bpf_helper_defs.h File Reference

Go to the source code of this file.

Functions
void *	bpf_map_lookup_elem (struct bpf_map *map, void *key)
	Get a pointer to an entry in the map. More...
int64_t	bpf_map_update_elem (struct bpf_map *map, void *key, void *value, uint64_t flags)
	Insert or update an entry in the map. More...
int64_t	bpf_map_delete_elem (struct bpf_map *map, void *key)
	Remove an entry from the map. More...
void *	bpf_map_lookup_and_delete_elem (struct bpf_map *map, void *key)
	Get a pointer to an entry in the map and erase that element. More...
int64_t	bpf_tail_call (void *ctx, struct bpf_map *prog_array_map, uint32_t index)
	Perform a tail call into another eBPF program. More...
uint32_t	bpf_get_prandom_u32 ()
	Get a pseudo-random number. More...
uint64_t	bpf_ktime_get_boot_ns ()
	Return time elapsed since boot in nanoseconds including time while suspended. More...
uint64_t	bpf_get_smp_processor_id ()
	Return SMP id of the processor running the program. More...
uint64_t	bpf_ktime_get_ns ()
	Return time elapsed since boot in nanoseconds excluding time while suspended. More...
int	bpf_csum_diff (void *from, int from_size, void *to, int to_size, int seed)
	Computes difference of checksum values for two input raw buffers using 1's complement arithmetic. More...
int	bpf_ringbuf_output (struct bpf_map *ring_buffer, void *data, uint64_t size, uint64_t flags)
	Copy data into the ring buffer map. More...
long	bpf_trace_printk2 (const char *fmt, uint32_t fmt_size)
	Print debug output. More...
long	bpf_trace_printk3 (const char *fmt, uint32_t fmt_size, uint64_t arg3)
	Print debug output. More...
long	bpf_trace_printk4 (const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4)
	Print debug output. More...
long	bpf_trace_printk5 (const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5)
	Print debug output. More...
long	bpf_trace_printk (const char *fmt, uint32_t size,...)
	Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows. More...
long	bpf_printk (const char *fmt,...)
	Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows. More...
int64_t	bpf_map_push_elem (struct bpf_map *map, void *value, uint64_t flags)
	Insert an element at the end of the map (only valid for stack and queue). More...
int64_t	bpf_map_pop_elem (struct bpf_map *map, void *value)
	Copy an entry from the map and remove it from the map (only valid for stack and queue). Queue pops from the beginning of the map. Stack pops from the end of the map. More...
int64_t	bpf_map_peek_elem (struct bpf_map *map, void *value)
	Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map. Stack peeks at the end of the map. More...
uint64_t	bpf_get_current_pid_tgid ()
	Get the current thread ID (PID) and process ID (TGID). More...
uint64_t	bpf_get_current_logon_id (const void *ctx)
	Get the 64-bit logon ID of the current thread. In case of sock_addr attach types, get the logon ID of the user mode app making the request. In other cases, get the logon ID of the current thread. More...
int32_t	bpf_is_current_admin (const void *ctx)
	Get whether the current user is admin. In case of sock_addr attach types, returns whether the user initiating the request is admin or not. In other cases, returns whether the current thread user is admin or not. More...

Function Documentation

bpf_csum_diff()

int bpf_csum_diff	(	void *	from,
		int	from_size,
		void *	to,
		int	to_size,
		int	seed
	)

Computes difference of checksum values for two input raw buffers using 1's complement arithmetic.

Parameters

[in]	from	Pointer to first raw buffer.
[in]	from_size	Length of the "from" buffer. Must be a multiple of 4.
[in]	to	Pointer to the second raw buffer, whose checksum will be subtracted from that of the "from" buffer.
[in]	to_size	Length of the "to" buffer. Must be a multiple of 4.
[in]	seed	An optional integer that can be added to the value, which can be used to carry result of a previous csum_diff operation.

Returns

The checksum delta on success, or <0 on failure.

bpf_get_current_logon_id()

uint64_t bpf_get_current_logon_id

(

const void *

ctx

)

Get the 64-bit logon ID of the current thread. In case of sock_addr attach types, get the logon ID of the user mode app making the request. In other cases, get the logon ID of the current thread.

Parameters

[in]

ctx

Context passed to the eBPF program.

Returns

The logon ID, or 0 in case of error.

bpf_get_current_pid_tgid()

uint64_t bpf_get_current_pid_tgid

(

)

Get the current thread ID (PID) and process ID (TGID).

Returns

A 64-bit integer containing the current process ID and thread ID, and created as such: (process ID << 32) | (thread ID).

bpf_get_prandom_u32()

uint32_t bpf_get_prandom_u32

(

)

Get a pseudo-random number.

Returns

A random 32-bit unsigned value.

bpf_get_smp_processor_id()

uint64_t bpf_get_smp_processor_id

(

)

Return SMP id of the processor running the program.

Returns

SMP id of the processor running the program.

bpf_is_current_admin()

int32_t bpf_is_current_admin

(

const void *

ctx

)

Get whether the current user is admin. In case of sock_addr attach types, returns whether the user initiating the request is admin or not. In other cases, returns whether the current thread user is admin or not.

Parameters

[in]

ctx

Context passed to the eBPF program.

Return values

1	Is admin.
0	Is not admin.
<0	An error occurred.

bpf_ktime_get_boot_ns()

uint64_t bpf_ktime_get_boot_ns

(

)

Return time elapsed since boot in nanoseconds including time while suspended.

Returns

Time elapsed since boot in nanosecond units.

bpf_ktime_get_ns()

uint64_t bpf_ktime_get_ns

(

)

Return time elapsed since boot in nanoseconds excluding time while suspended.

Returns

Time elapsed since boot in nanosecond units.

bpf_map_delete_elem()

int64_t bpf_map_delete_elem	(	struct bpf_map *	map,
		void *	key
	)

Remove an entry from the map.

Parameters

[in]	map	Map to update.
[in]	key	Key to use when searching and updating the map.

Return values

EBPF_SUCCESS	The operation was successful.
-EBPF_INVALID_ARGUMENT	One or more parameters are invalid.

bpf_map_lookup_and_delete_elem()

void* bpf_map_lookup_and_delete_elem	(	struct bpf_map *	map,
		void *	key
	)

Get a pointer to an entry in the map and erase that element.

Parameters

[in]	map	Map to search.
[in]	key	Key to use when searching map.

Returns

Pointer to the value if found or NULL.

bpf_map_lookup_elem()

void* bpf_map_lookup_elem	(	struct bpf_map *	map,
		void *	key
	)

Get a pointer to an entry in the map.

Parameters

[in]	map	Map to search.
[in]	key	Key to use when searching map.

Returns

Pointer to the value if found or NULL.

bpf_map_peek_elem()

int64_t bpf_map_peek_elem	(	struct bpf_map *	map,
		void *	value
	)

Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map. Stack peeks at the end of the map.

Parameters

[in]	map	Map to search.
[out]	value	Value buffer to copy value from map into.

Return values

EBPF_SUCCESS	The operation was successful.
-EBPF_OBJECT_NOT_FOUND	The map is empty.

bpf_map_pop_elem()

int64_t bpf_map_pop_elem	(	struct bpf_map *	map,
		void *	value
	)

Copy an entry from the map and remove it from the map (only valid for stack and queue). Queue pops from the beginning of the map. Stack pops from the end of the map.

Parameters

[in]	map	Map to search.
[out]	value	Value buffer to copy value from map into.

Return values

EBPF_SUCCESS	The operation was successful.
-EBPF_OBJECT_NOT_FOUND	The map is empty.

bpf_map_push_elem()

int64_t bpf_map_push_elem	(	struct bpf_map *	map,
		void *	value,
		uint64_t	flags
	)

Insert an element at the end of the map (only valid for stack and queue).

Parameters

[in]	map	Map to update.
[in]	value	Value to insert into the map.
[in]	flags	Map flags - BPF_EXIST: If the map is full, the entry at the start of the map is discarded.

Return values

EBPF_SUCCESS	The operation was successful.
-EBPF_NO_MEMORY	Unable to allocate resources for this entry.
-EBPF_OUT_OF_SPACE	Map is full and BPF_EXIST was not supplied.

bpf_map_update_elem()

int64_t bpf_map_update_elem	(	struct bpf_map *	map,
		void *	key,
		void *	value,
		uint64_t	flags
	)

Insert or update an entry in the map.

Parameters

[in]	map	Map to update.
[in]	key	Key to use when searching and updating the map.
[in]	value	Value to insert into the map.
[in]	flags	Map flags.

Return values

EBPF_SUCCESS	The operation was successful.
-EBPF_NO_MEMORY	Unable to allocate resources for this entry.

bpf_printk()

long bpf_printk	(	const char *	fmt,
			...
	)

Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows.

Parameters

[in]	fmt	Printf-style format string.
[in]	...	Numeric arguments to be used by the format string.

Returns

The number of bytes written, or a negative error in case of failure.

bpf_ringbuf_output()

int bpf_ringbuf_output	(	struct bpf_map *	ring_buffer,
		void *	data,
		uint64_t	size,
		uint64_t	flags
	)

Copy data into the ring buffer map.

Parameters

[in,out]	map	Pointer to ring buffer map.
[in]	data	Data to copy into ring buffer map.
[in]	size	Length of data.
[in]	flags	Flags indicating if notification for new data availability should be sent.

Returns

0 on success and a negative value on error.

bpf_tail_call()

int64_t bpf_tail_call	(	void *	ctx,
		struct bpf_map *	prog_array_map,
		uint32_t	index
	)

Perform a tail call into another eBPF program.

Parameters

[in]	ctx	Context to pass to the called program.
[in]	prog_array_map	Map of program fds.
[in]	index	Index in map of program to call.

Return values

EBPF_SUCCESS	The operation was successful.
-EBPF_INVALID_ARGUMENT	One or more parameters are invalid.

bpf_trace_printk()

long bpf_trace_printk	(	const char *	fmt,
		uint32_t	size,
			...
	)

Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows.

Parameters

[in]	fmt	Printf-style format string.
[in]	size	Size in bytes of the format string.
[in]	...	Numeric arguments to be used by the format string.

Returns

The number of bytes written, or a negative error in case of failure.

bpf_trace_printk2()

long bpf_trace_printk2	(	const char *	fmt,
		uint32_t	fmt_size
	)

Print debug output.

Parameters

[in]	fmt	Printf-style format string.
[in]	fmt_size	Size in bytes of fmt.

Returns

The number of bytes written, or a negative error in case of failure.

bpf_trace_printk3()

long bpf_trace_printk3	(	const char *	fmt,
		uint32_t	fmt_size,
		uint64_t	arg3
	)

Print debug output.

Parameters

[in]	fmt	Printf-style format string.
[in]	fmt_size	Size in bytes of fmt.
[in]	arg3	Numeric argument to be used by the format string.

Returns

The number of bytes written, or a negative error in case of failure.

bpf_trace_printk4()

long bpf_trace_printk4	(	const char *	fmt,
		uint32_t	fmt_size,
		uint64_t	arg3,
		uint64_t	arg4
	)

Print debug output.

Parameters

[in]	fmt	Printf-style format string.
[in]	fmt_size	Size in bytes of fmt.
[in]	arg3	Numeric argument to be used by the format string.
[in]	arg4	Numeric argument to be used by the format string.

Returns

The number of bytes written, or a negative error in case of failure.

bpf_trace_printk5()

long bpf_trace_printk5	(	const char *	fmt,
		uint32_t	fmt_size,
		uint64_t	arg3,
		uint64_t	arg4,
		uint64_t	arg5
	)

Print debug output.

Parameters

[in]	fmt	Printf-style format string.
[in]	fmt_size	Size in bytes of fmt.
[in]	arg3	Numeric argument to be used by the format string.
[in]	arg4	Numeric argument to be used by the format string.
[in]	arg5	Numeric argument to be used by the format string.

Returns

The number of bytes written, or a negative error in case of failure.