eBPF for Windows
Functions
bpf_helper_defs.h File Reference

Go to the source code of this file.

Functions

void * bpf_map_lookup_elem (struct bpf_map *map, void *key)
 Get a pointer to an entry in the map. More...
 
int64_t bpf_map_update_elem (struct bpf_map *map, void *key, void *value, uint64_t flags)
 Insert or update an entry in the map. More...
 
int64_t bpf_map_delete_elem (struct bpf_map *map, void *key)
 Remove an entry from the map. More...
 
void * bpf_map_lookup_and_delete_elem (struct bpf_map *map, void *key)
 Get a pointer to an entry in the map and erase that element. More...
 
int64_t bpf_tail_call (void *ctx, struct bpf_map *prog_array_map, uint32_t index)
 Perform a tail call into another eBPF program. More...
 
uint32_t bpf_get_prandom_u32 ()
 Get a pseudo-random number. More...
 
uint64_t bpf_ktime_get_boot_ns ()
 Return time elapsed since boot in nanoseconds including time while suspended. More...
 
uint64_t bpf_get_smp_processor_id ()
 Return SMP id of the processor running the program. More...
 
uint64_t bpf_ktime_get_ns ()
 Return time elapsed since boot in nanoseconds excluding time while suspended. More...
 
int bpf_csum_diff (void *from, int from_size, void *to, int to_size, int seed)
 Computes difference of checksum values for two input raw buffers using 1's complement arithmetic. More...
 
int bpf_ringbuf_output (struct bpf_map *ring_buffer, void *data, uint64_t size, uint64_t flags)
 Copy data into the ring buffer map. More...
 
long bpf_trace_printk2 (const char *fmt, uint32_t fmt_size)
 Print debug output. More...
 
long bpf_trace_printk3 (const char *fmt, uint32_t fmt_size, uint64_t arg3)
 Print debug output. More...
 
long bpf_trace_printk4 (const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4)
 Print debug output. More...
 
long bpf_trace_printk5 (const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5)
 Print debug output. More...
 
long bpf_trace_printk (const char *fmt, uint32_t size,...)
 Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows. More...
 
long bpf_printk (const char *fmt,...)
 Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows. More...
 
int64_t bpf_map_push_elem (struct bpf_map *map, void *value, uint64_t flags)
 Insert an element at the end of the map (only valid for stack and queue). More...
 
int64_t bpf_map_pop_elem (struct bpf_map *map, void *value)
 Copy an entry from the map and remove it from the map (only valid for stack and queue). Queue pops from the beginning of the map. Stack pops from the end of the map. More...
 
int64_t bpf_map_peek_elem (struct bpf_map *map, void *value)
 Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map. Stack peeks at the end of the map. More...
 
uint64_t bpf_get_current_pid_tgid ()
 Get the current thread ID (PID) and process ID (TGID). More...
 

Function Documentation

◆ bpf_csum_diff()

int bpf_csum_diff ( void *  from,
int  from_size,
void *  to,
int  to_size,
int  seed 
)

Computes difference of checksum values for two input raw buffers using 1's complement arithmetic.

Parameters
[in]fromPointer to first raw buffer.
[in]from_sizeLength of the "from" buffer. Must be a multiple of 4.
[in]toPointer to the second raw buffer, whose checksum will be subtracted from that of the "from" buffer.
[in]to_sizeLength of the "to" buffer. Must be a multiple of 4.
[in]seedAn optional integer that can be added to the value, which can be used to carry result of a previous csum_diff operation.
Returns
The checksum delta on success, or <0 on failure.

◆ bpf_get_current_pid_tgid()

uint64_t bpf_get_current_pid_tgid ( )

Get the current thread ID (PID) and process ID (TGID).

Returns
A 64-bit integer containing the current process ID and thread ID, and created as such: (process ID << 32) | (thread ID).

◆ bpf_get_prandom_u32()

uint32_t bpf_get_prandom_u32 ( )

Get a pseudo-random number.

Returns
A random 32-bit unsigned value.

◆ bpf_get_smp_processor_id()

uint64_t bpf_get_smp_processor_id ( )

Return SMP id of the processor running the program.

Returns
SMP id of the processor running the program.

◆ bpf_ktime_get_boot_ns()

uint64_t bpf_ktime_get_boot_ns ( )

Return time elapsed since boot in nanoseconds including time while suspended.

Returns
Time elapsed since boot in nanosecond units.

◆ bpf_ktime_get_ns()

uint64_t bpf_ktime_get_ns ( )

Return time elapsed since boot in nanoseconds excluding time while suspended.

Returns
Time elapsed since boot in nanosecond units.

◆ bpf_map_delete_elem()

int64_t bpf_map_delete_elem ( struct bpf_map map,
void *  key 
)

Remove an entry from the map.

Parameters
[in]mapMap to update.
[in]keyKey to use when searching and updating the map.
Return values
EBPF_SUCCESSThe operation was successful.
-EBPF_INVALID_ARGUMENTOne or more parameters are invalid.

◆ bpf_map_lookup_and_delete_elem()

void* bpf_map_lookup_and_delete_elem ( struct bpf_map map,
void *  key 
)

Get a pointer to an entry in the map and erase that element.

Parameters
[in]mapMap to search.
[in]keyKey to use when searching map.
Returns
Pointer to the value if found or NULL.

◆ bpf_map_lookup_elem()

void* bpf_map_lookup_elem ( struct bpf_map map,
void *  key 
)

Get a pointer to an entry in the map.

Parameters
[in]mapMap to search.
[in]keyKey to use when searching map.
Returns
Pointer to the value if found or NULL.

◆ bpf_map_peek_elem()

int64_t bpf_map_peek_elem ( struct bpf_map map,
void *  value 
)

Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map. Stack peeks at the end of the map.

Parameters
[in]mapMap to search.
[out]valueValue buffer to copy value from map into.
Return values
EBPF_SUCCESSThe operation was successful.
-EBPF_OBJECT_NOT_FOUNDThe map is empty.

◆ bpf_map_pop_elem()

int64_t bpf_map_pop_elem ( struct bpf_map map,
void *  value 
)

Copy an entry from the map and remove it from the map (only valid for stack and queue). Queue pops from the beginning of the map. Stack pops from the end of the map.

Parameters
[in]mapMap to search.
[out]valueValue buffer to copy value from map into.
Return values
EBPF_SUCCESSThe operation was successful.
-EBPF_OBJECT_NOT_FOUNDThe map is empty.

◆ bpf_map_push_elem()

int64_t bpf_map_push_elem ( struct bpf_map map,
void *  value,
uint64_t  flags 
)

Insert an element at the end of the map (only valid for stack and queue).

Parameters
[in]mapMap to update.
[in]valueValue to insert into the map.
[in]flagsMap flags - BPF_EXIST: If the map is full, the entry at the start of the map is discarded.
Return values
EBPF_SUCCESSThe operation was successful.
-EBPF_NO_MEMORYUnable to allocate resources for this entry.
-EBPF_OUT_OF_SPACEMap is full and BPF_EXIST was not supplied.

◆ bpf_map_update_elem()

int64_t bpf_map_update_elem ( struct bpf_map map,
void *  key,
void *  value,
uint64_t  flags 
)

Insert or update an entry in the map.

Parameters
[in]mapMap to update.
[in]keyKey to use when searching and updating the map.
[in]valueValue to insert into the map.
[in]flagsMap flags.
Return values
EBPF_SUCCESSThe operation was successful.
-EBPF_NO_MEMORYUnable to allocate resources for this entry.

◆ bpf_printk()

long bpf_printk ( const char *  fmt,
  ... 
)

Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows.

Parameters
[in]fmtPrintf-style format string.
[in]...Numeric arguments to be used by the format string.
Returns
The number of bytes written, or a negative error in case of failure.

◆ bpf_ringbuf_output()

int bpf_ringbuf_output ( struct bpf_map ring_buffer,
void *  data,
uint64_t  size,
uint64_t  flags 
)

Copy data into the ring buffer map.

Parameters
[in,out]mapPointer to ring buffer map.
[in]dataData to copy into ring buffer map.
[in]sizeLength of data.
[in]flagsFlags indicating if notification for new data availability should be sent.
Returns
0 on success and a negative value on error.

◆ bpf_tail_call()

int64_t bpf_tail_call ( void *  ctx,
struct bpf_map prog_array_map,
uint32_t  index 
)

Perform a tail call into another eBPF program.

Parameters
[in]ctxContext to pass to the called program.
[in]prog_array_mapMap of program fds.
[in]indexIndex in map of program to call.
Return values
EBPF_SUCCESSThe operation was successful.
-EBPF_INVALID_ARGUMENTOne or more parameters are invalid.

◆ bpf_trace_printk()

long bpf_trace_printk ( const char *  fmt,
uint32_t  size,
  ... 
)

Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows.

Parameters
[in]fmtPrintf-style format string.
[in]sizeSize in bytes of the format string.
[in]...Numeric arguments to be used by the format string.
Returns
The number of bytes written, or a negative error in case of failure.

◆ bpf_trace_printk2()

long bpf_trace_printk2 ( const char *  fmt,
uint32_t  fmt_size 
)

Print debug output.

Parameters
[in]fmtPrintf-style format string.
[in]fmt_sizeSize in bytes of fmt.
Returns
The number of bytes written, or a negative error in case of failure.

◆ bpf_trace_printk3()

long bpf_trace_printk3 ( const char *  fmt,
uint32_t  fmt_size,
uint64_t  arg3 
)

Print debug output.

Parameters
[in]fmtPrintf-style format string.
[in]fmt_sizeSize in bytes of fmt.
[in]arg3Numeric argument to be used by the format string.
Returns
The number of bytes written, or a negative error in case of failure.

◆ bpf_trace_printk4()

long bpf_trace_printk4 ( const char *  fmt,
uint32_t  fmt_size,
uint64_t  arg3,
uint64_t  arg4 
)

Print debug output.

Parameters
[in]fmtPrintf-style format string.
[in]fmt_sizeSize in bytes of fmt.
[in]arg3Numeric argument to be used by the format string.
[in]arg4Numeric argument to be used by the format string.
Returns
The number of bytes written, or a negative error in case of failure.

◆ bpf_trace_printk5()

long bpf_trace_printk5 ( const char *  fmt,
uint32_t  fmt_size,
uint64_t  arg3,
uint64_t  arg4,
uint64_t  arg5 
)

Print debug output.

Parameters
[in]fmtPrintf-style format string.
[in]fmt_sizeSize in bytes of fmt.
[in]arg3Numeric argument to be used by the format string.
[in]arg4Numeric argument to be used by the format string.
[in]arg5Numeric argument to be used by the format string.
Returns
The number of bytes written, or a negative error in case of failure.