All notable changes to clj-ebpf will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
- XSKMAP Support for AF_XDP zero-copy packet processing:
create-xsk-map - XDP Socket Map for AF_XDP (XSK) file descriptors- Maps queue indices to AF_XDP socket file descriptors
- Enables zero-copy packet delivery to userspace
- XDP Redirect to XSK Helpers (
clj-ebpf.dsl.xdp):
xdp-redirect-to-xsk - Redirect packets to AF_XDP socket in XSKMAPxdp-redirect-to-xsk-by-queue - Redirect based on rx_queue_index (common pattern)- Supports both immediate queue index and register-based lookup
- XSKMAP Tutorial (
tutorials/quick-start-xskmap.md):
- Comprehensive guide covering AF_XDP architecture
- UMEM and ring buffer concepts
- XDP program building patterns
- Performance optimization tips
- XSKMAP Guide (
docs/guides/xskmap-guide.md):
- Reference documentation for XSKMAP operations
- DSL function reference table
- xdp_md context field offsets
- Kernel version requirements (4.18+)
- XSKMAP example (
examples/xdp_xsk_redirect.clj) - 22 new tests for XSKMAP with 84 assertions (CI-safe)
- Updated
tutorials/README.md with XSKMAP section - Updated
docs/README.md with XSKMAP guide entry
- SOCKMAP/SOCKHASH Tutorial (
tutorials/quick-start-sockmap.md):
- Comprehensive guide covering SOCKMAP vs SOCKHASH map types
- SK_SKB programs (stream parser and verdict)
- SK_MSG programs for sendmsg redirection
- Redirect helpers DSL reference
- Complete echo server and TCP proxy examples
- Best practices and troubleshooting
- Socket Redirection Guide (
docs/guides/sockmap-guide.md):
- Reference documentation for socket redirect operations
- DSL function reference table
- BPF helper function ID table
- Kernel version requirements
- Complete code examples
- Updated
tutorials/README.md with SOCKMAP section - Updated
docs/README.md with socket redirection guide entry
- SOCKMAP and SOCKHASH Support for socket redirection:
create-sock-map - Array-based socket storage for SK_SKB/SK_MSG programscreate-sock-hash - Hash-based socket storage with custom keys
- SK_SKB Program Support (
clj-ebpf.dsl.socket):
sk-skb-prologue - Standard prologue for SK_SKB programssk-redirect-map - Redirect stream data to socket in SOCKMAPsk-redirect-hash - Redirect stream data to socket in SOCKHASHsk-skb-pass, sk-skb-drop - Return patterns
- SK_MSG Program Support (
clj-ebpf.dsl.socket):
sk-msg-prologue - Standard prologue for SK_MSG programsmsg-redirect-map - Redirect message to socket in SOCKMAPmsg-redirect-hash - Redirect message to socket in SOCKHASHsk-msg-pass, sk-msg-drop - Return patterns
- Socket Map Update Helpers:
sock-map-update - Add socket to SOCKMAP from BPF programsock-hash-update - Add socket to SOCKHASH from BPF program
- Program Attachment Functions (
clj-ebpf.programs):
attach-sk-skb - Attach SK_SKB program to SOCKMAP/SOCKHASHattach-sk-msg - Attach SK_MSG program to SOCKMAP/SOCKHASHdetach-sk-skb, detach-sk-msg - Detach programs from maps
- New BPF helper IDs in DSL:
msg-redirect-map (60), sock-hash-update (70)msg-redirect-hash (71), sk-redirect-hash (72)
- SOCKMAP redirect example (
examples/sockmap_redirect.clj) - 35 new tests for SOCKMAP/SOCKHASH (CI-safe)
- DEVMAP and CPUMAP Support for XDP packet redirection:
create-dev-map - Array-based interface redirect map for L2 forwardingcreate-dev-map-hash - Hash-based interface redirect map for sparse mappingscreate-cpu-map - CPU steering map for custom RSS (Receive Side Scaling)
- XDP Redirect DSL Helpers (
clj-ebpf.dsl.xdp):
xdp-redirect - Direct interface index redirectxdp-redirect-map - Map-based redirect for DEVMAP/CPUMAP/XSKMAPxdp-redirect-to-interface - Convenience helper for DEVMAPxdp-redirect-to-cpu - Convenience helper for CPUMAP
- New BPF helper IDs in DSL:
redirect-map (51), sk-redirect-map (52), sock-map-update (53), xdp-adjust-meta (54)
- XDP redirect example (
examples/xdp_redirect_devmap.clj) - 20 new tests for DEVMAP/CPUMAP with 55 assertions (CI-safe)
- High-Level Declarative Macros (
clj-ebpf.macros) - New macro system that
reduces boilerplate by 60% and provides a more Clojure-idiomatic API:
defmap-spec - Define reusable BPF map specifications with sensible defaultsdefprogram - Define BPF programs declaratively with DSL instructionswith-bpf-script - Complete lifecycle management for maps, programs, and
attachments with automatic cleanupload-defprogram - Convenience function to load a defprogram speccreate-defmap - Convenience function to create a map from defmap-spec
- Macros re-exported from
clj-ebpf.core for convenient access - Support for all attachment types in
with-bpf-script:
- XDP (
:xdp) with mode and flags options - TC (
:tc) with direction and priority - Kprobe/Kretprobe (
:kprobe, :kretprobe) - Tracepoint (
:tracepoint) with category and event - Uprobe/Uretprobe (
:uprobe, :uretprobe) with binary and symbol/offset - Cgroup (
:cgroup-skb, :cgroup-sock) with cgroup path and direction - LSM (
:lsm) with hook name
- Comprehensive macro documentation (
docs/guides/macros.md) - Macro tutorial (
tutorials/quick-start-macros.md) - Macro examples (
examples/macro_dsl.clj) - Updated
examples/simple_kprobe.clj to demonstrate both traditional and
macro approaches - 30 new tests for macros with 81 assertions (CI-safe, no BPF privileges required)
- Fixed Java 25 compatibility issue reading
/proc filesystem files. The
get-current-cgroup function now uses java.nio.file.Files/readString
instead of slurp, which fails on /proc files in Java 25 due to
FileInputStream.available() returning EINVAL for special filesystem files. - Fixed batch operations fallback logic checking wrong errno keyword.
The code was checking for
:inval but the syscall layer returns :einval.
Now map-lookup-batch, map-update-batch, map-delete-batch, and
map-lookup-and-delete-batch correctly fall back to individual operations
when the kernel doesn't support batch syscalls.
- Comprehensive BPF helper functions library documentation in README
- Helper functions tutorial (
examples/helpers_tutorial.clj) - Helper functions guide (
docs/guides/helpers-guide.md)
- Fixed ENOENT errno handling in map operations - map-keys, map-values,
map-entries, and map-count now work correctly on empty maps and when
iterating to the end of a map. Previously checked for :noent instead
of the correct :enoent errno keyword.
- Added test-enoent-handling test to verify ENOENT handling in map operations
- BREAKING: Migrated from JNA to Java's Panama Foreign Function & Memory API
- Requires Java 25+ (previously Java 11+)
- Zero external dependencies - removed JNA dependency entirely
- Uses MemorySegment instead of JNA Pointer/Memory
- More efficient native memory management with automatic cleanup
- Better performance through direct foreign function access
- No external dependencies - uses only Java standard library
- Better integration with modern Java features
- Improved memory safety with scoped allocations
- More efficient native calls through method handles
- Future-proof: Panama FFI is the official Java native interface going forward
- Direct
bpf() syscall interface using Panama FFI (Java 25+) - Complete BPF constants and enumerations from
linux/bpf.h - Memory management utilities for native interactions
- Kernel version detection and compatibility checking
- BPF filesystem operations
- Hash map support (BPF_MAP_TYPE_HASH)
- Array map support (BPF_MAP_TYPE_ARRAY)
- Ring buffer map support (BPF_MAP_TYPE_RINGBUF)
- Map lifecycle management (create, close)
- Core operations (lookup, update, delete)
- Map iteration (keys, values, entries)
- Map pinning/unpinning to BPF filesystem
- Custom key/value serializers and deserializers
- Resource management macros (
with-map) - Convenience constructors for common map types
- BPF program loading with verifier log capture
- Kprobe attachment (function entry)
- Kretprobe attachment (function return)
- Tracepoint attachment
- Raw tracepoint attachment
- Program pinning/unpinning
- Program lifecycle management (load, close)
- Resource management macros (
with-program) - Automatic attachment cleanup on program close
- Ring buffer consumer framework
- Event serialization/deserialization helpers
- Struct packing/unpacking utilities
- Event polling infrastructure
- Idiomatic Clojure APIs
- Comprehensive error handling with errno translation
- Detailed verifier log capture and reporting
- System capability checking
- Kernel version compatibility checks
- Extensive documentation and examples
- REPL-friendly development workflow
- Unit tests for constants and utilities
- Integration tests for maps (requires Linux + BPF)
- Integration tests for programs (requires root)
- Example programs demonstrating key features
- Simple kprobe example
- Execve tracer example
- Map operations example
- Clojure 1.12.0
- tools.logging 1.3.0
- Java 25+ (for Panama FFI)
- Zero external dependencies!
- Linux kernel 4.14+ (5.8+ recommended)
- CAP_BPF and CAP_PERFMON capabilities (or root)
- BPF filesystem mounted
- Tracefs mounted (for kprobes/tracepoints)
- Ring buffer memory-mapping not yet implemented (basic polling only)
- Perf event buffers not fully implemented
- ELF object file parsing not implemented
- BTF support not yet available
- XDP, TC, cgroup, LSM attachments not yet implemented
Note: Many of these limitations have been addressed in later releases. See the
full changelog for current capabilities.
See README.md for complete roadmap of planned features.