Program type BPF_PROG_TYPE_LWT_XMIT
Extension programs can be used to dynamically extend another BPF program.
Usage
This program type can be attached to route, the program will be called when transmitting to said route. For example
ip route add 192.168.253.2/32 encap bpf out obj {elf file}.o section {prog section} dev veth0
The initial use cases listed for this program type are:
- Collect statistics and generate sampling data for a subset of traffic based on the destination utilized by the packet thus allowing to extend the existing realms.
- Apply additional per route/destination filters to prohibit certain outgoing or incoming packets based on BPF filters. In particular, this allows to maintain per destination custom state across multiple packets in BPF maps and apply filters based on statistics and behaviour observed over time.
- Attachment of L2 headers at transmit where resolving the L2 address is not required.
LWT bpf_skb_change_head helper function.
Context
Socket SKB programs are called by the kernel with a __sk_buff context.
This program type isn't allowed to read from and write to all fields of the context since doing so might break assumptions in the kernel or because data isn't available at the point where the program is hooked into the kernel.
Context fields
Attachment
This program type can only be attached via netlink or commands such as ip from (iproute2) which use netlink under the hood:
ip route add 192.168.253.2/32 encap bpf xmit obj {elf file}.o section {prog section} dev veth0
Example
Docs could be improved
This part of the docs is incomplete, contributions are very welcome
Helper functions
Not all helper functions are available in all program types. These are the helper calls available for LWT programs:
Supported helper functions
bpf_cgrp_storage_deletebpf_cgrp_storage_getbpf_clone_redirectbpf_csum_diffbpf_csum_levelbpf_csum_updatebpf_dynptr_databpf_dynptr_from_membpf_dynptr_readbpf_dynptr_writebpf_for_each_map_elembpf_get_cgroup_classidbpf_get_current_taskbpf_get_current_task_btfbpf_get_hash_recalcbpf_get_numa_node_idbpf_get_prandom_u32bpf_get_route_realmbpf_get_smp_processor_idbpf_jiffies64bpf_kptr_xchgbpf_ktime_get_boot_nsbpf_ktime_get_nsbpf_ktime_get_tai_nsbpf_l3_csum_replacebpf_l4_csum_replacebpf_loopbpf_lwt_push_encapbpf_map_delete_elembpf_map_lookup_elembpf_map_lookup_percpu_elembpf_map_peek_elembpf_map_pop_elembpf_map_push_elembpf_map_update_elembpf_per_cpu_ptrbpf_perf_event_outputbpf_probe_read_kernelbpf_probe_read_kernel_strbpf_probe_read_userbpf_probe_read_user_strbpf_redirectbpf_ringbuf_discardbpf_ringbuf_discard_dynptrbpf_ringbuf_outputbpf_ringbuf_querybpf_ringbuf_reservebpf_ringbuf_reserve_dynptrbpf_ringbuf_submitbpf_ringbuf_submit_dynptrbpf_set_hash_invalidbpf_skb_change_headbpf_skb_change_tailbpf_skb_get_tunnel_keybpf_skb_get_tunnel_optbpf_skb_load_bytesbpf_skb_pull_databpf_skb_set_tunnel_keybpf_skb_set_tunnel_optbpf_skb_store_bytesbpf_skb_under_cgroupbpf_snprintfbpf_snprintf_btfbpf_spin_lockbpf_spin_unlockbpf_strncmpbpf_tail_callbpf_task_pt_regsbpf_this_cpu_ptrbpf_timer_cancelbpf_timer_initbpf_timer_set_callbackbpf_timer_startbpf_trace_printkbpf_trace_vprintkbpf_user_ringbuf_drain
KFuncs
Supported kfuncs
bpf_arena_alloc_pagesbpf_arena_free_pagesbpf_cast_to_kern_ctxbpf_dynptr_adjustbpf_dynptr_clonebpf_dynptr_from_skbbpf_dynptr_is_nullbpf_dynptr_is_rdonlybpf_dynptr_sizebpf_dynptr_slicebpf_dynptr_slice_rdwrbpf_iter_bits_destroybpf_iter_bits_newbpf_iter_bits_nextbpf_iter_css_destroybpf_iter_css_newbpf_iter_css_nextbpf_iter_css_task_destroybpf_iter_css_task_newbpf_iter_css_task_nextbpf_iter_num_destroybpf_iter_num_newbpf_iter_num_nextbpf_iter_task_destroybpf_iter_task_newbpf_iter_task_nextbpf_iter_task_vma_destroybpf_iter_task_vma_newbpf_iter_task_vma_nextbpf_map_sum_elem_countbpf_preempt_disablebpf_preempt_enablebpf_rcu_read_lockbpf_rcu_read_unlockbpf_rdonly_castbpf_wq_initbpf_wq_set_callback_implbpf_wq_start