eBPF Helpers

map_delete_elem

Deletes an element from a BPF map by key.

map_lookup_elem

Looks up an element in a BPF map by key, returning a pointer to the value.

map_update_elem

Updates or inserts an element in a BPF map.

get_prandom_u32

Returns a pseudo-random 32-bit integer.

get_smp_processor_id

Returns the ID of the current CPU.

ktime_get_ns

Returns the current time in nanoseconds since boot.

l3_csum_replace

Replaces the layer 3 checksum in a packet.

l4_csum_replace

Replaces the layer 4 checksum in a packet.

probe_read

Safely reads kernel or user memory into a buffer.

skb_store_bytes

Stores bytes into a packet at a specified offset.

trace_printk

Prints formatted debug output to the trace buffer.

clone_redirect

Clones a packet and redirects it to an interface.

get_current_comm

Returns the name of the current process.

get_current_pid_tgid

Returns the PID and TGID of the current task.

get_current_uid_gid

Returns the UID and GID of the current task.

tail_call

Jumps to another BPF program in the same map.

get_cgroup_classid

Returns the class ID of the current cgroup.

perf_event_read

Reads a performance counter value.

skb_get_tunnel_key

Retrieves the tunnel key from a packet.

skb_set_tunnel_key

Sets the tunnel key for a packet.

skb_vlan_pop

Removes a VLAN tag from a packet.

skb_vlan_push

Adds a VLAN tag to a packet.

get_route_realm

Returns the routing realm of a packet.

perf_event_output

Outputs data to a perf event buffer.

redirect

Redirects a packet to a specified interface.

skb_load_bytes

Loads bytes from a packet into a buffer.

csum_diff

Computes checksum difference between two buffers.

get_stackid

Returns a unique ID for the current stack trace.

skb_get_tunnel_opt

Retrieves tunnel options from a packet.

skb_set_tunnel_opt

Sets tunnel options for a packet.

get_current_task

Returns a pointer to the current task structure.

get_hash_recalc

Recalculates the hash for a socket buffer.

probe_write_user

Safely writes data to user space memory.

skb_change_proto

Changes the protocol of a packet.

skb_change_type

Changes the type of a packet.

skb_under_cgroup

Checks if a packet belongs to a cgroup.

csum_update

Updates the checksum of a packet.

current_task_under_cgroup

Checks if the current task is in a specified cgroup.

set_hash_invalid

Invalidates the hash of a socket buffer.

skb_change_tail

Adjusts the tail pointer of a packet.

skb_pull_data

Pulls data from a packet, adjusting pointers.

get_numa_node_id

Returns the NUMA node ID of the current CPU.

skb_change_head

Adjusts the head pointer of a packet.

xdp_adjust_head

Adjusts the head of an XDP buffer.

probe_read_str

Safely reads a null-terminated string from memory.

get_socket_cookie

Returns a unique cookie for a socket.

get_socket_uid

Returns the UID of a socket’s owner.

set_hash

Sets the hash value for a socket buffer.

skb_adjust_room

Adjusts the room in a packet for data.

setsockopt

Sets socket options for a socket.

redirect_map

Redirects a packet using a BPF map.

sock_map_update

Updates a socket map with a socket.

getsockopt

Retrieves socket options from a socket.

perf_event_read_value

Reads a performance counter with additional metadata.

perf_prog_read_value

Reads performance program-specific values.

xdp_adjust_meta

Adjusts the metadata of an XDP buffer.

override_return

Overrides the return value of a function.

sock_ops_cb_flags_set

Sets callback flags for socket operations.

bind

Binds a socket to an address.

msg_apply_bytes

Applies bytes to a socket message.

msg_cork_bytes

Corks bytes for a socket message.

msg_pull_data

Pulls data from a socket message.

msg_redirect_map

Redirects a socket message using a BPF map.

fib_lookup

Performs a FIB (Forwarding Information Base) lookup.

get_current_cgroup_id

Returns the ID of the current cgroup.

get_stack

Captures the current stack trace.

lwt_push_encap

Pushes encapsulation headers for LWT (Lightweight Tunneling).

lwt_seg6_action

Performs Segment Routing v6 actions.

lwt_seg6_adjust_srh

Adjusts the Segment Routing Header (SRH).

lwt_seg6_store_bytes

Stores bytes in a Segment Routing v6 packet.

rc_keydown

Sends a remote control key press event.

rc_repeat

Sends a remote control repeat event.

sk_redirect_hash

Redirects a socket using a hash-based map.

skb_cgroup_id

Returns the cgroup ID of a packet.

skb_get_xfrm_state

Retrieves the XFRM (IPsec) state of a packet.

skb_load_bytes_relative

Loads bytes from a packet relative to a header.

sock_hash_update

Updates a socket hash map.

xdp_adjust_tail

Adjusts the tail of an XDP buffer.

get_local_storage

Retrieves per-CPU local storage for a task.

sk_select_reuseport

Selects a reuseport socket for load balancing.

skb_ancestor_cgroup_id

Returns the cgroup ID of a packet’s ancestor.

map_peek_elem

Peeks at an element in a queue or stack map.

map_pop_elem

Pops an element from a queue or stack map.

map_push_elem

Pushes an element onto a queue or stack map.

msg_push_data

Pushes data into a socket message.

sk_lookup_tcp

Looks up a TCP socket by address and port.

sk_lookup_udp

Looks up a UDP socket by address and port.

sk_release

Releases a socket reference.

msg_pop_data

Pops data from a socket message.

rc_pointer_rel

Adjusts the pointer for a remote control event.

get_listener_sock

Retrieves the listener socket for a connection.

sk_fullsock

Returns the full socket structure.

skb_ecn_set_ce

Sets the ECN Congestion Experienced flag.

spin_lock

Acquires a spinlock for synchronization.

spin_unlock

Releases a spinlock.

tcp_sock

Returns the TCP socket structure.

sk_storage_delete

Deletes storage associated with a socket.

sk_storage_get

Retrieves storage associated with a socket.

skc_lookup_tcp

Looks up a TCP socket in a specific context.

strtol

Converts a string to a long integer.

strtoul

Converts a string to an unsigned long integer.

sysctl_get_current_value

Retrieves the current sysctl value.

sysctl_get_name

Retrieves the name of a sysctl.

sysctl_get_new_value

Retrieves the new sysctl value during a change.

sysctl_set_new_value

Sets a new sysctl value.

tcp_check_syncookie

Checks a TCP SYN cookie for validity.

send_signal

Sends a signal to a process.

tcp_gen_syncookie

Generates a TCP SYN cookie.

jiffies64

Returns the 64-bit jiffies counter.

probe_read_kernel

Safely reads kernel memory.

probe_read_kernel_str

Safely reads a kernel string.

probe_read_user

Safely reads user space memory.

probe_read_user_str

Safely reads a user space string.

send_signal_thread

Sends a signal to a specific thread.

skb_output

Outputs a packet to a network device.

tcp_send_ack

Sends a TCP ACK packet.

get_current_ancestor_cgroup_id

Returns the ID of an ancestor cgroup.

read_branch_records

Reads branch records for profiling.

sk_assign

Assigns a socket to a specific context.

xdp_output

Outputs an XDP buffer to a network device.

csum_level

Updates checksums for a specific protocol level.

get_netns_cookie

Returns a cookie for the current network namespace.

get_ns_current_pid_tgid

Returns PID and TGID in a specific namespace.

seq_printf

Prints formatted output to a seq_file.

seq_write

Writes raw data to a seq_file.

sk_ancestor_cgroup_id

Returns the ID of a socket’s ancestor cgroup.

sk_cgroup_id

Returns the cgroup ID of a socket.

ktime_get_boot_ns

Returns boot time in nanoseconds.

ringbuf_discard

Discards a reserved ring buffer entry.

ringbuf_output

Outputs data to a ring buffer.

ringbuf_query

Queries ring buffer status.

ringbuf_reserve

Reserves space in a ring buffer.

ringbuf_submit

Submits a ring buffer entry.

get_task_stack

Retrieves the stack of a specified task.

skc_to_tcp_sock

Converts a socket context to a TCP socket.

skc_to_tcp_request_sock

Converts a socket context to a TCP request socket.

skc_to_tcp_timewait_sock

Converts a socket context to a TCP timewait socket.

skc_to_tcp6_sock

Converts a socket context to a TCPv6 socket.

skc_to_udp6_sock

Converts a socket context to a UDPv6 socket.

copy_from_user

Copies data from user space to kernel space.

d_path

Returns the path of a dentry.

inode_storage_delete

Deletes storage associated with an inode.

inode_storage_get

Retrieves storage associated with an inode.

load_hdr_opt

Loads header options for a packet.

per_cpu_ptr

Returns a pointer to per-CPU data.

redirect_neigh

Redirects a packet to a neighbor.

redirect_peer

Redirects a packet to a peer.

reserve_hdr_opt

Reserves space for header options.

seq_printf_btf

Prints BTF-formatted data to a seq_file.

skb_cgroup_classid

Returns the class ID of a packet’s cgroup.

snprintf_btf

Formats BTF data into a string.

store_hdr_opt

Stores header options for a packet.

this_cpu_ptr

Returns a pointer to data on the current CPU.

bprm_opts_set

Sets options for a binary process.

get_current_task_btf

Returns the current task in BTF format.

ima_inode_hash

Computes the IMA hash of an inode.

ktime_get_coarse_ns

Returns coarse-grained time in nanoseconds.

sock_from_file

Retrieves a socket from a file descriptor.

task_storage_delete

Deletes storage associated with a task.

task_storage_get

Retrieves storage associated with a task.

check_mtu

Checks the MTU for a network device.

for_each_map_elem

Iterates over elements in a BPF map.

snprintf

Formats a string with a specified buffer size.

btf_find_by_name_kind

Finds a BTF type by name and kind.

sys_bpf

Executes a BPF system call from a program.

sys_close

Closes a file descriptor.

get_attach_cookie

Retrieves a cookie for a BPF attachment.

get_func_ip

Returns the instruction pointer of a function.

task_pt_regs

Returns the registers of a task.

timer_cancel

Cancels a BPF timer.

timer_init

Initializes a BPF timer.

timer_set_callback

Sets the callback for a BPF timer.

timer_start

Starts a BPF timer.

get_branch_snapshot

Captures a snapshot of branch records.

kallsyms_lookup_name

Looks up a kernel symbol by name.

skc_to_unix_sock

Converts a socket context to a UNIX socket.

trace_vprintk

Prints variable arguments to the trace buffer.

find_vma

Finds a virtual memory area for an address.

get_func_arg

Retrieves a function argument by index.

get_func_arg_cnt

Returns the number of function arguments.

get_func_ret

Retrieves the return value of a function.

loop

Executes a bounded loop in a BPF program.

strncmp

Compares two strings up to a specified length.

copy_from_user_task

Copies data from a task’s user space.

get_retval

Retrieves the return value of a program.

ima_file_hash

Computes the IMA hash of a file.

set_retval

Sets the return value of a program.

skb_set_tstamp

Sets the timestamp of a packet.

xdp_get_buff_len

Returns the length of an XDP buffer.

xdp_load_bytes

Loads bytes from an XDP buffer.

xdp_store_bytes

Stores bytes in an XDP buffer.

dynptr_data

Retrieves data from a dynamic pointer.

dynptr_from_mem

Creates a dynamic pointer from memory.

dynptr_read

Reads data from a dynamic pointer.

dynptr_write

Writes data to a dynamic pointer.

kptr_xchg

Exchanges a kernel pointer atomically.

map_lookup_percpu_elem

Looks up a per-CPU element in a map.

ringbuf_discard_dynptr

Discards a ring buffer entry via a dynamic pointer.

ringbuf_reserve_dynptr

Reserves a ring buffer entry via a dynamic pointer.

ringbuf_submit_dynptr

Submits a ring buffer entry via a dynamic pointer.

skc_to_mctcp_sock

Converts a socket context to an MCTCP socket.

tcp_raw_check_syncookie_ipv4

Checks an IPv4 TCP SYN cookie in raw mode.

tcp_raw_check_syncookie_ipv6

Checks an IPv6 TCP SYN cookie in raw mode.

tcp_raw_gen_syncookie_ipv4

Generates an IPv4 TCP SYN cookie in raw mode.

tcp_raw_gen_syncookie_ipv6

Generates an IPv6 TCP SYN cookie in raw mode.

ktime_get_tai_ns

Returns TAI time in nanoseconds.

user_ringbuf_drain

Drains a user-space ring buffer.

cgrp_storage_delete

Deletes storage associated with a cgroup.

cgrp_storage_get

Retrieves storage associated with a cgroup.