clj-ebpf.dsl.kprobe

Liking cljdoc? Tell your friends :D

Clojure only.

build-kprobe-program
build-kretprobe-program
defkprobe-instructions
defkretprobe-instructions
kprobe-prologue
kprobe-read-args
kprobe-section-name
kretprobe-get-return-value
kretprobe-section-name
make-kprobe-program-info
make-kretprobe-program-info

High-level kprobe definition macros for BPF programs.

Provides the defkprobe macro for defining kprobe handlers with automatic argument extraction and common setup patterns.

Example: (defkprobe tcp-connect :function "tcp_v4_connect" :args [sk] ; First function argument (concat (helper-get-current-pid-tgid) [(mov-reg :r6 :r0)] ; Save pid_tgid ;; ... rest of program [(exit-insn)]))

High-level kprobe definition macros for BPF programs.

Provides the defkprobe macro for defining kprobe handlers with
automatic argument extraction and common setup patterns.

Example:
  (defkprobe tcp-connect
    :function "tcp_v4_connect"
    :args [sk]  ; First function argument
    (concat
      (helper-get-current-pid-tgid)
      [(mov-reg :r6 :r0)]  ; Save pid_tgid
      ;; ... rest of program
      [(exit-insn)]))

raw docstring

build-kprobe-program^clj

(build-kprobe-program {:keys [args ctx-reg body return-value]
                       :or {args [] return-value 0}})

Build a complete kprobe program with standard structure.

Combines prologue, body instructions, and epilogue.

Parameters:

opts: Map with: :args - Vector of destination registers for function arguments :ctx-reg - Register to save pt_regs pointer (optional) :body - Vector of body instructions :return-value - Value to return (default 0)

Returns assembled program bytes.

Example: (build-kprobe-program {:args [:r6 :r7] :body [(mov :r0 42)] :return-value 0})

Build a complete kprobe program with standard structure.

Combines prologue, body instructions, and epilogue.

Parameters:
- opts: Map with:
  :args - Vector of destination registers for function arguments
  :ctx-reg - Register to save pt_regs pointer (optional)
  :body - Vector of body instructions
  :return-value - Value to return (default 0)

Returns assembled program bytes.

Example:
  (build-kprobe-program
    {:args [:r6 :r7]
     :body [(mov :r0 42)]
     :return-value 0})

source raw docstring

build-kretprobe-program^clj

(build-kretprobe-program {:keys [ret-reg ctx-reg body return-value]
                          :or {return-value 0}})

Build a complete kretprobe program with standard structure.

Similar to build-kprobe-program but for return probes.

Parameters:

opts: Map with: :ret-reg - Register to store return value :ctx-reg - Register to save pt_regs pointer (optional) :body - Vector of body instructions :return-value - Value to return (default 0)

Returns assembled program bytes.

Example: (build-kretprobe-program {:ret-reg :r6 :body [(jmp-imm :jne :r6 0 2) ; Check if return != 0 (mov :r0 0) (exit-insn)]})

Build a complete kretprobe program with standard structure.

Similar to build-kprobe-program but for return probes.

Parameters:
- opts: Map with:
  :ret-reg - Register to store return value
  :ctx-reg - Register to save pt_regs pointer (optional)
  :body - Vector of body instructions
  :return-value - Value to return (default 0)

Returns assembled program bytes.

Example:
  (build-kretprobe-program
    {:ret-reg :r6
     :body [(jmp-imm :jne :r6 0 2)  ; Check if return != 0
            (mov :r0 0)
            (exit-insn)]})

source raw docstring

defkprobe-instructions^cljmacro

(defkprobe-instructions name options & body)

Define a kprobe program as a function returning instructions.

This macro creates a function that returns a vector of BPF instructions for a kprobe handler. It sets up automatic argument loading.

Parameters:

name: Name for the defined function
options: Map with :function (kernel function name), :args (arg register bindings)
body: Body instructions (should return vector of instructions)

Example: (defkprobe-instructions tcp-connect-probe {:function "tcp_v4_connect" :args [:r6]} ; r6 = first function argument (sk) (concat (helper-get-current-pid-tgid) [(mov-reg :r7 :r0)] ; Save pid_tgid in r7 ;; ... your instructions [(mov :r0 0) (exit-insn)]))

Define a kprobe program as a function returning instructions.

This macro creates a function that returns a vector of BPF instructions
for a kprobe handler. It sets up automatic argument loading.

Parameters:
- name: Name for the defined function
- options: Map with :function (kernel function name), :args (arg register bindings)
- body: Body instructions (should return vector of instructions)

Example:
  (defkprobe-instructions tcp-connect-probe
    {:function "tcp_v4_connect"
     :args [:r6]}  ; r6 = first function argument (sk)
    (concat
      (helper-get-current-pid-tgid)
      [(mov-reg :r7 :r0)]  ; Save pid_tgid in r7
      ;; ... your instructions
      [(mov :r0 0)
       (exit-insn)]))

source raw docstring

defkretprobe-instructions^cljmacro

(defkretprobe-instructions name options & body)

Define a kretprobe program as a function returning instructions.

Similar to defkprobe-instructions but for return probes. Automatically loads the return value into the specified register.

Parameters:

name: Name for the defined function
options: Map with :function, :ret-reg (register for return value)
body: Body instructions

Example: (defkretprobe-instructions tcp-connect-ret-probe {:function "tcp_v4_connect" :ret-reg :r6} ; r6 = function return value (concat ;; Check return value [(jmp-imm :jne :r6 0 skip-offset)] ;; ... handle success case [(mov :r0 0) (exit-insn)]))

Define a kretprobe program as a function returning instructions.

Similar to defkprobe-instructions but for return probes.
Automatically loads the return value into the specified register.

Parameters:
- name: Name for the defined function
- options: Map with :function, :ret-reg (register for return value)
- body: Body instructions

Example:
  (defkretprobe-instructions tcp-connect-ret-probe
    {:function "tcp_v4_connect"
     :ret-reg :r6}  ; r6 = function return value
    (concat
      ;; Check return value
      [(jmp-imm :jne :r6 0 skip-offset)]
      ;; ... handle success case
      [(mov :r0 0)
       (exit-insn)]))

source raw docstring

kprobe-prologue^clj

(kprobe-prologue arg-regs)

(kprobe-prologue ctx-save-reg arg-regs)

Generate standard kprobe prologue instructions.

Saves the pt_regs pointer and reads specified arguments.

Parameters:

ctx-save-reg: Register to save pt_regs pointer (optional)
arg-regs: Vector of registers for arguments, e.g., [:r6 :r7 :r8] Arg 0 goes to first register, arg 1 to second, etc.

Returns vector of instructions.

Example: (kprobe-prologue :r9 [:r6 :r7]) ;; Generates: ;; mov r9, r1 ; Save pt_regs pointer ;; ldxdw r6, [r1 + 112] ; Load arg0 ;; ldxdw r7, [r1 + 104] ; Load arg1

Generate standard kprobe prologue instructions.

Saves the pt_regs pointer and reads specified arguments.

Parameters:
- ctx-save-reg: Register to save pt_regs pointer (optional)
- arg-regs: Vector of registers for arguments, e.g., [:r6 :r7 :r8]
            Arg 0 goes to first register, arg 1 to second, etc.

Returns vector of instructions.

Example:
  (kprobe-prologue :r9 [:r6 :r7])
  ;; Generates:
  ;; mov r9, r1          ; Save pt_regs pointer
  ;; ldxdw r6, [r1 + 112] ; Load arg0
  ;; ldxdw r7, [r1 + 104] ; Load arg1

source raw docstring

kprobe-read-args^clj

(kprobe-read-args ctx-reg arg-bindings)

Generate instructions to read kprobe arguments into registers.

In kprobe handlers, r1 contains a pointer to pt_regs. This function generates instructions to load function arguments from pt_regs into the specified destination registers.

Parameters:

ctx-reg: Register containing pt_regs pointer (typically :r1)
arg-bindings: Vector of [arg-index dest-reg] pairs

Returns vector of ldx instructions.

Example: (kprobe-read-args :r1 [[0 :r6] [1 :r7]]) ;; Generates: ;; ldxdw r6, [r1 + 112] ; First arg (x86_64: rdi) ;; ldxdw r7, [r1 + 104] ; Second arg (x86_64: rsi)

Generate instructions to read kprobe arguments into registers.

In kprobe handlers, r1 contains a pointer to pt_regs. This function
generates instructions to load function arguments from pt_regs into
the specified destination registers.

Parameters:
- ctx-reg: Register containing pt_regs pointer (typically :r1)
- arg-bindings: Vector of [arg-index dest-reg] pairs

Returns vector of ldx instructions.

Example:
  (kprobe-read-args :r1 [[0 :r6] [1 :r7]])
  ;; Generates:
  ;; ldxdw r6, [r1 + 112]  ; First arg (x86_64: rdi)
  ;; ldxdw r7, [r1 + 104]  ; Second arg (x86_64: rsi)

source raw docstring

kprobe-section-name^clj

(kprobe-section-name function-name)

Generate ELF section name for a kprobe program.

Parameters:

function-name: Kernel function to probe

Returns section name like "kprobe/tcp_v4_connect"

Generate ELF section name for a kprobe program.

Parameters:
- function-name: Kernel function to probe

Returns section name like "kprobe/tcp_v4_connect"

source raw docstring

kretprobe-get-return-value^clj

(kretprobe-get-return-value ctx-reg dst-reg)

Generate instruction to read the return value in kretprobe.

In kretprobe handlers, the function return value is accessed via PT_REGS_RC macro, which reads from a specific pt_regs offset.

Parameters:

ctx-reg: Register containing pt_regs pointer
dst-reg: Destination register for return value

Returns ldx instruction.

Example: (kretprobe-get-return-value :r1 :r6) ;; r6 = function return value

Generate instruction to read the return value in kretprobe.

In kretprobe handlers, the function return value is accessed via
PT_REGS_RC macro, which reads from a specific pt_regs offset.

Parameters:
- ctx-reg: Register containing pt_regs pointer
- dst-reg: Destination register for return value

Returns ldx instruction.

Example:
  (kretprobe-get-return-value :r1 :r6)
  ;; r6 = function return value

source raw docstring

kretprobe-section-name^clj

(kretprobe-section-name function-name)

Generate ELF section name for a kretprobe program.

Parameters:

function-name: Kernel function to probe

Returns section name like "kretprobe/tcp_v4_connect"

Generate ELF section name for a kretprobe program.

Parameters:
- function-name: Kernel function to probe

Returns section name like "kretprobe/tcp_v4_connect"

source raw docstring

make-kprobe-program-info^clj

(make-kprobe-program-info function-name program-name instructions)

Create program metadata for a kprobe.

Parameters:

function-name: Kernel function to probe
program-name: Name for the BPF program
instructions: Program instructions

Returns map with program metadata for loading.

Create program metadata for a kprobe.

Parameters:
- function-name: Kernel function to probe
- program-name: Name for the BPF program
- instructions: Program instructions

Returns map with program metadata for loading.

source raw docstring

make-kretprobe-program-info^clj

(make-kretprobe-program-info function-name program-name instructions)

Create program metadata for a kretprobe.

Parameters:

function-name: Kernel function to probe
program-name: Name for the BPF program
instructions: Program instructions

Returns map with program metadata for loading.

Create program metadata for a kretprobe.

Parameters:
- function-name: Kernel function to probe
- program-name: Name for the BPF program
- instructions: Program instructions

Returns map with program metadata for loading.

source raw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts

`Ctrl`+`k`	Jump to recent docs
`←`	Move to previous article
`→`	Move to next article
`Ctrl`+`/`	Jump to the search field

Raise an issue Browse cljdoc source Chat on Slack

× close