1.. contents:: 2.. sectnum:: 3 4======================================= 5BPF Instruction Set Specification, v1.0 6======================================= 7 8This document specifies version 1.0 of the BPF instruction set. 9 10Documentation conventions 11========================= 12 13For brevity and consistency, this document refers to families 14of types using a shorthand syntax and refers to several expository, 15mnemonic functions when describing the semantics of instructions. 16The range of valid values for those types and the semantics of those 17functions are defined in the following subsections. 18 19Types 20----- 21This document refers to integer types with the notation `SN` to specify 22a type's signedness (`S`) and bit width (`N`), respectively. 23 24.. table:: Meaning of signedness notation. 25 26 ==== ========= 27 `S` Meaning 28 ==== ========= 29 `u` unsigned 30 `s` signed 31 ==== ========= 32 33.. table:: Meaning of bit-width notation. 34 35 ===== ========= 36 `N` Bit width 37 ===== ========= 38 `8` 8 bits 39 `16` 16 bits 40 `32` 32 bits 41 `64` 64 bits 42 `128` 128 bits 43 ===== ========= 44 45For example, `u32` is a type whose valid values are all the 32-bit unsigned 46numbers and `s16` is a types whose valid values are all the 16-bit signed 47numbers. 48 49Functions 50--------- 51* `htobe16`: Takes an unsigned 16-bit number in host-endian format and 52 returns the equivalent number as an unsigned 16-bit number in big-endian 53 format. 54* `htobe32`: Takes an unsigned 32-bit number in host-endian format and 55 returns the equivalent number as an unsigned 32-bit number in big-endian 56 format. 57* `htobe64`: Takes an unsigned 64-bit number in host-endian format and 58 returns the equivalent number as an unsigned 64-bit number in big-endian 59 format. 60* `htole16`: Takes an unsigned 16-bit number in host-endian format and 61 returns the equivalent number as an unsigned 16-bit number in little-endian 62 format. 63* `htole32`: Takes an unsigned 32-bit number in host-endian format and 64 returns the equivalent number as an unsigned 32-bit number in little-endian 65 format. 66* `htole64`: Takes an unsigned 64-bit number in host-endian format and 67 returns the equivalent number as an unsigned 64-bit number in little-endian 68 format. 69* `bswap16`: Takes an unsigned 16-bit number in either big- or little-endian 70 format and returns the equivalent number with the same bit width but 71 opposite endianness. 72* `bswap32`: Takes an unsigned 32-bit number in either big- or little-endian 73 format and returns the equivalent number with the same bit width but 74 opposite endianness. 75* `bswap64`: Takes an unsigned 64-bit number in either big- or little-endian 76 format and returns the equivalent number with the same bit width but 77 opposite endianness. 78 79 80Definitions 81----------- 82 83.. glossary:: 84 85 Sign Extend 86 To `sign extend an` ``X`` `-bit number, A, to a` ``Y`` `-bit number, B ,` means to 87 88 #. Copy all ``X`` bits from `A` to the lower ``X`` bits of `B`. 89 #. Set the value of the remaining ``Y`` - ``X`` bits of `B` to the value of 90 the most-significant bit of `A`. 91 92.. admonition:: Example 93 94 Sign extend an 8-bit number ``A`` to a 16-bit number ``B`` on a big-endian platform: 95 :: 96 97 A: 10000110 98 B: 11111111 10000110 99 100Conformance groups 101------------------ 102 103An implementation does not need to support all instructions specified in this 104document (e.g., deprecated instructions). Instead, a number of conformance 105groups are specified. An implementation must support the "basic" conformance 106group and may support additional conformance groups, where supporting a 107conformance group means it must support all instructions in that conformance 108group. 109 110The use of named conformance groups enables interoperability between a runtime 111that executes instructions, and tools as such compilers that generate 112instructions for the runtime. Thus, capability discovery in terms of 113conformance groups might be done manually by users or automatically by tools. 114 115Each conformance group has a short ASCII label (e.g., "basic") that 116corresponds to a set of instructions that are mandatory. That is, each 117instruction has one or more conformance groups of which it is a member. 118 119The "basic" conformance group includes all instructions defined in this 120specification unless otherwise noted. 121 122Instruction encoding 123==================== 124 125BPF has two instruction encodings: 126 127* the basic instruction encoding, which uses 64 bits to encode an instruction 128* the wide instruction encoding, which appends a second 64-bit immediate (i.e., 129 constant) value after the basic instruction for a total of 128 bits. 130 131The fields conforming an encoded basic instruction are stored in the 132following order:: 133 134 opcode:8 src_reg:4 dst_reg:4 offset:16 imm:32 // In little-endian BPF. 135 opcode:8 dst_reg:4 src_reg:4 offset:16 imm:32 // In big-endian BPF. 136 137**imm** 138 signed integer immediate value 139 140**offset** 141 signed integer offset used with pointer arithmetic 142 143**src_reg** 144 the source register number (0-10), except where otherwise specified 145 (`64-bit immediate instructions`_ reuse this field for other purposes) 146 147**dst_reg** 148 destination register number (0-10) 149 150**opcode** 151 operation to perform 152 153Note that the contents of multi-byte fields ('imm' and 'offset') are 154stored using big-endian byte ordering in big-endian BPF and 155little-endian byte ordering in little-endian BPF. 156 157For example:: 158 159 opcode offset imm assembly 160 src_reg dst_reg 161 07 0 1 00 00 44 33 22 11 r1 += 0x11223344 // little 162 dst_reg src_reg 163 07 1 0 00 00 11 22 33 44 r1 += 0x11223344 // big 164 165Note that most instructions do not use all of the fields. 166Unused fields shall be cleared to zero. 167 168As discussed below in `64-bit immediate instructions`_, a 64-bit immediate 169instruction uses a 64-bit immediate value that is constructed as follows. 170The 64 bits following the basic instruction contain a pseudo instruction 171using the same format but with opcode, dst_reg, src_reg, and offset all set to zero, 172and imm containing the high 32 bits of the immediate value. 173 174This is depicted in the following figure:: 175 176 basic_instruction 177 .------------------------------. 178 | | 179 opcode:8 regs:8 offset:16 imm:32 unused:32 imm:32 180 | | 181 '--------------' 182 pseudo instruction 183 184Thus the 64-bit immediate value is constructed as follows: 185 186 imm64 = (next_imm << 32) | imm 187 188where 'next_imm' refers to the imm value of the pseudo instruction 189following the basic instruction. The unused bytes in the pseudo 190instruction are reserved and shall be cleared to zero. 191 192Instruction classes 193------------------- 194 195The three LSB bits of the 'opcode' field store the instruction class: 196 197========= ===== =============================== =================================== 198class value description reference 199========= ===== =============================== =================================== 200BPF_LD 0x00 non-standard load operations `Load and store instructions`_ 201BPF_LDX 0x01 load into register operations `Load and store instructions`_ 202BPF_ST 0x02 store from immediate operations `Load and store instructions`_ 203BPF_STX 0x03 store from register operations `Load and store instructions`_ 204BPF_ALU 0x04 32-bit arithmetic operations `Arithmetic and jump instructions`_ 205BPF_JMP 0x05 64-bit jump operations `Arithmetic and jump instructions`_ 206BPF_JMP32 0x06 32-bit jump operations `Arithmetic and jump instructions`_ 207BPF_ALU64 0x07 64-bit arithmetic operations `Arithmetic and jump instructions`_ 208========= ===== =============================== =================================== 209 210Arithmetic and jump instructions 211================================ 212 213For arithmetic and jump instructions (``BPF_ALU``, ``BPF_ALU64``, ``BPF_JMP`` and 214``BPF_JMP32``), the 8-bit 'opcode' field is divided into three parts: 215 216============== ====== ================= 2174 bits (MSB) 1 bit 3 bits (LSB) 218============== ====== ================= 219code source instruction class 220============== ====== ================= 221 222**code** 223 the operation code, whose meaning varies by instruction class 224 225**source** 226 the source operand location, which unless otherwise specified is one of: 227 228 ====== ===== ============================================== 229 source value description 230 ====== ===== ============================================== 231 BPF_K 0x00 use 32-bit 'imm' value as source operand 232 BPF_X 0x08 use 'src_reg' register value as source operand 233 ====== ===== ============================================== 234 235**instruction class** 236 the instruction class (see `Instruction classes`_) 237 238Arithmetic instructions 239----------------------- 240 241``BPF_ALU`` uses 32-bit wide operands while ``BPF_ALU64`` uses 64-bit wide operands for 242otherwise identical operations. 243The 'code' field encodes the operation as below, where 'src' and 'dst' refer 244to the values of the source and destination registers, respectively. 245 246========= ===== ======= ========================================================== 247code value offset description 248========= ===== ======= ========================================================== 249BPF_ADD 0x00 0 dst += src 250BPF_SUB 0x10 0 dst -= src 251BPF_MUL 0x20 0 dst \*= src 252BPF_DIV 0x30 0 dst = (src != 0) ? (dst / src) : 0 253BPF_SDIV 0x30 1 dst = (src != 0) ? (dst s/ src) : 0 254BPF_OR 0x40 0 dst \|= src 255BPF_AND 0x50 0 dst &= src 256BPF_LSH 0x60 0 dst <<= (src & mask) 257BPF_RSH 0x70 0 dst >>= (src & mask) 258BPF_NEG 0x80 0 dst = -dst 259BPF_MOD 0x90 0 dst = (src != 0) ? (dst % src) : dst 260BPF_SMOD 0x90 1 dst = (src != 0) ? (dst s% src) : dst 261BPF_XOR 0xa0 0 dst ^= src 262BPF_MOV 0xb0 0 dst = src 263BPF_MOVSX 0xb0 8/16/32 dst = (s8,s16,s32)src 264BPF_ARSH 0xc0 0 :term:`sign extending<Sign Extend>` dst >>= (src & mask) 265BPF_END 0xd0 0 byte swap operations (see `Byte swap instructions`_ below) 266========= ===== ======= ========================================================== 267 268Underflow and overflow are allowed during arithmetic operations, meaning 269the 64-bit or 32-bit value will wrap. If BPF program execution would 270result in division by zero, the destination register is instead set to zero. 271If execution would result in modulo by zero, for ``BPF_ALU64`` the value of 272the destination register is unchanged whereas for ``BPF_ALU`` the upper 27332 bits of the destination register are zeroed. 274 275``BPF_ADD | BPF_X | BPF_ALU`` means:: 276 277 dst = (u32) ((u32) dst + (u32) src) 278 279where '(u32)' indicates that the upper 32 bits are zeroed. 280 281``BPF_ADD | BPF_X | BPF_ALU64`` means:: 282 283 dst = dst + src 284 285``BPF_XOR | BPF_K | BPF_ALU`` means:: 286 287 dst = (u32) dst ^ (u32) imm32 288 289``BPF_XOR | BPF_K | BPF_ALU64`` means:: 290 291 dst = dst ^ imm32 292 293Note that most instructions have instruction offset of 0. Only three instructions 294(``BPF_SDIV``, ``BPF_SMOD``, ``BPF_MOVSX``) have a non-zero offset. 295 296The division and modulo operations support both unsigned and signed flavors. 297 298For unsigned operations (``BPF_DIV`` and ``BPF_MOD``), for ``BPF_ALU``, 299'imm' is interpreted as a 32-bit unsigned value. For ``BPF_ALU64``, 300'imm' is first :term:`sign extended<Sign Extend>` from 32 to 64 bits, and then 301interpreted as a 64-bit unsigned value. 302 303For signed operations (``BPF_SDIV`` and ``BPF_SMOD``), for ``BPF_ALU``, 304'imm' is interpreted as a 32-bit signed value. For ``BPF_ALU64``, 'imm' 305is first :term:`sign extended<Sign Extend>` from 32 to 64 bits, and then 306interpreted as a 64-bit signed value. 307 308Note that there are varying definitions of the signed modulo operation 309when the dividend or divisor are negative, where implementations often 310vary by language such that Python, Ruby, etc. differ from C, Go, Java, 311etc. This specification requires that signed modulo use truncated division 312(where -13 % 3 == -1) as implemented in C, Go, etc.: 313 314 a % n = a - n * trunc(a / n) 315 316The ``BPF_MOVSX`` instruction does a move operation with sign extension. 317``BPF_ALU | BPF_MOVSX`` :term:`sign extends<Sign Extend>` 8-bit and 16-bit operands into 32 318bit operands, and zeroes the remaining upper 32 bits. 319``BPF_ALU64 | BPF_MOVSX`` :term:`sign extends<Sign Extend>` 8-bit, 16-bit, and 32-bit 320operands into 64 bit operands. Unlike other arithmetic instructions, 321``BPF_MOVSX`` is only defined for register source operands (``BPF_X``). 322 323The ``BPF_NEG`` instruction is only defined when the source bit is clear 324(``BPF_K``). 325 326Shift operations use a mask of 0x3F (63) for 64-bit operations and 0x1F (31) 327for 32-bit operations. 328 329Byte swap instructions 330---------------------- 331 332The byte swap instructions use instruction classes of ``BPF_ALU`` and ``BPF_ALU64`` 333and a 4-bit 'code' field of ``BPF_END``. 334 335The byte swap instructions operate on the destination register 336only and do not use a separate source register or immediate value. 337 338For ``BPF_ALU``, the 1-bit source operand field in the opcode is used to 339select what byte order the operation converts from or to. For 340``BPF_ALU64``, the 1-bit source operand field in the opcode is reserved 341and must be set to 0. 342 343========= ========= ===== ================================================= 344class source value description 345========= ========= ===== ================================================= 346BPF_ALU BPF_TO_LE 0x00 convert between host byte order and little endian 347BPF_ALU BPF_TO_BE 0x08 convert between host byte order and big endian 348BPF_ALU64 Reserved 0x00 do byte swap unconditionally 349========= ========= ===== ================================================= 350 351The 'imm' field encodes the width of the swap operations. The following widths 352are supported: 16, 32 and 64. 353 354Examples: 355 356``BPF_ALU | BPF_TO_LE | BPF_END`` with imm = 16/32/64 means:: 357 358 dst = htole16(dst) 359 dst = htole32(dst) 360 dst = htole64(dst) 361 362``BPF_ALU | BPF_TO_BE | BPF_END`` with imm = 16/32/64 means:: 363 364 dst = htobe16(dst) 365 dst = htobe32(dst) 366 dst = htobe64(dst) 367 368``BPF_ALU64 | BPF_TO_LE | BPF_END`` with imm = 16/32/64 means:: 369 370 dst = bswap16(dst) 371 dst = bswap32(dst) 372 dst = bswap64(dst) 373 374Jump instructions 375----------------- 376 377``BPF_JMP32`` uses 32-bit wide operands while ``BPF_JMP`` uses 64-bit wide operands for 378otherwise identical operations. 379The 'code' field encodes the operation as below: 380 381======== ===== === =============================== ============================================= 382code value src description notes 383======== ===== === =============================== ============================================= 384BPF_JA 0x0 0x0 PC += offset BPF_JMP | BPF_K only 385BPF_JA 0x0 0x0 PC += imm BPF_JMP32 | BPF_K only 386BPF_JEQ 0x1 any PC += offset if dst == src 387BPF_JGT 0x2 any PC += offset if dst > src unsigned 388BPF_JGE 0x3 any PC += offset if dst >= src unsigned 389BPF_JSET 0x4 any PC += offset if dst & src 390BPF_JNE 0x5 any PC += offset if dst != src 391BPF_JSGT 0x6 any PC += offset if dst > src signed 392BPF_JSGE 0x7 any PC += offset if dst >= src signed 393BPF_CALL 0x8 0x0 call helper function by address BPF_JMP | BPF_K only, see `Helper functions`_ 394BPF_CALL 0x8 0x1 call PC += imm BPF_JMP | BPF_K only, see `Program-local functions`_ 395BPF_CALL 0x8 0x2 call helper function by BTF ID BPF_JMP | BPF_K only, see `Helper functions`_ 396BPF_EXIT 0x9 0x0 return BPF_JMP | BPF_K only 397BPF_JLT 0xa any PC += offset if dst < src unsigned 398BPF_JLE 0xb any PC += offset if dst <= src unsigned 399BPF_JSLT 0xc any PC += offset if dst < src signed 400BPF_JSLE 0xd any PC += offset if dst <= src signed 401======== ===== === =============================== ============================================= 402 403The BPF program needs to store the return value into register R0 before doing a 404``BPF_EXIT``. 405 406Example: 407 408``BPF_JSGE | BPF_X | BPF_JMP32`` (0x7e) means:: 409 410 if (s32)dst s>= (s32)src goto +offset 411 412where 's>=' indicates a signed '>=' comparison. 413 414``BPF_JA | BPF_K | BPF_JMP32`` (0x06) means:: 415 416 gotol +imm 417 418where 'imm' means the branch offset comes from insn 'imm' field. 419 420Note that there are two flavors of ``BPF_JA`` instructions. The 421``BPF_JMP`` class permits a 16-bit jump offset specified by the 'offset' 422field, whereas the ``BPF_JMP32`` class permits a 32-bit jump offset 423specified by the 'imm' field. A > 16-bit conditional jump may be 424converted to a < 16-bit conditional jump plus a 32-bit unconditional 425jump. 426 427Helper functions 428~~~~~~~~~~~~~~~~ 429 430Helper functions are a concept whereby BPF programs can call into a 431set of function calls exposed by the underlying platform. 432 433Historically, each helper function was identified by an address 434encoded in the imm field. The available helper functions may differ 435for each program type, but address values are unique across all program types. 436 437Platforms that support the BPF Type Format (BTF) support identifying 438a helper function by a BTF ID encoded in the imm field, where the BTF ID 439identifies the helper name and type. 440 441Program-local functions 442~~~~~~~~~~~~~~~~~~~~~~~ 443Program-local functions are functions exposed by the same BPF program as the 444caller, and are referenced by offset from the call instruction, similar to 445``BPF_JA``. The offset is encoded in the imm field of the call instruction. 446A ``BPF_EXIT`` within the program-local function will return to the caller. 447 448Load and store instructions 449=========================== 450 451For load and store instructions (``BPF_LD``, ``BPF_LDX``, ``BPF_ST``, and ``BPF_STX``), the 4528-bit 'opcode' field is divided as: 453 454============ ====== ================= 4553 bits (MSB) 2 bits 3 bits (LSB) 456============ ====== ================= 457mode size instruction class 458============ ====== ================= 459 460The mode modifier is one of: 461 462 ============= ===== ==================================== ============= 463 mode modifier value description reference 464 ============= ===== ==================================== ============= 465 BPF_IMM 0x00 64-bit immediate instructions `64-bit immediate instructions`_ 466 BPF_ABS 0x20 legacy BPF packet access (absolute) `Legacy BPF Packet access instructions`_ 467 BPF_IND 0x40 legacy BPF packet access (indirect) `Legacy BPF Packet access instructions`_ 468 BPF_MEM 0x60 regular load and store operations `Regular load and store operations`_ 469 BPF_MEMSX 0x80 sign-extension load operations `Sign-extension load operations`_ 470 BPF_ATOMIC 0xc0 atomic operations `Atomic operations`_ 471 ============= ===== ==================================== ============= 472 473The size modifier is one of: 474 475 ============= ===== ===================== 476 size modifier value description 477 ============= ===== ===================== 478 BPF_W 0x00 word (4 bytes) 479 BPF_H 0x08 half word (2 bytes) 480 BPF_B 0x10 byte 481 BPF_DW 0x18 double word (8 bytes) 482 ============= ===== ===================== 483 484Regular load and store operations 485--------------------------------- 486 487The ``BPF_MEM`` mode modifier is used to encode regular load and store 488instructions that transfer data between a register and memory. 489 490``BPF_MEM | <size> | BPF_STX`` means:: 491 492 *(size *) (dst + offset) = src 493 494``BPF_MEM | <size> | BPF_ST`` means:: 495 496 *(size *) (dst + offset) = imm32 497 498``BPF_MEM | <size> | BPF_LDX`` means:: 499 500 dst = *(unsigned size *) (src + offset) 501 502Where size is one of: ``BPF_B``, ``BPF_H``, ``BPF_W``, or ``BPF_DW`` and 503'unsigned size' is one of u8, u16, u32 or u64. 504 505Sign-extension load operations 506------------------------------ 507 508The ``BPF_MEMSX`` mode modifier is used to encode :term:`sign-extension<Sign Extend>` load 509instructions that transfer data between a register and memory. 510 511``BPF_MEMSX | <size> | BPF_LDX`` means:: 512 513 dst = *(signed size *) (src + offset) 514 515Where size is one of: ``BPF_B``, ``BPF_H`` or ``BPF_W``, and 516'signed size' is one of s8, s16 or s32. 517 518Atomic operations 519----------------- 520 521Atomic operations are operations that operate on memory and can not be 522interrupted or corrupted by other access to the same memory region 523by other BPF programs or means outside of this specification. 524 525All atomic operations supported by BPF are encoded as store operations 526that use the ``BPF_ATOMIC`` mode modifier as follows: 527 528* ``BPF_ATOMIC | BPF_W | BPF_STX`` for 32-bit operations 529* ``BPF_ATOMIC | BPF_DW | BPF_STX`` for 64-bit operations 530* 8-bit and 16-bit wide atomic operations are not supported. 531 532The 'imm' field is used to encode the actual atomic operation. 533Simple atomic operation use a subset of the values defined to encode 534arithmetic operations in the 'imm' field to encode the atomic operation: 535 536======== ===== =========== 537imm value description 538======== ===== =========== 539BPF_ADD 0x00 atomic add 540BPF_OR 0x40 atomic or 541BPF_AND 0x50 atomic and 542BPF_XOR 0xa0 atomic xor 543======== ===== =========== 544 545 546``BPF_ATOMIC | BPF_W | BPF_STX`` with 'imm' = BPF_ADD means:: 547 548 *(u32 *)(dst + offset) += src 549 550``BPF_ATOMIC | BPF_DW | BPF_STX`` with 'imm' = BPF ADD means:: 551 552 *(u64 *)(dst + offset) += src 553 554In addition to the simple atomic operations, there also is a modifier and 555two complex atomic operations: 556 557=========== ================ =========================== 558imm value description 559=========== ================ =========================== 560BPF_FETCH 0x01 modifier: return old value 561BPF_XCHG 0xe0 | BPF_FETCH atomic exchange 562BPF_CMPXCHG 0xf0 | BPF_FETCH atomic compare and exchange 563=========== ================ =========================== 564 565The ``BPF_FETCH`` modifier is optional for simple atomic operations, and 566always set for the complex atomic operations. If the ``BPF_FETCH`` flag 567is set, then the operation also overwrites ``src`` with the value that 568was in memory before it was modified. 569 570The ``BPF_XCHG`` operation atomically exchanges ``src`` with the value 571addressed by ``dst + offset``. 572 573The ``BPF_CMPXCHG`` operation atomically compares the value addressed by 574``dst + offset`` with ``R0``. If they match, the value addressed by 575``dst + offset`` is replaced with ``src``. In either case, the 576value that was at ``dst + offset`` before the operation is zero-extended 577and loaded back to ``R0``. 578 57964-bit immediate instructions 580----------------------------- 581 582Instructions with the ``BPF_IMM`` 'mode' modifier use the wide instruction 583encoding defined in `Instruction encoding`_, and use the 'src' field of the 584basic instruction to hold an opcode subtype. 585 586The following table defines a set of ``BPF_IMM | BPF_DW | BPF_LD`` instructions 587with opcode subtypes in the 'src' field, using new terms such as "map" 588defined further below: 589 590========================= ====== === ========================================= =========== ============== 591opcode construction opcode src pseudocode imm type dst type 592========================= ====== === ========================================= =========== ============== 593BPF_IMM | BPF_DW | BPF_LD 0x18 0x0 dst = imm64 integer integer 594BPF_IMM | BPF_DW | BPF_LD 0x18 0x1 dst = map_by_fd(imm) map fd map 595BPF_IMM | BPF_DW | BPF_LD 0x18 0x2 dst = map_val(map_by_fd(imm)) + next_imm map fd data pointer 596BPF_IMM | BPF_DW | BPF_LD 0x18 0x3 dst = var_addr(imm) variable id data pointer 597BPF_IMM | BPF_DW | BPF_LD 0x18 0x4 dst = code_addr(imm) integer code pointer 598BPF_IMM | BPF_DW | BPF_LD 0x18 0x5 dst = map_by_idx(imm) map index map 599BPF_IMM | BPF_DW | BPF_LD 0x18 0x6 dst = map_val(map_by_idx(imm)) + next_imm map index data pointer 600========================= ====== === ========================================= =========== ============== 601 602where 603 604* map_by_fd(imm) means to convert a 32-bit file descriptor into an address of a map (see `Maps`_) 605* map_by_idx(imm) means to convert a 32-bit index into an address of a map 606* map_val(map) gets the address of the first value in a given map 607* var_addr(imm) gets the address of a platform variable (see `Platform Variables`_) with a given id 608* code_addr(imm) gets the address of the instruction at a specified relative offset in number of (64-bit) instructions 609* the 'imm type' can be used by disassemblers for display 610* the 'dst type' can be used for verification and JIT compilation purposes 611 612Maps 613~~~~ 614 615Maps are shared memory regions accessible by BPF programs on some platforms. 616A map can have various semantics as defined in a separate document, and may or 617may not have a single contiguous memory region, but the 'map_val(map)' is 618currently only defined for maps that do have a single contiguous memory region. 619 620Each map can have a file descriptor (fd) if supported by the platform, where 621'map_by_fd(imm)' means to get the map with the specified file descriptor. Each 622BPF program can also be defined to use a set of maps associated with the 623program at load time, and 'map_by_idx(imm)' means to get the map with the given 624index in the set associated with the BPF program containing the instruction. 625 626Platform Variables 627~~~~~~~~~~~~~~~~~~ 628 629Platform variables are memory regions, identified by integer ids, exposed by 630the runtime and accessible by BPF programs on some platforms. The 631'var_addr(imm)' operation means to get the address of the memory region 632identified by the given id. 633 634Legacy BPF Packet access instructions 635------------------------------------- 636 637BPF previously introduced special instructions for access to packet data that were 638carried over from classic BPF. However, these instructions are 639deprecated and should no longer be used. All legacy packet access 640instructions belong to the "legacy" conformance group instead of the "basic" 641conformance group. 642