eBPF for Windows
Loading...
Searching...
No Matches
ebpf_api.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3
4#pragma once
5
6#include "ebpf_core_structs.h"
7#include "ebpf_execution_type.h"
8#include "ebpf_program_attach_type_guids.h"
9#include "ebpf_result.h"
10
11#include <specstrings.h>
12#include <stdbool.h>
13#include <stddef.h>
14#include <stdint.h>
15
16#ifdef __cplusplus
17#include <stdexcept>
18#define EBPF_NO_EXCEPT noexcept
19extern "C"
20{
21#else
22#define EBPF_NO_EXCEPT
23#endif
24
25 typedef int32_t fd_t;
26 extern __declspec(selectany) const fd_t ebpf_fd_invalid = -1;
27 typedef intptr_t ebpf_handle_t;
28
29 struct bpf_object;
30 struct bpf_program;
31 struct bpf_map;
32 struct bpf_link;
33
42 _Must_inspect_result_ ebpf_result_t
43 ebpf_program_query_info(
44 fd_t fd,
45 _Out_ ebpf_execution_type_t* execution_type,
46 _Outptr_result_z_ const char** file_name,
47 _Outptr_result_z_ const char** section_name) EBPF_NO_EXCEPT;
48
49 typedef struct _ebpf_stat
50 {
51 struct _ebpf_stat* next;
52 _Field_z_ const char* key;
53 int value;
54 } ebpf_stat_t;
55
68
78 _Must_inspect_result_ ebpf_result_t
79 ebpf_enumerate_programs(
80 _In_z_ const char* file,
81 bool verbose,
82 _Outptr_result_maybenull_ ebpf_api_program_info_t** infos,
83 _Outptr_result_maybenull_z_ const char** error_message) EBPF_NO_EXCEPT;
84
89 void
90 ebpf_free_programs(_In_opt_ _Post_invalid_ ebpf_api_program_info_t* infos) EBPF_NO_EXCEPT;
91
103 uint32_t
104 ebpf_api_elf_disassemble_program(
105 _In_z_ const char* file,
106 _In_opt_z_ const char* section_name,
107 _In_opt_z_ const char* program_name,
108 _Outptr_result_maybenull_z_ const char** disassembly,
109 _Outptr_result_maybenull_z_ const char** error_message) EBPF_NO_EXCEPT;
110
117
124
143 _Success_(return == 0) uint32_t ebpf_api_elf_verify_program_from_file(
144 _In_z_ const char* file,
145 _In_opt_z_ const char* section_name,
146 _In_opt_z_ const char* program_name,
147 _In_opt_ const ebpf_program_type_t* program_type,
148 ebpf_verification_verbosity_t verbosity,
149 _Outptr_result_maybenull_z_ const char** report,
150 _Outptr_result_maybenull_z_ const char** error_message,
151 _Out_opt_ ebpf_api_verifier_stats_t* stats) EBPF_NO_EXCEPT;
152
172 _Success_(return == 0) uint32_t ebpf_api_elf_verify_program_from_memory(
173 _In_reads_(data_length) const char* data,
174 size_t data_length,
175 _In_opt_z_ const char* section_name,
176 _In_opt_z_ const char* program_name,
177 _In_opt_ const ebpf_program_type_t* program_type,
178 ebpf_verification_verbosity_t verbosity,
179 _Outptr_result_maybenull_z_ const char** report,
180 _Outptr_result_maybenull_z_ const char** error_message,
181 _Out_opt_ ebpf_api_verifier_stats_t* stats) EBPF_NO_EXCEPT;
182
187 void
188 ebpf_free_string(_In_opt_ _Post_invalid_ const char* string) EBPF_NO_EXCEPT;
189
195 uint32_t
196 ebpf_api_unpin_object(const uint8_t* name, uint32_t name_length) EBPF_NO_EXCEPT;
197
204 _Must_inspect_result_ ebpf_result_t
205 ebpf_object_unpin(_In_z_ const char* path) EBPF_NO_EXCEPT;
206
229 _Must_inspect_result_ ebpf_result_t
230 ebpf_object_get_info_by_fd(
231 fd_t bpf_fd,
232 _Inout_updates_bytes_to_opt_(*info_size, *info_size) void* info,
233 _Inout_opt_ uint32_t* info_size,
234 _Out_opt_ ebpf_object_type_t* type) EBPF_NO_EXCEPT;
235
244 _Must_inspect_result_ ebpf_result_t
245 ebpf_api_unlink_program(ebpf_handle_t link_handle) EBPF_NO_EXCEPT;
246
254 _Must_inspect_result_ ebpf_result_t
255 ebpf_api_close_handle(ebpf_handle_t handle) EBPF_NO_EXCEPT;
256
267 _Must_inspect_result_ ebpf_result_t
268 ebpf_api_get_pinned_map_info(
269 _Out_ uint16_t* map_count,
270 _Outptr_result_buffer_maybenull_(*map_count) ebpf_map_info_t** map_info) EBPF_NO_EXCEPT;
271
279 void
280 ebpf_api_map_info_free(
281 uint16_t map_count,
282 _In_opt_count_(map_count) _Post_ptr_invalid_ const ebpf_map_info_t* map_info) EBPF_NO_EXCEPT;
283
291 ebpf_execution_type_t
292 ebpf_object_get_execution_type(_In_ const struct bpf_object* object) EBPF_NO_EXCEPT;
293
303 _Must_inspect_result_ ebpf_result_t
304 ebpf_object_set_execution_type(_Inout_ struct bpf_object* object, ebpf_execution_type_t execution_type)
305 EBPF_NO_EXCEPT;
306
320 _Must_inspect_result_ ebpf_result_t
321 ebpf_object_load_native_by_fds(
322 _In_z_ const char* file_name,
323 _Inout_ size_t* count_of_maps,
324 _Out_writes_opt_(*count_of_maps) fd_t* map_fds,
325 _Inout_ size_t* count_of_programs,
326 _Out_writes_opt_(*count_of_programs) fd_t* program_fds) EBPF_NO_EXCEPT;
327
345 _Must_inspect_result_ ebpf_result_t
346 ebpf_program_attach(
347 _In_ const struct bpf_program* program,
348 _In_opt_ const ebpf_attach_type_t* attach_type,
349 _In_reads_bytes_opt_(attach_params_size) void* attach_parameters,
350 size_t attach_params_size,
351 _Outptr_opt_ struct bpf_link** link) EBPF_NO_EXCEPT;
352
370 _Must_inspect_result_ ebpf_result_t
371 ebpf_program_attach_by_fd(
372 fd_t program_fd,
373 _In_opt_ const ebpf_attach_type_t* attach_type,
374 _In_reads_bytes_opt_(attach_parameters_size) void* attach_parameters,
375 size_t attach_parameters_size,
376 _Outptr_opt_ struct bpf_link** link) EBPF_NO_EXCEPT;
377
386 _Must_inspect_result_ ebpf_result_t
387 ebpf_program_attach_by_fds(
388 fd_t program_fd,
389 _In_opt_ const ebpf_attach_type_t* attach_type,
390 _In_reads_bytes_opt_(attach_parameters_size) void* attach_parameters,
391 size_t attach_parameters_size,
392 _Out_opt_ fd_t* link) EBPF_NO_EXCEPT;
393
403 _Must_inspect_result_ ebpf_result_t
404 ebpf_link_detach(_Inout_ struct bpf_link* link) EBPF_NO_EXCEPT;
405
419 _Must_inspect_result_ ebpf_result_t
420 ebpf_program_detach(
421 fd_t program_fd,
422 _In_ const ebpf_attach_type_t* attach_type,
423 _In_reads_bytes_(attach_parameter_size) void* attach_parameter,
424 size_t attach_parameter_size) EBPF_NO_EXCEPT;
425
436 void
437 ebpf_link_close(_Frees_ptr_ struct bpf_link* link) EBPF_NO_EXCEPT;
438
446 _Must_inspect_result_ ebpf_result_t
447 ebpf_close_fd(fd_t fd) EBPF_NO_EXCEPT;
448
457 _Must_inspect_result_ ebpf_result_t
458 ebpf_duplicate_fd(fd_t fd, _Out_ fd_t* dup) EBPF_NO_EXCEPT;
459
470 _Must_inspect_result_ ebpf_result_t
471 ebpf_get_program_type_by_name(
472 _In_z_ const char* name,
473 _Out_ ebpf_program_type_t* program_type,
474 _Out_ ebpf_attach_type_t* expected_attach_type) EBPF_NO_EXCEPT;
475
483 _Ret_maybenull_z_ const char*
484 ebpf_get_program_type_name(_In_ const ebpf_program_type_t* program_type) EBPF_NO_EXCEPT;
485
493 _Ret_maybenull_z_ const char*
494 ebpf_get_attach_type_name(_In_ const ebpf_attach_type_t* attach_type) EBPF_NO_EXCEPT;
495
508 _Must_inspect_result_ ebpf_result_t
509 ebpf_get_next_pinned_object_path(
510 _In_z_ const char* start_path,
511 _Out_writes_z_(next_path_len) char* next_path,
512 size_t next_path_len,
513 _Inout_ ebpf_object_type_t* type) EBPF_NO_EXCEPT;
514
525 _Must_inspect_result_ ebpf_result_t
526 ebpf_canonicalize_pin_path(_Out_writes_(output_size) char* output, size_t output_size, _In_z_ const char* input)
527 EBPF_NO_EXCEPT;
528
529 typedef struct _ebpf_program_info ebpf_program_info_t;
530
540 _Must_inspect_result_ ebpf_result_t
541 ebpf_get_program_info_from_verifier(_Outptr_ const ebpf_program_info_t** program_info) EBPF_NO_EXCEPT;
542
543 typedef struct _ebpf_test_run_options
544 {
545 _Readable_bytes_(data_size_in) const uint8_t* data_in;
546 _Writable_bytes_(data_size_out) uint8_t* data_out;
547 size_t data_size_in;
548 size_t data_size_out;
549 _Readable_bytes_(context_size_in) const uint8_t* context_in;
550 _Writable_bytes_(context_size_out) uint8_t* context_out;
551 size_t context_size_in;
552 size_t context_size_out;
553 uint64_t return_value;
554 size_t repeat_count;
555 uint64_t duration;
556 uint32_t flags;
557 uint32_t cpu;
558 size_t batch_size;
559 } ebpf_test_run_options_t;
560
569 _Must_inspect_result_ ebpf_result_t
570 ebpf_program_test_run(fd_t program_fd, _Inout_ ebpf_test_run_options_t* options) EBPF_NO_EXCEPT;
571
582 _Must_inspect_result_ ebpf_result_t
583 ebpf_ring_buffer_map_write(
584 fd_t ring_buffer_map_fd, _In_reads_bytes_(data_length) const void* data, size_t data_length) EBPF_NO_EXCEPT;
585
601 _Must_inspect_result_ ebpf_result_t
602 ebpf_ring_buffer_map_map_buffer(
603 fd_t map_fd,
604 _Outptr_result_maybenull_ void** consumer,
605 _Outptr_result_maybenull_ const void** producer,
606 _Outptr_result_buffer_maybenull_(*data_size) const uint8_t** data,
607 _Out_ size_t* data_size) EBPF_NO_EXCEPT;
608
618 _Must_inspect_result_ ebpf_result_t
619 ebpf_ring_buffer_map_unmap_buffer(
620 fd_t map_fd, _In_ void* consumer, _In_ const void* producer, _In_ const void* data) EBPF_NO_EXCEPT;
621
635 _Must_inspect_result_ ebpf_result_t
636 ebpf_map_set_wait_handle(fd_t map_fd, uint64_t index, ebpf_handle_t handle) EBPF_NO_EXCEPT;
637
645 _Ret_maybenull_ const ebpf_program_type_t*
646 ebpf_get_ebpf_program_type(bpf_prog_type_t bpf_program_type) EBPF_NO_EXCEPT;
647
657 _Must_inspect_result_ ebpf_result_t
658 ebpf_get_ebpf_attach_type(bpf_attach_type_t bpf_attach_type, _Out_ ebpf_attach_type_t* ebpf_attach_type)
659 EBPF_NO_EXCEPT;
660
668 bpf_prog_type_t
669 ebpf_get_bpf_program_type(_In_ const ebpf_program_type_t* program_type) EBPF_NO_EXCEPT;
670
678 bpf_attach_type_t
679 ebpf_get_bpf_attach_type(_In_ const ebpf_attach_type_t* ebpf_attach_type) EBPF_NO_EXCEPT;
680
691 _Must_inspect_result_ ebpf_result_t
692 ebpf_perf_event_array_map_write(
693 fd_t perf_event_array_map_fd,
694 _In_reads_bytes_(data_length) const void* data,
695 size_t data_length) EBPF_NO_EXCEPT;
696
703 _Must_inspect_result_ ebpf_result_t
704 ebpf_program_synchronize() EBPF_NO_EXCEPT;
705
706 //
707 // Windows-specific Ring Buffer APIs
708 //
709
710 // Forward declarations and types needed for ring buffer APIs.
711 struct ring_buffer;
712
720 typedef int (*ring_buffer_sample_fn)(void* ctx, void* data, size_t size);
721
728 struct ebpf_ring_buffer_opts
729 {
730 size_t sz; /* Size of this struct, for forward/backward compatibility (must match ring_buffer_opts). */
731 uint64_t flags; /* Windows-specific ring buffer option flags. */
732 };
733
734 /* Ring buffer option flags. */
735 enum ebpf_ring_buffer_flags
736 {
737 EBPF_RINGBUF_FLAG_AUTO_CALLBACK = (uint64_t)1 << 0, /* Automatically invoke callback for each record. */
738 };
739
750 _Ret_maybenull_ struct ring_buffer*
751 ebpf_ring_buffer__new(
752 int map_fd,
753 ring_buffer_sample_fn sample_cb,
754 _In_opt_ void* ctx,
755 _In_opt_ const struct ebpf_ring_buffer_opts* opts) EBPF_NO_EXCEPT;
756
757 //
758 // Windows-specific Perf Buffer APIs
759 //
760
764 struct ebpf_perf_buffer_opts
765 {
766 size_t sz; /* size of this struct, for forward/backward compatibility */
767 uint64_t flags; /* perf buffer option flags */
768 };
769
773 enum ebpf_perf_buffer_flags
774 {
775 EBPF_PERFBUF_FLAG_AUTO_CALLBACK = (uint64_t)1 << 0, /* Automatically invoke callback for each record */
776 };
777 typedef void (*perf_buffer_sample_fn)(void* ctx, int cpu, void* data, uint32_t size);
778 typedef void (*perf_buffer_lost_fn)(void* ctx, int cpu, uint64_t cnt);
779
792 _Ret_maybenull_ struct perf_buffer*
793 ebpf_perf_buffer__new(
794 int map_fd,
795 size_t page_cnt,
796 perf_buffer_sample_fn sample_cb,
797 perf_buffer_lost_fn lost_cb,
798 _In_opt_ void* ctx,
799 _In_opt_ const struct ebpf_perf_buffer_opts* opts) EBPF_NO_EXCEPT;
800
801#ifdef __cplusplus
802}
803#endif
bpf_map
#define bpf_map
Definition bpf_helpers_platform.h:16
ebpf_program_attach_by_fd
_Must_inspect_result_ ebpf_result_t ebpf_program_attach_by_fd(fd_t program_fd, const ebpf_attach_type_t *attach_type, _In_reads_bytes_opt_(attach_parameters_size) void *attach_parameters, size_t attach_parameters_size, _Outptr_opt_ struct bpf_link **link) EBPF_NO_EXCEPT
Attach an eBPF program by program file descriptor.
ebpf_stat_t
struct _ebpf_stat ebpf_stat_t
ebpf_free_string
void ebpf_free_string(const char *string) EBPF_NO_EXCEPT
Free memory for a string returned from an eBPF API.
ebpf_test_run_options_t
struct _ebpf_test_run_options ebpf_test_run_options_t
ebpf_api_unlink_program
_Must_inspect_result_ ebpf_result_t ebpf_api_unlink_program(ebpf_handle_t link_handle) EBPF_NO_EXCEPT
Detach the eBPF program from the link.
perf_buffer_sample_fn
void(* perf_buffer_sample_fn)(void *ctx, int cpu, void *data, uint32_t size)
Definition ebpf_api.h:777
ebpf_duplicate_fd
_Must_inspect_result_ ebpf_result_t ebpf_duplicate_fd(fd_t fd, fd_t *dup) EBPF_NO_EXCEPT
Duplicate a file descriptor.
ebpf_map_set_wait_handle
_Must_inspect_result_ ebpf_result_t ebpf_map_set_wait_handle(fd_t map_fd, uint64_t index, ebpf_handle_t handle) EBPF_NO_EXCEPT
Set the wait handle that will be signaled for new data.
ebpf_ring_buffer_flags
ebpf_ring_buffer_flags
Definition ebpf_api.h:736
EBPF_RINGBUF_FLAG_AUTO_CALLBACK
@ EBPF_RINGBUF_FLAG_AUTO_CALLBACK
Definition ebpf_api.h:737
ebpf_api_unpin_object
uint32_t ebpf_api_unpin_object(const uint8_t *name, uint32_t name_length) EBPF_NO_EXCEPT
Dissociate a name with an object handle.
_ebpf_verification_verbosity
_ebpf_verification_verbosity
Definition ebpf_api.h:119
EBPF_VERIFICATION_VERBOSITY_VERBOSE
@ EBPF_VERIFICATION_VERBOSITY_VERBOSE
Definition ebpf_api.h:122
EBPF_VERIFICATION_VERBOSITY_NORMAL
@ EBPF_VERIFICATION_VERBOSITY_NORMAL
Definition ebpf_api.h:120
EBPF_VERIFICATION_VERBOSITY_INFORMATIONAL
@ EBPF_VERIFICATION_VERBOSITY_INFORMATIONAL
Definition ebpf_api.h:121
ebpf_get_program_info_from_verifier
_Must_inspect_result_ ebpf_result_t ebpf_get_program_info_from_verifier(const ebpf_program_info_t **program_info) EBPF_NO_EXCEPT
Get the set of program information used by the verifier during the last verification.
ebpf_api_map_info_free
void ebpf_api_map_info_free(uint16_t map_count, const ebpf_map_info_t *map_info) EBPF_NO_EXCEPT
Helper Function to free array of ebpf_map_info_t allocated by ebpf_api_get_pinned_map_info function.
ebpf_ring_buffer_map_write
_Must_inspect_result_ ebpf_result_t ebpf_ring_buffer_map_write(fd_t ring_buffer_map_fd, _In_reads_bytes_(data_length) const void *data, size_t data_length) EBPF_NO_EXCEPT
Write data into the ring buffer map.
ebpf_program_attach_by_fds
_Must_inspect_result_ ebpf_result_t ebpf_program_attach_by_fds(fd_t program_fd, const ebpf_attach_type_t *attach_type, _In_reads_bytes_opt_(attach_parameters_size) void *attach_parameters, size_t attach_parameters_size, _Out_opt_ fd_t *link) EBPF_NO_EXCEPT
Attach an eBPF program by program file descriptor and return the link as a file descriptor.
ebpf_object_set_execution_type
_Must_inspect_result_ ebpf_result_t ebpf_object_set_execution_type(_Inout_ struct bpf_object *object, ebpf_execution_type_t execution_type) EBPF_NO_EXCEPT
Set the execution type for an eBPF object file.
ebpf_get_bpf_attach_type
bpf_attach_type_t ebpf_get_bpf_attach_type(const ebpf_attach_type_t *ebpf_attach_type) EBPF_NO_EXCEPT
Get BPF attach type for the specified eBPF attach type.
ebpf_perf_buffer__new
struct perf_buffer * ebpf_perf_buffer__new(int map_fd, size_t page_cnt, perf_buffer_sample_fn sample_cb, perf_buffer_lost_fn lost_cb, void *ctx, const struct ebpf_perf_buffer_opts *opts) EBPF_NO_EXCEPT
Create a new perf buffer manager with Windows-specific options.
ebpf_object_unpin
_Must_inspect_result_ ebpf_result_t ebpf_object_unpin(const char *path) EBPF_NO_EXCEPT
Unpin the object from the specified path.
ebpf_program_query_info
_Must_inspect_result_ ebpf_result_t ebpf_program_query_info(fd_t fd, ebpf_execution_type_t *execution_type, _Outptr_result_z_ const char **file_name, _Outptr_result_z_ const char **section_name) EBPF_NO_EXCEPT
Query info about an eBPF program.
EBPF_NO_EXCEPT
#define EBPF_NO_EXCEPT
Definition ebpf_api.h:22
ebpf_object_get_execution_type
ebpf_execution_type_t ebpf_object_get_execution_type(const struct bpf_object *object) EBPF_NO_EXCEPT
Get the execution type for an eBPF object file.
ebpf_free_programs
void ebpf_free_programs(ebpf_api_program_info_t *infos) EBPF_NO_EXCEPT
Free memory returned from ebpf_enumerate_programs.
ebpf_object_get_info_by_fd
_Must_inspect_result_ ebpf_result_t ebpf_object_get_info_by_fd(fd_t bpf_fd, _Inout_updates_bytes_to_opt_(*info_size, *info_size) void *info, _Inout_opt_ uint32_t *info_size, _Out_opt_ ebpf_object_type_t *type) EBPF_NO_EXCEPT
Obtain information about the eBPF object referred to by bpf_fd. This function populates up to info_le...
ebpf_get_next_pinned_object_path
_Must_inspect_result_ ebpf_result_t ebpf_get_next_pinned_object_path(const char *start_path, _Out_writes_z_(next_path_len) char *next_path, size_t next_path_len, _Inout_ ebpf_object_type_t *type) EBPF_NO_EXCEPT
Retrieve the next pinned path of an eBPF object.
ebpf_api_elf_verify_program_from_file
uint32_t ebpf_api_elf_verify_program_from_file(const char *file, _In_opt_z_ const char *section_name, _In_opt_z_ const char *program_name, const ebpf_program_type_t *program_type, ebpf_verification_verbosity_t verbosity, const char **report, const char **error_message, _Out_opt_ ebpf_api_verifier_stats_t *stats) EBPF_NO_EXCEPT
Verify that the program is safe to execute.
ebpf_verification_verbosity_t
enum _ebpf_verification_verbosity ebpf_verification_verbosity_t
ebpf_get_program_type_by_name
_Must_inspect_result_ ebpf_result_t ebpf_get_program_type_by_name(const char *name, ebpf_program_type_t *program_type, ebpf_attach_type_t *expected_attach_type) EBPF_NO_EXCEPT
Get eBPF program type and expected attach type by name.
ebpf_api_get_pinned_map_info
_Must_inspect_result_ ebpf_result_t ebpf_api_get_pinned_map_info(uint16_t *map_count,(*map_count) ebpf_map_info_t **map_info) EBPF_NO_EXCEPT
Returns an array of ebpf_map_info_t for all pinned maps.
ebpf_program_detach
_Must_inspect_result_ ebpf_result_t ebpf_program_detach(fd_t program_fd, const ebpf_attach_type_t *attach_type, _In_reads_bytes_(attach_parameter_size) void *attach_parameter, size_t attach_parameter_size) EBPF_NO_EXCEPT
Detach an eBPF program.
perf_buffer_lost_fn
void(* perf_buffer_lost_fn)(void *ctx, int cpu, uint64_t cnt)
Definition ebpf_api.h:778
fd_t
int32_t fd_t
Definition ebpf_api.h:25
ebpf_close_fd
_Must_inspect_result_ ebpf_result_t ebpf_close_fd(fd_t fd) EBPF_NO_EXCEPT
Close a file descriptor. Also close the underlying handle.
ebpf_program_test_run
_Must_inspect_result_ ebpf_result_t ebpf_program_test_run(fd_t program_fd, _Inout_ ebpf_test_run_options_t *options) EBPF_NO_EXCEPT
Run the program in the eBPF VM, measure the execution time, and return the result.
ebpf_canonicalize_pin_path
_Must_inspect_result_ ebpf_result_t ebpf_canonicalize_pin_path(_Out_writes_(output_size) char *output, size_t output_size, const char *input) EBPF_NO_EXCEPT
Canonicalize a path using filesystem canonicalization rules.
ebpf_api_program_info_t
struct _ebpf_api_program_info ebpf_api_program_info_t
ebpf_get_ebpf_program_type
const ebpf_program_type_t * ebpf_get_ebpf_program_type(bpf_prog_type_t bpf_program_type) EBPF_NO_EXCEPT
Get eBPF program type for the specified BPF program type.
ebpf_get_bpf_program_type
bpf_prog_type_t ebpf_get_bpf_program_type(const ebpf_program_type_t *program_type) EBPF_NO_EXCEPT
Get BPF program type for the specified eBPF program type.
ebpf_link_detach
_Must_inspect_result_ ebpf_result_t ebpf_link_detach(_Inout_ struct bpf_link *link) EBPF_NO_EXCEPT
Detach an eBPF program from an attach point represented by the bpf_link structure.
ebpf_get_ebpf_attach_type
_Must_inspect_result_ ebpf_result_t ebpf_get_ebpf_attach_type(bpf_attach_type_t bpf_attach_type, ebpf_attach_type_t *ebpf_attach_type) EBPF_NO_EXCEPT
Get eBPF attach type for the specified BPF attach type.
ebpf_handle_t
intptr_t ebpf_handle_t
Definition ebpf_api.h:27
ebpf_link_close
void ebpf_link_close(_Frees_ptr_ struct bpf_link *link) EBPF_NO_EXCEPT
ebpf_api_elf_disassemble_program
uint32_t ebpf_api_elf_disassemble_program(const char *file, _In_opt_z_ const char *section_name, _In_opt_z_ const char *program_name, const char **disassembly, const char **error_message) EBPF_NO_EXCEPT
Convert an eBPF program to human readable byte code.
ebpf_api_close_handle
_Must_inspect_result_ ebpf_result_t ebpf_api_close_handle(ebpf_handle_t handle) EBPF_NO_EXCEPT
Close an eBPF handle.
ebpf_object_load_native_by_fds
_Must_inspect_result_ ebpf_result_t ebpf_object_load_native_by_fds(const char *file_name, _Inout_ size_t *count_of_maps, _Out_writes_opt_(*count_of_maps) fd_t *map_fds, _Inout_ size_t *count_of_programs, _Out_writes_opt_(*count_of_programs) fd_t *program_fds) EBPF_NO_EXCEPT
Load a native image from a file and return map and program file descriptors.
ebpf_get_attach_type_name
_Ret_maybenull_z_ const char * ebpf_get_attach_type_name(const ebpf_attach_type_t *attach_type) EBPF_NO_EXCEPT
Get the name of a given attach type.
ebpf_fd_invalid
const fd_t ebpf_fd_invalid
ebpf_perf_event_array_map_write
_Must_inspect_result_ ebpf_result_t ebpf_perf_event_array_map_write(fd_t perf_event_array_map_fd, _In_reads_bytes_(data_length) const void *data, size_t data_length) EBPF_NO_EXCEPT
Write data into the perf event array map.
ebpf_get_program_type_name
_Ret_maybenull_z_ const char * ebpf_get_program_type_name(const ebpf_program_type_t *program_type) EBPF_NO_EXCEPT
Get the name of a given program type.
ebpf_ring_buffer_map_unmap_buffer
_Must_inspect_result_ ebpf_result_t ebpf_ring_buffer_map_unmap_buffer(fd_t map_fd, void *consumer, const void *producer, const void *data) EBPF_NO_EXCEPT
Unmap the memory of a map.
ebpf_program_synchronize
_Must_inspect_result_ ebpf_result_t ebpf_program_synchronize() EBPF_NO_EXCEPT
Wait for currently executing eBPF programs to complete.
ebpf_program_attach
_Must_inspect_result_ ebpf_result_t ebpf_program_attach(const struct bpf_program *program, const ebpf_attach_type_t *attach_type, _In_reads_bytes_opt_(attach_params_size) void *attach_parameters, size_t attach_params_size, _Outptr_opt_ struct bpf_link **link) EBPF_NO_EXCEPT
Attach an eBPF program.
ebpf_ring_buffer_map_map_buffer
_Must_inspect_result_ ebpf_result_t ebpf_ring_buffer_map_map_buffer(fd_t map_fd, _Outptr_result_maybenull_ void **consumer, _Outptr_result_maybenull_ const void **producer,(*data_size) const uint8_t **data, size_t *data_size) EBPF_NO_EXCEPT
Map the memory of a map.
ring_buffer_sample_fn
int(* ring_buffer_sample_fn)(void *ctx, void *data, size_t size)
Ring buffer sample callback function type.
Definition ebpf_api.h:720
ebpf_enumerate_programs
_Must_inspect_result_ ebpf_result_t ebpf_enumerate_programs(const char *file, bool verbose, _Outptr_result_maybenull_ ebpf_api_program_info_t **infos, const char **error_message) EBPF_NO_EXCEPT
Get list of programs and stats in an eBPF file.
ebpf_perf_buffer_flags
ebpf_perf_buffer_flags
Perf buffer option flags (Windows-specific).
Definition ebpf_api.h:774
EBPF_PERFBUF_FLAG_AUTO_CALLBACK
@ EBPF_PERFBUF_FLAG_AUTO_CALLBACK
Definition ebpf_api.h:775
ebpf_api_elf_verify_program_from_memory
uint32_t ebpf_api_elf_verify_program_from_memory(_In_reads_(data_length) const char *data, size_t data_length, _In_opt_z_ const char *section_name, _In_opt_z_ const char *program_name, const ebpf_program_type_t *program_type, ebpf_verification_verbosity_t verbosity, const char **report, const char **error_message, _Out_opt_ ebpf_api_verifier_stats_t *stats) EBPF_NO_EXCEPT
Verify that the program is safe to execute.
ebpf_ring_buffer__new
struct ring_buffer * ebpf_ring_buffer__new(int map_fd, ring_buffer_sample_fn sample_cb, void *ctx, const struct ebpf_ring_buffer_opts *opts) EBPF_NO_EXCEPT
Creates a new ring buffer manager (Windows-specific with flags support).
ebpf_core_structs.h
This file contains eBPF definitions common to eBPF core libraries as well as the eBPF API library.
ebpf_object_type_t
enum _ebpf_object_type ebpf_object_type_t
ebpf_execution_type.h
ebpf_execution_type_t
enum _ebpf_execution_type ebpf_execution_type_t
ebpf_program_attach_type_guids.h
ebpf_result.h
ebpf_result_t
enum ebpf_result ebpf_result_t
bpf_prog_type_t
enum bpf_prog_type bpf_prog_type_t
Definition ebpf_structs.h:262
bpf_attach_type
bpf_attach_type
Definition ebpf_structs.h:281
bpf_attach_type_t
enum bpf_attach_type bpf_attach_type_t
Definition ebpf_structs.h:351
ebpf_attach_type_t
GUID ebpf_attach_type_t
Definition ebpf_windows.h:62
ebpf_program_type_t
GUID ebpf_program_type_t
Definition ebpf_windows.h:61
_ebpf_api_program_info
Definition ebpf_api.h:57
_ebpf_api_program_info::_Field_size_
_Field_size_(raw_data_size) char *raw_data
_ebpf_api_program_info::program_name
_Field_z_ const char * program_name
Definition ebpf_api.h:60
_ebpf_api_program_info::stats
ebpf_stat_t * stats
Definition ebpf_api.h:65
_ebpf_api_program_info::program_type
ebpf_program_type_t program_type
Definition ebpf_api.h:61
_ebpf_api_program_info::expected_attach_type
ebpf_attach_type_t expected_attach_type
Definition ebpf_api.h:62
_ebpf_api_program_info::raw_data_size
size_t raw_data_size
Definition ebpf_api.h:63
_ebpf_api_program_info::offset_in_section
size_t offset_in_section
Definition ebpf_api.h:66
_ebpf_api_program_info::section_name
_Field_z_ const char * section_name
Definition ebpf_api.h:59
_ebpf_api_program_info::next
struct _ebpf_api_program_info * next
Definition ebpf_api.h:58
_ebpf_map_info
eBPF Map Information
Definition ebpf_core_structs.h:21
_ebpf_program_info
Definition ebpf_program_types.h:45
_ebpf_stat
Definition ebpf_api.h:50
_ebpf_stat::next
struct _ebpf_stat * next
Definition ebpf_api.h:51
_ebpf_stat::key
_Field_z_ const char * key
Definition ebpf_api.h:52
_ebpf_stat::value
int value
Definition ebpf_api.h:53
_ebpf_test_run_options
Definition ebpf_api.h:544
_ebpf_test_run_options::duration
uint64_t duration
Duration in nanoseconds of the program execution.
Definition ebpf_api.h:555
_ebpf_test_run_options::batch_size
size_t batch_size
Number of times to repeat the program in a batch.
Definition ebpf_api.h:558
_ebpf_test_run_options::_Readable_bytes_
_Readable_bytes_(context_size_in) const uint8_t *context_in
Input context to the program.
_ebpf_test_run_options::_Writable_bytes_
_Writable_bytes_(context_size_out) uint8_t *context_out
Output context from the program.
_ebpf_test_run_options::return_value
uint64_t return_value
Return value from the program.
Definition ebpf_api.h:553
_ebpf_test_run_options::repeat_count
size_t repeat_count
Number of times to repeat the program.
Definition ebpf_api.h:554
_ebpf_test_run_options::context_size_in
size_t context_size_in
Size of input context.
Definition ebpf_api.h:551
_ebpf_test_run_options::cpu
uint32_t cpu
CPU to run the program on.
Definition ebpf_api.h:557
_ebpf_test_run_options::data_size_in
size_t data_size_in
Size of input data.
Definition ebpf_api.h:547
_ebpf_test_run_options::context_size_out
size_t context_size_out
Maximum length of context_out on input and actual length of context_out on output.
Definition ebpf_api.h:552
_ebpf_test_run_options::flags
uint32_t flags
Flags to control the test run.
Definition ebpf_api.h:556
_ebpf_test_run_options::_Readable_bytes_
_Readable_bytes_(data_size_in) const uint8_t *data_in
Input data to the program.
_ebpf_test_run_options::_Writable_bytes_
_Writable_bytes_(data_size_out) uint8_t *data_out
Output data from the program.
_ebpf_test_run_options::data_size_out
size_t data_size_out
Maximum length of data_out on input and actual length of data_out on output.
Definition ebpf_api.h:548
ebpf_api_verifier_stats_t
Definition ebpf_api.h:112
ebpf_api_verifier_stats_t::total_warnings
int total_warnings
Definition ebpf_api.h:114
ebpf_api_verifier_stats_t::total_unreachable
int total_unreachable
Definition ebpf_api.h:113
ebpf_api_verifier_stats_t::max_loop_count
int max_loop_count
Definition ebpf_api.h:115
ebpf_perf_buffer_opts
Windows-specific perf buffer options structure.
Definition ebpf_api.h:765
ebpf_perf_buffer_opts::sz
size_t sz
Definition ebpf_api.h:766
ebpf_perf_buffer_opts::flags
uint64_t flags
Definition ebpf_api.h:767
ebpf_ring_buffer_opts
Windows-specific ring buffer options structure.
Definition ebpf_api.h:729
ebpf_ring_buffer_opts::flags
uint64_t flags
Definition ebpf_api.h:731
ebpf_ring_buffer_opts::sz
size_t sz
Definition ebpf_api.h:730
Generated by doxygen 1.9.8