Event structure definition DSL for BPF programs.
Provides macros and functions for defining event structures that can be used with ring buffers. The defevent macro creates structure definitions with automatic offset calculation and store function generation.
Example: (defevent ConnectionEvent [:timestamp :u64] [:pid :u32] [:saddr :u32] [:daddr :u32] [:sport :u16] [:dport :u16] [:protocol :u8] [:direction :u8] [:padding :u8 2] [:comm :char 16])
;; Get size: (event-size ConnectionEvent) => 44 ;; Get offset: (event-field-offset ConnectionEvent :pid) => 8 ;; Generate store: (store-event-field :r6 ConnectionEvent :pid :r7)
Event structure definition DSL for BPF programs.
Provides macros and functions for defining event structures that can
be used with ring buffers. The defevent macro creates structure definitions
with automatic offset calculation and store function generation.
Example:
(defevent ConnectionEvent
[:timestamp :u64]
[:pid :u32]
[:saddr :u32]
[:daddr :u32]
[:sport :u16]
[:dport :u16]
[:protocol :u8]
[:direction :u8]
[:padding :u8 2]
[:comm :char 16])
;; Get size: (event-size ConnectionEvent) => 44
;; Get offset: (event-field-offset ConnectionEvent :pid) => 8
;; Generate store: (store-event-field :r6 ConnectionEvent :pid :r7)(defevent event-name & field-specs)Define an event structure for BPF programs.
Creates a var containing the event definition that can be used with event-size, event-field-offset, and store-event-field functions.
Field specifications are vectors of [name type] or [name type count].
Supported types:
Example: (defevent MyEvent [:field1 :u64] [:field2 :u32] [:name :char 16])
Define an event structure for BPF programs.
Creates a var containing the event definition that can be used with
event-size, event-field-offset, and store-event-field functions.
Field specifications are vectors of [name type] or [name type count].
Supported types:
- :u8, :i8 - 8-bit unsigned/signed
- :u16, :i16 - 16-bit unsigned/signed
- :u32, :i32 - 32-bit unsigned/signed
- :u64, :i64 - 64-bit unsigned/signed
- :char - 8-bit character (for arrays)
- :ptr - 64-bit pointer
Example:
(defevent MyEvent
[:field1 :u64]
[:field2 :u32]
[:name :char 16])(event-field-offset event-def field-name)Get the byte offset of a field within an event structure.
Parameters:
Example: (event-field-offset ConnectionEvent :pid) => 8
Get the byte offset of a field within an event structure. Parameters: - event-def: Event definition from defevent - field-name: Field name keyword Example: (event-field-offset ConnectionEvent :pid) => 8
(event-field-size event-def field-name)Get the size of a field in bytes.
Parameters:
Example: (event-field-size ConnectionEvent :comm) => 16
Get the size of a field in bytes. Parameters: - event-def: Event definition from defevent - field-name: Field name keyword Example: (event-field-size ConnectionEvent :comm) => 16
(event-field-type event-def field-name)Get the type of a field.
Parameters:
Example: (event-field-type ConnectionEvent :pid) => :u32
Get the type of a field. Parameters: - event-def: Event definition from defevent - field-name: Field name keyword Example: (event-field-type ConnectionEvent :pid) => :u32
(event-fields event-def)Get list of all field names in an event.
Parameters:
Example: (event-fields ConnectionEvent) => [:timestamp :pid ...]
Get list of all field names in an event. Parameters: - event-def: Event definition from defevent Example: (event-fields ConnectionEvent) => [:timestamp :pid ...]
(event-size event-def)Get the total size of an event structure in bytes.
Parameters:
Example: (event-size ConnectionEvent) => 44
Get the total size of an event structure in bytes. Parameters: - event-def: Event definition from defevent Example: (event-size ConnectionEvent) => 44
(make-event-def event-name field-specs)Create an event structure definition from field specifications.
Returns a map with:
Create an event structure definition from field specifications. Returns a map with: - :name - Event name - :fields - Vector of field definitions with offsets - :size - Total structure size - :field-map - Map of field name to field info for quick lookup
(store-event-field event-reg event-def field-name value-reg)Generate instruction to store a value to an event field.
Stores the value from value-reg to the field at event-reg + offset.
Parameters:
Returns a single stx instruction.
Example: (store-event-field :r6 ConnectionEvent :pid :r7) ;; Stores r7 to r6 + 8 (pid offset)
Generate instruction to store a value to an event field. Stores the value from value-reg to the field at event-reg + offset. Parameters: - event-reg: Register containing event buffer pointer - event-def: Event definition from defevent - field-name: Field name keyword - value-reg: Register containing value to store Returns a single stx instruction. Example: (store-event-field :r6 ConnectionEvent :pid :r7) ;; Stores r7 to r6 + 8 (pid offset)
(store-event-fields event-reg event-def field-values)Generate instructions to store multiple fields at once.
Parameters:
Returns vector of store instructions.
Example: (store-event-fields :r6 ConnectionEvent {:pid {:reg :r7} :protocol {:imm 6} :direction {:imm 0}})
Generate instructions to store multiple fields at once.
Parameters:
- event-reg: Register containing event buffer pointer
- event-def: Event definition from defevent
- field-values: Map of field-name to {:reg reg} or {:imm value}
Returns vector of store instructions.
Example:
(store-event-fields :r6 ConnectionEvent
{:pid {:reg :r7}
:protocol {:imm 6}
:direction {:imm 0}})(store-event-imm event-reg event-def field-name imm-value)Generate instruction to store an immediate value to an event field.
Stores the immediate value to the field at event-reg + offset.
Parameters:
Returns a single st instruction.
Example: (store-event-imm :r6 ConnectionEvent :protocol 6) ;; Stores immediate 6 to protocol field
Generate instruction to store an immediate value to an event field. Stores the immediate value to the field at event-reg + offset. Parameters: - event-reg: Register containing event buffer pointer - event-def: Event definition from defevent - field-name: Field name keyword - imm-value: Immediate value to store Returns a single st instruction. Example: (store-event-imm :r6 ConnectionEvent :protocol 6) ;; Stores immediate 6 to protocol field
Map type to load/store size keyword for BPF instructions
Map type to load/store size keyword for BPF instructions
Size in bytes for each supported type
Size in bytes for each supported type
(zero-event-field event-reg event-def field-name)Generate instruction to zero an event field.
Parameters:
Returns st instruction storing 0.
Example: (zero-event-field :r6 ConnectionEvent :padding)
Generate instruction to zero an event field. Parameters: - event-reg: Register containing event buffer pointer - event-def: Event definition from defevent - field-name: Field name keyword Returns st instruction storing 0. Example: (zero-event-field :r6 ConnectionEvent :padding)
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |