eBPF for Windows
ebpf_api.h
Go to the documentation of this file.
1 // Copyright (c) Microsoft Corporation
2 // SPDX-License-Identifier: MIT
3 
4 #pragma once
5 
6 #include "ebpf_core_structs.h"
7 #include "ebpf_execution_type.h"
8 #include "ebpf_program_attach_type_guids.h"
9 #include "ebpf_result.h"
10 
11 #include <specstrings.h>
12 #include <stdbool.h>
13 #include <stdint.h>
14 
15 #ifdef __cplusplus
16 #include <stdexcept>
17 #define EBPF_NO_EXCEPT noexcept
18 extern "C"
19 {
20 #else
21 #define EBPF_NO_EXCEPT
22 #endif
23 
24  typedef int32_t fd_t;
25  extern __declspec(selectany) const fd_t ebpf_fd_invalid = -1;
26  typedef intptr_t ebpf_handle_t;
27 
28  struct bpf_object;
29  struct bpf_program;
30  struct bpf_map;
31  struct bpf_link;
32 
41  _Must_inspect_result_ ebpf_result_t
42  ebpf_program_query_info(
43  fd_t fd,
44  _Out_ ebpf_execution_type_t* execution_type,
45  _Outptr_result_z_ const char** file_name,
46  _Outptr_result_z_ const char** section_name) EBPF_NO_EXCEPT;
47 
48  typedef struct _ebpf_stat
49  {
50  struct _ebpf_stat* next;
51  _Field_z_ const char* key;
52  int value;
53  } ebpf_stat_t;
54 
55  typedef struct _ebpf_section_info
56  {
57  struct _ebpf_section_info* next;
58  _Field_z_ const char* section_name;
59  _Field_z_ const char* program_type_name;
60  _Field_z_ const char* program_name;
61  ebpf_program_type_t program_type;
62  ebpf_attach_type_t expected_attach_type;
63  size_t raw_data_size;
64  _Field_size_(raw_data_size) char* raw_data;
65  ebpf_stat_t* stats;
66  } ebpf_section_info_t;
67 
77  _Must_inspect_result_ ebpf_result_t
78  ebpf_enumerate_sections(
79  _In_z_ const char* file,
80  bool verbose,
81  _Outptr_result_maybenull_ ebpf_section_info_t** infos,
82  _Outptr_result_maybenull_z_ const char** error_message) EBPF_NO_EXCEPT;
83 
88  void
89  ebpf_free_sections(_In_opt_ _Post_invalid_ ebpf_section_info_t* infos) EBPF_NO_EXCEPT;
90 
99  uint32_t
100  ebpf_api_elf_disassemble_section(
101  _In_z_ const char* file,
102  _In_z_ const char* section,
103  _Outptr_result_maybenull_z_ const char** disassembly,
104  _Outptr_result_maybenull_z_ const char** error_message) EBPF_NO_EXCEPT;
105 
106  typedef struct
107  {
108  int total_unreachable;
109  int total_warnings;
110  int max_instruction_count;
111  } ebpf_api_verifier_stats_t;
112 
128  _Success_(return == 0) uint32_t ebpf_api_elf_verify_section_from_file(
129  _In_z_ const char* file,
130  _In_z_ const char* section,
131  _In_opt_ const ebpf_program_type_t* program_type,
132  bool verbose,
133  _Outptr_result_maybenull_z_ const char** report,
134  _Outptr_result_maybenull_z_ const char** error_message,
135  _Out_opt_ ebpf_api_verifier_stats_t* stats) EBPF_NO_EXCEPT;
136 
153  _Success_(return == 0) uint32_t ebpf_api_elf_verify_section_from_memory(
154  _In_reads_(data_length) const char* data,
155  size_t data_length,
156  _In_z_ const char* section,
157  _In_opt_ const ebpf_program_type_t* program_type,
158  bool verbose,
159  _Outptr_result_maybenull_z_ const char** report,
160  _Outptr_result_maybenull_z_ const char** error_message,
161  _Out_opt_ ebpf_api_verifier_stats_t* stats) EBPF_NO_EXCEPT;
162 
167  void
168  ebpf_free_string(_In_opt_ _Post_invalid_ const char* string) EBPF_NO_EXCEPT;
169 
175  uint32_t
176  ebpf_api_unpin_object(const uint8_t* name, uint32_t name_length) EBPF_NO_EXCEPT;
177 
184  _Must_inspect_result_ ebpf_result_t
185  ebpf_object_unpin(_In_z_ const char* path) EBPF_NO_EXCEPT;
186 
195  _Must_inspect_result_ ebpf_result_t
196  ebpf_api_unlink_program(ebpf_handle_t link_handle) EBPF_NO_EXCEPT;
197 
205  _Must_inspect_result_ ebpf_result_t
206  ebpf_api_close_handle(ebpf_handle_t handle) EBPF_NO_EXCEPT;
207 
218  _Must_inspect_result_ ebpf_result_t
219  ebpf_api_get_pinned_map_info(
220  _Out_ uint16_t* map_count,
221  _Outptr_result_buffer_maybenull_(*map_count) ebpf_map_info_t** map_info) EBPF_NO_EXCEPT;
222 
230  void
231  ebpf_api_map_info_free(
232  uint16_t map_count,
233  _In_opt_count_(map_count) _Post_ptr_invalid_ const ebpf_map_info_t* map_info) EBPF_NO_EXCEPT;
234 
242  ebpf_execution_type_t
243  ebpf_object_get_execution_type(_In_ const struct bpf_object* object) EBPF_NO_EXCEPT;
244 
254  _Must_inspect_result_ ebpf_result_t
255  ebpf_object_set_execution_type(_Inout_ struct bpf_object* object, ebpf_execution_type_t execution_type)
256  EBPF_NO_EXCEPT;
257 
274  _Must_inspect_result_ ebpf_result_t
275  ebpf_program_attach(
276  _In_ const struct bpf_program* program,
277  _In_opt_ const ebpf_attach_type_t* attach_type,
278  _In_reads_bytes_opt_(attach_params_size) void* attach_parameters,
279  size_t attach_params_size,
280  _Outptr_ struct bpf_link** link) EBPF_NO_EXCEPT;
281 
298  _Must_inspect_result_ ebpf_result_t
299  ebpf_program_attach_by_fd(
300  fd_t program_fd,
301  _In_opt_ const ebpf_attach_type_t* attach_type,
302  _In_reads_bytes_opt_(attach_parameters_size) void* attach_parameters,
303  size_t attach_parameters_size,
304  _Outptr_ struct bpf_link** link) EBPF_NO_EXCEPT;
305 
315  _Must_inspect_result_ ebpf_result_t
316  ebpf_link_detach(_Inout_ struct bpf_link* link) EBPF_NO_EXCEPT;
317 
331  _Must_inspect_result_ ebpf_result_t
332  ebpf_program_detach(
333  fd_t program_fd,
334  _In_ const ebpf_attach_type_t* attach_type,
335  _In_reads_bytes_(attach_parameter_size) void* attach_parameter,
336  size_t attach_parameter_size) EBPF_NO_EXCEPT;
337 
348  void
349  ebpf_link_close(_Frees_ptr_ struct bpf_link* link) EBPF_NO_EXCEPT;
350 
358  _Must_inspect_result_ ebpf_result_t
359  ebpf_close_fd(fd_t fd) EBPF_NO_EXCEPT;
360 
371  _Must_inspect_result_ ebpf_result_t
372  ebpf_get_program_type_by_name(
373  _In_z_ const char* name,
374  _Out_ ebpf_program_type_t* program_type,
375  _Out_ ebpf_attach_type_t* expected_attach_type) EBPF_NO_EXCEPT;
376 
384  _Ret_maybenull_z_ const char*
385  ebpf_get_program_type_name(_In_ const ebpf_program_type_t* program_type) EBPF_NO_EXCEPT;
386 
394  _Ret_maybenull_z_ const char*
395  ebpf_get_attach_type_name(_In_ const ebpf_attach_type_t* attach_type) EBPF_NO_EXCEPT;
396 
406  _Must_inspect_result_ ebpf_result_t
407  ebpf_get_next_pinned_program_path(
408  _In_z_ const char* start_path, _Out_writes_z_(EBPF_MAX_PIN_PATH_LENGTH) char* next_path) EBPF_NO_EXCEPT;
409 
410  typedef struct _ebpf_program_info ebpf_program_info_t;
411 
421  _Must_inspect_result_ ebpf_result_t
422  ebpf_get_program_info_from_verifier(_Outptr_ const ebpf_program_info_t** program_info) EBPF_NO_EXCEPT;
423 
424  typedef struct _ebpf_test_run_options
425  {
426  _Readable_bytes_(data_size_in) const uint8_t* data_in;
427  _Writable_bytes_(data_size_out) uint8_t* data_out;
428  size_t data_size_in;
429  size_t data_size_out;
430  _Readable_bytes_(context_size_in) const uint8_t* context_in;
431  _Writable_bytes_(context_size_out) uint8_t* context_out;
432  size_t context_size_in;
433  size_t context_size_out;
434  uint64_t return_value;
435  size_t repeat_count;
436  uint64_t duration;
437  uint32_t flags;
438  uint32_t cpu;
439  size_t batch_size;
440  } ebpf_test_run_options_t;
441 
450  _Must_inspect_result_ ebpf_result_t
451  ebpf_program_test_run(fd_t program_fd, _Inout_ ebpf_test_run_options_t* options) EBPF_NO_EXCEPT;
452 
453 #ifdef __cplusplus
454 }
455 #endif
bpf_map
#define bpf_map
Definition: bpf_helpers_platform.h:15
ebpf_stat_t
struct _ebpf_stat ebpf_stat_t
ebpf_get_attach_type_name
_Ret_maybenull_z_ const char * ebpf_get_attach_type_name(const ebpf_attach_type_t *attach_type) EBPF_NO_EXCEPT
Get the name of a given attach type.
ebpf_api_elf_verify_section_from_memory
uint32_t ebpf_api_elf_verify_section_from_memory(_In_reads_(data_length) const char *data, size_t data_length, const char *section, const ebpf_program_type_t *program_type, bool verbose, const char **report, const char **error_message, _Out_opt_ ebpf_api_verifier_stats_t *stats) EBPF_NO_EXCEPT
Verify that the program is safe to execute.
ebpf_free_string
void ebpf_free_string(const char *string) EBPF_NO_EXCEPT
Free memory for a string returned from an eBPF API.
ebpf_test_run_options_t
struct _ebpf_test_run_options ebpf_test_run_options_t
ebpf_get_next_pinned_program_path
_Must_inspect_result_ ebpf_result_t ebpf_get_next_pinned_program_path(const char *start_path, _Out_writes_z_(EBPF_MAX_PIN_PATH_LENGTH) char *next_path) EBPF_NO_EXCEPT
Gets the next pinned program after a given path.
ebpf_api_unlink_program
_Must_inspect_result_ ebpf_result_t ebpf_api_unlink_program(ebpf_handle_t link_handle) EBPF_NO_EXCEPT
Detach the eBPF program from the link.
ebpf_api_unpin_object
uint32_t ebpf_api_unpin_object(const uint8_t *name, uint32_t name_length) EBPF_NO_EXCEPT
Dissociate a name with an object handle.
ebpf_get_program_info_from_verifier
_Must_inspect_result_ ebpf_result_t ebpf_get_program_info_from_verifier(const ebpf_program_info_t **program_info) EBPF_NO_EXCEPT
Get the set of program information used by the verifier during the last verification.
ebpf_get_program_type_name
_Ret_maybenull_z_ const char * ebpf_get_program_type_name(const ebpf_program_type_t *program_type) EBPF_NO_EXCEPT
Get the name of a given program type.
ebpf_api_map_info_free
void ebpf_api_map_info_free(uint16_t map_count, const ebpf_map_info_t *map_info) EBPF_NO_EXCEPT
Helper Function to free array of ebpf_map_info_t allocated by ebpf_api_get_pinned_map_info function.
ebpf_free_sections
void ebpf_free_sections(ebpf_section_info_t *infos) EBPF_NO_EXCEPT
Free memory returned from ebpf_enumerate_sections.
ebpf_api_elf_verify_section_from_file
uint32_t ebpf_api_elf_verify_section_from_file(const char *file, const char *section, const ebpf_program_type_t *program_type, bool verbose, const char **report, const char **error_message, _Out_opt_ ebpf_api_verifier_stats_t *stats) EBPF_NO_EXCEPT
Verify that the program is safe to execute.
ebpf_object_set_execution_type
_Must_inspect_result_ ebpf_result_t ebpf_object_set_execution_type(_Inout_ struct bpf_object *object, ebpf_execution_type_t execution_type) EBPF_NO_EXCEPT
Set the execution type for an eBPF object file.
ebpf_program_attach_by_fd
_Must_inspect_result_ ebpf_result_t ebpf_program_attach_by_fd(fd_t program_fd, const ebpf_attach_type_t *attach_type, _In_reads_bytes_opt_(attach_parameters_size) void *attach_parameters, size_t attach_parameters_size, struct bpf_link **link) EBPF_NO_EXCEPT
Attach an eBPF program by program file descriptor.
ebpf_object_unpin
_Must_inspect_result_ ebpf_result_t ebpf_object_unpin(const char *path) EBPF_NO_EXCEPT
Unpin the object from the specified path.
ebpf_program_query_info
_Must_inspect_result_ ebpf_result_t ebpf_program_query_info(fd_t fd, ebpf_execution_type_t *execution_type, _Outptr_result_z_ const char **file_name, _Outptr_result_z_ const char **section_name) EBPF_NO_EXCEPT
Query info about an eBPF program.
EBPF_NO_EXCEPT
#define EBPF_NO_EXCEPT
Definition: ebpf_api.h:21
ebpf_object_get_execution_type
ebpf_execution_type_t ebpf_object_get_execution_type(const struct bpf_object *object) EBPF_NO_EXCEPT
Get the execution type for an eBPF object file.
ebpf_get_program_type_by_name
_Must_inspect_result_ ebpf_result_t ebpf_get_program_type_by_name(const char *name, ebpf_program_type_t *program_type, ebpf_attach_type_t *expected_attach_type) EBPF_NO_EXCEPT
Get eBPF program type and expected attach type by name.
ebpf_api_get_pinned_map_info
_Must_inspect_result_ ebpf_result_t ebpf_api_get_pinned_map_info(uint16_t *map_count,(*map_count) ebpf_map_info_t **map_info) EBPF_NO_EXCEPT
Returns an array of ebpf_map_info_t for all pinned maps.
ebpf_section_info_t
struct _ebpf_section_info ebpf_section_info_t
ebpf_program_detach
_Must_inspect_result_ ebpf_result_t ebpf_program_detach(fd_t program_fd, const ebpf_attach_type_t *attach_type, _In_reads_bytes_(attach_parameter_size) void *attach_parameter, size_t attach_parameter_size) EBPF_NO_EXCEPT
Detach an eBPF program.
fd_t
int32_t fd_t
Definition: ebpf_api.h:24
ebpf_close_fd
_Must_inspect_result_ ebpf_result_t ebpf_close_fd(fd_t fd) EBPF_NO_EXCEPT
Close a file descriptor. Also close the underlying handle.
ebpf_program_test_run
_Must_inspect_result_ ebpf_result_t ebpf_program_test_run(fd_t program_fd, _Inout_ ebpf_test_run_options_t *options) EBPF_NO_EXCEPT
Run the program in the eBPF VM, measure the execution time, and return the result.
ebpf_program_attach
_Must_inspect_result_ ebpf_result_t ebpf_program_attach(const struct bpf_program *program, const ebpf_attach_type_t *attach_type, _In_reads_bytes_opt_(attach_params_size) void *attach_parameters, size_t attach_params_size, struct bpf_link **link) EBPF_NO_EXCEPT
Attach an eBPF program.
ebpf_link_detach
_Must_inspect_result_ ebpf_result_t ebpf_link_detach(_Inout_ struct bpf_link *link) EBPF_NO_EXCEPT
Detach an eBPF program from an attach point represented by the bpf_link structure.
ebpf_handle_t
intptr_t ebpf_handle_t
Definition: ebpf_api.h:26
ebpf_link_close
void ebpf_link_close(_Frees_ptr_ struct bpf_link *link) EBPF_NO_EXCEPT
ebpf_api_close_handle
_Must_inspect_result_ ebpf_result_t ebpf_api_close_handle(ebpf_handle_t handle) EBPF_NO_EXCEPT
Close an eBPF handle.
ebpf_fd_invalid
const fd_t ebpf_fd_invalid
ebpf_api_elf_disassemble_section
uint32_t ebpf_api_elf_disassemble_section(const char *file, const char *section, const char **disassembly, const char **error_message) EBPF_NO_EXCEPT
Convert an eBPF program to human readable byte code.
ebpf_enumerate_sections
_Must_inspect_result_ ebpf_result_t ebpf_enumerate_sections(const char *file, bool verbose, _Outptr_result_maybenull_ ebpf_section_info_t **infos, const char **error_message) EBPF_NO_EXCEPT
Get list of programs and stats in an eBPF file.
ebpf_core_structs.h
This file contains eBPF definitions common to eBPF core libraries as well as the eBPF API library.
EBPF_MAX_PIN_PATH_LENGTH
#define EBPF_MAX_PIN_PATH_LENGTH
Definition: ebpf_core_structs.h:16
ebpf_execution_type.h
ebpf_execution_type_t
enum _ebpf_execution_type ebpf_execution_type_t
ebpf_program_attach_type_guids.h
ebpf_result.h
ebpf_result_t
enum ebpf_result ebpf_result_t
ebpf_attach_type_t
GUID ebpf_attach_type_t
Definition: ebpf_windows.h:44
ebpf_program_type_t
GUID ebpf_program_type_t
Definition: ebpf_windows.h:43
_ebpf_map_info
eBPF Map Information
Definition: ebpf_core_structs.h:22
_ebpf_program_info
Definition: ebpf_program_types.h:32
_ebpf_section_info
Definition: ebpf_api.h:56
_ebpf_section_info::next
struct _ebpf_section_info * next
Definition: ebpf_api.h:57
_ebpf_section_info::section_name
_Field_z_ const char * section_name
Definition: ebpf_api.h:58
_ebpf_section_info::program_name
_Field_z_ const char * program_name
Definition: ebpf_api.h:60
_ebpf_section_info::program_type_name
_Field_z_ const char * program_type_name
Definition: ebpf_api.h:59
_ebpf_section_info::expected_attach_type
ebpf_attach_type_t expected_attach_type
Definition: ebpf_api.h:62
_ebpf_section_info::raw_data_size
size_t raw_data_size
Definition: ebpf_api.h:63
_ebpf_section_info::stats
ebpf_stat_t * stats
Definition: ebpf_api.h:65
_ebpf_section_info::program_type
ebpf_program_type_t program_type
Definition: ebpf_api.h:61
_ebpf_section_info::_Field_size_
_Field_size_(raw_data_size) char *raw_data
_ebpf_stat
Definition: ebpf_api.h:49
_ebpf_stat::next
struct _ebpf_stat * next
Definition: ebpf_api.h:50
_ebpf_stat::key
_Field_z_ const char * key
Definition: ebpf_api.h:51
_ebpf_stat::value
int value
Definition: ebpf_api.h:52
_ebpf_test_run_options
Definition: ebpf_api.h:425
_ebpf_test_run_options::duration
uint64_t duration
Duration in nanoseconds of the program execution.
Definition: ebpf_api.h:436
_ebpf_test_run_options::batch_size
size_t batch_size
Number of times to repeat the program in a batch.
Definition: ebpf_api.h:439
_ebpf_test_run_options::_Readable_bytes_
_Readable_bytes_(context_size_in) const uint8_t *context_in
Input context to the program.
_ebpf_test_run_options::_Writable_bytes_
_Writable_bytes_(context_size_out) uint8_t *context_out
Output context from the program.
_ebpf_test_run_options::return_value
uint64_t return_value
Return value from the program.
Definition: ebpf_api.h:434
_ebpf_test_run_options::repeat_count
size_t repeat_count
Number of times to repeat the program.
Definition: ebpf_api.h:435
_ebpf_test_run_options::context_size_in
size_t context_size_in
Size of input context.
Definition: ebpf_api.h:432
_ebpf_test_run_options::cpu
uint32_t cpu
CPU to run the program on.
Definition: ebpf_api.h:438
_ebpf_test_run_options::data_size_in
size_t data_size_in
Size of input data.
Definition: ebpf_api.h:428
_ebpf_test_run_options::context_size_out
size_t context_size_out
Maximum length of context_out on input and actual length of context_out on output.
Definition: ebpf_api.h:433
_ebpf_test_run_options::flags
uint32_t flags
Flags to control the test run.
Definition: ebpf_api.h:437
_ebpf_test_run_options::_Readable_bytes_
_Readable_bytes_(data_size_in) const uint8_t *data_in
Input data to the program.
_ebpf_test_run_options::_Writable_bytes_
_Writable_bytes_(data_size_out) uint8_t *data_out
Output data from the program.
_ebpf_test_run_options::data_size_out
size_t data_size_out
Maximum length of data_out on input and actual length of data_out on output.
Definition: ebpf_api.h:429
ebpf_api_verifier_stats_t
Definition: ebpf_api.h:107
ebpf_api_verifier_stats_t::total_warnings
int total_warnings
Definition: ebpf_api.h:109
ebpf_api_verifier_stats_t::total_unreachable
int total_unreachable
Definition: ebpf_api.h:108
ebpf_api_verifier_stats_t::max_instruction_count
int max_instruction_count
Definition: ebpf_api.h:110
Generated by doxygen 1.9.1