eBPF for Windows
bpf_helper_defs.h
Go to the documentation of this file.
1 // Copyright (c) Microsoft Corporation
2 // SPDX-License-Identifier: MIT
3 #pragma once
4 
5 // This file contains APIs for global helpers that are exposed for
6 // use by all eBPF programs. Libbpf has bpf_helper_defs.h which is
7 // auto-generated but it's not platform-agnostic currently as it
8 // hard-codes the actual helper IDs.
9 
17 EBPF_HELPER(void*, bpf_map_lookup_elem, (void* map, void* key));
18 #ifndef __doxygen
19 #define bpf_map_lookup_elem ((bpf_map_lookup_elem_t)BPF_FUNC_map_lookup_elem)
20 #endif
21 
33 EBPF_HELPER(int64_t, bpf_map_update_elem, (void* map, void* key, void* value, uint64_t flags));
34 #ifndef __doxygen
35 #define bpf_map_update_elem ((bpf_map_update_elem_t)BPF_FUNC_map_update_elem)
36 #endif
37 
46 EBPF_HELPER(int64_t, bpf_map_delete_elem, (void* map, void* key));
47 #ifndef __doxygen
48 #define bpf_map_delete_elem ((bpf_map_delete_elem_t)BPF_FUNC_map_delete_elem)
49 #endif
50 
58 EBPF_HELPER(void*, bpf_map_lookup_and_delete_elem, (void* map, void* key));
59 #ifndef __doxygen
60 #define bpf_map_lookup_and_delete_elem ((bpf_map_lookup_and_delete_elem_t)BPF_FUNC_map_lookup_and_delete_elem)
61 #endif
62 
72 EBPF_HELPER(int64_t, bpf_tail_call, (void* ctx, void* prog_array_map, uint32_t index));
73 #ifndef __doxygen
74 #define bpf_tail_call ((bpf_tail_call_t)BPF_FUNC_tail_call)
75 #endif
76 
82 EBPF_HELPER(uint32_t, bpf_get_prandom_u32, ());
83 #ifndef __doxygen
84 #define bpf_get_prandom_u32 ((bpf_get_prandom_u32_t)BPF_FUNC_get_prandom_u32)
85 #endif
86 
92 EBPF_HELPER(uint64_t, bpf_ktime_get_boot_ns, ());
93 #ifndef __doxygen
94 #define bpf_ktime_get_boot_ns ((bpf_ktime_get_boot_ns_t)BPF_FUNC_ktime_get_boot_ns)
95 #endif
96 
102 EBPF_HELPER(uint64_t, bpf_get_smp_processor_id, ());
103 #ifndef __doxygen
104 #define bpf_get_smp_processor_id ((bpf_get_smp_processor_id_t)BPF_FUNC_get_smp_processor_id)
105 #endif
106 
112 EBPF_HELPER(uint64_t, bpf_ktime_get_ns, ());
113 #ifndef __doxygen
114 #define bpf_ktime_get_ns ((bpf_ktime_get_ns_t)BPF_FUNC_ktime_get_ns)
115 #endif
116 
129 EBPF_HELPER(int, bpf_csum_diff, (void* from, int from_size, void* to, int to_size, int seed));
130 #ifndef __doxygen
131 #define bpf_csum_diff ((bpf_csum_diff_t)BPF_FUNC_csum_diff)
132 #endif
133 
143 EBPF_HELPER(int, bpf_ringbuf_output, (void* ring_buffer, void* data, uint64_t size, uint64_t flags));
144 #ifndef __doxygen
145 #define bpf_ringbuf_output ((bpf_ringbuf_output_t)BPF_FUNC_ringbuf_output)
146 #endif
147 
156 EBPF_HELPER(long, bpf_trace_printk2, (const char* fmt, uint32_t fmt_size));
157 #ifndef __doxygen
158 #define bpf_trace_printk2 ((bpf_trace_printk2_t)BPF_FUNC_trace_printk2)
159 #endif
160 
170 EBPF_HELPER(long, bpf_trace_printk3, (const char* fmt, uint32_t fmt_size, uint64_t arg3));
171 #ifndef __doxygen
172 #define bpf_trace_printk3 ((bpf_trace_printk3_t)BPF_FUNC_trace_printk3)
173 #endif
174 
185 EBPF_HELPER(long, bpf_trace_printk4, (const char* fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4));
186 #ifndef __doxygen
187 #define bpf_trace_printk4 ((bpf_trace_printk4_t)BPF_FUNC_trace_printk4)
188 #endif
189 
201 EBPF_HELPER(long, bpf_trace_printk5, (const char* fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5));
202 #ifndef __doxygen
203 #define bpf_trace_printk5 ((bpf_trace_printk5_t)BPF_FUNC_trace_printk5)
204 #endif
205 
206 #ifndef __doxygen
207 // The following macros allow bpf_printk to accept a variable number of arguments
208 // while mapping to separate helper functions that each have a strict prototype
209 // that can be understood by the verifier.
210 #define EBPF_CONCATENATE(X, Y) X##Y
211 #define EBPF_MAKE_HELPER_NAME(PREFIX, ARG_COUNT) EBPF_CONCATENATE(PREFIX, ARG_COUNT)
212 #define EBPF_GET_NTH_ARG(_1, _2, _3, _4, _5, N, ...) N
213 #define EBPF_COUNT_VA_ARGS(...) EBPF_GET_NTH_ARG(__VA_ARGS__, 5, 4, 3, 2, 1)
214 #define EBPF_VA_ARGS_HELPER(PREFIX, ...) EBPF_MAKE_HELPER_NAME(PREFIX, EBPF_COUNT_VA_ARGS(__VA_ARGS__))(__VA_ARGS__)
215 
216 #undef bpf_trace_printk
217 #define bpf_trace_printk(fmt, size, ...) ({ EBPF_VA_ARGS_HELPER(bpf_trace_printk, fmt, size, ##__VA_ARGS__); })
218 #else
230 long
231 bpf_trace_printk(const char* fmt, uint32_t size, ...);
232 #endif
233 
234 #ifndef __doxygen
235 #undef bpf_printk
236 #define bpf_printk(fmt, ...) \
237  ({ \
238  char ____fmt[] = fmt; \
239  bpf_trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__); \
240  })
241 #else
252 long
253 bpf_printk(const char* fmt, ...);
254 #endif
255 
267 EBPF_HELPER(int64_t, bpf_map_push_elem, (void* map, void* value, uint64_t flags));
268 #ifndef __doxygen
269 #define bpf_map_push_elem ((bpf_map_push_elem_t)BPF_FUNC_map_push_elem)
270 #endif
271 
282 EBPF_HELPER(int64_t, bpf_map_pop_elem, (void* map, void* value));
283 #ifndef __doxygen
284 #define bpf_map_pop_elem ((bpf_map_pop_elem_t)BPF_FUNC_map_pop_elem)
285 #endif
286 
297 EBPF_HELPER(int64_t, bpf_map_peek_elem, (void* map, void* value));
298 #ifndef __doxygen
299 #define bpf_map_peek_elem ((bpf_map_pop_elem_t)BPF_FUNC_map_peek_elem)
300 #endif
301 
308 EBPF_HELPER(uint64_t, bpf_get_current_pid_tgid, ());
309 #ifndef __doxygen
310 #define bpf_get_current_pid_tgid ((bpf_get_current_pid_tgid_t)BPF_FUNC_get_current_pid_tgid)
311 #endif
312 
322 EBPF_HELPER(uint64_t, bpf_get_current_logon_id, (const void* ctx));
323 #ifndef __doxygen
324 #define bpf_get_current_logon_id ((bpf_get_current_logon_id_t)BPF_FUNC_get_current_logon_id)
325 #endif
326 
338 EBPF_HELPER(int32_t, bpf_is_current_admin, (const void* ctx));
339 #ifndef __doxygen
340 #define bpf_is_current_admin ((bpf_is_current_admin_t)BPF_FUNC_is_current_admin)
341 #endif
342 
354 EBPF_HELPER(long, bpf_memcpy, (void* destination, uint32_t destination_size, const void* source, uint32_t source_size));
355 #ifndef __doxygen
356 #define bpf_memcpy ((bpf_memcpy_t)BPF_FUNC_memcpy)
357 #endif
358 
371 EBPF_HELPER(int, bpf_memcmp, (const void* memory1, uint32_t memory1_size, const void* memory2, uint32_t memory2_size));
372 #ifndef __doxygen
373 #define bpf_memcmp ((bpf_memcmp_t)BPF_FUNC_memcmp)
374 #endif
375 
386 EBPF_HELPER(long, bpf_memset, (void* memory, uint32_t size, int value));
387 #ifndef __doxygen
388 #define bpf_memset ((bpf_memset_t)BPF_FUNC_memset)
389 #endif
390 
403 EBPF_HELPER(
404  long, bpf_memmove, (void* destination, uint32_t destination_size, const void* source, uint32_t source_size));
405 #ifndef __doxygen
406 #define bpf_memmove ((bpf_memmove_t)BPF_FUNC_memmove)
407 #endif
408 
409 #if __clang__
410 #define memcpy(dest, src, dest_size) bpf_memcpy(dest, dest_size, src, dest_size)
411 #define memcmp(mem1, mem2, mem1_size) bpf_memcmp(mem1, mem1_size, mem2, mem1_size)
412 #define memset(mem, value, mem_size) bpf_memset(mem, mem_size, value)
413 #define memmove(dest, src, dest_size) bpf_memmove(dest, dest_size, src, dest_size)
414 #define memcpy_s bpf_memcpy
415 #define memmove_s bpf_memmove
416 #endif
int bpf_ringbuf_output(void *ring_buffer, void *data, uint64_t size, uint64_t flags)
Copy data into the ring buffer map.
int64_t bpf_map_delete_elem(void *map, void *key)
Remove an entry from the map.
int64_t bpf_map_push_elem(void *map, void *value, uint64_t flags)
Insert an element at the end of the map (only valid for stack and queue).
uint64_t bpf_get_current_pid_tgid()
Get the current thread ID (PID) and process ID (TGID).
int32_t bpf_is_current_admin(const void *ctx)
Get whether the current user is admin. In case of sock_addr attach types, returns whether the user in...
void * bpf_map_lookup_and_delete_elem(void *map, void *key)
Get a pointer to an entry in the map and erase that element.
uint64_t bpf_ktime_get_ns()
Return time elapsed since boot in nanoseconds excluding time while suspended.
long bpf_trace_printk5(const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5)
Print debug output.
long bpf_memcpy(void *destination, uint32_t destination_size, const void *source, uint32_t source_size)
Copy memory from one location to another.
int64_t bpf_map_update_elem(void *map, void *key, void *value, uint64_t flags)
Insert or update an entry in the map.
uint64_t bpf_get_current_logon_id(const void *ctx)
Get the 64-bit logon ID of the current thread. In case of sock_addr attach types, get the logon ID of...
int64_t bpf_tail_call(void *ctx, void *prog_array_map, uint32_t index)
Perform a tail call into another eBPF program.
long bpf_trace_printk4(const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4)
Print debug output.
long bpf_memmove(void *destination, uint32_t destination_size, const void *source, uint32_t source_size)
Copy memory from one location to another, handling overlapping regions.
int64_t bpf_map_pop_elem(void *map, void *value)
Copy an entry from the map and remove it from the map (only valid for stack and queue)....
long bpf_trace_printk3(const char *fmt, uint32_t fmt_size, uint64_t arg3)
Print debug output.
int bpf_csum_diff(void *from, int from_size, void *to, int to_size, int seed)
Computes difference of checksum values for two input raw buffers using 1's complement arithmetic.
long bpf_trace_printk(const char *fmt, uint32_t size,...)
Print debug output. For instructions on viewing the output, see the Using tracing section of the Gett...
int bpf_memcmp(const void *memory1, uint32_t memory1_size, const void *memory2, uint32_t memory2_size)
Compare two memory regions.
long bpf_printk(const char *fmt,...)
Print debug output. For instructions on viewing the output, see the Using tracing section of the Gett...
void * bpf_map_lookup_elem(void *map, void *key)
Get a pointer to an entry in the map.
uint32_t bpf_get_prandom_u32()
Get a pseudo-random number.
uint64_t bpf_get_smp_processor_id()
Return SMP id of the processor running the program.
int64_t bpf_map_peek_elem(void *map, void *value)
Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map....
long bpf_trace_printk2(const char *fmt, uint32_t fmt_size)
Print debug output.
long bpf_memset(void *memory, uint32_t size, int value)
Set memory to a specific value.
uint64_t bpf_ktime_get_boot_ns()
Return time elapsed since boot in nanoseconds including time while suspended.