eBPF for Windows
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
bpf_helper_defs.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3#pragma once
4
5// This file contains APIs for global helpers that are exposed for
6// use by all eBPF programs. Libbpf has bpf_helper_defs.h which is
7// auto-generated but it's not platform-agnostic currently as it
8// hard-codes the actual helper IDs.
9
17EBPF_HELPER(void*, bpf_map_lookup_elem, (void* map, void* key));
18#ifndef __doxygen
19#define bpf_map_lookup_elem ((bpf_map_lookup_elem_t)BPF_FUNC_map_lookup_elem)
20#endif
21
33EBPF_HELPER(int64_t, bpf_map_update_elem, (void* map, void* key, void* value, uint64_t flags));
34#ifndef __doxygen
35#define bpf_map_update_elem ((bpf_map_update_elem_t)BPF_FUNC_map_update_elem)
36#endif
37
46EBPF_HELPER(int64_t, bpf_map_delete_elem, (void* map, void* key));
47#ifndef __doxygen
48#define bpf_map_delete_elem ((bpf_map_delete_elem_t)BPF_FUNC_map_delete_elem)
49#endif
50
58EBPF_HELPER(void*, bpf_map_lookup_and_delete_elem, (void* map, void* key));
59#ifndef __doxygen
60#define bpf_map_lookup_and_delete_elem ((bpf_map_lookup_and_delete_elem_t)BPF_FUNC_map_lookup_and_delete_elem)
61#endif
62
72EBPF_HELPER(int64_t, bpf_tail_call, (void* ctx, void* prog_array_map, uint32_t index));
73#ifndef __doxygen
74#define bpf_tail_call ((bpf_tail_call_t)BPF_FUNC_tail_call)
75#endif
76
82EBPF_HELPER(uint32_t, bpf_get_prandom_u32, ());
83#ifndef __doxygen
84#define bpf_get_prandom_u32 ((bpf_get_prandom_u32_t)BPF_FUNC_get_prandom_u32)
85#endif
86
92EBPF_HELPER(uint64_t, bpf_ktime_get_boot_ns, ());
93#ifndef __doxygen
94#define bpf_ktime_get_boot_ns ((bpf_ktime_get_boot_ns_t)BPF_FUNC_ktime_get_boot_ns)
95#endif
96
102EBPF_HELPER(uint64_t, bpf_get_smp_processor_id, ());
103#ifndef __doxygen
104#define bpf_get_smp_processor_id ((bpf_get_smp_processor_id_t)BPF_FUNC_get_smp_processor_id)
105#endif
106
112EBPF_HELPER(uint64_t, bpf_ktime_get_ns, ());
113#ifndef __doxygen
114#define bpf_ktime_get_ns ((bpf_ktime_get_ns_t)BPF_FUNC_ktime_get_ns)
115#endif
116
129EBPF_HELPER(int, bpf_csum_diff, (void* from, int from_size, void* to, int to_size, int seed));
130#ifndef __doxygen
131#define bpf_csum_diff ((bpf_csum_diff_t)BPF_FUNC_csum_diff)
132#endif
133
143EBPF_HELPER(int, bpf_ringbuf_output, (void* ring_buffer, void* data, uint64_t size, uint64_t flags));
144#ifndef __doxygen
145#define bpf_ringbuf_output ((bpf_ringbuf_output_t)BPF_FUNC_ringbuf_output)
146#endif
147
156EBPF_HELPER(long, bpf_trace_printk2, (const char* fmt, uint32_t fmt_size));
157#ifndef __doxygen
158#define bpf_trace_printk2 ((bpf_trace_printk2_t)BPF_FUNC_trace_printk2)
159#endif
160
170EBPF_HELPER(long, bpf_trace_printk3, (const char* fmt, uint32_t fmt_size, uint64_t arg3));
171#ifndef __doxygen
172#define bpf_trace_printk3 ((bpf_trace_printk3_t)BPF_FUNC_trace_printk3)
173#endif
174
185EBPF_HELPER(long, bpf_trace_printk4, (const char* fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4));
186#ifndef __doxygen
187#define bpf_trace_printk4 ((bpf_trace_printk4_t)BPF_FUNC_trace_printk4)
188#endif
189
201EBPF_HELPER(long, bpf_trace_printk5, (const char* fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5));
202#ifndef __doxygen
203#define bpf_trace_printk5 ((bpf_trace_printk5_t)BPF_FUNC_trace_printk5)
204#endif
205
206#ifndef __doxygen
207// The following macros allow bpf_printk to accept a variable number of arguments
208// while mapping to separate helper functions that each have a strict prototype
209// that can be understood by the verifier.
210#define EBPF_CONCATENATE(X, Y) X##Y
211#define EBPF_MAKE_HELPER_NAME(PREFIX, ARG_COUNT) EBPF_CONCATENATE(PREFIX, ARG_COUNT)
212#define EBPF_GET_NTH_ARG(_1, _2, _3, _4, _5, N, ...) N
213#define EBPF_COUNT_VA_ARGS(...) EBPF_GET_NTH_ARG(__VA_ARGS__, 5, 4, 3, 2, 1)
214#define EBPF_VA_ARGS_HELPER(PREFIX, ...) EBPF_MAKE_HELPER_NAME(PREFIX, EBPF_COUNT_VA_ARGS(__VA_ARGS__))(__VA_ARGS__)
215
216#undef bpf_trace_printk
217#define bpf_trace_printk(fmt, size, ...) ({ EBPF_VA_ARGS_HELPER(bpf_trace_printk, fmt, size, ##__VA_ARGS__); })
218#else
230long
231bpf_trace_printk(const char* fmt, uint32_t size, ...);
232#endif
233
234#ifndef __doxygen
235#undef bpf_printk
236#define bpf_printk(fmt, ...) \
237 ({ \
238 char ____fmt[] = fmt; \
239 bpf_trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__); \
240 })
241#else
252long
253bpf_printk(const char* fmt, ...);
254#endif
255
267EBPF_HELPER(int64_t, bpf_map_push_elem, (void* map, void* value, uint64_t flags));
268#ifndef __doxygen
269#define bpf_map_push_elem ((bpf_map_push_elem_t)BPF_FUNC_map_push_elem)
270#endif
271
282EBPF_HELPER(int64_t, bpf_map_pop_elem, (void* map, void* value));
283#ifndef __doxygen
284#define bpf_map_pop_elem ((bpf_map_pop_elem_t)BPF_FUNC_map_pop_elem)
285#endif
286
297EBPF_HELPER(int64_t, bpf_map_peek_elem, (void* map, void* value));
298#ifndef __doxygen
299#define bpf_map_peek_elem ((bpf_map_pop_elem_t)BPF_FUNC_map_peek_elem)
300#endif
301
308EBPF_HELPER(uint64_t, bpf_get_current_pid_tgid, ());
309#ifndef __doxygen
310#define bpf_get_current_pid_tgid ((bpf_get_current_pid_tgid_t)BPF_FUNC_get_current_pid_tgid)
311#endif
312
322EBPF_HELPER(uint64_t, bpf_get_current_logon_id, (const void* ctx));
323#ifndef __doxygen
324#define bpf_get_current_logon_id ((bpf_get_current_logon_id_t)BPF_FUNC_get_current_logon_id)
325#endif
326
338EBPF_HELPER(int32_t, bpf_is_current_admin, (const void* ctx));
339#ifndef __doxygen
340#define bpf_is_current_admin ((bpf_is_current_admin_t)BPF_FUNC_is_current_admin)
341#endif
342
354EBPF_HELPER(long, bpf_memcpy, (void* destination, uint32_t destination_size, const void* source, uint32_t source_size));
355#ifndef __doxygen
356#define bpf_memcpy ((bpf_memcpy_t)BPF_FUNC_memcpy)
357#endif
358
371EBPF_HELPER(int, bpf_memcmp, (const void* memory1, uint32_t memory1_size, const void* memory2, uint32_t memory2_size));
372#ifndef __doxygen
373#define bpf_memcmp ((bpf_memcmp_t)BPF_FUNC_memcmp)
374#endif
375
386EBPF_HELPER(long, bpf_memset, (void* memory, uint32_t size, int value));
387#ifndef __doxygen
388#define bpf_memset ((bpf_memset_t)BPF_FUNC_memset)
389#endif
390
403EBPF_HELPER(
404 long, bpf_memmove, (void* destination, uint32_t destination_size, const void* source, uint32_t source_size));
405#ifndef __doxygen
406#define bpf_memmove ((bpf_memmove_t)BPF_FUNC_memmove)
407#endif
408
417EBPF_HELPER(int64_t, bpf_get_socket_cookie, (const void* ctx));
418#ifndef __doxygen
419#define bpf_get_socket_cookie ((bpf_get_socket_cookie_t)BPF_FUNC_get_socket_cookie)
420#endif
421
433EBPF_HELPER(int, bpf_strncpy_s, (char* dest, size_t dest_size, const char* src, size_t count));
434#ifndef __doxygen
435#define bpf_strncpy_s ((bpf_strncpy_s_t)BPF_FUNC_strncpy_s)
436#endif
437
449EBPF_HELPER(int, bpf_strncat_s, (char* dest, size_t dest_size, const char* src, size_t count));
450#ifndef __doxygen
451#define bpf_strncat_s ((bpf_strncat_s_t)BPF_FUNC_strncat_s)
452#endif
453
463EBPF_HELPER(size_t, bpf_strnlen_s, (const char* str, size_t str_size));
464#ifndef __doxygen
465#define bpf_strnlen_s ((bpf_strnlen_s_t)BPF_FUNC_strnlen_s)
466#endif
467
468#if __clang__
469#define memcpy(dest, src, dest_size) bpf_memcpy(dest, dest_size, src, dest_size)
470#define memcmp(mem1, mem2, mem1_size) bpf_memcmp(mem1, mem1_size, mem2, mem1_size)
471#define memset(mem, value, mem_size) bpf_memset(mem, mem_size, value)
472#define memmove(dest, src, dest_size) bpf_memmove(dest, dest_size, src, dest_size)
473#define memcpy_s bpf_memcpy
474#define memmove_s bpf_memmove
475#endif
476
483EBPF_HELPER(uint64_t, bpf_ktime_get_boot_ms, ());
484#ifndef __doxygen
485#define bpf_ktime_get_boot_ms ((bpf_ktime_get_boot_ms_t)BPF_FUNC_ktime_get_boot_ms)
486#endif
487
494EBPF_HELPER(uint64_t, bpf_ktime_get_ms, ());
495#ifndef __doxygen
496#define bpf_ktime_get_ms ((bpf_ktime_get_ms_t)BPF_FUNC_ktime_get_ms)
497#endif
498
513EBPF_HELPER(int, bpf_perf_event_output, (void* ctx, void* perf_event_array, uint64_t flags, void* data, uint64_t size));
514#ifndef __doxygen
515#define bpf_perf_event_output ((bpf_perf_event_output_t)BPF_FUNC_perf_event_output)
516#endif
bpf_ringbuf_output
int bpf_ringbuf_output(void *ring_buffer, void *data, uint64_t size, uint64_t flags)
Copy data into the ring buffer map.
bpf_map_delete_elem
int64_t bpf_map_delete_elem(void *map, void *key)
Remove an entry from the map.
bpf_strncpy_s
int bpf_strncpy_s(char *dest, size_t dest_size, const char *src, size_t count)
Copy a string into a buffer, of a fixed size.
bpf_map_push_elem
int64_t bpf_map_push_elem(void *map, void *value, uint64_t flags)
Insert an element at the end of the map (only valid for stack and queue).
bpf_get_current_pid_tgid
uint64_t bpf_get_current_pid_tgid()
Get the current thread ID (PID) and process ID (TGID).
bpf_is_current_admin
int32_t bpf_is_current_admin(const void *ctx)
Get whether the current user is admin. In case of sock_addr attach types, returns whether the user in...
bpf_map_lookup_elem
void * bpf_map_lookup_elem(void *map, void *key)
Get a pointer to an entry in the map.
bpf_ktime_get_ns
uint64_t bpf_ktime_get_ns()
Return time elapsed since boot in nanoseconds excluding time while suspended.
bpf_trace_printk5
long bpf_trace_printk5(const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5)
Print debug output.
bpf_strnlen_s
size_t bpf_strnlen_s(const char *str, size_t str_size)
Find the length of a string, up to a certain number of characters.
bpf_strncat_s
int bpf_strncat_s(char *dest, size_t dest_size, const char *src, size_t count)
Concatenate a string to an existing buffer, up to a certain number of characters.
bpf_memcpy
long bpf_memcpy(void *destination, uint32_t destination_size, const void *source, uint32_t source_size)
Copy memory from one location to another.
bpf_map_update_elem
int64_t bpf_map_update_elem(void *map, void *key, void *value, uint64_t flags)
Insert or update an entry in the map.
bpf_get_current_logon_id
uint64_t bpf_get_current_logon_id(const void *ctx)
Get the 64-bit logon ID of the current thread. In case of sock_addr attach types, get the logon ID of...
bpf_tail_call
int64_t bpf_tail_call(void *ctx, void *prog_array_map, uint32_t index)
Perform a tail call into another eBPF program.
bpf_trace_printk4
long bpf_trace_printk4(const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4)
Print debug output.
bpf_ktime_get_boot_ms
uint64_t bpf_ktime_get_boot_ms()
Return time elapsed since boot in milliseconds including time while suspended. This function uses a l...
bpf_memmove
long bpf_memmove(void *destination, uint32_t destination_size, const void *source, uint32_t source_size)
Copy memory from one location to another, handling overlapping regions.
bpf_map_pop_elem
int64_t bpf_map_pop_elem(void *map, void *value)
Copy an entry from the map and remove it from the map (only valid for stack and queue)....
bpf_trace_printk3
long bpf_trace_printk3(const char *fmt, uint32_t fmt_size, uint64_t arg3)
Print debug output.
bpf_csum_diff
int bpf_csum_diff(void *from, int from_size, void *to, int to_size, int seed)
Computes difference of checksum values for two input raw buffers using 1's complement arithmetic.
bpf_perf_event_output
int bpf_perf_event_output(void *ctx, void *perf_event_array, uint64_t flags, void *data, uint64_t size)
Copy data into perf event array map.
bpf_get_socket_cookie
int64_t bpf_get_socket_cookie(const void *ctx)
Get the socket cookie associated with the socket context. The context can be bpf_sock_addr struct,...
bpf_trace_printk
long bpf_trace_printk(const char *fmt, uint32_t size,...)
Print debug output. For instructions on viewing the output, see the Using tracing section of the Gett...
bpf_memcmp
int bpf_memcmp(const void *memory1, uint32_t memory1_size, const void *memory2, uint32_t memory2_size)
Compare two memory regions.
bpf_printk
long bpf_printk(const char *fmt,...)
Print debug output. For instructions on viewing the output, see the Using tracing section of the Gett...
bpf_map_lookup_and_delete_elem
void * bpf_map_lookup_and_delete_elem(void *map, void *key)
Get a pointer to an entry in the map and erase that element.
bpf_ktime_get_ms
uint64_t bpf_ktime_get_ms()
Return time elapsed since boot in milliseconds excluding time while suspended. This function uses a l...
bpf_get_prandom_u32
uint32_t bpf_get_prandom_u32()
Get a pseudo-random number.
bpf_get_smp_processor_id
uint64_t bpf_get_smp_processor_id()
Return SMP id of the processor running the program.
bpf_map_peek_elem
int64_t bpf_map_peek_elem(void *map, void *value)
Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map....
bpf_trace_printk2
long bpf_trace_printk2(const char *fmt, uint32_t fmt_size)
Print debug output.
bpf_memset
long bpf_memset(void *memory, uint32_t size, int value)
Set memory to a specific value.
bpf_ktime_get_boot_ns
uint64_t bpf_ktime_get_boot_ns()
Return time elapsed since boot in nanoseconds including time while suspended.
Generated by doxygen 1.9.8