Module rbpf::ebpf

This module contains all the definitions related to eBPF, and some functions permitting to manipulate eBPF instructions.

The number of bytes in an instruction, the maximum number of instructions in a program, and also all operation codes are defined here as constants.

The structure for an instruction used by this crate, as well as the function to extract it from a program, is also defined in the module.

To learn more about these instructions, see the Linux kernel documentation: https://www.kernel.org/doc/Documentation/networking/filter.txt, or for a shorter version of the list of the operation codes: https://github.com/iovisor/bpf-docs/blob/master/eBPF.md

Structs

Insn

An eBPF instruction.

Constants

ADD32_IMM

BPF opcode: add32 dst, imm /// dst += imm.

ADD32_REG

BPF opcode: add32 dst, src /// dst += src.

ADD64_IMM

BPF opcode: add64 dst, imm /// dst += imm.

ADD64_REG

BPF opcode: add64 dst, src /// dst += src.

AND32_IMM

BPF opcode: and32 dst, imm /// dst &= imm.

AND32_REG

BPF opcode: and32 dst, src /// dst &= src.

AND64_IMM

BPF opcode: and64 dst, imm /// dst &= imm.

AND64_REG

BPF opcode: and64 dst, src /// dst &= src.

ARSH32_IMM

BPF opcode: arsh32 dst, imm /// dst >>= imm (arithmetic).

ARSH32_REG

BPF opcode: arsh32 dst, src /// dst >>= src (arithmetic).

ARSH64_IMM

BPF opcode: arsh64 dst, imm /// dst >>= imm (arithmetic).

ARSH64_REG

BPF opcode: arsh64 dst, src /// dst >>= src (arithmetic).

BE

BPF opcode: be dst /// dst = htobe<imm>(dst), with imm in {16, 32, 64}.

BPF_ABS

BPF mode modifier: absolute load.

BPF_ADD

BPF ALU/ALU64 operation code: addition.

BPF_ALU

BPF operation class: 32 bits arithmetic operation.

BPF_ALU64

BPF operation class: 64 bits arithmetic operation.

BPF_ALU_OP_MASK

Mask to extract the arithmetic operation code from an instruction operation code.

BPF_AND

BPF ALU/ALU64 operation code: and.

BPF_ARSH

BPF ALU/ALU64 operation code: sign extending right shift.

BPF_B

BPF size modifier: byte (1 byte).

BPF_CALL

BPF JMP operation code: helper function call.

BPF_CLS_MASK

Mask to extract the operation class from an operation code.

BPF_DIV

BPF ALU/ALU64 operation code: division.

BPF_DW

BPF size modifier: double word (8 bytes).

BPF_END

BPF ALU/ALU64 operation code: endianness conversion.

BPF_EXIT

BPF JMP operation code: return from program.

BPF_H

BPF size modifier: half-word (2 bytes).

BPF_IMM

BPF mode modifier: immediate value.

BPF_IND

BPF mode modifier: indirect load.

BPF_JA

BPF JMP operation code: jump.

BPF_JEQ

BPF JMP operation code: jump if equal.

BPF_JGE

BPF JMP operation code: jump if greater or equal.

BPF_JGT

BPF JMP operation code: jump if greater than.

BPF_JLE

BPF JMP operation code: jump if lower or equal.

BPF_JLT

BPF JMP operation code: jump if lower than.

BPF_JMP

BPF operation class: jump.

BPF_JNE

BPF JMP operation code: jump if not equal.

BPF_JSET

BPF JMP operation code: jump if src & reg.

BPF_JSGE

BPF JMP operation code: jump if greater or equal (signed).

BPF_JSGT

BPF JMP operation code: jump if greater than (signed).

BPF_JSLE

BPF JMP operation code: jump if lower or equal (signed).

BPF_JSLT

BPF JMP operation code: jump if lower than (signed).

BPF_K

BPF source operand modifier: 32-bit immediate value.

BPF_LD

BPF operation class: load from immediate.

BPF_LDX

BPF operation class: load from register.

BPF_LSH

BPF ALU/ALU64 operation code: left shift.

BPF_MEM

BPF mode modifier: load from / store to memory.

BPF_MOD

BPF ALU/ALU64 operation code: modulus.

BPF_MOV

BPF ALU/ALU64 operation code: move.

BPF_MUL

BPF ALU/ALU64 operation code: multiplication.

BPF_NEG

BPF ALU/ALU64 operation code: negation.

BPF_OR

BPF ALU/ALU64 operation code: or.

BPF_RSH

BPF ALU/ALU64 operation code: right shift.

BPF_ST

BPF operation class: store immediate.

BPF_STX

BPF operation class: store value from register.

BPF_SUB

BPF ALU/ALU64 operation code: subtraction.

BPF_W

BPF size modifier: word (4 bytes).

BPF_X

BPF source operand modifier: src register.

BPF_XADD

BPF mode modifier: exclusive add.

BPF_XOR

BPF ALU/ALU64 operation code: exclusive or.

CALL

BPF opcode: call imm /// helper function call to helper with key imm.

DIV32_IMM

BPF opcode: div32 dst, imm /// dst /= imm.

DIV32_REG

BPF opcode: div32 dst, src /// dst /= src.

DIV64_IMM

BPF opcode: div64 dst, imm /// dst /= imm.

DIV64_REG

BPF opcode: div64 dst, src /// dst /= src.

EXIT

BPF opcode: exit /// return r0.

INSN_SIZE

Size of an eBPF instructions, in bytes.

JA

BPF opcode: ja +off /// PC += off.

JEQ_IMM

BPF opcode: jeq dst, imm, +off /// PC += off if dst == imm.

JEQ_REG

BPF opcode: jeq dst, src, +off /// PC += off if dst == src.

JGE_IMM

BPF opcode: jge dst, imm, +off /// PC += off if dst >= imm.

JGE_REG

BPF opcode: jge dst, src, +off /// PC += off if dst >= src.

JGT_IMM

BPF opcode: jgt dst, imm, +off /// PC += off if dst > imm.

JGT_REG

BPF opcode: jgt dst, src, +off /// PC += off if dst > src.

JLE_IMM

BPF opcode: jle dst, imm, +off /// PC += off if dst <= imm.

JLE_REG

BPF opcode: jle dst, src, +off /// PC += off if dst <= src.

JLT_IMM

BPF opcode: jlt dst, imm, +off /// PC += off if dst < imm.

JLT_REG

BPF opcode: jlt dst, src, +off /// PC += off if dst < src.

JNE_IMM

BPF opcode: jne dst, imm, +off /// PC += off if dst != imm.

JNE_REG

BPF opcode: jne dst, src, +off /// PC += off if dst != src.

JSET_IMM

BPF opcode: jset dst, imm, +off /// PC += off if dst & imm.

JSET_REG

BPF opcode: jset dst, src, +off /// PC += off if dst & src.

JSGE_IMM

BPF opcode: jsge dst, imm, +off /// PC += off if dst >= imm (signed).

JSGE_REG

BPF opcode: jsge dst, src, +off /// PC += off if dst >= src (signed).

JSGT_IMM

BPF opcode: jsgt dst, imm, +off /// PC += off if dst > imm (signed).

JSGT_REG

BPF opcode: jsgt dst, src, +off /// PC += off if dst > src (signed).

JSLE_IMM

BPF opcode: jsle dst, imm, +off /// PC += off if dst <= imm (signed).

JSLE_REG

BPF opcode: jsle dst, src, +off /// PC += off if dst <= src (signed).

JSLT_IMM

BPF opcode: jslt dst, imm, +off /// PC += off if dst < imm (signed).

JSLT_REG

BPF opcode: jslt dst, src, +off /// PC += off if dst < src (signed).

LD_ABS_B

BPF opcode: ldabsb src, dst, imm.

LD_ABS_DW

BPF opcode: ldabsdw src, dst, imm.

LD_ABS_H

BPF opcode: ldabsh src, dst, imm.

LD_ABS_W

BPF opcode: ldabsw src, dst, imm.

LD_B_REG

BPF opcode: ldxb dst, [src + off] /// dst = (src + off) as u8.

LD_DW_IMM

BPF opcode: lddw dst, imm /// dst = imm.

LD_DW_REG

BPF opcode: ldxdw dst, [src + off] /// dst = (src + off) as u64.

LD_H_REG

BPF opcode: ldxh dst, [src + off] /// dst = (src + off) as u16.

LD_IND_B

BPF opcode: ldindb src, dst, imm.

LD_IND_DW

BPF opcode: ldinddw src, dst, imm.

LD_IND_H

BPF opcode: ldindh src, dst, imm.

LD_IND_W

BPF opcode: ldindw src, dst, imm.

LD_W_REG

BPF opcode: ldxw dst, [src + off] /// dst = (src + off) as u32.

LE

BPF opcode: le dst /// dst = htole<imm>(dst), with imm in {16, 32, 64}.

LSH32_IMM

BPF opcode: lsh32 dst, imm /// dst <<= imm.

LSH32_REG

BPF opcode: lsh32 dst, src /// dst <<= src.

LSH64_IMM

BPF opcode: lsh64 dst, imm /// dst <<= imm.

LSH64_REG

BPF opcode: lsh64 dst, src /// dst <<= src.

MOD32_IMM

BPF opcode: mod32 dst, imm /// dst %= imm.

MOD32_REG

BPF opcode: mod32 dst, src /// dst %= src.

MOD64_IMM

BPF opcode: mod64 dst, imm /// dst %= imm.

MOD64_REG

BPF opcode: mod64 dst, src /// dst %= src.

MOV32_IMM

BPF opcode: mov32 dst, imm /// dst = imm.

MOV32_REG

BPF opcode: mov32 dst, src /// dst = src.

MOV64_IMM

BPF opcode: mov64 dst, imm /// dst = imm.

MOV64_REG

BPF opcode: mov64 dst, src /// dst = src.

MUL32_IMM

BPF opcode: mul32 dst, imm /// dst *= imm.

MUL32_REG

BPF opcode: mul32 dst, src /// dst *= src.

MUL64_IMM

BPF opcode: div64 dst, imm /// dst /= imm.

MUL64_REG

BPF opcode: div64 dst, src /// dst /= src.

NEG32

BPF opcode: neg32 dst /// dst = -dst.

NEG64

BPF opcode: neg64 dst, imm /// dst = -dst.

OR32_IMM

BPF opcode: or32 dst, imm /// dst |= imm.

OR32_REG

BPF opcode: or32 dst, src /// dst |= src.

OR64_IMM

BPF opcode: or64 dst, imm /// dst |= imm.

OR64_REG

BPF opcode: or64 dst, src /// dst |= src.

PROG_MAX_INSNS

Maximum number of instructions in an eBPF program.

PROG_MAX_SIZE

Maximum size of an eBPF program, in bytes.

RSH32_IMM

BPF opcode: rsh32 dst, imm /// dst >>= imm.

RSH32_REG

BPF opcode: rsh32 dst, src /// dst >>= src.

RSH64_IMM

BPF opcode: rsh64 dst, imm /// dst >>= imm.

RSH64_REG

BPF opcode: rsh64 dst, src /// dst >>= src.

STACK_SIZE

Stack for the eBPF stack, in bytes.

ST_B_IMM

BPF opcode: stb [dst + off], imm /// (dst + offset) as u8 = imm.

ST_B_REG

BPF opcode: stxb [dst + off], src /// (dst + offset) as u8 = src.

ST_DW_IMM

BPF opcode: stdw [dst + off], imm /// (dst + offset) as u64 = imm.

ST_DW_REG

BPF opcode: stxdw [dst + off], src /// (dst + offset) as u64 = src.

ST_DW_XADD

BPF opcode: stxxadddw [dst + off], src.

ST_H_IMM

BPF opcode: sth [dst + off], imm /// (dst + offset) as u16 = imm.

ST_H_REG

BPF opcode: stxh [dst + off], src /// (dst + offset) as u16 = src.

ST_W_IMM

BPF opcode: stw [dst + off], imm /// (dst + offset) as u32 = imm.

ST_W_REG

BPF opcode: stxw [dst + off], src /// (dst + offset) as u32 = src.

ST_W_XADD

BPF opcode: stxxaddw [dst + off], src.

SUB32_IMM

BPF opcode: sub32 dst, imm /// dst -= imm.

SUB32_REG

BPF opcode: sub32 dst, src /// dst -= src.

SUB64_IMM

BPF opcode: sub64 dst, imm /// dst -= imm.

SUB64_REG

BPF opcode: sub64 dst, src /// dst -= src.

TAIL_CALL

BPF opcode: tail call.

XOR32_IMM

BPF opcode: xor32 dst, imm /// dst ^= imm.

XOR32_REG

BPF opcode: xor32 dst, src /// dst ^= src.

XOR64_IMM

BPF opcode: xor64 dst, imm /// dst ^= imm.

XOR64_REG

BPF opcode: xor64 dst, src /// dst ^= src.

Functions

get_insn

Get the instruction at idx of an eBPF program. idx is the index (number) of the instruction (not a byte offset). The first instruction has index 0.

to_insn_vec

Return a vector of struct Insn built from a program.

Type Definitions

Helper

Prototype of an eBPF helper function.