrent access to shared memory,
essential for implementing lock-free counters, statistics, and data structures.

Available operations:
- atomic-add    : *dst += src
- atomic-or     : *dst |= src
- atomic-and    : *dst &= src
- atomic-xor    : *dst ^= src
- atomic-xchg   : src = xchg(*dst, src)
- atomic-cmpxchg: r0 = cmpxchg(*dst, r0, src)

Fetch variants return the original value:
- atomic-fetch-add, atomic-fetch-or, atomic-fetch-and, atomic-fetch-xor

All operations support 32-bit (:w) and 64-bit (:dw) sizes.

Example:
```clojure
;; Increment counter atomically
(atomic-add :dw :r1 :r2 0)  ; *r1 += r2

;; Fetch and add (returns old value in src register)
(atomic-fetch-add :dw :r1 :r2 0)  ; r2 = fetch_add(*r1, r2)
```

(require '[clj-ebpf.dsl.core :as dsl])

;; Build a simple XDP program that drops all packets
(def drop-all
  (dsl/assemble
    [(dsl/mov :r0 1)    ; XDP_DROP = 1
     (dsl/exit-insn)]))

Core DSL module that re-exports all DSL functionality.

This namespace provides a unified API for BPF program construction:

```clojure
(require '[clj-ebpf.dsl.core :as dsl])

;; Build a simple XDP program that drops all packets
(def drop-all
  (dsl/assemble
    [(dsl/mov :r0 1)    ; XDP_DROP = 1
     (dsl/exit-insn)]))
```

For more focused imports, use the submodules directly:
- clj-ebpf.dsl.instructions - Low-level instruction encoding
- clj-ebpf.dsl.alu - Arithmetic operations
- clj-ebpf.dsl.mem - Memory operations
- clj-ebpf.dsl.jump - Control flow
- clj-ebpf.dsl.atomic - Atomic memory operations
- clj-ebpf.dsl.structs - Event structure definitions
- clj-ebpf.dsl.kprobe - Kprobe program helpers

Low-level BPF instruction encoding.

This namespace provides the fundamental BPF instruction encoding primitives.
It defines:
- Instruction format constants
- Opcode construction
- Single instruction encoding
- Register definitions

BPF instructions are 64-bit:
|immediate:32|offset:16|src_reg:4|dst_reg:4|opcode:8|

Jump and control flow operations for BPF programs.

Provides:
- Conditional jumps (jeq, jne, jgt, jge, etc.)
- Unconditional jumps (ja)
- Function calls (call, call-helper)
- Program exit (exit)

High-level kprobe definition macros for BPF programs.

Provides the defkprobe macro for defining kprobe handlers with
automatic argument extraction and common setup patterns.

Example:
  (defkprobe tcp-connect
    :function "tcp_v4_connect"
    :args [sk]  ; First function argument
    (concat
      (helper-get-current-pid-tgid)
      [(mov-reg :r6 :r0)]  ; Save pid_tgid
      ;; ... rest of program
      [(exit-insn)]))

Memory operations for BPF programs.

Provides:
- Load operations (ldx, ld)
- Store operations (stx, st)
- Atomic operations (atomic-add, atomic-xchg, etc.)
- 64-bit immediate loads (lddw)

Event structure definition DSL for BPF programs.

Provides macros and functions for defining event structures that can
be used with ring buffers. The defevent macro creates structure definitions
with automatic offset calculation and store function generation.

Example:
  (defevent ConnectionEvent
    [:timestamp :u64]
    [:pid :u32]
    [:saddr :u32]
    [:daddr :u32]
    [:sport :u16]
    [:dport :u16]
    [:protocol :u8]
    [:direction :u8]
    [:padding :u8 2]
    [:comm :char 16])

  ;; Get size: (event-size ConnectionEvent) => 44
  ;; Get offset: (event-field-offset ConnectionEvent :pid) => 8
  ;; Generate store: (store-event-field :r6 ConnectionEvent :pid :r7)

ELF (Executable and Linkable Format) parser for BPF programs

Structured error handling for clj-ebpf.

Provides:
- Typed exception hierarchy for BPF operations
- Automatic retry for transient errors
- Rich error context and diagnostics

Enhanced BPF event reading from ring buffers with memory mapping and epoll support

Comprehensive examples demonstrating the clj-ebpf DSL for BPF programming.

These examples showcase various BPF program types and common patterns:
- XDP (eXpress Data Path) programs for high-performance packet filtering
- TC (Traffic Control) programs for packet classification
- Packet parsing (Ethernet, IP, TCP/UDP headers)
- BPF map operations (lookup, update, delete)
- Tracing and debugging with helper functions
- Statistics and counters

Each example is documented with its purpose, expected behavior, and
the BPF concepts it demonstrates.

BPF helper function metadata and utilities.

Helper metadata is loaded from resources/bpf-helpers.edn, which allows
easy extension and customization without code changes.

Usage:
- (get-helper-info :map-lookup-elem) - Get metadata for a helper
- (get-helper-id :ktime-get-ns) - Get helper function ID
- (helpers-by-category :network) - Get all network helpers
- (available-helpers :xdp "5.8") - Get helpers for program type and kernel

Low-level memory management using Panama FFI.

This namespace provides the foundational memory primitives used throughout
clj-ebpf. It wraps Java's Foreign Function & Memory API (Panama) to provide
a Clojure-friendly interface for:

- Memory allocation and deallocation
- Reading and writing primitive types
- Memory segment manipulation
- Buffer management for BPF operations

INTERNAL: This namespace is for internal use only. Public APIs should use
clj-ebpf.utils for memory operations.

LSM (Linux Security Modules) BPF hook support for security policies

BPF map operations and abstractions

Perf event buffer support for BPF event streaming

BPF program loading and attachment

Idiomatic Clojure references for BPF data structures.

This namespace provides Clojure reference types that implement standard
protocols (IDeref, IBlockingDeref, IAtom, ITransientCollection), enabling
natural use of @, deref, reset!, swap!, and conj! with BPF maps.

== Read-Only References ==

1. RingBufRef - Blocking reads from ring buffers
   @ref                    ; blocks until event available
   (deref ref 1000 nil)    ; 1s timeout

2. QueueRef/StackRef - Blocking pops from queue/stack maps
   @ref                    ; blocks until item available

3. MapWatcher - Watch for a key to appear/change
   @ref                    ; blocks until key exists

== Writable References ==

4. MapEntryRef - Atom-like access to map entries
   @ref                    ; read value
   (reset! ref val)        ; write value
   (swap! ref inc)         ; read-modify-write

5. QueueWriter/StackWriter - Push to queues/stacks
   (conj! ref val)         ; push value
   @ref                    ; peek (non-blocking)

6. QueueChannel/StackChannel - Bidirectional access
   (conj! ref val)         ; push
   @ref                    ; blocking pop

CO-RE (Compile Once - Run Everywhere) relocation support.

This namespace provides functionality for BPF CO-RE relocations, enabling
BPF programs to be portable across different kernel versions by using BTF
information to relocate field accesses and type information at load time.

CO-RE relocations allow BPF programs to:
- Access struct fields regardless of their offset in different kernel versions
- Check for field/type/enum existence at load time
- Get accurate field sizes and types
- Handle bitfield operations correctly
- Support both local and target BTF type IDs

Key concepts:
- Field relocations: Adjust field offsets, sizes, existence
- Type relocations: Check type existence, size, matches
- Enum relocations: Get enum values, check existence
- BTF-based resolution: Use kernel BTF to resolve relocations

Low-level BPF syscall interface using Java Panama FFI (Java 21+)

TC (Traffic Control) support for BPF packet filtering and QoS

Utility functions for BPF programming using Panama FFI

XDP (eXpress Data Path) support for high-performance packet processing