• A
    bpf: expand BPF syscall with program load/unload · 09756af4
    Alexei Starovoitov 提交于
    eBPF programs are similar to kernel modules. They are loaded by the user
    process and automatically unloaded when process exits. Each eBPF program is
    a safe run-to-completion set of instructions. eBPF verifier statically
    determines that the program terminates and is safe to execute.
    
    The following syscall wrapper can be used to load the program:
    int bpf_prog_load(enum bpf_prog_type prog_type,
                      const struct bpf_insn *insns, int insn_cnt,
                      const char *license)
    {
        union bpf_attr attr = {
            .prog_type = prog_type,
            .insns = ptr_to_u64(insns),
            .insn_cnt = insn_cnt,
            .license = ptr_to_u64(license),
        };
    
        return bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
    }
    where 'insns' is an array of eBPF instructions and 'license' is a string
    that must be GPL compatible to call helper functions marked gpl_only
    
    Upon succesful load the syscall returns prog_fd.
    Use close(prog_fd) to unload the program.
    
    User space tests and examples follow in the later patches
    Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    09756af4
bpf.h 4.0 KB