High-level TC (Traffic Control) DSL for BPF programs.
TC programs run on the traffic control layer and can be attached to qdisc (queueing discipline) ingress/egress points. They operate on sk_buff and provide access to more metadata than XDP.
TC Actions:
TC programs use __sk_buff as context, which provides richer packet metadata than XDP's xdp_md.
Example: (deftc-instructions simple-filter {:default-action :ok} ;; All packets passed [])
High-level TC (Traffic Control) DSL for BPF programs.
TC programs run on the traffic control layer and can be attached to
qdisc (queueing discipline) ingress/egress points. They operate on
sk_buff and provide access to more metadata than XDP.
TC Actions:
- TC_ACT_OK (0): Continue processing
- TC_ACT_SHOT (2): Drop packet
- TC_ACT_UNSPEC (-1): Use default action
- TC_ACT_PIPE (3): Continue to next action
- TC_ACT_RECLASSIFY (1): Restart classification
- TC_ACT_REDIRECT (7): Redirect packet
TC programs use __sk_buff as context, which provides richer
packet metadata than XDP's xdp_md.
Example:
(deftc-instructions simple-filter
{:default-action :ok}
;; All packets passed
[])(build-tc-program {:keys [ctx-reg data-reg data-end-reg body default-action]
:or {data-reg :r2 data-end-reg :r3 default-action :ok}})Build a complete TC program with standard structure.
Parameters:
Returns assembled program bytes.
Build a complete TC program with standard structure. Parameters: - opts: Map with: :ctx-reg - Register to save __sk_buff pointer (optional) :data-reg - Register for data pointer (default :r2) :data-end-reg - Register for data_end (default :r3) :body - Vector of body instructions :default-action - Default return action (default :ok) Returns assembled program bytes.
(deftc-instructions fn-name options & body)Define a TC program as a function returning instructions.
Parameters:
Example: (deftc-instructions drop-all {:default-action :shot} [])
Define a TC program as a function returning instructions.
Parameters:
- fn-name: Name for the defined function
- options: Map with:
:ctx-reg - Register to save context (optional)
:data-reg - Register for data pointer (default :r2)
:data-end-reg - Register for data_end (default :r3)
:default-action - Default return action (default :ok)
- body: Body expressions (should return vectors of instructions)
Example:
(deftc-instructions drop-all
{:default-action :shot}
[])(make-tc-program-info program-name instructions)(make-tc-program-info program-name instructions direction)(make-tc-program-info program-name instructions direction interface)Create program metadata for a TC program.
Parameters:
Returns map with program metadata.
Create program metadata for a TC program. Parameters: - program-name: Name for the BPF program - instructions: Program instructions - direction: :ingress or :egress (optional) - interface: Optional interface name Returns map with program metadata.
(skb-offset field)Get offset for __sk_buff field.
Parameters:
Returns offset in bytes.
Get offset for __sk_buff field. Parameters: - field: Field keyword Returns offset in bytes.
__sk_buff structure field offsets.
__sk_buff structure field offsets.
(tc-action action)Get TC action value by keyword.
Parameters:
Returns integer action value.
Example: (tc-action :shot) ;; => 2
Get TC action value by keyword. Parameters: - action: Action keyword (:ok, :shot, :redirect, etc.) Returns integer action value. Example: (tc-action :shot) ;; => 2
Generate verifier-friendly bounds check for TC programs. Same as XDP bounds check since both use data/data_end pointers.
Generate verifier-friendly bounds check for TC programs. Same as XDP bounds check since both use data/data_end pointers.
(tc-classify-packet ctx-reg major minor)Generate instructions to set TC classid.
Parameters:
Returns vector of instructions.
Generate instructions to set TC classid. Parameters: - ctx-reg: Register containing __sk_buff pointer - major: Major classid (upper 16 bits) - minor: Minor classid (lower 16 bits) Returns vector of instructions.
(tc-clone-redirect ctx-reg ifindex flags)Generate call to bpf_clone_redirect helper.
Clones and redirects packet to another interface.
Parameters:
Returns vector of instructions.
Generate call to bpf_clone_redirect helper. Clones and redirects packet to another interface. Parameters: - ctx-reg: Register containing __sk_buff pointer - ifindex: Interface index to redirect to - flags: Redirect flags Returns vector of instructions.
(tc-get-hash ctx-reg dst-reg)Get packet hash from sk_buff.
Parameters:
Returns ldx instruction.
Get packet hash from sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - dst-reg: Destination register Returns ldx instruction.
(tc-get-ifindex ctx-reg dst-reg)Get interface index from sk_buff.
Parameters:
Returns ldx instruction.
Get interface index from sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - dst-reg: Destination register Returns ldx instruction.
(tc-get-len ctx-reg dst-reg)Get packet length from sk_buff.
Parameters:
Returns ldx instruction.
Get packet length from sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - dst-reg: Destination register Returns ldx instruction.
(tc-get-mark ctx-reg dst-reg)Get packet mark (fwmark) from sk_buff.
Parameters:
Returns ldx instruction.
Get packet mark (fwmark) from sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - dst-reg: Destination register Returns ldx instruction.
(tc-get-priority ctx-reg dst-reg)Get packet priority from sk_buff.
Parameters:
Returns ldx instruction.
Get packet priority from sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - dst-reg: Destination register Returns ldx instruction.
(tc-get-protocol ctx-reg dst-reg)Get protocol (ETH_P_*) from sk_buff.
Parameters:
Returns ldx instruction.
Get protocol (ETH_P_*) from sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - dst-reg: Destination register Returns ldx instruction.
(tc-get-tc-classid ctx-reg dst-reg)Get TC classid from sk_buff.
Parameters:
Returns ldx instruction.
Get TC classid from sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - dst-reg: Destination register Returns ldx instruction.
(tc-l3-csum-replace ctx-reg offset from to flags)Generate call to bpf_l3_csum_replace helper.
Updates L3 (IP) checksum.
Parameters:
Returns vector of instructions.
Generate call to bpf_l3_csum_replace helper. Updates L3 (IP) checksum. Parameters: - ctx-reg: Register containing __sk_buff pointer - offset: Offset to checksum field - from: Old value - to: New value - flags: Size flags Returns vector of instructions.
(tc-l4-csum-replace ctx-reg offset from to flags)Generate call to bpf_l4_csum_replace helper.
Updates L4 (TCP/UDP) checksum.
Parameters:
Returns vector of instructions.
Generate call to bpf_l4_csum_replace helper. Updates L4 (TCP/UDP) checksum. Parameters: - ctx-reg: Register containing __sk_buff pointer - offset: Offset to checksum field - from: Old value - to: New value - flags: Size and pseudo-header flags Returns vector of instructions.
(tc-load-ctx-field ctx-reg field dst-reg)Load a field from __sk_buff context.
Parameters:
Returns ldx instruction.
Load a field from __sk_buff context. Parameters: - ctx-reg: Register containing __sk_buff pointer (typically :r1 at entry) - field: Field keyword from skb-offsets - dst-reg: Destination register Returns ldx instruction.
(tc-load-data-pointers ctx-reg data-reg data-end-reg)Load data and data_end pointers from __sk_buff.
Parameters:
Returns vector of instructions.
Example: (tc-load-data-pointers :r1 :r2 :r3) ;; r2 = data, r3 = data_end
Load data and data_end pointers from __sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - data-reg: Destination register for data pointer - data-end-reg: Destination register for data_end pointer Returns vector of instructions. Example: (tc-load-data-pointers :r1 :r2 :r3) ;; r2 = data, r3 = data_end
(tc-mark-packet ctx-reg mark)Generate instructions to set packet mark.
Parameters:
Returns vector of instructions.
Generate instructions to set packet mark. Parameters: - ctx-reg: Register containing __sk_buff pointer - mark: Mark value to set Returns vector of instructions.
(tc-match-mark ctx-reg mark action-on-match)Generate instructions to match packet mark.
Parameters:
Returns vector of instructions.
Generate instructions to match packet mark. Parameters: - ctx-reg: Register containing __sk_buff pointer - mark: Mark value to match - action-on-match: TC action if mark matches Returns vector of instructions.
(tc-prologue data-reg data-end-reg)(tc-prologue ctx-save-reg data-reg data-end-reg)Generate standard TC program prologue.
Saves context and loads data pointers.
Parameters:
Returns vector of instructions.
Generate standard TC program prologue. Saves context and loads data pointers. Parameters: - ctx-save-reg: Register to save __sk_buff pointer (optional) - data-reg: Register for data pointer - data-end-reg: Register for data_end pointer Returns vector of instructions.
(tc-redirect ifindex flags)Generate call to bpf_redirect helper.
Redirects packet to another interface.
Parameters:
Returns vector of instructions.
Generate call to bpf_redirect helper. Redirects packet to another interface. Parameters: - ifindex: Interface index to redirect to - flags: Redirect flags (usually 0) Returns vector of instructions.
(tc-return-action action)Generate instructions to return a TC action.
Parameters:
Returns vector of [mov, exit] instructions.
Generate instructions to return a TC action. Parameters: - action: Action keyword or integer Returns vector of [mov, exit] instructions.
(tc-section-name)(tc-section-name direction)(tc-section-name direction interface)Generate ELF section name for TC program.
Parameters:
Returns section name like "tc" or "tc/ingress/eth0"
Generate ELF section name for TC program. Parameters: - direction: :ingress or :egress - interface: Optional interface name Returns section name like "tc" or "tc/ingress/eth0"
(tc-set-mark ctx-reg value-reg)Set packet mark (fwmark) in sk_buff.
Parameters:
Returns stx instruction.
Set packet mark (fwmark) in sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - value-reg: Register containing mark value Returns stx instruction.
(tc-set-priority ctx-reg value-reg)Set packet priority in sk_buff.
Parameters:
Returns stx instruction.
Set packet priority in sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - value-reg: Register containing priority value Returns stx instruction.
(tc-set-tc-classid ctx-reg value-reg)Set TC classid in sk_buff.
Parameters:
Returns stx instruction.
Set TC classid in sk_buff. Parameters: - ctx-reg: Register containing __sk_buff pointer - value-reg: Register containing classid value Returns stx instruction.
(tc-skb-change-head ctx-reg len-diff flags)Generate call to bpf_skb_change_head helper.
Adjusts packet headroom.
Parameters:
Returns vector of instructions.
Generate call to bpf_skb_change_head helper. Adjusts packet headroom. Parameters: - ctx-reg: Register containing __sk_buff pointer - len-diff: Bytes to add (positive) or remove (negative) - flags: Flags (usually 0) Returns vector of instructions.
(tc-skb-change-tail ctx-reg new-len flags)Generate call to bpf_skb_change_tail helper.
Adjusts packet tail.
Parameters:
Returns vector of instructions.
Generate call to bpf_skb_change_tail helper. Adjusts packet tail. Parameters: - ctx-reg: Register containing __sk_buff pointer - new-len: New packet length - flags: Flags (usually 0) Returns vector of instructions.
(tc-skb-load-bytes ctx-reg offset dst-reg len)Generate call to bpf_skb_load_bytes helper.
Loads bytes from packet data.
Parameters:
Returns vector of instructions.
Generate call to bpf_skb_load_bytes helper. Loads bytes from packet data. Parameters: - ctx-reg: Register containing __sk_buff pointer - offset: Offset into packet - dst-reg: Register with pointer to destination buffer - len: Length to load Returns vector of instructions.
(tc-skb-store-bytes ctx-reg offset data-reg len flags)Generate call to bpf_skb_store_bytes helper.
Stores bytes into packet data.
Parameters:
Returns vector of instructions.
Generate call to bpf_skb_store_bytes helper. Stores bytes into packet data. Parameters: - ctx-reg: Register containing __sk_buff pointer - offset: Offset into packet - data-reg: Register with pointer to data - len: Length to store - flags: Flags (usually 0) Returns vector of instructions.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |