eBPF for Windows
Loading...
Searching...
No Matches
ebpf_api.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3
4#pragma once
5
6#include "ebpf_core_structs.h"
7#include "ebpf_execution_type.h"
8#include "ebpf_program_attach_type_guids.h"
9#include "ebpf_result.h"
10
11#include <specstrings.h>
12#include <stdbool.h>
13#include <stdint.h>
14
15#ifdef __cplusplus
16#include <stdexcept>
17#define EBPF_NO_EXCEPT noexcept
18extern "C"
19{
20#else
21#define EBPF_NO_EXCEPT
22#endif
23
24 typedef int32_t fd_t;
25 extern __declspec(selectany) const fd_t ebpf_fd_invalid = -1;
26 typedef intptr_t ebpf_handle_t;
27
28 struct bpf_object;
29 struct bpf_program;
30 struct bpf_map;
31 struct bpf_link;
32
41 _Must_inspect_result_ ebpf_result_t
42 ebpf_program_query_info(
43 fd_t fd,
44 _Out_ ebpf_execution_type_t* execution_type,
45 _Outptr_result_z_ const char** file_name,
46 _Outptr_result_z_ const char** section_name) EBPF_NO_EXCEPT;
47
48 typedef struct _ebpf_stat
49 {
50 struct _ebpf_stat* next;
51 _Field_z_ const char* key;
52 int value;
53 } ebpf_stat_t;
54
67
68// The type ebpf_section_info_t was replaced by ebpf_api_program_info_t
69// which also added the offset_in_section field at the end.
70#define ebpf_section_info_t ebpf_api_program_info_t
71
81 _Must_inspect_result_ ebpf_result_t
82 ebpf_enumerate_programs(
83 _In_z_ const char* file,
84 bool verbose,
85 _Outptr_result_maybenull_ ebpf_api_program_info_t** infos,
86 _Outptr_result_maybenull_z_ const char** error_message) EBPF_NO_EXCEPT;
87
98 __declspec(deprecated("Use ebpf_enumerate_programs() instead.")) _Must_inspect_result_ ebpf_result_t
99 ebpf_enumerate_sections(
100 _In_z_ const char* file,
101 bool verbose,
102 _Outptr_result_maybenull_ ebpf_section_info_t** infos,
103 _Outptr_result_maybenull_z_ const char** error_message) EBPF_NO_EXCEPT;
104
109 void
110 ebpf_free_programs(_In_opt_ _Post_invalid_ ebpf_api_program_info_t* infos) EBPF_NO_EXCEPT;
111
117 __declspec(deprecated("Use ebpf_free_programs() instead.")) void
118 ebpf_free_sections(_In_opt_ _Post_invalid_ ebpf_section_info_t* infos) EBPF_NO_EXCEPT;
119
131 uint32_t
132 ebpf_api_elf_disassemble_program(
133 _In_z_ const char* file,
134 _In_opt_z_ const char* section_name,
135 _In_opt_z_ const char* program_name,
136 _Outptr_result_maybenull_z_ const char** disassembly,
137 _Outptr_result_maybenull_z_ const char** error_message) EBPF_NO_EXCEPT;
138
147 __declspec(deprecated("Use ebpf_api_elf_disassemble_program() instead.")) uint32_t
148 ebpf_api_elf_disassemble_section(
149 _In_z_ const char* file,
150 _In_z_ const char* section,
151 _Outptr_result_maybenull_z_ const char** disassembly,
152 _Outptr_result_maybenull_z_ const char** error_message) EBPF_NO_EXCEPT;
153
160
167
186 _Success_(return == 0) uint32_t ebpf_api_elf_verify_program_from_file(
187 _In_z_ const char* file,
188 _In_opt_z_ const char* section_name,
189 _In_opt_z_ const char* program_name,
190 _In_opt_ const ebpf_program_type_t* program_type,
191 ebpf_verification_verbosity_t verbosity,
192 _Outptr_result_maybenull_z_ const char** report,
193 _Outptr_result_maybenull_z_ const char** error_message,
194 _Out_opt_ ebpf_api_verifier_stats_t* stats) EBPF_NO_EXCEPT;
195
211 __declspec(deprecated("Use ebpf_api_elf_verify_program_from_file() instead.")) _Success_(return == 0) uint32_t
212 ebpf_api_elf_verify_section_from_file(
213 _In_z_ const char* file,
214 _In_z_ const char* section,
215 _In_opt_ const ebpf_program_type_t* program_type,
216 ebpf_verification_verbosity_t verbosity,
217 _Outptr_result_maybenull_z_ const char** report,
218 _Outptr_result_maybenull_z_ const char** error_message,
219 _Out_opt_ ebpf_api_verifier_stats_t* stats) EBPF_NO_EXCEPT;
220
240 _Success_(return == 0) uint32_t ebpf_api_elf_verify_program_from_memory(
241 _In_reads_(data_length) const char* data,
242 size_t data_length,
243 _In_opt_z_ const char* section_name,
244 _In_opt_z_ const char* program_name,
245 _In_opt_ const ebpf_program_type_t* program_type,
246 ebpf_verification_verbosity_t verbosity,
247 _Outptr_result_maybenull_z_ const char** report,
248 _Outptr_result_maybenull_z_ const char** error_message,
249 _Out_opt_ ebpf_api_verifier_stats_t* stats) EBPF_NO_EXCEPT;
250
267 __declspec(deprecated("Use ebpf_api_elf_verify_program_from_memory() instead.")) _Success_(return == 0) uint32_t
268 ebpf_api_elf_verify_section_from_memory(
269 _In_reads_(data_length) const char* data,
270 size_t data_length,
271 _In_z_ const char* section_name,
272 _In_opt_ const ebpf_program_type_t* program_type,
273 ebpf_verification_verbosity_t verbosity,
274 _Outptr_result_maybenull_z_ const char** report,
275 _Outptr_result_maybenull_z_ const char** error_message,
276 _Out_opt_ ebpf_api_verifier_stats_t* stats) EBPF_NO_EXCEPT;
277
282 void
283 ebpf_free_string(_In_opt_ _Post_invalid_ const char* string) EBPF_NO_EXCEPT;
284
290 uint32_t
291 ebpf_api_unpin_object(const uint8_t* name, uint32_t name_length) EBPF_NO_EXCEPT;
292
299 _Must_inspect_result_ ebpf_result_t
300 ebpf_object_unpin(_In_z_ const char* path) EBPF_NO_EXCEPT;
301
324 _Must_inspect_result_ ebpf_result_t
325 ebpf_object_get_info_by_fd(
326 fd_t bpf_fd,
327 _Inout_updates_bytes_to_opt_(*info_size, *info_size) void* info,
328 _Inout_opt_ uint32_t* info_size,
329 _Out_opt_ ebpf_object_type_t* type) EBPF_NO_EXCEPT;
330
339 _Must_inspect_result_ ebpf_result_t
340 ebpf_api_unlink_program(ebpf_handle_t link_handle) EBPF_NO_EXCEPT;
341
349 _Must_inspect_result_ ebpf_result_t
350 ebpf_api_close_handle(ebpf_handle_t handle) EBPF_NO_EXCEPT;
351
362 _Must_inspect_result_ ebpf_result_t
363 ebpf_api_get_pinned_map_info(
364 _Out_ uint16_t* map_count,
365 _Outptr_result_buffer_maybenull_(*map_count) ebpf_map_info_t** map_info) EBPF_NO_EXCEPT;
366
374 void
375 ebpf_api_map_info_free(
376 uint16_t map_count,
377 _In_opt_count_(map_count) _Post_ptr_invalid_ const ebpf_map_info_t* map_info) EBPF_NO_EXCEPT;
378
386 ebpf_execution_type_t
387 ebpf_object_get_execution_type(_In_ const struct bpf_object* object) EBPF_NO_EXCEPT;
388
398 _Must_inspect_result_ ebpf_result_t
399 ebpf_object_set_execution_type(_Inout_ struct bpf_object* object, ebpf_execution_type_t execution_type)
400 EBPF_NO_EXCEPT;
401
415 _Must_inspect_result_ ebpf_result_t
416 ebpf_object_load_native_by_fds(
417 _In_z_ const char* file_name,
418 _Inout_ size_t* count_of_maps,
419 _Out_writes_opt_(*count_of_maps) fd_t* map_fds,
420 _Inout_ size_t* count_of_programs,
421 _Out_writes_opt_(*count_of_programs) fd_t* program_fds) EBPF_NO_EXCEPT;
422
439 _Must_inspect_result_ ebpf_result_t
440 ebpf_program_attach(
441 _In_ const struct bpf_program* program,
442 _In_opt_ const ebpf_attach_type_t* attach_type,
443 _In_reads_bytes_opt_(attach_params_size) void* attach_parameters,
444 size_t attach_params_size,
445 _Outptr_ struct bpf_link** link) EBPF_NO_EXCEPT;
446
463 _Must_inspect_result_ ebpf_result_t
464 ebpf_program_attach_by_fd(
465 fd_t program_fd,
466 _In_opt_ const ebpf_attach_type_t* attach_type,
467 _In_reads_bytes_opt_(attach_parameters_size) void* attach_parameters,
468 size_t attach_parameters_size,
469 _Outptr_ struct bpf_link** link) EBPF_NO_EXCEPT;
470
479 _Must_inspect_result_ ebpf_result_t
480 ebpf_program_attach_by_fds(
481 fd_t program_fd,
482 _In_opt_ const ebpf_attach_type_t* attach_type,
483 _In_reads_bytes_opt_(attach_parameters_size) void* attach_parameters,
484 size_t attach_parameters_size,
485 _Out_ fd_t* link) EBPF_NO_EXCEPT;
486
496 _Must_inspect_result_ ebpf_result_t
497 ebpf_link_detach(_Inout_ struct bpf_link* link) EBPF_NO_EXCEPT;
498
512 _Must_inspect_result_ ebpf_result_t
513 ebpf_program_detach(
514 fd_t program_fd,
515 _In_ const ebpf_attach_type_t* attach_type,
516 _In_reads_bytes_(attach_parameter_size) void* attach_parameter,
517 size_t attach_parameter_size) EBPF_NO_EXCEPT;
518
529 void
530 ebpf_link_close(_Frees_ptr_ struct bpf_link* link) EBPF_NO_EXCEPT;
531
539 _Must_inspect_result_ ebpf_result_t
540 ebpf_close_fd(fd_t fd) EBPF_NO_EXCEPT;
541
550 _Must_inspect_result_ ebpf_result_t
551 ebpf_duplicate_fd(fd_t fd, _Out_ fd_t* dup) EBPF_NO_EXCEPT;
552
563 _Must_inspect_result_ ebpf_result_t
564 ebpf_get_program_type_by_name(
565 _In_z_ const char* name,
566 _Out_ ebpf_program_type_t* program_type,
567 _Out_ ebpf_attach_type_t* expected_attach_type) EBPF_NO_EXCEPT;
568
576 _Ret_maybenull_z_ const char*
577 ebpf_get_program_type_name(_In_ const ebpf_program_type_t* program_type) EBPF_NO_EXCEPT;
578
586 _Ret_maybenull_z_ const char*
587 ebpf_get_attach_type_name(_In_ const ebpf_attach_type_t* attach_type) EBPF_NO_EXCEPT;
588
599 __declspec(deprecated("Use ebpf_get_next_pinned_object_path() instead.")) _Must_inspect_result_ ebpf_result_t
600 ebpf_get_next_pinned_program_path(
601 _In_z_ const char* start_path, _Out_writes_z_(EBPF_MAX_PIN_PATH_LENGTH) char* next_path) EBPF_NO_EXCEPT;
602
615 _Must_inspect_result_ ebpf_result_t
616 ebpf_get_next_pinned_object_path(
617 _In_z_ const char* start_path,
618 _Out_writes_z_(next_path_len) char* next_path,
619 size_t next_path_len,
620 _Inout_ ebpf_object_type_t* type) EBPF_NO_EXCEPT;
621
632 _Must_inspect_result_ ebpf_result_t
633 ebpf_canonicalize_pin_path(_Out_writes_(output_size) char* output, size_t output_size, _In_z_ const char* input)
634 EBPF_NO_EXCEPT;
635
636 typedef struct _ebpf_program_info ebpf_program_info_t;
637
647 _Must_inspect_result_ ebpf_result_t
648 ebpf_get_program_info_from_verifier(_Outptr_ const ebpf_program_info_t** program_info) EBPF_NO_EXCEPT;
649
650 typedef struct _ebpf_test_run_options
651 {
652 _Readable_bytes_(data_size_in) const uint8_t* data_in;
653 _Writable_bytes_(data_size_out) uint8_t* data_out;
654 size_t data_size_in;
655 size_t data_size_out;
656 _Readable_bytes_(context_size_in) const uint8_t* context_in;
657 _Writable_bytes_(context_size_out) uint8_t* context_out;
658 size_t context_size_in;
659 size_t context_size_out;
660 uint64_t return_value;
661 size_t repeat_count;
662 uint64_t duration;
663 uint32_t flags;
664 uint32_t cpu;
665 size_t batch_size;
666 } ebpf_test_run_options_t;
667
676 _Must_inspect_result_ ebpf_result_t
677 ebpf_program_test_run(fd_t program_fd, _Inout_ ebpf_test_run_options_t* options) EBPF_NO_EXCEPT;
678
689 _Must_inspect_result_ ebpf_result_t
690 ebpf_ring_buffer_map_write(
691 fd_t ring_buffer_map_fd, _In_reads_bytes_(data_length) const void* data, size_t data_length) EBPF_NO_EXCEPT;
692
708 _Must_inspect_result_ ebpf_result_t
709 ebpf_ring_buffer_map_map_buffer(
710 fd_t map_fd,
711 _Outptr_result_maybenull_ void** consumer,
712 _Outptr_result_maybenull_ const void** producer,
713 _Outptr_result_buffer_maybenull_(*data_size) const uint8_t** data,
714 _Out_ size_t* data_size) EBPF_NO_EXCEPT;
715
725 _Must_inspect_result_ ebpf_result_t
726 ebpf_ring_buffer_map_unmap_buffer(
727 fd_t map_fd, _In_ void* consumer, _In_ const void* producer, _In_ const void* data) EBPF_NO_EXCEPT;
728
742 _Must_inspect_result_ ebpf_result_t
743 ebpf_map_set_wait_handle(fd_t map_fd, uint64_t index, ebpf_handle_t handle) EBPF_NO_EXCEPT;
744
752 _Ret_maybenull_ const ebpf_program_type_t*
753 ebpf_get_ebpf_program_type(bpf_prog_type_t bpf_program_type) EBPF_NO_EXCEPT;
754
764 _Must_inspect_result_ ebpf_result_t
765 ebpf_get_ebpf_attach_type(bpf_attach_type_t bpf_attach_type, _Out_ ebpf_attach_type_t* ebpf_attach_type)
766 EBPF_NO_EXCEPT;
767
775 bpf_prog_type_t
776 ebpf_get_bpf_program_type(_In_ const ebpf_program_type_t* program_type) EBPF_NO_EXCEPT;
777
785 bpf_attach_type_t
786 ebpf_get_bpf_attach_type(_In_ const ebpf_attach_type_t* ebpf_attach_type) EBPF_NO_EXCEPT;
787
798 _Must_inspect_result_ ebpf_result_t
799 ebpf_perf_event_array_map_write(
800 fd_t perf_event_array_map_fd,
801 _In_reads_bytes_(data_length) const void* data,
802 size_t data_length) EBPF_NO_EXCEPT;
803
810 _Must_inspect_result_ ebpf_result_t
811 ebpf_program_synchronize() EBPF_NO_EXCEPT;
812
813#ifdef __cplusplus
814}
815#endif
bpf_map
#define bpf_map
Definition bpf_helpers_platform.h:16
ebpf_stat_t
struct _ebpf_stat ebpf_stat_t
ebpf_free_string
void ebpf_free_string(const char *string) EBPF_NO_EXCEPT
Free memory for a string returned from an eBPF API.
ebpf_test_run_options_t
struct _ebpf_test_run_options ebpf_test_run_options_t
ebpf_get_next_pinned_program_path
_Must_inspect_result_ ebpf_result_t ebpf_get_next_pinned_program_path(const char *start_path, _Out_writes_z_(EBPF_MAX_PIN_PATH_LENGTH) char *next_path) EBPF_NO_EXCEPT
Gets the next pinned program after a given path.
ebpf_api_unlink_program
_Must_inspect_result_ ebpf_result_t ebpf_api_unlink_program(ebpf_handle_t link_handle) EBPF_NO_EXCEPT
Detach the eBPF program from the link.
ebpf_duplicate_fd
_Must_inspect_result_ ebpf_result_t ebpf_duplicate_fd(fd_t fd, fd_t *dup) EBPF_NO_EXCEPT
Duplicate a file descriptor.
ebpf_map_set_wait_handle
_Must_inspect_result_ ebpf_result_t ebpf_map_set_wait_handle(fd_t map_fd, uint64_t index, ebpf_handle_t handle) EBPF_NO_EXCEPT
Set the wait handle that will be signaled for new data.
ebpf_api_elf_verify_section_from_memory
uint32_t ebpf_api_elf_verify_section_from_memory(_In_reads_(data_length) const char *data, size_t data_length, const char *section_name, const ebpf_program_type_t *program_type, ebpf_verification_verbosity_t verbosity, const char **report, const char **error_message, _Out_opt_ ebpf_api_verifier_stats_t *stats) EBPF_NO_EXCEPT
Verify that the program is safe to execute.
ebpf_api_unpin_object
uint32_t ebpf_api_unpin_object(const uint8_t *name, uint32_t name_length) EBPF_NO_EXCEPT
Dissociate a name with an object handle.
_ebpf_verification_verbosity
_ebpf_verification_verbosity
Definition ebpf_api.h:162
EBPF_VERIFICATION_VERBOSITY_VERBOSE
@ EBPF_VERIFICATION_VERBOSITY_VERBOSE
Definition ebpf_api.h:165
EBPF_VERIFICATION_VERBOSITY_NORMAL
@ EBPF_VERIFICATION_VERBOSITY_NORMAL
Definition ebpf_api.h:163
EBPF_VERIFICATION_VERBOSITY_INFORMATIONAL
@ EBPF_VERIFICATION_VERBOSITY_INFORMATIONAL
Definition ebpf_api.h:164
ebpf_get_program_info_from_verifier
_Must_inspect_result_ ebpf_result_t ebpf_get_program_info_from_verifier(const ebpf_program_info_t **program_info) EBPF_NO_EXCEPT
Get the set of program information used by the verifier during the last verification.
ebpf_api_map_info_free
void ebpf_api_map_info_free(uint16_t map_count, const ebpf_map_info_t *map_info) EBPF_NO_EXCEPT
Helper Function to free array of ebpf_map_info_t allocated by ebpf_api_get_pinned_map_info function.
ebpf_section_info_t
#define ebpf_section_info_t
Definition ebpf_api.h:70
ebpf_ring_buffer_map_write
_Must_inspect_result_ ebpf_result_t ebpf_ring_buffer_map_write(fd_t ring_buffer_map_fd, _In_reads_bytes_(data_length) const void *data, size_t data_length) EBPF_NO_EXCEPT
Write data into the ring buffer map.
ebpf_free_sections
void ebpf_free_sections(ebpf_section_info_t *infos) EBPF_NO_EXCEPT
Free memory returned from ebpf_enumerate_sections.
ebpf_object_set_execution_type
_Must_inspect_result_ ebpf_result_t ebpf_object_set_execution_type(_Inout_ struct bpf_object *object, ebpf_execution_type_t execution_type) EBPF_NO_EXCEPT
Set the execution type for an eBPF object file.
ebpf_get_bpf_attach_type
bpf_attach_type_t ebpf_get_bpf_attach_type(const ebpf_attach_type_t *ebpf_attach_type) EBPF_NO_EXCEPT
Get BPF attach type for the specified eBPF attach type.
ebpf_program_attach_by_fd
_Must_inspect_result_ ebpf_result_t ebpf_program_attach_by_fd(fd_t program_fd, const ebpf_attach_type_t *attach_type, _In_reads_bytes_opt_(attach_parameters_size) void *attach_parameters, size_t attach_parameters_size, struct bpf_link **link) EBPF_NO_EXCEPT
Attach an eBPF program by program file descriptor.
ebpf_object_unpin
_Must_inspect_result_ ebpf_result_t ebpf_object_unpin(const char *path) EBPF_NO_EXCEPT
Unpin the object from the specified path.
ebpf_program_query_info
_Must_inspect_result_ ebpf_result_t ebpf_program_query_info(fd_t fd, ebpf_execution_type_t *execution_type, _Outptr_result_z_ const char **file_name, _Outptr_result_z_ const char **section_name) EBPF_NO_EXCEPT
Query info about an eBPF program.
EBPF_NO_EXCEPT
#define EBPF_NO_EXCEPT
Definition ebpf_api.h:21
ebpf_object_get_execution_type
ebpf_execution_type_t ebpf_object_get_execution_type(const struct bpf_object *object) EBPF_NO_EXCEPT
Get the execution type for an eBPF object file.
ebpf_free_programs
void ebpf_free_programs(ebpf_api_program_info_t *infos) EBPF_NO_EXCEPT
Free memory returned from ebpf_enumerate_programs.
ebpf_object_get_info_by_fd
_Must_inspect_result_ ebpf_result_t ebpf_object_get_info_by_fd(fd_t bpf_fd, _Inout_updates_bytes_to_opt_(*info_size, *info_size) void *info, _Inout_opt_ uint32_t *info_size, _Out_opt_ ebpf_object_type_t *type) EBPF_NO_EXCEPT
Obtain information about the eBPF object referred to by bpf_fd. This function populates up to info_le...
ebpf_api_elf_verify_section_from_file
uint32_t ebpf_api_elf_verify_section_from_file(const char *file, const char *section, const ebpf_program_type_t *program_type, ebpf_verification_verbosity_t verbosity, const char **report, const char **error_message, _Out_opt_ ebpf_api_verifier_stats_t *stats) EBPF_NO_EXCEPT
Verify that the program is safe to execute.
ebpf_get_next_pinned_object_path
_Must_inspect_result_ ebpf_result_t ebpf_get_next_pinned_object_path(const char *start_path, _Out_writes_z_(next_path_len) char *next_path, size_t next_path_len, _Inout_ ebpf_object_type_t *type) EBPF_NO_EXCEPT
Retrieve the next pinned path of an eBPF object.
ebpf_api_elf_verify_program_from_file
uint32_t ebpf_api_elf_verify_program_from_file(const char *file, _In_opt_z_ const char *section_name, _In_opt_z_ const char *program_name, const ebpf_program_type_t *program_type, ebpf_verification_verbosity_t verbosity, const char **report, const char **error_message, _Out_opt_ ebpf_api_verifier_stats_t *stats) EBPF_NO_EXCEPT
Verify that the program is safe to execute.
ebpf_verification_verbosity_t
enum _ebpf_verification_verbosity ebpf_verification_verbosity_t
ebpf_get_program_type_by_name
_Must_inspect_result_ ebpf_result_t ebpf_get_program_type_by_name(const char *name, ebpf_program_type_t *program_type, ebpf_attach_type_t *expected_attach_type) EBPF_NO_EXCEPT
Get eBPF program type and expected attach type by name.
ebpf_api_get_pinned_map_info
_Must_inspect_result_ ebpf_result_t ebpf_api_get_pinned_map_info(uint16_t *map_count,(*map_count) ebpf_map_info_t **map_info) EBPF_NO_EXCEPT
Returns an array of ebpf_map_info_t for all pinned maps.
ebpf_program_detach
_Must_inspect_result_ ebpf_result_t ebpf_program_detach(fd_t program_fd, const ebpf_attach_type_t *attach_type, _In_reads_bytes_(attach_parameter_size) void *attach_parameter, size_t attach_parameter_size) EBPF_NO_EXCEPT
Detach an eBPF program.
fd_t
int32_t fd_t
Definition ebpf_api.h:24
ebpf_close_fd
_Must_inspect_result_ ebpf_result_t ebpf_close_fd(fd_t fd) EBPF_NO_EXCEPT
Close a file descriptor. Also close the underlying handle.
ebpf_program_test_run
_Must_inspect_result_ ebpf_result_t ebpf_program_test_run(fd_t program_fd, _Inout_ ebpf_test_run_options_t *options) EBPF_NO_EXCEPT
Run the program in the eBPF VM, measure the execution time, and return the result.
ebpf_canonicalize_pin_path
_Must_inspect_result_ ebpf_result_t ebpf_canonicalize_pin_path(_Out_writes_(output_size) char *output, size_t output_size, const char *input) EBPF_NO_EXCEPT
Canonicalize a path using filesystem canonicalization rules.
ebpf_program_attach_by_fds
_Must_inspect_result_ ebpf_result_t ebpf_program_attach_by_fds(fd_t program_fd, const ebpf_attach_type_t *attach_type, _In_reads_bytes_opt_(attach_parameters_size) void *attach_parameters, size_t attach_parameters_size, fd_t *link) EBPF_NO_EXCEPT
Attach an eBPF program by program file descriptor and return the link as a file descriptor.
ebpf_api_program_info_t
struct _ebpf_api_program_info ebpf_api_program_info_t
ebpf_get_ebpf_program_type
const ebpf_program_type_t * ebpf_get_ebpf_program_type(bpf_prog_type_t bpf_program_type) EBPF_NO_EXCEPT
Get eBPF program type for the specified BPF program type.
ebpf_get_bpf_program_type
bpf_prog_type_t ebpf_get_bpf_program_type(const ebpf_program_type_t *program_type) EBPF_NO_EXCEPT
Get BPF program type for the specified eBPF program type.
ebpf_program_attach
_Must_inspect_result_ ebpf_result_t ebpf_program_attach(const struct bpf_program *program, const ebpf_attach_type_t *attach_type, _In_reads_bytes_opt_(attach_params_size) void *attach_parameters, size_t attach_params_size, struct bpf_link **link) EBPF_NO_EXCEPT
Attach an eBPF program.
ebpf_link_detach
_Must_inspect_result_ ebpf_result_t ebpf_link_detach(_Inout_ struct bpf_link *link) EBPF_NO_EXCEPT
Detach an eBPF program from an attach point represented by the bpf_link structure.
ebpf_get_ebpf_attach_type
_Must_inspect_result_ ebpf_result_t ebpf_get_ebpf_attach_type(bpf_attach_type_t bpf_attach_type, ebpf_attach_type_t *ebpf_attach_type) EBPF_NO_EXCEPT
Get eBPF attach type for the specified BPF attach type.
ebpf_handle_t
intptr_t ebpf_handle_t
Definition ebpf_api.h:26
ebpf_link_close
void ebpf_link_close(_Frees_ptr_ struct bpf_link *link) EBPF_NO_EXCEPT
ebpf_api_elf_disassemble_program
uint32_t ebpf_api_elf_disassemble_program(const char *file, _In_opt_z_ const char *section_name, _In_opt_z_ const char *program_name, const char **disassembly, const char **error_message) EBPF_NO_EXCEPT
Convert an eBPF program to human readable byte code.
ebpf_api_close_handle
_Must_inspect_result_ ebpf_result_t ebpf_api_close_handle(ebpf_handle_t handle) EBPF_NO_EXCEPT
Close an eBPF handle.
ebpf_object_load_native_by_fds
_Must_inspect_result_ ebpf_result_t ebpf_object_load_native_by_fds(const char *file_name, _Inout_ size_t *count_of_maps, _Out_writes_opt_(*count_of_maps) fd_t *map_fds, _Inout_ size_t *count_of_programs, _Out_writes_opt_(*count_of_programs) fd_t *program_fds) EBPF_NO_EXCEPT
Load a native image from a file and return map and program file descriptors.
ebpf_get_attach_type_name
_Ret_maybenull_z_ const char * ebpf_get_attach_type_name(const ebpf_attach_type_t *attach_type) EBPF_NO_EXCEPT
Get the name of a given attach type.
ebpf_fd_invalid
const fd_t ebpf_fd_invalid
ebpf_perf_event_array_map_write
_Must_inspect_result_ ebpf_result_t ebpf_perf_event_array_map_write(fd_t perf_event_array_map_fd, _In_reads_bytes_(data_length) const void *data, size_t data_length) EBPF_NO_EXCEPT
Write data into the perf event array map.
ebpf_get_program_type_name
_Ret_maybenull_z_ const char * ebpf_get_program_type_name(const ebpf_program_type_t *program_type) EBPF_NO_EXCEPT
Get the name of a given program type.
ebpf_ring_buffer_map_unmap_buffer
_Must_inspect_result_ ebpf_result_t ebpf_ring_buffer_map_unmap_buffer(fd_t map_fd, void *consumer, const void *producer, const void *data) EBPF_NO_EXCEPT
Unmap the memory of a map.
ebpf_program_synchronize
_Must_inspect_result_ ebpf_result_t ebpf_program_synchronize() EBPF_NO_EXCEPT
Wait for currently executing eBPF programs to complete.
ebpf_ring_buffer_map_map_buffer
_Must_inspect_result_ ebpf_result_t ebpf_ring_buffer_map_map_buffer(fd_t map_fd, _Outptr_result_maybenull_ void **consumer, _Outptr_result_maybenull_ const void **producer,(*data_size) const uint8_t **data, size_t *data_size) EBPF_NO_EXCEPT
Map the memory of a map.
ebpf_api_elf_disassemble_section
uint32_t ebpf_api_elf_disassemble_section(const char *file, const char *section, const char **disassembly, const char **error_message) EBPF_NO_EXCEPT
Convert an eBPF program to human readable byte code.
ebpf_enumerate_sections
_Must_inspect_result_ ebpf_result_t ebpf_enumerate_sections(const char *file, bool verbose, _Outptr_result_maybenull_ ebpf_section_info_t **infos, const char **error_message) EBPF_NO_EXCEPT
Get list of sections and stats in an eBPF file.
ebpf_enumerate_programs
_Must_inspect_result_ ebpf_result_t ebpf_enumerate_programs(const char *file, bool verbose, _Outptr_result_maybenull_ ebpf_api_program_info_t **infos, const char **error_message) EBPF_NO_EXCEPT
Get list of programs and stats in an eBPF file.
ebpf_api_elf_verify_program_from_memory
uint32_t ebpf_api_elf_verify_program_from_memory(_In_reads_(data_length) const char *data, size_t data_length, _In_opt_z_ const char *section_name, _In_opt_z_ const char *program_name, const ebpf_program_type_t *program_type, ebpf_verification_verbosity_t verbosity, const char **report, const char **error_message, _Out_opt_ ebpf_api_verifier_stats_t *stats) EBPF_NO_EXCEPT
Verify that the program is safe to execute.
ebpf_core_structs.h
This file contains eBPF definitions common to eBPF core libraries as well as the eBPF API library.
ebpf_object_type_t
enum _ebpf_object_type ebpf_object_type_t
EBPF_MAX_PIN_PATH_LENGTH
#define EBPF_MAX_PIN_PATH_LENGTH
Definition ebpf_core_structs.h:15
ebpf_execution_type.h
ebpf_execution_type_t
enum _ebpf_execution_type ebpf_execution_type_t
ebpf_program_attach_type_guids.h
ebpf_result.h
ebpf_result_t
enum ebpf_result ebpf_result_t
bpf_prog_type_t
enum bpf_prog_type bpf_prog_type_t
Definition ebpf_structs.h:270
bpf_attach_type
bpf_attach_type
Definition ebpf_structs.h:289
bpf_attach_type_t
enum bpf_attach_type bpf_attach_type_t
Definition ebpf_structs.h:365
ebpf_attach_type_t
GUID ebpf_attach_type_t
Definition ebpf_windows.h:62
ebpf_program_type_t
GUID ebpf_program_type_t
Definition ebpf_windows.h:61
_ebpf_api_program_info
Definition ebpf_api.h:56
_ebpf_api_program_info::_Field_size_
_Field_size_(raw_data_size) char *raw_data
_ebpf_api_program_info::program_name
_Field_z_ const char * program_name
Definition ebpf_api.h:59
_ebpf_api_program_info::stats
ebpf_stat_t * stats
Definition ebpf_api.h:64
_ebpf_api_program_info::program_type
ebpf_program_type_t program_type
Definition ebpf_api.h:60
_ebpf_api_program_info::expected_attach_type
ebpf_attach_type_t expected_attach_type
Definition ebpf_api.h:61
_ebpf_api_program_info::raw_data_size
size_t raw_data_size
Definition ebpf_api.h:62
_ebpf_api_program_info::offset_in_section
size_t offset_in_section
Definition ebpf_api.h:65
_ebpf_api_program_info::section_name
_Field_z_ const char * section_name
Definition ebpf_api.h:58
_ebpf_api_program_info::next
struct _ebpf_api_program_info * next
Definition ebpf_api.h:57
_ebpf_map_info
eBPF Map Information
Definition ebpf_core_structs.h:21
_ebpf_program_info
Definition ebpf_program_types.h:45
_ebpf_stat
Definition ebpf_api.h:49
_ebpf_stat::next
struct _ebpf_stat * next
Definition ebpf_api.h:50
_ebpf_stat::key
_Field_z_ const char * key
Definition ebpf_api.h:51
_ebpf_stat::value
int value
Definition ebpf_api.h:52
_ebpf_test_run_options
Definition ebpf_api.h:651
_ebpf_test_run_options::duration
uint64_t duration
Duration in nanoseconds of the program execution.
Definition ebpf_api.h:662
_ebpf_test_run_options::batch_size
size_t batch_size
Number of times to repeat the program in a batch.
Definition ebpf_api.h:665
_ebpf_test_run_options::_Readable_bytes_
_Readable_bytes_(context_size_in) const uint8_t *context_in
Input context to the program.
_ebpf_test_run_options::_Writable_bytes_
_Writable_bytes_(context_size_out) uint8_t *context_out
Output context from the program.
_ebpf_test_run_options::return_value
uint64_t return_value
Return value from the program.
Definition ebpf_api.h:660
_ebpf_test_run_options::repeat_count
size_t repeat_count
Number of times to repeat the program.
Definition ebpf_api.h:661
_ebpf_test_run_options::context_size_in
size_t context_size_in
Size of input context.
Definition ebpf_api.h:658
_ebpf_test_run_options::cpu
uint32_t cpu
CPU to run the program on.
Definition ebpf_api.h:664
_ebpf_test_run_options::data_size_in
size_t data_size_in
Size of input data.
Definition ebpf_api.h:654
_ebpf_test_run_options::context_size_out
size_t context_size_out
Maximum length of context_out on input and actual length of context_out on output.
Definition ebpf_api.h:659
_ebpf_test_run_options::flags
uint32_t flags
Flags to control the test run.
Definition ebpf_api.h:663
_ebpf_test_run_options::_Readable_bytes_
_Readable_bytes_(data_size_in) const uint8_t *data_in
Input data to the program.
_ebpf_test_run_options::_Writable_bytes_
_Writable_bytes_(data_size_out) uint8_t *data_out
Output data from the program.
_ebpf_test_run_options::data_size_out
size_t data_size_out
Maximum length of data_out on input and actual length of data_out on output.
Definition ebpf_api.h:655
ebpf_api_verifier_stats_t
Definition ebpf_api.h:155
ebpf_api_verifier_stats_t::total_warnings
int total_warnings
Definition ebpf_api.h:157
ebpf_api_verifier_stats_t::total_unreachable
int total_unreachable
Definition ebpf_api.h:156
ebpf_api_verifier_stats_t::max_loop_count
int max_loop_count
Definition ebpf_api.h:158
Generated by doxygen 1.9.8