eBPF for Windows
Loading...
Searching...
No Matches
bpf2c.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3#pragma once
4
5#include "ebpf_structs.h"
6
7#if defined(NO_CRT)
8typedef signed char int8_t;
9typedef short int16_t;
10typedef int int32_t;
11typedef long long int64_t;
12typedef unsigned char uint8_t;
13typedef unsigned short uint16_t;
14typedef unsigned int uint32_t;
15typedef unsigned long long uint64_t;
16#define bool _Bool
17#define false 0
18#define true 1
19#define UINT32_MAX ((uint32_t)0xFFFFFFFF)
20
21#else
22#include <stdbool.h>
23#include <stddef.h>
24#include <stdint.h>
25#endif
26
27#ifdef __cplusplus
28extern "C"
29{
30#endif
31
32#define UBPF_STACK_SIZE 512
33
34#define IMMEDIATE(X) (int32_t) X
35#define OFFSET(X) (int16_t) X
36#define POINTER(X) (uint64_t)(X)
37
38#if !defined(htobe16)
39#define htobe16(X) swap16(X)
40#define htobe32(X) swap32(X)
41#define htobe64(X) swap64(X)
42
43#define htole16(X) (X)
44#define htole32(X) (X)
45#define htole64(X) (X)
46#endif
47
48#if !defined(UNREFERENCED_PARAMETER)
49#define UNREFERENCED_PARAMETER(P) (P)
50#endif
51
52 typedef uint64_t (*helper_function_t)(uint64_t, uint64_t, uint64_t, uint64_t, uint64_t, void*);
53
66
73
79 typedef struct _map_entry
80 {
81 // DLLs put the strings into the same section with 4, 8 or 16
82 // byte alignment, so add a 16-byte marker at the start of a map
83 // entry to make it easy to find entries in the maps section.
84 uint64_t zero_marker[2];
85
86 ebpf_native_module_header_t header;
87 ebpf_map_definition_in_file_t definition;
88 const char* name;
89 } map_entry_t;
90
96
103 typedef struct _map_initial_values
104 {
105 ebpf_native_module_header_t header;
106 const char* name; // Name of the map.
107 size_t count; // Number of values in the map.
108 const char** values; // Array of strings containing the initial values.
109 } map_initial_values_t;
110
118
124
132
137 typedef struct _program_entry
138 {
139 // DLLs put the strings into the same section, so add a marker
140 // at the start of a program entry to make it easy to find
141 // entries in the programs section.
142 uint64_t zero;
143
144 ebpf_native_module_header_t header;
145 uint64_t (*function)(void*, const program_runtime_context_t*);
146 const char* pe_section_name;
147 const char* section_name;
148 const char* program_name;
149 uint16_t* referenced_map_indices;
150 uint16_t referenced_map_count;
151 helper_function_entry_t* helpers;
152 uint16_t helper_count;
153 size_t bpf_instruction_count;
154 ebpf_program_type_t* program_type;
155 ebpf_attach_type_t* expected_attach_type;
156 const uint8_t* program_info_hash;
157 size_t program_info_hash_length;
158 const char* program_info_hash_type;
159 } program_entry_t;
160
166 typedef struct _bpf2c_version
167 {
168 uint32_t major;
169 uint32_t minor;
170 uint32_t revision;
171 } bpf2c_version_t;
172
178 typedef struct _metadata_table
179 {
180 size_t size;
181 void (*programs)(
182 _Outptr_result_buffer_maybenull_(*count) program_entry_t** programs,
183 _Out_ size_t* count);
184 void (*maps)(
185 _Outptr_result_buffer_maybenull_(*count) map_entry_t** maps,
186 _Out_ size_t* count);
187 void (*hash)(
188 _Outptr_result_buffer_maybenull_(*size) const uint8_t** hash,
189 _Out_ size_t* size);
190 void (*version)(_Out_ bpf2c_version_t* version);
191 void (*map_initial_values)(
192 _Outptr_result_buffer_maybenull_(*count) map_initial_values_t** map_initial_values,
193 _Out_ size_t* count);
194 void (*global_variable_sections)(
195 _Outptr_result_buffer_maybenull_(*count) global_variable_section_info_t** global_variable_sections,
196 _Out_ size_t* count);
197 } metadata_table_t;
198
205 inline uint16_t
206 swap16(uint16_t value)
207 {
208 return value << 8 | value >> 8;
209 }
210
217 inline uint32_t
218 swap32(uint32_t value)
219 {
220 return swap16(value >> 16) | ((uint32_t)swap16(value & ((1 << 16) - 1))) << 16;
221 }
222
229 inline uint64_t
230 swap64(uint64_t value)
231 {
232 return swap32(value >> 32) | ((uint64_t)swap32(value & ((1ull << 32ull) - 1))) << 32;
233 }
234
235#define EBPF_NATIVE_HELPER_FUNCTION_ENTRY_CURRENT_VERSION 1
236#define EBPF_NATIVE_HELPER_FUNCTION_ENTRY_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(helper_function_entry_t, name)
237#define EBPF_NATIVE_HELPER_FUNCTION_ENTRY_CURRENT_VERSION_TOTAL_SIZE sizeof(helper_function_entry_t)
238#define EBPF_NATIVE_HELPER_FUNCTION_ENTRY_HEADER \
239 {EBPF_NATIVE_HELPER_FUNCTION_ENTRY_CURRENT_VERSION, \
240 EBPF_NATIVE_HELPER_FUNCTION_ENTRY_CURRENT_VERSION_SIZE, \
241 EBPF_NATIVE_HELPER_FUNCTION_ENTRY_CURRENT_VERSION_TOTAL_SIZE}
242
243#define EBPF_NATIVE_HELPER_FUNCTION_DATA_CURRENT_VERSION 1
244#define EBPF_NATIVE_HELPER_FUNCTION_DATA_CURRENT_VERSION_SIZE \
245 EBPF_SIZE_INCLUDING_FIELD(helper_function_data_t, tail_call)
246#define EBPF_NATIVE_HELPER_FUNCTION_DATA_CURRENT_VERSION_TOTAL_SIZE sizeof(helper_function_data_t)
247#define EBPF_NATIVE_HELPER_FUNCTION_DATA_HEADER \
248 {EBPF_NATIVE_HELPER_FUNCTION_DATA_CURRENT_VERSION, \
249 EBPF_NATIVE_HELPER_FUNCTION_DATA_CURRENT_VERSION_SIZE, \
250 EBPF_NATIVE_HELPER_FUNCTION_DATA_CURRENT_VERSION_TOTAL_SIZE}
251
252#define EBPF_NATIVE_MAP_ENTRY_CURRENT_VERSION 1
253#define EBPF_NATIVE_MAP_ENTRY_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(map_entry_t, name)
254#define EBPF_NATIVE_MAP_ENTRY_CURRENT_VERSION_TOTAL_SIZE sizeof(map_entry_t)
255#define EBPF_NATIVE_MAP_ENTRY_HEADER \
256 {EBPF_NATIVE_MAP_ENTRY_CURRENT_VERSION, \
257 EBPF_NATIVE_MAP_ENTRY_CURRENT_VERSION_SIZE, \
258 EBPF_NATIVE_MAP_ENTRY_CURRENT_VERSION_TOTAL_SIZE}
259
260#define EBPF_NATIVE_MAP_DATA_CURRENT_VERSION 1
261#define EBPF_NATIVE_MAP_DATA_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(map_data_t, address)
262#define EBPF_NATIVE_MAP_DATA_CURRENT_VERSION_TOTAL_SIZE sizeof(map_data_t)
263#define EBPF_NATIVE_MAP_DATA_HEADER \
264 {EBPF_NATIVE_MAP_DATA_CURRENT_VERSION, \
265 EBPF_NATIVE_MAP_DATA_CURRENT_VERSION_SIZE, \
266 EBPF_NATIVE_MAP_DATA_CURRENT_VERSION_TOTAL_SIZE}
267
268#define EBPF_NATIVE_PROGRAM_ENTRY_CURRENT_VERSION 1
269#define EBPF_NATIVE_PROGRAM_ENTRY_CURRENT_VERSION_SIZE \
270 EBPF_SIZE_INCLUDING_FIELD(program_entry_t, program_info_hash_type)
271#define EBPF_NATIVE_PROGRAM_ENTRY_CURRENT_VERSION_TOTAL_SIZE sizeof(program_entry_t)
272#define EBPF_NATIVE_PROGRAM_ENTRY_HEADER \
273 {EBPF_NATIVE_PROGRAM_ENTRY_CURRENT_VERSION, \
274 EBPF_NATIVE_PROGRAM_ENTRY_CURRENT_VERSION_SIZE, \
275 EBPF_NATIVE_PROGRAM_ENTRY_CURRENT_VERSION_TOTAL_SIZE}
276
277#define EBPF_NATIVE_PROGRAM_RUNTIME_CONTEXT_CURRENT_VERSION 1
278#define EBPF_NATIVE_PROGRAM_RUNTIME_CONTEXT_CURRENT_VERSION_SIZE \
279 EBPF_SIZE_INCLUDING_FIELD(program_runtime_context_t, map_data)
280#define EBPF_NATIVE_PROGRAM_RUNTIME_CONTEXT_CURRENT_VERSION_TOTAL_SIZE sizeof(program_runtime_context_t)
281#define EBPF_NATIVE_PROGRAM_RUNTIME_CONTEXT_HEADER \
282 {EBPF_NATIVE_PROGRAM_RUNTIME_CONTEXT_CURRENT_VERSION, \
283 EBPF_NATIVE_PROGRAM_RUNTIME_CONTEXT_CURRENT_VERSION_SIZE, \
284 EBPF_NATIVE_PROGRAM_RUNTIME_CONTEXT_CURRENT_VERSION_TOTAL_SIZE}
285
286#define EBPF_NATIVE_MAP_INITIAL_VALUES_CURRENT_VERSION 1
287#define EBPF_NATIVE_MAP_INITIAL_VALUES_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(map_initial_values_t, values)
288#define EBPF_NATIVE_MAP_INITIAL_VALUES_CURRENT_VERSION_TOTAL_SIZE sizeof(map_initial_values_t)
289#define EBPF_NATIVE_MAP_INITIAL_VALUES_HEADER \
290 {EBPF_NATIVE_MAP_INITIAL_VALUES_CURRENT_VERSION, \
291 EBPF_NATIVE_MAP_INITIAL_VALUES_CURRENT_VERSION_SIZE, \
292 EBPF_NATIVE_MAP_INITIAL_VALUES_CURRENT_VERSION_TOTAL_SIZE}
293
294#define EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_INFO_CURRENT_VERSION 1
295#define EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_INFO_CURRENT_VERSION_SIZE \
296 EBPF_SIZE_INCLUDING_FIELD(global_variable_section_info_t, initial_data)
297#define EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_INFO_CURRENT_VERSION_TOTAL_SIZE sizeof(global_variable_section_info_t)
298#define EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_INFO_HEADER \
299 {EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_INFO_CURRENT_VERSION, \
300 EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_INFO_CURRENT_VERSION_SIZE, \
301 EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_INFO_CURRENT_VERSION_TOTAL_SIZE}
302
303#define EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_DATA_CURRENT_VERSION 1
304#define EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_DATA_CURRENT_VERSION_SIZE \
305 EBPF_SIZE_INCLUDING_FIELD(global_variable_section_data_t, address_of_map_value)
306#define EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_DATA_CURRENT_VERSION_TOTAL_SIZE sizeof(global_variable_section_data_t)
307#define EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_DATA_HEADER \
308 {EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_DATA_CURRENT_VERSION, \
309 EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_DATA_CURRENT_VERSION_SIZE, \
310 EBPF_NATIVE_GLOBAL_VARIABLE_SECTION_DATA_CURRENT_VERSION_TOTAL_SIZE}
311
312#define EBPF_NATIVE_METADATA_TABLE_CURRENT_VERSION 1
313#define EBPF_NATIVE_METADATA_TABLE_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(metadata_table_t, map_initial_values)
314#define EBPF_NATIVE_METADATA_TABLE_CURRENT_VERSION_TOTAL_SIZE sizeof(metadata_table_t)
315#define EBPF_NATIVE_METADATA_TABLE_HEADER \
316 {EBPF_NATIVE_METADATA_TABLE_CURRENT_VERSION, \
317 EBPF_NATIVE_METADATA_TABLE_CURRENT_VERSION_SIZE, \
318 EBPF_NATIVE_METADATA_TABLE_CURRENT_VERSION_TOTAL_SIZE}
319
320#ifdef __cplusplus
321}
322#endif
program_runtime_context_t
struct _program_runtime_context program_runtime_context_t
global_variable_section_info_t
struct _global_variable_section_info global_variable_section_info_t
helper_function_data_t
struct _helper_function_data helper_function_data_t
swap64
uint64_t swap64(uint64_t value)
Inline function used to implement the 64 bit EBPF_OP_LE/EBPF_OP_BE instruction.
Definition bpf2c.h:230
helper_function_t
uint64_t(* helper_function_t)(uint64_t, uint64_t, uint64_t, uint64_t, uint64_t, void *)
Definition bpf2c.h:52
map_initial_values_t
struct _map_initial_values map_initial_values_t
Map initial values. This structure contains the initial values for a map. The values are used to init...
map_entry_t
struct _map_entry map_entry_t
Map entry. This structure contains the address of the map and the map definition. The address is writ...
helper_function_entry_t
struct _helper_function_entry helper_function_entry_t
Helper function entry. This structure defines a helper function entry in the metadata table....
swap32
uint32_t swap32(uint32_t value)
Inline function used to implement the 32 bit EBPF_OP_LE/EBPF_OP_BE instruction.
Definition bpf2c.h:218
global_variable_section_data_t
struct _global_variable_section_data global_variable_section_data_t
swap16
uint16_t swap16(uint16_t value)
Inline function used to implement the 16 bit EBPF_OP_LE/EBPF_OP_BE instruction.
Definition bpf2c.h:206
program_entry_t
struct _program_entry program_entry_t
Program entry. This structure contains the address of the program and additional information about th...
bpf2c_version_t
struct _bpf2c_version bpf2c_version_t
Version information for the bpf2c compiler. This structure contains the version information for the b...
metadata_table_t
struct _metadata_table metadata_table_t
Metadata table for a module. This structure is returned by the module's metadata function,...
map_data_t
struct _map_data map_data_t
ebpf_structs.h
This file contains eBPF definitions common to eBPF programs, core execution engine as well as eBPF AP...
ebpf_attach_type_t
GUID ebpf_attach_type_t
Definition ebpf_windows.h:62
ebpf_program_type_t
GUID ebpf_program_type_t
Definition ebpf_windows.h:61
_bpf2c_version
Version information for the bpf2c compiler. This structure contains the version information for the b...
Definition bpf2c.h:167
_bpf2c_version::major
uint32_t major
Definition bpf2c.h:168
_bpf2c_version::revision
uint32_t revision
Definition bpf2c.h:170
_bpf2c_version::minor
uint32_t minor
Definition bpf2c.h:169
_ebpf_extension_header
Header of an eBPF extension data structure. Every eBPF extension data structure must start with this ...
Definition ebpf_windows.h:153
_ebpf_map_definition_in_file
eBPF Map Definition as it appears in the maps section of an ELF file.
Definition ebpf_structs.h:119
_global_variable_section_data
Definition bpf2c.h:120
_global_variable_section_data::address_of_map_value
unsigned char * address_of_map_value
Definition bpf2c.h:122
_global_variable_section_data::header
ebpf_native_module_header_t header
Definition bpf2c.h:121
_global_variable_section_info
Definition bpf2c.h:112
_global_variable_section_info::size
size_t size
Definition bpf2c.h:115
_global_variable_section_info::initial_data
const void * initial_data
Definition bpf2c.h:116
_global_variable_section_info::name
const char * name
Definition bpf2c.h:114
_global_variable_section_info::header
ebpf_native_module_header_t header
Definition bpf2c.h:113
_helper_function_data
Definition bpf2c.h:68
_helper_function_data::tail_call
bool tail_call
Definition bpf2c.h:71
_helper_function_data::address
helper_function_t address
Definition bpf2c.h:70
_helper_function_data::header
ebpf_native_module_header_t header
Definition bpf2c.h:69
_helper_function_entry
Helper function entry. This structure defines a helper function entry in the metadata table....
Definition bpf2c.h:61
_helper_function_entry::name
const char * name
Definition bpf2c.h:64
_helper_function_entry::helper_id
uint32_t helper_id
Definition bpf2c.h:63
_helper_function_entry::header
ebpf_native_module_header_t header
Definition bpf2c.h:62
_map_data
Definition bpf2c.h:92
_map_data::address
uintptr_t address
Definition bpf2c.h:94
_map_data::header
ebpf_native_module_header_t header
Definition bpf2c.h:93
_map_entry
Map entry. This structure contains the address of the map and the map definition. The address is writ...
Definition bpf2c.h:80
_map_entry::definition
ebpf_map_definition_in_file_t definition
Definition bpf2c.h:87
_map_entry::zero_marker
uint64_t zero_marker[2]
Definition bpf2c.h:84
_map_entry::header
ebpf_native_module_header_t header
Definition bpf2c.h:86
_map_entry::name
const char * name
Definition bpf2c.h:88
_map_initial_values
Map initial values. This structure contains the initial values for a map. The values are used to init...
Definition bpf2c.h:104
_map_initial_values::values
const char ** values
Definition bpf2c.h:108
_map_initial_values::count
size_t count
Definition bpf2c.h:107
_map_initial_values::header
ebpf_native_module_header_t header
Definition bpf2c.h:105
_map_initial_values::name
const char * name
Definition bpf2c.h:106
_metadata_table
Metadata table for a module. This structure is returned by the module's metadata function,...
Definition bpf2c.h:179
_metadata_table::version
void(* version)(bpf2c_version_t *version)
Definition bpf2c.h:190
_metadata_table::size
size_t size
Size of this structure. Used for versioning.
Definition bpf2c.h:180
_metadata_table::map_initial_values
void(* map_initial_values)((*count) map_initial_values_t **map_initial_values, size_t *count)
Returns the list of initial values for maps in this module.
Definition bpf2c.h:191
_metadata_table::global_variable_sections
void(* global_variable_sections)((*count) global_variable_section_info_t **global_variable_sections, size_t *count)
Returns the list of global variables in this module.
Definition bpf2c.h:194
_metadata_table::programs
void(* programs)((*count) program_entry_t **programs, size_t *count)
Returns the list of programs in this module.
Definition bpf2c.h:181
_metadata_table::hash
void(* hash)((*size) const uint8_t **hash, size_t *size)
Returns the hash of the ELF file used to generate this module.
Definition bpf2c.h:187
_metadata_table::maps
void(* maps)((*count) map_entry_t **maps, size_t *count)
Returns the list of maps in this module.
Definition bpf2c.h:184
_program_entry
Program entry. This structure contains the address of the program and additional information about th...
Definition bpf2c.h:138
_program_entry::helper_count
uint16_t helper_count
Number of helper functions used by the program.
Definition bpf2c.h:152
_program_entry::zero
uint64_t zero
Definition bpf2c.h:142
_program_entry::program_info_hash_type
const char * program_info_hash_type
Type of the program info hash.
Definition bpf2c.h:158
_program_entry::referenced_map_count
uint16_t referenced_map_count
Number of maps referenced by the program.
Definition bpf2c.h:150
_program_entry::program_name
const char * program_name
Name of the program.
Definition bpf2c.h:148
_program_entry::bpf_instruction_count
size_t bpf_instruction_count
Number of BPF instructions in the program.
Definition bpf2c.h:153
_program_entry::function
uint64_t(* function)(void *, const program_runtime_context_t *)
Address of the program.
Definition bpf2c.h:145
_program_entry::header
ebpf_native_module_header_t header
Definition bpf2c.h:144
_program_entry::program_info_hash_length
size_t program_info_hash_length
Length of the program info hash.
Definition bpf2c.h:157
_program_entry::referenced_map_indices
uint16_t * referenced_map_indices
List of map indices referenced by the program.
Definition bpf2c.h:149
_program_entry::expected_attach_type
ebpf_attach_type_t * expected_attach_type
Expected attach type of the program.
Definition bpf2c.h:155
_program_entry::pe_section_name
const char * pe_section_name
Name of the PE section containing the program.
Definition bpf2c.h:146
_program_entry::program_info_hash
const uint8_t * program_info_hash
Hash of the program info.
Definition bpf2c.h:156
_program_entry::section_name
const char * section_name
Name of the section containing the program.
Definition bpf2c.h:147
_program_entry::program_type
ebpf_program_type_t * program_type
Type of the program.
Definition bpf2c.h:154
_program_entry::helpers
helper_function_entry_t * helpers
List of helper functions used by the program.
Definition bpf2c.h:151
_program_runtime_context
Definition bpf2c.h:126
_program_runtime_context::map_data
map_data_t * map_data
Definition bpf2c.h:129
_program_runtime_context::global_variable_section_data
global_variable_section_data_t * global_variable_section_data
Definition bpf2c.h:130
_program_runtime_context::helper_data
helper_function_data_t * helper_data
Definition bpf2c.h:128
_program_runtime_context::header
ebpf_native_module_header_t header
Definition bpf2c.h:127
Generated by doxygen 1.9.8