eBPF for Windows
bpf_helper_defs.h
Go to the documentation of this file.
1 // Copyright (c) Microsoft Corporation
2 // SPDX-License-Identifier: MIT
3 #pragma once
4 
5 // This file contains APIs for global helpers that are exposed for
6 // use by all eBPF programs. Libbpf has bpf_helper_defs.h which is
7 // auto-generated but it's not platform-agnostic currently as it
8 // hard-codes the actual helper IDs.
9 
17 EBPF_HELPER(void*, bpf_map_lookup_elem, (struct bpf_map * map, void* key));
18 #ifndef __doxygen
19 #define bpf_map_lookup_elem ((bpf_map_lookup_elem_t)BPF_FUNC_map_lookup_elem)
20 #endif
21 
33 EBPF_HELPER(int64_t, bpf_map_update_elem, (struct bpf_map * map, void* key, void* value, uint64_t flags));
34 #ifndef __doxygen
35 #define bpf_map_update_elem ((bpf_map_update_elem_t)BPF_FUNC_map_update_elem)
36 #endif
37 
46 EBPF_HELPER(int64_t, bpf_map_delete_elem, (struct bpf_map * map, void* key));
47 #ifndef __doxygen
48 #define bpf_map_delete_elem ((bpf_map_delete_elem_t)BPF_FUNC_map_delete_elem)
49 #endif
50 
58 EBPF_HELPER(void*, bpf_map_lookup_and_delete_elem, (struct bpf_map * map, void* key));
59 #ifndef __doxygen
60 #define bpf_map_lookup_and_delete_elem ((bpf_map_lookup_and_delete_elem_t)BPF_FUNC_map_lookup_and_delete_elem)
61 #endif
62 
72 EBPF_HELPER(int64_t, bpf_tail_call, (void* ctx, struct bpf_map* prog_array_map, uint32_t index));
73 #ifndef __doxygen
74 #define bpf_tail_call ((bpf_tail_call_t)BPF_FUNC_tail_call)
75 #endif
76 
82 EBPF_HELPER(uint32_t, bpf_get_prandom_u32, ());
83 #ifndef __doxygen
84 #define bpf_get_prandom_u32 ((bpf_get_prandom_u32_t)BPF_FUNC_get_prandom_u32)
85 #endif
86 
92 EBPF_HELPER(uint64_t, bpf_ktime_get_boot_ns, ());
93 #ifndef __doxygen
94 #define bpf_ktime_get_boot_ns ((bpf_ktime_get_boot_ns_t)BPF_FUNC_ktime_get_boot_ns)
95 #endif
96 
102 EBPF_HELPER(uint64_t, bpf_get_smp_processor_id, ());
103 #ifndef __doxygen
104 #define bpf_get_smp_processor_id ((bpf_get_smp_processor_id_t)BPF_FUNC_get_smp_processor_id)
105 #endif
106 
112 EBPF_HELPER(uint64_t, bpf_ktime_get_ns, ());
113 #ifndef __doxygen
114 #define bpf_ktime_get_ns ((bpf_ktime_get_ns_t)BPF_FUNC_ktime_get_ns)
115 #endif
116 
129 EBPF_HELPER(int, bpf_csum_diff, (void* from, int from_size, void* to, int to_size, int seed));
130 #ifndef __doxygen
131 #define bpf_csum_diff ((bpf_csum_diff_t)BPF_FUNC_csum_diff)
132 #endif
133 
143 EBPF_HELPER(int, bpf_ringbuf_output, (struct bpf_map * ring_buffer, void* data, uint64_t size, uint64_t flags));
144 #ifndef __doxygen
145 #define bpf_ringbuf_output ((bpf_ringbuf_output_t)BPF_FUNC_ringbuf_output)
146 #endif
147 
156 EBPF_HELPER(long, bpf_trace_printk2, (const char* fmt, uint32_t fmt_size));
157 #ifndef __doxygen
158 #define bpf_trace_printk2 ((bpf_trace_printk2_t)BPF_FUNC_trace_printk2)
159 #endif
160 
170 EBPF_HELPER(long, bpf_trace_printk3, (const char* fmt, uint32_t fmt_size, uint64_t arg3));
171 #ifndef __doxygen
172 #define bpf_trace_printk3 ((bpf_trace_printk3_t)BPF_FUNC_trace_printk3)
173 #endif
174 
185 EBPF_HELPER(long, bpf_trace_printk4, (const char* fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4));
186 #ifndef __doxygen
187 #define bpf_trace_printk4 ((bpf_trace_printk4_t)BPF_FUNC_trace_printk4)
188 #endif
189 
201 EBPF_HELPER(long, bpf_trace_printk5, (const char* fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5));
202 #ifndef __doxygen
203 #define bpf_trace_printk5 ((bpf_trace_printk5_t)BPF_FUNC_trace_printk5)
204 #endif
205 
206 #ifndef __doxygen
207 // The following macros allow bpf_printk to accept a variable number of arguments
208 // while mapping to separate helper functions that each have a strict prototype
209 // that can be understood by the verifier.
210 #define EBPF_CONCATENATE(X, Y) X##Y
211 #define EBPF_MAKE_HELPER_NAME(PREFIX, ARG_COUNT) EBPF_CONCATENATE(PREFIX, ARG_COUNT)
212 #define EBPF_GET_NTH_ARG(_1, _2, _3, _4, _5, N, ...) N
213 #define EBPF_COUNT_VA_ARGS(...) EBPF_GET_NTH_ARG(__VA_ARGS__, 5, 4, 3, 2, 1)
214 #define EBPF_VA_ARGS_HELPER(PREFIX, ...) EBPF_MAKE_HELPER_NAME(PREFIX, EBPF_COUNT_VA_ARGS(__VA_ARGS__))(__VA_ARGS__)
215 
216 #undef bpf_trace_printk
217 #define bpf_trace_printk(fmt, size, ...) ({ EBPF_VA_ARGS_HELPER(bpf_trace_printk, fmt, size, ##__VA_ARGS__); })
218 #else
230 long
231 bpf_trace_printk(const char* fmt, uint32_t size, ...);
232 #endif
233 
234 #ifndef __doxygen
235 #undef bpf_printk
236 #define bpf_printk(fmt, ...) \
237  ({ \
238  char ____fmt[] = fmt; \
239  bpf_trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__); \
240  })
241 #else
252 long
253 bpf_printk(const char* fmt, ...);
254 #endif
255 
267 EBPF_HELPER(int64_t, bpf_map_push_elem, (struct bpf_map * map, void* value, uint64_t flags));
268 #ifndef __doxygen
269 #define bpf_map_push_elem ((bpf_map_push_elem_t)BPF_FUNC_map_push_elem)
270 #endif
271 
282 EBPF_HELPER(int64_t, bpf_map_pop_elem, (struct bpf_map * map, void* value));
283 #ifndef __doxygen
284 #define bpf_map_pop_elem ((bpf_map_pop_elem_t)BPF_FUNC_map_pop_elem)
285 #endif
286 
297 EBPF_HELPER(int64_t, bpf_map_peek_elem, (struct bpf_map * map, void* value));
298 #ifndef __doxygen
299 #define bpf_map_peek_elem ((bpf_map_pop_elem_t)BPF_FUNC_map_peek_elem)
300 #endif
301 
308 EBPF_HELPER(uint64_t, bpf_get_current_pid_tgid, ());
309 #ifndef __doxygen
310 #define bpf_get_current_pid_tgid ((bpf_get_current_pid_tgid_t)BPF_FUNC_get_current_pid_tgid)
311 #endif
312 
322 EBPF_HELPER(uint64_t, bpf_get_current_logon_id, (const void* ctx));
323 #ifndef __doxygen
324 #define bpf_get_current_logon_id ((bpf_get_current_logon_id_t)BPF_FUNC_get_current_logon_id)
325 #endif
326 
338 EBPF_HELPER(int32_t, bpf_is_current_admin, (const void* ctx));
339 #ifndef __doxygen
340 #define bpf_is_current_admin ((bpf_is_current_admin_t)BPF_FUNC_is_current_admin)
341 #endif
bpf_ringbuf_output
int bpf_ringbuf_output(struct bpf_map *ring_buffer, void *data, uint64_t size, uint64_t flags)
Copy data into the ring buffer map.
bpf_get_current_pid_tgid
uint64_t bpf_get_current_pid_tgid()
Get the current thread ID (PID) and process ID (TGID).
bpf_is_current_admin
int32_t bpf_is_current_admin(const void *ctx)
Get whether the current user is admin. In case of sock_addr attach types, returns whether the user in...
bpf_map_lookup_and_delete_elem
void * bpf_map_lookup_and_delete_elem(struct bpf_map *map, void *key)
Get a pointer to an entry in the map and erase that element.
bpf_ktime_get_ns
uint64_t bpf_ktime_get_ns()
Return time elapsed since boot in nanoseconds excluding time while suspended.
bpf_trace_printk5
long bpf_trace_printk5(const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5)
Print debug output.
bpf_map_delete_elem
int64_t bpf_map_delete_elem(struct bpf_map *map, void *key)
Remove an entry from the map.
bpf_map_update_elem
int64_t bpf_map_update_elem(struct bpf_map *map, void *key, void *value, uint64_t flags)
Insert or update an entry in the map.
bpf_get_current_logon_id
uint64_t bpf_get_current_logon_id(const void *ctx)
Get the 64-bit logon ID of the current thread. In case of sock_addr attach types, get the logon ID of...
bpf_trace_printk4
long bpf_trace_printk4(const char *fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4)
Print debug output.
bpf_trace_printk3
long bpf_trace_printk3(const char *fmt, uint32_t fmt_size, uint64_t arg3)
Print debug output.
bpf_csum_diff
int bpf_csum_diff(void *from, int from_size, void *to, int to_size, int seed)
Computes difference of checksum values for two input raw buffers using 1's complement arithmetic.
bpf_trace_printk
long bpf_trace_printk(const char *fmt, uint32_t size,...)
Print debug output. For instructions on viewing the output, see the Using tracing section of the Gett...
bpf_map_peek_elem
int64_t bpf_map_peek_elem(struct bpf_map *map, void *value)
Copy an entry from the map (only valid for stack and queue). Queue peeks at the beginning of the map....
bpf_map_pop_elem
int64_t bpf_map_pop_elem(struct bpf_map *map, void *value)
Copy an entry from the map and remove it from the map (only valid for stack and queue)....
bpf_printk
long bpf_printk(const char *fmt,...)
Print debug output. For instructions on viewing the output, see the Using tracing section of the Gett...
bpf_map_push_elem
int64_t bpf_map_push_elem(struct bpf_map *map, void *value, uint64_t flags)
Insert an element at the end of the map (only valid for stack and queue).
bpf_get_prandom_u32
uint32_t bpf_get_prandom_u32()
Get a pseudo-random number.
bpf_map_lookup_elem
void * bpf_map_lookup_elem(struct bpf_map *map, void *key)
Get a pointer to an entry in the map.
bpf_get_smp_processor_id
uint64_t bpf_get_smp_processor_id()
Return SMP id of the processor running the program.
bpf_tail_call
int64_t bpf_tail_call(void *ctx, struct bpf_map *prog_array_map, uint32_t index)
Perform a tail call into another eBPF program.
bpf_trace_printk2
long bpf_trace_printk2(const char *fmt, uint32_t fmt_size)
Print debug output.
bpf_ktime_get_boot_ns
uint64_t bpf_ktime_get_boot_ns()
Return time elapsed since boot in nanoseconds including time while suspended.
bpf_map
#define bpf_map
Definition: bpf_helpers_platform.h:15
Generated by doxygen 1.9.1