|
eBPF for Windows
|
Go to the source code of this file.
Functions | |
| void * | bpf_map_lookup_elem (void *map, void *key) |
| Get a pointer to an entry in the map. More... | |
| int64_t | bpf_map_update_elem (void *map, void *key, void *value, uint64_t flags) |
| Insert or update an entry in the map. More... | |
| int64_t | bpf_map_delete_elem (void *map, void *key) |
| Remove an entry from the map. More... | |
| void * | bpf_map_lookup_and_delete_elem (void *map, void *key) |
| Get a pointer to an entry in the map and erase that element. More... | |
| int64_t | bpf_tail_call (void *ctx, void *prog_array_map, uint32_t index) |
| Perform a tail call into another eBPF program. More... | |
| uint32_t | bpf_get_prandom_u32 () |
| Get a pseudo-random number. More... | |
| uint64_t | bpf_ktime_get_boot_ns () |
| Return time elapsed since boot in nanoseconds including time while suspended. More... | |
| uint64_t | bpf_get_smp_processor_id () |
| Return SMP id of the processor running the program. More... | |
| uint64_t | bpf_ktime_get_ns () |
| Return time elapsed since boot in nanoseconds excluding time while suspended. More... | |
| int | bpf_csum_diff (void *from, int from_size, void *to, int to_size, int seed) |
| Computes difference of checksum values for two input raw buffers using 1's complement arithmetic. More... | |
| int | bpf_ringbuf_output (void *ring_buffer, void *data, uint64_t size, uint64_t flags) |
| Copy data into the ring buffer map. More... | |
| long | bpf_trace_printk2 (const char *fmt, uint32_t fmt_size) |
| Print debug output. More... | |
| long | bpf_trace_printk3 (const char *fmt, uint32_t fmt_size, uint64_t arg3) |
| Print debug output. More... | |
| long | bpf_trace_printk4 (const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4) |
| Print debug output. More... | |
| long | bpf_trace_printk5 (const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5) |
| Print debug output. More... | |
| long | bpf_trace_printk (const char *fmt, uint32_t size,...) |
| Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows. More... | |
| long | bpf_printk (const char *fmt,...) |
| Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows. More... | |
| int64_t | bpf_map_push_elem (void *map, void *value, uint64_t flags) |
| Insert an element at the end of the map (only valid for stack and queue). More... | |
| int64_t | bpf_map_pop_elem (void *map, void *value) |
| Copy an entry from the map and remove it from the map (only valid for stack and queue). Queue pops from the beginning of the map. Stack pops from the end of the map. More... | |
| int64_t | bpf_map_peek_elem (void *map, void *value) |
| Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map. Stack peeks at the end of the map. More... | |
| uint64_t | bpf_get_current_pid_tgid () |
| Get the current thread ID (PID) and process ID (TGID). More... | |
| uint64_t | bpf_get_current_logon_id (const void *ctx) |
| Get the 64-bit logon ID of the current thread. In case of sock_addr attach types, get the logon ID of the user mode app making the request. In other cases, get the logon ID of the current thread. More... | |
| int32_t | bpf_is_current_admin (const void *ctx) |
| Get whether the current user is admin. In case of sock_addr attach types, returns whether the user initiating the request is admin or not. In other cases, returns whether the current thread user is admin or not. More... | |
| long | bpf_memcpy (void *destination, uint32_t destination_size, const void *source, uint32_t source_size) |
| Copy memory from one location to another. More... | |
| int | bpf_memcmp (const void *memory1, uint32_t memory1_size, const void *memory2, uint32_t memory2_size) |
| Compare two memory regions. More... | |
| long | bpf_memset (void *memory, uint32_t size, int value) |
| Set memory to a specific value. More... | |
| long | bpf_memmove (void *destination, uint32_t destination_size, const void *source, uint32_t source_size) |
| Copy memory from one location to another, handling overlapping regions. More... | |
| int64_t | bpf_get_socket_cookie (const void *ctx) |
| Get the socket cookie associated with the socket context. The context can be bpf_sock_addr struct, bpf_sock_ops struct, or bpf_sock struct. More... | |
| int | bpf_strncpy_s (char *dest, size_t dest_size, const char *src, size_t count) |
| Copy a string into a buffer, of a fixed size. More... | |
| int | bpf_strncat_s (char *dest, size_t dest_size, const char *src, size_t count) |
| Concatenate a string to an existing buffer, up to a certain number of characters. More... | |
| size_t | bpf_strnlen_s (const char *str, size_t str_size) |
| Find the length of a string, up to a certain number of characters. More... | |
| uint64_t | bpf_ktime_get_boot_ms () |
| Return time elapsed since boot in milliseconds including time while suspended. This function uses a lower resolution clock source than bpf_ktime_get_boot_ns, but is faster. More... | |
| uint64_t | bpf_ktime_get_ms () |
| Return time elapsed since boot in milliseconds excluding time while suspended. This function uses a lower resolution clock source than bpf_ktime_get_ns, but is faster. More... | |
| int bpf_csum_diff | ( | void * | from, |
| int | from_size, | ||
| void * | to, | ||
| int | to_size, | ||
| int | seed | ||
| ) |
Computes difference of checksum values for two input raw buffers using 1's complement arithmetic.
| [in] | from | Pointer to first raw buffer. |
| [in] | from_size | Length of the "from" buffer. Must be a multiple of 4. |
| [in] | to | Pointer to the second raw buffer, whose checksum will be subtracted from that of the "from" buffer. |
| [in] | to_size | Length of the "to" buffer. Must be a multiple of 4. |
| [in] | seed | An optional integer that can be added to the value, which can be used to carry result of a previous csum_diff operation. |
| uint64_t bpf_get_current_logon_id | ( | const void * | ctx | ) |
Get the 64-bit logon ID of the current thread. In case of sock_addr attach types, get the logon ID of the user mode app making the request. In other cases, get the logon ID of the current thread.
| [in] | ctx | Context passed to the eBPF program. |
| uint64_t bpf_get_current_pid_tgid | ( | ) |
Get the current thread ID (PID) and process ID (TGID).
| uint32_t bpf_get_prandom_u32 | ( | ) |
Get a pseudo-random number.
| uint64_t bpf_get_smp_processor_id | ( | ) |
Return SMP id of the processor running the program.
| int64_t bpf_get_socket_cookie | ( | const void * | ctx | ) |
Get the socket cookie associated with the socket context. The context can be bpf_sock_addr struct, bpf_sock_ops struct, or bpf_sock struct.
| [in] | ctx | Context passed to the eBPF program. |
| int32_t bpf_is_current_admin | ( | const void * | ctx | ) |
Get whether the current user is admin. In case of sock_addr attach types, returns whether the user initiating the request is admin or not. In other cases, returns whether the current thread user is admin or not.
| [in] | ctx | Context passed to the eBPF program. |
| 1 | Is admin. |
| 0 | Is not admin. |
| <0 | An error occurred. |
| uint64_t bpf_ktime_get_boot_ms | ( | ) |
Return time elapsed since boot in milliseconds including time while suspended. This function uses a lower resolution clock source than bpf_ktime_get_boot_ns, but is faster.
| uint64_t bpf_ktime_get_boot_ns | ( | ) |
Return time elapsed since boot in nanoseconds including time while suspended.
| uint64_t bpf_ktime_get_ms | ( | ) |
Return time elapsed since boot in milliseconds excluding time while suspended. This function uses a lower resolution clock source than bpf_ktime_get_ns, but is faster.
| uint64_t bpf_ktime_get_ns | ( | ) |
Return time elapsed since boot in nanoseconds excluding time while suspended.
| int64_t bpf_map_delete_elem | ( | void * | map, |
| void * | key | ||
| ) |
Remove an entry from the map.
| [in] | map | Map to update. |
| [in] | key | Key to use when searching and updating the map. |
| EBPF_SUCCESS | The operation was successful. |
| -EBPF_INVALID_ARGUMENT | One or more parameters are invalid. |
| void* bpf_map_lookup_and_delete_elem | ( | void * | map, |
| void * | key | ||
| ) |
Get a pointer to an entry in the map and erase that element.
| [in] | map | Map to search. |
| [in] | key | Key to use when searching map. |
| void* bpf_map_lookup_elem | ( | void * | map, |
| void * | key | ||
| ) |
Get a pointer to an entry in the map.
| [in] | map | Map to search. |
| [in] | key | Key to use when searching map. |
| int64_t bpf_map_peek_elem | ( | void * | map, |
| void * | value | ||
| ) |
Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map. Stack peeks at the end of the map.
| [in] | map | Map to search. |
| [out] | value | Value buffer to copy value from map into. |
| EBPF_SUCCESS | The operation was successful. |
| -EBPF_OBJECT_NOT_FOUND | The map is empty. |
| int64_t bpf_map_pop_elem | ( | void * | map, |
| void * | value | ||
| ) |
Copy an entry from the map and remove it from the map (only valid for stack and queue). Queue pops from the beginning of the map. Stack pops from the end of the map.
| [in] | map | Map to search. |
| [out] | value | Value buffer to copy value from map into. |
| EBPF_SUCCESS | The operation was successful. |
| -EBPF_OBJECT_NOT_FOUND | The map is empty. |
| int64_t bpf_map_push_elem | ( | void * | map, |
| void * | value, | ||
| uint64_t | flags | ||
| ) |
Insert an element at the end of the map (only valid for stack and queue).
| [in] | map | Map to update. |
| [in] | value | Value to insert into the map. |
| [in] | flags | Map flags - BPF_EXIST: If the map is full, the entry at the start of the map is discarded. |
| EBPF_SUCCESS | The operation was successful. |
| -EBPF_NO_MEMORY | Unable to allocate resources for this entry. |
| -EBPF_OUT_OF_SPACE | Map is full and BPF_EXIST was not supplied. |
| int64_t bpf_map_update_elem | ( | void * | map, |
| void * | key, | ||
| void * | value, | ||
| uint64_t | flags | ||
| ) |
Insert or update an entry in the map.
| [in] | map | Map to update. |
| [in] | key | Key to use when searching and updating the map. |
| [in] | value | Value to insert into the map. |
| [in] | flags | Map flags. |
| EBPF_SUCCESS | The operation was successful. |
| -EBPF_NO_MEMORY | Unable to allocate resources for this entry. |
| int bpf_memcmp | ( | const void * | memory1, |
| uint32_t | memory1_size, | ||
| const void * | memory2, | ||
| uint32_t | memory2_size | ||
| ) |
Compare two memory regions.
| [in] | memory1 | First memory region. |
| [in] | memory1_size | Size of the first memory region. |
| [in] | memory2 | Second memory region. |
| [in] | memory2_size | Size of the second memory region. |
| long bpf_memcpy | ( | void * | destination, |
| uint32_t | destination_size, | ||
| const void * | source, | ||
| uint32_t | source_size | ||
| ) |
Copy memory from one location to another.
| [in] | destination | Destination buffer. |
| [in] | destination_size | Size of the destination buffer. |
| [in] | source | Source buffer. |
| [in] | source_size | Size of the source buffer. |
| 0 | The operation was successful. |
| -EINVAL | One or more parameters are invalid. |
| long bpf_memmove | ( | void * | destination, |
| uint32_t | destination_size, | ||
| const void * | source, | ||
| uint32_t | source_size | ||
| ) |
Copy memory from one location to another, handling overlapping regions.
| [in] | destination | Destination buffer. |
| [in] | destination_size | Size of the destination buffer. |
| [in] | source | Source buffer. |
| [in] | source_size | Size of the source buffer. |
| 0 | The operation was successful. |
| -EINVAL | One or more parameters are invalid. |
| long bpf_memset | ( | void * | memory, |
| uint32_t | size, | ||
| int | value | ||
| ) |
Set memory to a specific value.
| [in] | memory | Memory region to set. |
| [in] | size | Size of the memory region. |
| [in] | value | Value to set the memory region to. |
| long bpf_printk | ( | const char * | fmt, |
| ... | |||
| ) |
Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows.
| [in] | fmt | Printf-style format string. |
| [in] | ... | Numeric arguments to be used by the format string. |
| int bpf_ringbuf_output | ( | void * | ring_buffer, |
| void * | data, | ||
| uint64_t | size, | ||
| uint64_t | flags | ||
| ) |
Copy data into the ring buffer map.
| [in,out] | map | Pointer to ring buffer map. |
| [in] | data | Data to copy into ring buffer map. |
| [in] | size | Length of data. |
| [in] | flags | Flags indicating if notification for new data availability should be sent. |
| int bpf_strncat_s | ( | char * | dest, |
| size_t | dest_size, | ||
| const char * | src, | ||
| size_t | count | ||
| ) |
Concatenate a string to an existing buffer, up to a certain number of characters.
| [in,out] | dest | Destination buffer. |
| [in] | dest_size | Size of the destination buffer. |
| [in] | src | String to append to the contents of dest. |
| [in] | count | Upper limit on the characters to append to dest. |
| 0 | Concatenation was successful. |
| <0 | Error code on failure, depending on the error. |
| int bpf_strncpy_s | ( | char * | dest, |
| size_t | dest_size, | ||
| const char * | src, | ||
| size_t | count | ||
| ) |
Copy a string into a buffer, of a fixed size.
| [in] | dest | Destination buffer. |
| [in] | dest_size | Size of the destination buffer. |
| [in] | src | Source string. |
| [in] | count | Upper limit on bytes to copy. |
| 0 | The operation was successful. |
| -ERANGE | The destination buffer isn't large enough for the string being copied. |
| size_t bpf_strnlen_s | ( | const char * | str, |
| size_t | str_size | ||
| ) |
Find the length of a string, up to a certain number of characters.
| [in] | str | Buffer containing one or more null-terminated strings. |
| [in] | str_size | Buffer length. |
| int64_t bpf_tail_call | ( | void * | ctx, |
| void * | prog_array_map, | ||
| uint32_t | index | ||
| ) |
Perform a tail call into another eBPF program.
| [in] | ctx | Context to pass to the called program. |
| [in] | prog_array_map | Map of program fds. |
| [in] | index | Index in map of program to call. |
| EBPF_SUCCESS | The operation was successful. |
| -EBPF_INVALID_ARGUMENT | One or more parameters are invalid. |
| long bpf_trace_printk | ( | const char * | fmt, |
| uint32_t | size, | ||
| ... | |||
| ) |
Print debug output. For instructions on viewing the output, see the Using tracing section of the Getting Started Guide for eBPF for Windows.
| [in] | fmt | Printf-style format string. |
| [in] | size | Size in bytes of the format string. |
| [in] | ... | Numeric arguments to be used by the format string. |
| long bpf_trace_printk2 | ( | const char * | fmt, |
| uint32_t | fmt_size | ||
| ) |
Print debug output.
| [in] | fmt | Printf-style format string. |
| [in] | fmt_size | Size in bytes of fmt. |
| long bpf_trace_printk3 | ( | const char * | fmt, |
| uint32_t | fmt_size, | ||
| uint64_t | arg3 | ||
| ) |
Print debug output.
| [in] | fmt | Printf-style format string. |
| [in] | fmt_size | Size in bytes of fmt. |
| [in] | arg3 | Numeric argument to be used by the format string. |
| long bpf_trace_printk4 | ( | const char * | fmt, |
| uint32_t | fmt_size, | ||
| uint64_t | arg3, | ||
| uint64_t | arg4 | ||
| ) |
Print debug output.
| [in] | fmt | Printf-style format string. |
| [in] | fmt_size | Size in bytes of fmt. |
| [in] | arg3 | Numeric argument to be used by the format string. |
| [in] | arg4 | Numeric argument to be used by the format string. |
| long bpf_trace_printk5 | ( | const char * | fmt, |
| uint32_t | fmt_size, | ||
| uint64_t | arg3, | ||
| uint64_t | arg4, | ||
| uint64_t | arg5 | ||
| ) |
Print debug output.
| [in] | fmt | Printf-style format string. |
| [in] | fmt_size | Size in bytes of fmt. |
| [in] | arg3 | Numeric argument to be used by the format string. |
| [in] | arg4 | Numeric argument to be used by the format string. |
| [in] | arg5 | Numeric argument to be used by the format string. |
1.9.1