clj-ebpf.dsl.socket

Liking cljdoc? Tell your friends :D

Clojure only.

High-level Socket Filter DSL for BPF programs.

Socket filter programs can be attached to sockets to filter incoming packets. They run on each packet and decide whether to pass or drop it.

Return values:

0: Drop the packet
0: Number of bytes to pass (use packet length to pass all)

Socket filters use __sk_buff as context (same as TC).

Example: (defsocket-filter-instructions allow-all {:default-action :accept} [])

High-level Socket Filter DSL for BPF programs.

Socket filter programs can be attached to sockets to filter
incoming packets. They run on each packet and decide whether
to pass or drop it.

Return values:
- 0: Drop the packet
- >0: Number of bytes to pass (use packet length to pass all)

Socket filters use __sk_buff as context (same as TC).

Example:
  (defsocket-filter-instructions allow-all
    {:default-action :accept}
    [])

raw docstring

build-socket-filter^clj

(build-socket-filter {:keys [ctx-reg data-reg data-end-reg body default-action]
                      :or
                        {data-reg :r2 data-end-reg :r3 default-action :accept}})

Build a complete socket filter program.

Parameters:

opts: Map with: :ctx-reg - Register to save __sk_buff pointer (optional) :data-reg - Register for data pointer (default :r2) :data-end-reg - Register for data_end (default :r3) :body - Vector of body instructions :default-action - :accept or :reject (default :accept)

Returns assembled program bytes.

Build a complete socket filter program.

Parameters:
- opts: Map with:
  :ctx-reg - Register to save __sk_buff pointer (optional)
  :data-reg - Register for data pointer (default :r2)
  :data-end-reg - Register for data_end (default :r3)
  :body - Vector of body instructions
  :default-action - :accept or :reject (default :accept)

Returns assembled program bytes.

source raw docstring

defsocket-filter-instructions^cljmacro

(defsocket-filter-instructions fn-name options & body)

Define a socket filter program as a function returning instructions.

Parameters:

fn-name: Name for the defined function
options: Map with: :ctx-reg - Register to save context (optional) :data-reg - Register for data pointer (default :r2) :data-end-reg - Register for data_end (default :r3) :default-action - :accept or :reject (default :accept)
body: Body expressions (should return vectors of instructions)

Example: (defsocket-filter-instructions accept-all {:default-action :accept} [])

Define a socket filter program as a function returning instructions.

Parameters:
- fn-name: Name for the defined function
- options: Map with:
  :ctx-reg - Register to save context (optional)
  :data-reg - Register for data pointer (default :r2)
  :data-end-reg - Register for data_end (default :r3)
  :default-action - :accept or :reject (default :accept)
- body: Body expressions (should return vectors of instructions)

Example:
  (defsocket-filter-instructions accept-all
    {:default-action :accept}
    [])

source raw docstring

make-socket-filter-info^clj

(make-socket-filter-info program-name instructions)

Create program metadata for a socket filter.

Parameters:

program-name: Name for the BPF program
instructions: Program instructions

Returns map with program metadata.

Create program metadata for a socket filter.

Parameters:
- program-name: Name for the BPF program
- instructions: Program instructions

Returns map with program metadata.

source raw docstring

skb-offset^clj

source

skb-offsets^clj

source

socket-accept^clj

(socket-accept ctx-reg)

Generate instructions to accept packet (return packet length).

Parameters:

ctx-reg: Register containing __sk_buff pointer

Returns vector of instructions that returns the packet length.

Generate instructions to accept packet (return packet length).

Parameters:
- ctx-reg: Register containing __sk_buff pointer

Returns vector of instructions that returns the packet length.

source raw docstring

socket-accept-bytes^clj

(socket-accept-bytes num-bytes)

Generate instructions to accept specific number of bytes.

Parameters:

num-bytes: Number of bytes to accept

Returns vector of instructions.

Generate instructions to accept specific number of bytes.

Parameters:
- num-bytes: Number of bytes to accept

Returns vector of instructions.

source raw docstring

socket-action^clj

(socket-action action)

Get socket filter action value.

Parameters:

action: :reject (0) or :accept (packet length)

Returns integer value.

Note: :accept returns -1 as a marker; you should return actual packet length for accept. Use socket-accept for this.

Get socket filter action value.

Parameters:
- action: :reject (0) or :accept (packet length)

Returns integer value.

Note: :accept returns -1 as a marker; you should return
actual packet length for accept. Use socket-accept for this.

source raw docstring

socket-bounds-check^clj

source

socket-filter-actions^clj

Socket filter return values.

Socket filter return values.

source raw docstring

socket-filter-by-ip^clj

(socket-filter-by-ip data-reg data-end-reg ip-addr src-or-dst accept-on-match)

Generate filter to match source or destination IP.

Parameters:

data-reg: Register with data pointer
data-end-reg: Register with data_end pointer
ip-addr: IP address as integer
src-or-dst: :src or :dst
accept-on-match: Accept if IP matches

Returns vector of instructions.

Generate filter to match source or destination IP.

Parameters:
- data-reg: Register with data pointer
- data-end-reg: Register with data_end pointer
- ip-addr: IP address as integer
- src-or-dst: :src or :dst
- accept-on-match: Accept if IP matches

Returns vector of instructions.

source raw docstring

socket-filter-by-port^clj

(socket-filter-by-port data-reg
                       data-end-reg
                       ip-offset
                       port
                       src-or-dst
                       accept-on-match)

Generate filter to match TCP/UDP port.

Parameters:

data-reg: Register with data pointer
data-end-reg: Register with data_end pointer
ip-offset: IP header offset (usually ethernet-header-size)
port: Port number to match (host byte order)
src-or-dst: :src or :dst
accept-on-match: Accept if port matches (true) or reject (false)

Returns vector of instructions.

Note: This assumes TCP/UDP header follows IP header directly. For variable-length IP headers, calculate IHL first.

Generate filter to match TCP/UDP port.

Parameters:
- data-reg: Register with data pointer
- data-end-reg: Register with data_end pointer
- ip-offset: IP header offset (usually ethernet-header-size)
- port: Port number to match (host byte order)
- src-or-dst: :src or :dst
- accept-on-match: Accept if port matches (true) or reject (false)

Returns vector of instructions.

Note: This assumes TCP/UDP header follows IP header directly.
For variable-length IP headers, calculate IHL first.

source raw docstring

socket-filter-by-protocol^clj

(socket-filter-by-protocol data-reg data-end-reg protocol accept-on-match)

Generate filter to match IP protocol.

Parameters:

data-reg: Register with data pointer
data-end-reg: Register with data_end pointer
protocol: IP protocol number (6=TCP, 17=UDP, 1=ICMP)
accept-on-match: Accept if protocol matches (true) or reject (false)

Returns vector of instructions.

Generate filter to match IP protocol.

Parameters:
- data-reg: Register with data pointer
- data-end-reg: Register with data_end pointer
- protocol: IP protocol number (6=TCP, 17=UDP, 1=ICMP)
- accept-on-match: Accept if protocol matches (true) or reject (false)

Returns vector of instructions.

source raw docstring

(socket-filter-section-name)

(socket-filter-section-name name)

Generate ELF section name for socket filter.

Returns "socket" or "socket/<name>".

Generate ELF section name for socket filter.

Returns "socket" or "socket/<name>".

source raw docstring

socket-get-ifindex^clj

(socket-get-ifindex ctx-reg dst-reg)

Get interface index from sk_buff.

Parameters:

ctx-reg: Register containing __sk_buff pointer
dst-reg: Destination register

Returns ldx instruction.

Get interface index from sk_buff.

Parameters:
- ctx-reg: Register containing __sk_buff pointer
- dst-reg: Destination register

Returns ldx instruction.

source raw docstring

socket-get-len^clj

(socket-get-len ctx-reg dst-reg)

Get packet length from sk_buff.

Parameters:

ctx-reg: Register containing __sk_buff pointer
dst-reg: Destination register

Returns ldx instruction.

Get packet length from sk_buff.

Parameters:
- ctx-reg: Register containing __sk_buff pointer
- dst-reg: Destination register

Returns ldx instruction.

source raw docstring

socket-get-protocol^clj

(socket-get-protocol ctx-reg dst-reg)

Get protocol from sk_buff.

Parameters:

ctx-reg: Register containing __sk_buff pointer
dst-reg: Destination register

Returns ldx instruction.

Get protocol from sk_buff.

Parameters:
- ctx-reg: Register containing __sk_buff pointer
- dst-reg: Destination register

Returns ldx instruction.

source raw docstring

socket-load-ctx-field^clj

source

socket-load-data-pointers^clj

source

socket-parse-ethernet^clj

source

socket-parse-ipv4^clj

source

socket-parse-ipv6^clj

source

socket-parse-tcp^clj

source

socket-parse-udp^clj

source

socket-prologue^clj

(socket-prologue data-reg data-end-reg)

(socket-prologue ctx-save-reg data-reg data-end-reg)

Generate standard socket filter prologue.

Saves context and loads data pointers.

Parameters:

ctx-save-reg: Register to save __sk_buff pointer (optional)
data-reg: Register for data pointer
data-end-reg: Register for data_end pointer

Returns vector of instructions.

Generate standard socket filter prologue.

Saves context and loads data pointers.

Parameters:
- ctx-save-reg: Register to save __sk_buff pointer (optional)
- data-reg: Register for data pointer
- data-end-reg: Register for data_end pointer

Returns vector of instructions.

source raw docstring

socket-reject^clj

(socket-reject)

Generate instructions to reject/drop packet.

Returns vector of instructions.

Generate instructions to reject/drop packet.

Returns vector of instructions.

source raw docstring

tcp-flags^clj

source

tcp-header-min-size^clj

source

tcp-offsets^clj

source

udp-header-size^clj

source

udp-offsets^clj

source

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts

`Ctrl`+`k`	Jump to recent docs
`←`	Move to previous article
`→`	Move to next article
`Ctrl`+`/`	Jump to the search field

Raise an issue Browse cljdoc source Chat on Slack

× close