Structs§
- ubpf_
safe_ helper_ descriptor - @brief Safe-profile metadata describing a helper and the shape of its return value.
- ubpf_
safe_ region - @brief Descriptor for an external region known to the safe execution profile.
- ubpf_vm
- @brief Opaque type for a the uBPF VM.
Constants§
- Basic
JitMode - Extended
JitMode - UBPF_
EXECUTION_ PROFILE_ LEGACY - Preserve the existing legacy interpreter/JIT behavior.
- UBPF_
EXECUTION_ PROFILE_ SAFE - Enable the additive safe interpreter profile.
- UBPF_
SAFE_ HELPER_ RESULT_ HANDLE - UBPF_
SAFE_ HELPER_ RESULT_ POINTER - UBPF_
SAFE_ HELPER_ RESULT_ SCALAR - UBPF_
SAFE_ REGION_ ATOMIC - UBPF_
SAFE_ REGION_ HANDLE - Opaque handle that helpers may consume but programs may not dereference.
- UBPF_
SAFE_ REGION_ POINTER - Dereferenceable memory region.
- UBPF_
SAFE_ REGION_ READ - UBPF_
SAFE_ REGION_ WRITE
Functions§
- as_
external_ ⚠function_ t - @brief Cast an external function to \ref external_function_t
- ubpf_
compile ⚠ - @brief Compile a BPF program in the VM to native code.
- ubpf_
compile_ ⚠ex - @brief Compile a BPF program in the VM to native code.
- ubpf_
copy_ ⚠jit - @brief Copy the JIT’d program code to the given buffer.
- ubpf_
create ⚠ - @brief Create a new uBPF VM.
- ubpf_
destroy ⚠ - @brief Free a uBPF VM.
- ubpf_
exec ⚠ - @brief Execute a BPF program in the VM using the interpreter.
- ubpf_
exec_ ⚠ex - @brief Execute a BPF program in the VM using the interpreter and a caller-supplied stack.
- ubpf_
get_ ⚠registers - @brief Retrieve the storage location for the BPF registers in the VM.
- ubpf_
load ⚠ - @brief Load code into a VM. This must be done before calling ubpf_exec or ubpf_compile and after registering all functions.
- ubpf_
load_ ⚠elf - @brief Load code from an ELF file.
- ubpf_
load_ ⚠elf_ ex - @brief Load code from an ELF file with extra parameters for extended control.
- ubpf_
register ⚠ - @brief Register an external function. The immediate field of a CALL instruction is an index into an array of functions registered by the user. This API associates a function with an index.
- ubpf_
register_ ⚠data_ bounds_ check - @brief Set a bounds check function for the VM.
- ubpf_
register_ ⚠data_ relocation - @brief Set a relocation function for the VM.
- ubpf_
register_ ⚠debug_ fn - @brief Add option to invoke a debug function before each instruction. Note: This only applies to the interpreter and not the JIT.
- ubpf_
register_ ⚠external_ dispatcher - @brief Register a function that dispatches to external helpers The immediate field of a CALL instruction is an index of a helper function to invoke. This API sets a callback that will choose the helper function to invoke (based on the index) and then invoke it. This API also sets a callback that the validator will use to determine if a given index is a valid external function.
- ubpf_
register_ ⚠safe_ helper - @brief Register a helper together with the safe-profile metadata needed to classify its return value.
- ubpf_
register_ ⚠safe_ region - @brief Register a descriptor-backed external region for the safe execution profile.
- ubpf_
register_ ⚠stack_ usage_ calculator - @brief Register a function that will be called during eBPF program validation to determine stack usage for a local function.
- ubpf_
set_ ⚠error_ print - @brief Set the function to be invoked if the program hits a fatal error.
- ubpf_
set_ ⚠execution_ profile - @brief Select the execution profile for the VM.
- ubpf_
set_ ⚠instruction_ limit - @brief Set the instruction limit for the VM. This is the maximum number of instructions that a program may execute during a call to ubpf_exec. It has no effect on JIT’d programs.
- ubpf_
set_ ⚠jit_ code_ size - @brief Set a size for the buffer allocated to machine code generated during JIT compilation. The JIT compiler allocates a buffer to store the code while it is being generated. The default may be too big for some embedded platforms. Use this to customize the size of that buffer. Note: The buffer being sized here is not the final location of the machine code returned by ubpf_compile – that buffer is perfectly sized to match the size of the generated machine code.
- ubpf_
set_ ⚠pointer_ secret - @brief Optional secret to improve ROP protection.
- ubpf_
set_ ⚠registers - @brief Override the storage location for the BPF registers in the VM.
- ubpf_
set_ ⚠unwind_ function_ index - @brief Instruct the uBPF runtime to apply unwind-on-success semantics to a helper function. If the function returns 0, the uBPF runtime will end execution of the eBPF program and immediately return control to the caller. This is used for implementing function like the “bpf_tail_call” helper.
- ubpf_
toggle_ ⚠bounds_ check - @brief Enable / disable bounds_check. Bounds check is enabled by default, but it may be too restrictive.
- ubpf_
toggle_ ⚠constant_ blinding - @brief Enable / disable constant blinding in the JIT compiler. Constant blinding is a security hardening technique that prevents JIT spray attacks by XORing immediate values with random values before emitting them. This ensures that attacker-controlled immediate values cannot be used to embed malicious instruction sequences in the JIT-compiled code. Constant blinding is disabled by default for backward compatibility and performance reasons.
- ubpf_
toggle_ ⚠readonly_ bytecode - @brief Enable or disable read-only bytecode storage.
- ubpf_
toggle_ ⚠undefined_ behavior_ check - @brief Enable or disable undefined behavior checks. Undefined behavior includes reading from uninitialized memory or using uninitialized registers. Default is disabled to preserve performance and compatibility with existing eBPF programs.
- ubpf_
translate ⚠ - @brief Translate the eBPF byte code to machine code.
- ubpf_
translate_ ⚠ex - @brief Translate the eBPF byte code to machine code.
- ubpf_
unload_ ⚠code - @brief Unload code from a VM.
Type Aliases§
- FILE
- JitMode
- @brief Enum to describe JIT mode.
- external_
function_ dispatcher_ t - @brief The type of an external helper dispatcher function.
- external_
function_ t - @brief The type of an external helper function.
- external_
function_ validate_ t - @brief The type of an external helper validation function.
- stack_
usage_ calculator_ t - @brief The type of a stack usage calculator callback function.
- ubpf_
bounds_ check - @brief Function that is called by the VM to check if a memory access is within bounds.
- ubpf_
data_ relocation - @brief Data relocation function that is called by the VM when it encounters a R_BPF_64_64 relocation in the maps section of the ELF file.
- ubpf_
debug_ fn - @brief A function to invoke before each instruction.
- ubpf_
execution_ profile - @brief Execution profile for a VM instance.
- ubpf_
jit_ ex_ fn - @brief Opaque type for a uBPF JIT compiled function with external stack.
- ubpf_
jit_ fn - @brief Opaque type for a uBPF JIT compiled function.
- ubpf_
safe_ helper_ result_ kind - @brief Classification for a helper’s return value in the safe profile.
- ubpf_
safe_ region_ kind - @brief Classification for a region exposed to the safe execution profile.
- ubpf_
safe_ region_ permissions - @brief Allowed operations for a safe-profile region.