bpf: add documentation for eBPF helpers (23-32)

Add documentation for eBPF helper functions to bpf.h user header file. This documentation can be parsed with the Python script provided in another commit of the patch series, in order to provide a RST document that can later be converted into a man page. The objective is to make the documentation easily understandable and accessible to all eBPF developers, including beginners. This patch contains descriptions for the following helper functions, all written by Daniel: - bpf_get_prandom_u32() - bpf_get_smp_processor_id() - bpf_get_cgroup_classid() - bpf_get_route_realm() - bpf_skb_load_bytes() - bpf_csum_diff() - bpf_skb_get_tunnel_opt() - bpf_skb_set_tunnel_opt() - bpf_skb_change_proto() - bpf_skb_change_type() v4: - bpf_get_prandom_u32(): Warn that the prng is not cryptographically secure. - bpf_get_smp_processor_id(): Fix a typo (case). - bpf_get_cgroup_classid(): Clarify description. Add notes on the helper being limited to cgroup v1, and to egress path. - bpf_get_route_realm(): Add comparison with bpf_get_cgroup_classid(). Add a note about usage with TC and advantage of clsact. Fix a typo in return value ("sdb" instead of "skb"). - bpf_skb_load_bytes(): Make explicit loading large data loads it to the eBPF stack. - bpf_csum_diff(): Add a note on seed that can be cascaded. Link to bpf_l3|l4_csum_replace(). - bpf_skb_get_tunnel_opt(): Add a note about usage with "collect metadata" mode, and example of this with Geneve. - bpf_skb_set_tunnel_opt(): Add a link to bpf_skb_get_tunnel_opt() description. - bpf_skb_change_proto(): Mention that the main use case is NAT64. Clarify comment about invalidated verifier checks. v3: - bpf_get_prandom_u32(): Fix helper name :(. Add description, including a note on the internal random state. - bpf_get_smp_processor_id(): Add description, including a note on the processor id remaining stable during program run. - bpf_get_cgroup_classid(): State that CONFIG_CGROUP_NET_CLASSID is required to use the helper. Add a reference to related documentation. State that placing a task in net_cls controller disables cgroup-bpf. - bpf_get_route_realm(): State that CONFIG_CGROUP_NET_CLASSID is required to use this helper. - bpf_skb_load_bytes(): Fix comment on current use cases for the helper. Cc: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
author: Quentin Monnet <quentin.monnet@netronome.com> 2018-04-25 13:16:55 -0400
committer: Daniel Borkmann <daniel@iogearbox.net> 2018-04-26 18:21:59 -0400
commit: 1fdd08bedc56d2a927c5f230e2d63f17ca1068f1 (patch)
tree: 74d2fc530f2ef1d4f82d894085b79b9f56f63fff /include/uapi/linux/bpf.h
parent: c456dec4d2656b70de7371e3a6ae60b7ec7ab74f (diff)
1 files changed, 197 insertions, 0 deletions
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 465ea273729a..7352abf72f50 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -495,6 +495,27 @@ union bpf_attr {
 *              The number of bytes written to the buffer, or a negative error
 *              in case of failure.
 *
+ * u32 bpf_get_prandom_u32(void)
+ *      Description
+ *              Get a pseudo-random number.
+ *
+ *              From a security point of view, this helper uses its own
+ *              pseudo-random internal state, and cannot be used to infer the
+ *              seed of other random functions in the kernel. However, it is
+ *              essential to note that the generator used by the helper is not
+ *              cryptographically secure.
+ *      Return
+ *              A random 32-bit unsigned value.
+ *
+ * u32 bpf_get_smp_processor_id(void)
+ *      Description
+ *              Get the SMP (symmetric multiprocessing) processor id. Note that
+ *              all programs run with preemption disabled, which means that the
+ *              SMP processor id is stable during all the execution of the
+ *              program.
+ *      Return
+ *              The SMP id of the processor running the program.
+ *
 * int bpf_skb_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len, u64 flags)
 *      Description
 *              Store *len* bytes from address *from* into the packet
@@ -647,6 +668,32 @@ union bpf_attr {
 *      Return
 *              0 on success, or a negative error in case of failure.
 *
+ * u32 bpf_get_cgroup_classid(struct sk_buff *skb)
+ *      Description
+ *              Retrieve the classid for the current task, i.e. for the net_cls
+ *              cgroup to which *skb* belongs.
+ *
+ *              This helper can be used on TC egress path, but not on ingress.
+ *
+ *              The net_cls cgroup provides an interface to tag network packets
+ *              based on a user-provided identifier for all traffic coming from
+ *              the tasks belonging to the related cgroup. See also the related
+ *              kernel documentation, available from the Linux sources in file
+ *              *Documentation/cgroup-v1/net_cls.txt*.
+ *
+ *              The Linux kernel has two versions for cgroups: there are
+ *              cgroups v1 and cgroups v2. Both are available to users, who can
+ *              use a mixture of them, but note that the net_cls cgroup is for
+ *              cgroup v1 only. This makes it incompatible with BPF programs
+ *              run on cgroups, which is a cgroup-v2-only feature (a socket can
+ *              only hold data for one version of cgroups at a time).
+ *
+ *              This helper is only available is the kernel was compiled with
+ *              the **CONFIG_CGROUP_NET_CLASSID** configuration option set to
+ *              "**y**" or to "**m**".
+ *      Return
+ *              The classid, or 0 for the default unconfigured classid.
+ *
 * int bpf_skb_vlan_push(struct sk_buff *skb, __be16 vlan_proto, u16 vlan_tci)
 *      Description
 *              Push a *vlan_tci* (VLAN tag control information) of protocol
@@ -786,6 +833,30 @@ union bpf_attr {
 *              are **TC_ACT_REDIRECT** on success or **TC_ACT_SHOT** on
 *              error.
 *
+ * u32 bpf_get_route_realm(struct sk_buff *skb)
+ *      Description
+ *              Retrieve the realm or the route, that is to say the
+ *              **tclassid** field of the destination for the *skb*. The
+ *              indentifier retrieved is a user-provided tag, similar to the
+ *              one used with the net_cls cgroup (see description for
+ *              **bpf_get_cgroup_classid**\ () helper), but here this tag is
+ *              held by a route (a destination entry), not by a task.
+ *
+ *              Retrieving this identifier works with the clsact TC egress hook
+ *              (see also **tc-bpf(8)**), or alternatively on conventional
+ *              classful egress qdiscs, but not on TC ingress path. In case of
+ *              clsact TC egress hook, this has the advantage that, internally,
+ *              the destination entry has not been dropped yet in the transmit
+ *              path. Therefore, the destination entry does not need to be
+ *              artificially held via **netif_keep_dst**\ () for a classful
+ *              qdisc until the *skb* is freed.
+ *
+ *              This helper is available only if the kernel was compiled with
+ *              **CONFIG_IP_ROUTE_CLASSID** configuration option.
+ *      Return
+ *              The realm of the route for the packet associated to *skb*, or 0
+ *              if none was found.
+ *
 * int bpf_perf_event_output(struct pt_reg *ctx, struct bpf_map *map, u64 flags, void *data, u64 size)
 *      Description
 *              Write raw *data* blob into a special BPF perf event held by
@@ -831,6 +902,23 @@ union bpf_attr {
 *      Return
 *              0 on success, or a negative error in case of failure.
 *
+ * int bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset, void *to, u32 len)
+ *      Description
+ *              This helper was provided as an easy way to load data from a
+ *              packet. It can be used to load *len* bytes from *offset* from
+ *              the packet associated to *skb*, into the buffer pointed by
+ *              *to*.
+ *
+ *              Since Linux 4.7, usage of this helper has mostly been replaced
+ *              by "direct packet access", enabling packet data to be
+ *              manipulated with *skb*\ **->data** and *skb*\ **->data_end**
+ *              pointing respectively to the first byte of packet data and to
+ *              the byte after the last byte of packet data. However, it
+ *              remains useful if one wishes to read large quantities of data
+ *              at once from a packet into the eBPF stack.
+ *      Return
+ *              0 on success, or a negative error in case of failure.
+ *
 * int bpf_get_stackid(struct pt_reg *ctx, struct bpf_map *map, u64 flags)
 *      Description
 *              Walk a user or a kernel stack and return its id. To achieve
@@ -874,6 +962,115 @@ union bpf_attr {
 *              The positive or null stack id on success, or a negative error
 *              in case of failure.
 *
+ * s64 bpf_csum_diff(__be32 *from, u32 from_size, __be32 *to, u32 to_size, __wsum seed)
+ *      Description
+ *              Compute a checksum difference, from the raw buffer pointed by
+ *              *from*, of length *from_size* (that must be a multiple of 4),
+ *              towards the raw buffer pointed by *to*, of size *to_size*
+ *              (same remark). An optional *seed* can be added to the value
+ *              (this can be cascaded, the seed may come from a previous call
+ *              to the helper).
+ *
+ *              This is flexible enough to be used in several ways:
+ *
+ *              * With *from_size* == 0, *to_size* > 0 and *seed* set to
+ *                checksum, it can be used when pushing new data.
+ *              * With *from_size* > 0, *to_size* == 0 and *seed* set to
+ *                checksum, it can be used when removing data from a packet.
+ *              * With *from_size* > 0, *to_size* > 0 and *seed* set to 0, it
+ *                can be used to compute a diff. Note that *from_size* and
+ *                *to_size* do not need to be equal.
+ *
+ *              This helper can be used in combination with
+ *              **bpf_l3_csum_replace**\ () and **bpf_l4_csum_replace**\ (), to
+ *              which one can feed in the difference computed with
+ *              **bpf_csum_diff**\ ().
+ *      Return
+ *              The checksum result, or a negative error code in case of
+ *              failure.
+ *
+ * int bpf_skb_get_tunnel_opt(struct sk_buff *skb, u8 *opt, u32 size)
+ *      Description
+ *              Retrieve tunnel options metadata for the packet associated to
+ *              *skb*, and store the raw tunnel option data to the buffer *opt*
+ *              of *size*.
+ *
+ *              This helper can be used with encapsulation devices that can
+ *              operate in "collect metadata" mode (please refer to the related
+ *              note in the description of **bpf_skb_get_tunnel_key**\ () for
+ *              more details). A particular example where this can be used is
+ *              in combination with the Geneve encapsulation protocol, where it
+ *              allows for pushing (with **bpf_skb_get_tunnel_opt**\ () helper)
+ *              and retrieving arbitrary TLVs (Type-Length-Value headers) from
+ *              the eBPF program. This allows for full customization of these
+ *              headers.
+ *      Return
+ *              The size of the option data retrieved.
+ *
+ * int bpf_skb_set_tunnel_opt(struct sk_buff *skb, u8 *opt, u32 size)
+ *      Description
+ *              Set tunnel options metadata for the packet associated to *skb*
+ *              to the option data contained in the raw buffer *opt* of *size*.
+ *
+ *              See also the description of the **bpf_skb_get_tunnel_opt**\ ()
+ *              helper for additional information.
+ *      Return
+ *              0 on success, or a negative error in case of failure.
+ *
+ * int bpf_skb_change_proto(struct sk_buff *skb, __be16 proto, u64 flags)
+ *      Description
+ *              Change the protocol of the *skb* to *proto*. Currently
+ *              supported are transition from IPv4 to IPv6, and from IPv6 to
+ *              IPv4. The helper takes care of the groundwork for the
+ *              transition, including resizing the socket buffer. The eBPF
+ *              program is expected to fill the new headers, if any, via
+ *              **skb_store_bytes**\ () and to recompute the checksums with
+ *              **bpf_l3_csum_replace**\ () and **bpf_l4_csum_replace**\
+ *              (). The main case for this helper is to perform NAT64
+ *              operations out of an eBPF program.
+ *
+ *              Internally, the GSO type is marked as dodgy so that headers are
+ *              checked and segments are recalculated by the GSO/GRO engine.
+ *              The size for GSO target is adapted as well.
+ *
+ *              All values for *flags* are reserved for future usage, and must
+ *              be left at zero.
+ *
+ *              A call to this helper is susceptible to change the underlaying
+ *              packet buffer. Therefore, at load time, all checks on pointers
+ *              previously done by the verifier are invalidated and must be
+ *              performed again, if the helper is used in combination with
+ *              direct packet access.
+ *      Return
+ *              0 on success, or a negative error in case of failure.
+ *
+ * int bpf_skb_change_type(struct sk_buff *skb, u32 type)
+ *      Description
+ *              Change the packet type for the packet associated to *skb*. This
+ *              comes down to setting *skb*\ **->pkt_type** to *type*, except
+ *              the eBPF program does not have a write access to *skb*\
+ *              **->pkt_type** beside this helper. Using a helper here allows
+ *              for graceful handling of errors.
+ *
+ *              The major use case is to change incoming *skb*s to
+ *              **PACKET_HOST** in a programmatic way instead of having to
+ *              recirculate via **redirect**\ (..., **BPF_F_INGRESS**), for
+ *              example.
+ *
+ *              Note that *type* only allows certain values. At this time, they
+ *              are:
+ *
+ *              **PACKET_HOST**
+ *                      Packet is for us.
+ *              **PACKET_BROADCAST**
+ *                      Send packet to all.
+ *              **PACKET_MULTICAST**
+ *                      Send packet to group.
+ *              **PACKET_OTHERHOST**
+ *                      Send packet to someone else.
+ *      Return
+ *              0 on success, or a negative error in case of failure.
+ *
 * u64 bpf_get_current_task(void)
 *      Return
 *              A pointer to the current task struct.
author	Quentin Monnet <quentin.monnet@netronome.com>	2018-04-25 13:16:55 -0400
committer	Daniel Borkmann <daniel@iogearbox.net>	2018-04-26 18:21:59 -0400
commit	1fdd08bedc56d2a927c5f230e2d63f17ca1068f1 (patch)
tree	74d2fc530f2ef1d4f82d894085b79b9f56f63fff /include/uapi/linux/bpf.h
parent	c456dec4d2656b70de7371e3a6ae60b7ec7ab74f (diff)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 465ea273729a..7352abf72f50 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h
@@ -495,6 +495,27 @@ union bpf_attr {
495	* The number of bytes written to the buffer, or a negative error	495	* The number of bytes written to the buffer, or a negative error
496	* in case of failure.	496	* in case of failure.
497	*	497	*
		498	* u32 bpf_get_prandom_u32(void)
		499	* Description
		500	* Get a pseudo-random number.
		501	*
		502	* From a security point of view, this helper uses its own
		503	* pseudo-random internal state, and cannot be used to infer the
		504	* seed of other random functions in the kernel. However, it is
		505	* essential to note that the generator used by the helper is not
		506	* cryptographically secure.
		507	* Return
		508	* A random 32-bit unsigned value.
		509	*
		510	* u32 bpf_get_smp_processor_id(void)
		511	* Description
		512	* Get the SMP (symmetric multiprocessing) processor id. Note that
		513	* all programs run with preemption disabled, which means that the
		514	* SMP processor id is stable during all the execution of the
		515	* program.
		516	* Return
		517	* The SMP id of the processor running the program.
		518	*
498	* int bpf_skb_store_bytes(struct sk_buff skb, u32 offset, const void from, u32 len, u64 flags)	519	* int bpf_skb_store_bytes(struct sk_buff skb, u32 offset, const void from, u32 len, u64 flags)
499	* Description	520	* Description
500	* Store len bytes from address from into the packet	521	* Store len bytes from address from into the packet
@@ -647,6 +668,32 @@ union bpf_attr {
647	* Return	668	* Return
648	* 0 on success, or a negative error in case of failure.	669	* 0 on success, or a negative error in case of failure.
649	*	670	*
		671	* u32 bpf_get_cgroup_classid(struct sk_buff *skb)
		672	* Description
		673	* Retrieve the classid for the current task, i.e. for the net_cls
		674	* cgroup to which skb belongs.
		675	*
		676	* This helper can be used on TC egress path, but not on ingress.
		677	*
		678	* The net_cls cgroup provides an interface to tag network packets
		679	* based on a user-provided identifier for all traffic coming from
		680	* the tasks belonging to the related cgroup. See also the related
		681	* kernel documentation, available from the Linux sources in file
		682	* Documentation/cgroup-v1/net_cls.txt.
		683	*
		684	* The Linux kernel has two versions for cgroups: there are
		685	* cgroups v1 and cgroups v2. Both are available to users, who can
		686	* use a mixture of them, but note that the net_cls cgroup is for
		687	* cgroup v1 only. This makes it incompatible with BPF programs
		688	* run on cgroups, which is a cgroup-v2-only feature (a socket can
		689	* only hold data for one version of cgroups at a time).
		690	*
		691	* This helper is only available is the kernel was compiled with
		692	* the CONFIG_CGROUP_NET_CLASSID configuration option set to
		693	* "y" or to "m".
		694	* Return
		695	* The classid, or 0 for the default unconfigured classid.
		696	*
650	* int bpf_skb_vlan_push(struct sk_buff *skb, __be16 vlan_proto, u16 vlan_tci)	697	* int bpf_skb_vlan_push(struct sk_buff *skb, __be16 vlan_proto, u16 vlan_tci)
651	* Description	698	* Description
652	* Push a vlan_tci (VLAN tag control information) of protocol	699	* Push a vlan_tci (VLAN tag control information) of protocol
@@ -786,6 +833,30 @@ union bpf_attr {
786	* are TC_ACT_REDIRECT on success or TC_ACT_SHOT on	833	* are TC_ACT_REDIRECT on success or TC_ACT_SHOT on
787	* error.	834	* error.
788	*	835	*
		836	* u32 bpf_get_route_realm(struct sk_buff *skb)
		837	* Description
		838	* Retrieve the realm or the route, that is to say the
		839	* tclassid field of the destination for the skb. The
		840	* indentifier retrieved is a user-provided tag, similar to the
		841	* one used with the net_cls cgroup (see description for
		842	* bpf_get_cgroup_classid\ () helper), but here this tag is
		843	* held by a route (a destination entry), not by a task.
		844	*
		845	* Retrieving this identifier works with the clsact TC egress hook
		846	* (see also tc-bpf(8)), or alternatively on conventional
		847	* classful egress qdiscs, but not on TC ingress path. In case of
		848	* clsact TC egress hook, this has the advantage that, internally,
		849	* the destination entry has not been dropped yet in the transmit
		850	* path. Therefore, the destination entry does not need to be
		851	* artificially held via netif_keep_dst\ () for a classful
		852	* qdisc until the skb is freed.
		853	*
		854	* This helper is available only if the kernel was compiled with
		855	* CONFIG_IP_ROUTE_CLASSID configuration option.
		856	* Return
		857	* The realm of the route for the packet associated to skb, or 0
		858	* if none was found.
		859	*
789	* int bpf_perf_event_output(struct pt_reg ctx, struct bpf_map map, u64 flags, void *data, u64 size)	860	* int bpf_perf_event_output(struct pt_reg ctx, struct bpf_map map, u64 flags, void *data, u64 size)
790	* Description	861	* Description
791	* Write raw data blob into a special BPF perf event held by	862	* Write raw data blob into a special BPF perf event held by
@@ -831,6 +902,23 @@ union bpf_attr {
831	* Return	902	* Return
832	* 0 on success, or a negative error in case of failure.	903	* 0 on success, or a negative error in case of failure.
833	*	904	*
		905	* int bpf_skb_load_bytes(const struct sk_buff skb, u32 offset, void to, u32 len)
		906	* Description
		907	* This helper was provided as an easy way to load data from a
		908	* packet. It can be used to load len bytes from offset from
		909	* the packet associated to skb, into the buffer pointed by
		910	* to.
		911	*
		912	* Since Linux 4.7, usage of this helper has mostly been replaced
		913	* by "direct packet access", enabling packet data to be
		914	* manipulated with skb\ ->data and skb\ ->data_end
		915	* pointing respectively to the first byte of packet data and to
		916	* the byte after the last byte of packet data. However, it
		917	* remains useful if one wishes to read large quantities of data
		918	* at once from a packet into the eBPF stack.
		919	* Return
		920	* 0 on success, or a negative error in case of failure.
		921	*
834	* int bpf_get_stackid(struct pt_reg ctx, struct bpf_map map, u64 flags)	922	* int bpf_get_stackid(struct pt_reg ctx, struct bpf_map map, u64 flags)
835	* Description	923	* Description
836	* Walk a user or a kernel stack and return its id. To achieve	924	* Walk a user or a kernel stack and return its id. To achieve
@@ -874,6 +962,115 @@ union bpf_attr {
874	* The positive or null stack id on success, or a negative error	962	* The positive or null stack id on success, or a negative error
875	* in case of failure.	963	* in case of failure.
876	*	964	*
		965	* s64 bpf_csum_diff(__be32 from, u32 from_size, __be32 to, u32 to_size, __wsum seed)
		966	* Description
		967	* Compute a checksum difference, from the raw buffer pointed by
		968	* from, of length from_size (that must be a multiple of 4),
		969	* towards the raw buffer pointed by to, of size to_size
		970	* (same remark). An optional seed can be added to the value
		971	* (this can be cascaded, the seed may come from a previous call
		972	* to the helper).
		973	*
		974	* This is flexible enough to be used in several ways:
		975	*
		976	* * With from_size == 0, to_size > 0 and seed set to
		977	* checksum, it can be used when pushing new data.
		978	* * With from_size > 0, to_size == 0 and seed set to
		979	* checksum, it can be used when removing data from a packet.
		980	* * With from_size > 0, to_size > 0 and seed set to 0, it
		981	* can be used to compute a diff. Note that from_size and
		982	* to_size do not need to be equal.
		983	*
		984	* This helper can be used in combination with
		985	* bpf_l3_csum_replace\ () and bpf_l4_csum_replace\ (), to
		986	* which one can feed in the difference computed with
		987	* bpf_csum_diff\ ().
		988	* Return
		989	* The checksum result, or a negative error code in case of
		990	* failure.
		991	*
		992	* int bpf_skb_get_tunnel_opt(struct sk_buff skb, u8 opt, u32 size)
		993	* Description
		994	* Retrieve tunnel options metadata for the packet associated to
		995	* skb, and store the raw tunnel option data to the buffer opt
		996	* of size.
		997	*
		998	* This helper can be used with encapsulation devices that can
		999	* operate in "collect metadata" mode (please refer to the related
		1000	* note in the description of bpf_skb_get_tunnel_key\ () for
		1001	* more details). A particular example where this can be used is
		1002	* in combination with the Geneve encapsulation protocol, where it
		1003	* allows for pushing (with bpf_skb_get_tunnel_opt\ () helper)
		1004	* and retrieving arbitrary TLVs (Type-Length-Value headers) from
		1005	* the eBPF program. This allows for full customization of these
		1006	* headers.
		1007	* Return
		1008	* The size of the option data retrieved.
		1009	*
		1010	* int bpf_skb_set_tunnel_opt(struct sk_buff skb, u8 opt, u32 size)
		1011	* Description
		1012	* Set tunnel options metadata for the packet associated to skb
		1013	* to the option data contained in the raw buffer opt of size.
		1014	*
		1015	* See also the description of the bpf_skb_get_tunnel_opt\ ()
		1016	* helper for additional information.
		1017	* Return
		1018	* 0 on success, or a negative error in case of failure.
		1019	*
		1020	* int bpf_skb_change_proto(struct sk_buff *skb, __be16 proto, u64 flags)
		1021	* Description
		1022	* Change the protocol of the skb to proto. Currently
		1023	* supported are transition from IPv4 to IPv6, and from IPv6 to
		1024	* IPv4. The helper takes care of the groundwork for the
		1025	* transition, including resizing the socket buffer. The eBPF
		1026	* program is expected to fill the new headers, if any, via
		1027	* skb_store_bytes\ () and to recompute the checksums with
		1028	* bpf_l3_csum_replace\ () and bpf_l4_csum_replace\
		1029	* (). The main case for this helper is to perform NAT64
		1030	* operations out of an eBPF program.
		1031	*
		1032	* Internally, the GSO type is marked as dodgy so that headers are
		1033	* checked and segments are recalculated by the GSO/GRO engine.
		1034	* The size for GSO target is adapted as well.
		1035	*
		1036	* All values for flags are reserved for future usage, and must
		1037	* be left at zero.
		1038	*
		1039	* A call to this helper is susceptible to change the underlaying
		1040	* packet buffer. Therefore, at load time, all checks on pointers
		1041	* previously done by the verifier are invalidated and must be
		1042	* performed again, if the helper is used in combination with
		1043	* direct packet access.
		1044	* Return
		1045	* 0 on success, or a negative error in case of failure.
		1046	*
		1047	* int bpf_skb_change_type(struct sk_buff *skb, u32 type)
		1048	* Description
		1049	* Change the packet type for the packet associated to skb. This
		1050	* comes down to setting skb\ ->pkt_type to type, except
		1051	* the eBPF program does not have a write access to skb\
		1052	* ->pkt_type beside this helper. Using a helper here allows
		1053	* for graceful handling of errors.
		1054	*
		1055	* The major use case is to change incoming skbs to
		1056	* PACKET_HOST in a programmatic way instead of having to
		1057	* recirculate via redirect\ (..., BPF_F_INGRESS), for
		1058	* example.
		1059	*
		1060	* Note that type only allows certain values. At this time, they
		1061	* are:
		1062	*
		1063	* PACKET_HOST
		1064	* Packet is for us.
		1065	* PACKET_BROADCAST
		1066	* Send packet to all.
		1067	* PACKET_MULTICAST
		1068	* Send packet to group.
		1069	* PACKET_OTHERHOST
		1070	* Send packet to someone else.
		1071	* Return
		1072	* 0 on success, or a negative error in case of failure.
		1073	*
877	* u64 bpf_get_current_task(void)	1074	* u64 bpf_get_current_task(void)
878	* Return	1075	* Return
879	* A pointer to the current task struct.	1076	* A pointer to the current task struct.