Skip to content

KFunc bpf_xdp_ct_alloc

v6.0

Allocate a new CT (ConnTrack) entry

Definition

Parameters

xdp_ctx: Pointer to ctx (xdp_md) in XDP program. Cannot be NULL

bpf_tuple: Pointer to memory representing the tuple to look up. Cannot be NULL

tuple__sz: Length of the tuple structure. Must be one of sizeof(bpf_tuple->ipv4) or sizeof(bpf_tuple->ipv6)

opts: Additional options for allocation (documented above). Cannot be NULL

Members

opts.netns_id: Specify the network namespace for lookup, Values:

  • BPF_F_CURRENT_NETNS - (-1) Use namespace associated with ctx (xdp_md, __sk_buff)
  • [0, S32_MAX] - Network Namespace ID

opts.error: Out parameter, set for any errors encountered, Values:

  • -EINVAL - Passed NULL for bpf_tuple pointer
  • -EINVAL - opts->reserved is not 0
  • -EINVAL - netns_id is less than -1
  • -EINVAL - opts__sz isn't NF_BPF_CT_OPTS_SZ (12)
  • -EPROTO - l4proto isn't one of IPPROTO_TCP or IPPROTO_UDP
  • -ENONET - No network namespace found for netns_id
  • -ENOENT - Conntrack lookup could not find entry for tuple
  • -EAFNOSUPPORT - tuple__sz isn't one of sizeof(tuple->ipv4) or sizeof(tuple->ipv6)

opts.l4proto: Layer 4 protocol, Values: IPPROTO_TCP, IPPROTO_UDP

opts.reserved: Reserved member, will be reused for more options in future, Values: 0

opts__sz: Length of the bpf_ct_opts structure. Must be NF_BPF_CT_OPTS_SZ (12)

struct nf_conn___init *bpf_xdp_ct_alloc(struct xdp_md *xdp_ctx, struct bpf_sock_tuple *bpf_tuple, u32 tuple__sz, struct bpf_ct_opts *opts, u32 opts__sz)

Note

This kfunc returns a pointer to a refcounted object. The verifier will then ensure that the pointer to the object is eventually released using a release kfunc, or transferred to a map using a referenced kptr (by invoking bpf_kptr_xchg). If not, the verifier fails the loading of the BPF program until no lingering references remain in all possible explored states of the program.

Note

The pointer returned by the kfunc may be NULL. Hence, it forces the user to do a NULL check on the pointer returned from the kfunc before making use of it (dereferencing or passing to another helper).

Usage

Docs could be improved

This part of the docs is incomplete, contributions are very welcome

Program types

The following program types can make use of this kfunc:

Example

See bpf_ct_set_nat_info for an example of how to use this kfunc.