github.com/ubuntu-core/snappy@v0.0.0-20210827154228-9e584df982bb/cmd/libsnap-confine-private/bpf-support.h

github.com/ubuntu-core/snappy@v0.0.0-20210827154228-9e584df982bb/cmd/libsnap-confine-private/bpf-support.h (about)

     1  /*
     2   * Copyright (C) 2021 Canonical Ltd
     3   *
     4   * This program is free software: you can redistribute it and/or modify
     5   * it under the terms of the GNU General Public License version 3 as
     6   * published by the Free Software Foundation.
     7   *
     8   * This program is distributed in the hope that it will be useful,
     9   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    10   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11   * GNU General Public License for more details.
    12   *
    13   * You should have received a copy of the GNU General Public License
    14   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    15   *
    16   */
    17  
    18  #ifndef SNAP_CONFINE_BPF_SUPPORT_H
    19  #define SNAP_CONFINE_BPF_SUPPORT_H
    20  
    21  #include <linux/bpf.h>
    22  #include <stddef.h>
    23  
    24  /**
    25   * bpf_pin_to_path pins an object referenced by fd to a path under a bpffs
    26   * mount.
    27   */
    28  int bpf_pin_to_path(int fd, const char *path);
    29  
    30  /**
    31   * bpf_get_by_path obtains the file handle to the object referenced by a path
    32   * under bpffs filesystem. The returned file descriptor has O_CLOEXEC flag set
    33   * on it.
    34   */
    35  int bpf_get_by_path(const char *path);
    36  
    37  /**
    38   * bpf_load_prog loads a given BPF program and returns a file descriptor handle
    39   * to it.
    40   *
    41   * The program is passed as an insns_cnt long array of BPF instructions.
    42   * Passing non-NULL log buf, will populate the buffer with output from verifier
    43   * if the program is found to be invalid. The returned file descriptor has
    44   * O_CLOEXEC flag set on it.
    45   */
    46  int bpf_load_prog(enum bpf_prog_type type, const struct bpf_insn *insns, size_t insns_cnt, char *log_buf,
    47                    size_t log_buf_size);
    48  
    49  int bpf_prog_attach(enum bpf_attach_type type, int cgroup_fd, int prog_fd);
    50  
    51  /**
    52   * bf_create_map creates a BPF map and returns a file descriptor handle to it.
    53   * The returned file descriptor has O_CLOEXEC flag set on it.
    54   */
    55  int bpf_create_map(enum bpf_map_type type, size_t key_size, size_t value_size, size_t max_entries);
    56  
    57  /**
    58   * bpf_update_map updates the value of element with a given key (or adds it to
    59   * the map).
    60   */
    61  int bpf_update_map(int map_fd, const void *key, const void *value);
    62  
    63  /**
    64   * bpf_map_get_next_key iterates over keys of the map.
    65   *
    66   * When key does not match anything in the map, it is set to the first element
    67   * of the map and next_key holds the next key. Subsequent calls will obtain the
    68   * next_key following key. When an end if reached, -1 is returned and error is
    69   * set to ENOENT.
    70   */
    71  int bpf_map_get_next_key(int map_fd, const void *key, void *next_key);
    72  
    73  /**
    74   * bpf_map_delete_batch performs a batch delete of elements with keys, where cnt
    75   * is the number of keys.
    76   */
    77  int bpf_map_delete_batch(int map_fd, const void *keys, size_t cnt);
    78  
    79  /**
    80   * bpf_map_delete_elem deletes an element with a key from the map, returns -1
    81   * and ENOENT when the element did not exist.
    82   */
    83  int bpf_map_delete_elem(int map_fd, const void *key);
    84  
    85  #endif /* SNAP_CONFINE_BPF_SUPPORT_H */