eBPF for Windows
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
ebpf_extension.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3#pragma once
4
5#include "ebpf_result.h"
6#include "ebpf_structs.h"
7#include "ebpf_windows.h"
8
9typedef ebpf_result_t (*_ebpf_extension_dispatch_function)();
10
17
30typedef ebpf_result_t (*ebpf_program_invoke_function_t)(
31 _In_ const void* extension_client_binding_context, _Inout_ void* program_context, _Out_ uint32_t* result);
32
44typedef ebpf_result_t (*ebpf_program_batch_begin_invoke_function_t)(
45 size_t state_size, _Out_writes_(state_size) void* state);
46
58typedef ebpf_result_t (*ebpf_program_batch_invoke_function_t)(
59 _In_ const void* extension_client_binding_context,
60 _Inout_ void* program_context,
61 _Out_ uint32_t* result,
62 _In_ const void* state);
63
71typedef ebpf_result_t (*ebpf_program_batch_end_invoke_function_t)(_Inout_ void* state);
72
79
80#define EBPF_LINK_DISPATCH_TABLE_FUNCTION_COUNT_1 4
81#define EBPF_LINK_DISPATCH_TABLE_FUNCTION_COUNT_CURRENT \
82 EBPF_LINK_DISPATCH_TABLE_FUNCTION_COUNT_1
83
93
101
109
110/***
111 * The state of the execution context when the eBPF program was invoked.
112 * This is used to cache state that won't change during the execution of
113 * the eBPF program and is expensive to query.
114 */
115typedef struct _ebpf_execution_context_state
116{
117 uint64_t epoch_state[4];
118 union
119 {
120 uint64_t thread;
121 uint32_t cpu;
122 } id;
123 uint8_t current_irql;
124 struct
125 {
126 const void* next_program;
127 uint32_t count;
128 } tail_call_state;
129} ebpf_execution_context_state_t;
130
131#define EBPF_CONTEXT_HEADER uint64_t context_header[8]
132#define EBPF_CONTEXT_HEADER_SIZE (sizeof(uint64_t) * 8)
ebpf_program_batch_begin_invoke_function_t
ebpf_result_t(* ebpf_program_batch_begin_invoke_function_t)(size_t state_size, _Out_writes_(state_size) void *state)
Prepare the eBPF program for batch invocation.
Definition ebpf_extension.h:44
ebpf_attach_provider_data_t
struct _ebpf_attach_provider_data ebpf_attach_provider_data_t
ebpf_extension_dispatch_table_t
struct _ebpf_extension_dispatch_table ebpf_extension_dispatch_table_t
ebpf_extension_data_t
struct _ebpf_extension_data ebpf_extension_data_t
ebpf_extension_program_dispatch_table_t
struct _ebpf_extension_program_dispatch_table ebpf_extension_program_dispatch_table_t
ebpf_link_dispatch_table_version_t
enum _ebpf_link_dispatch_table_version ebpf_link_dispatch_table_version_t
_ebpf_extension_dispatch_function
ebpf_result_t(* _ebpf_extension_dispatch_function)()
Definition ebpf_extension.h:9
ebpf_program_batch_invoke_function_t
ebpf_result_t(* ebpf_program_batch_invoke_function_t)(const void *extension_client_binding_context, _Inout_ void *program_context, uint32_t *result, const void *state)
Invoke the eBPF program in batch mode.
Definition ebpf_extension.h:58
ebpf_execution_context_state_t
struct _ebpf_execution_context_state ebpf_execution_context_state_t
ebpf_program_batch_end_invoke_function_t
ebpf_result_t(* ebpf_program_batch_end_invoke_function_t)(_Inout_ void *state)
Clean up the eBPF program after batch invocation.
Definition ebpf_extension.h:71
ebpf_program_invoke_function_t
ebpf_result_t(* ebpf_program_invoke_function_t)(const void *extension_client_binding_context, _Inout_ void *program_context, uint32_t *result)
Invoke the eBPF program.
Definition ebpf_extension.h:30
_ebpf_link_dispatch_table_version
_ebpf_link_dispatch_table_version
Definition ebpf_extension.h:74
EBPF_LINK_DISPATCH_TABLE_VERSION_1
@ EBPF_LINK_DISPATCH_TABLE_VERSION_1
Initial version of the dispatch table.
Definition ebpf_extension.h:75
EBPF_LINK_DISPATCH_TABLE_VERSION_CURRENT
@ EBPF_LINK_DISPATCH_TABLE_VERSION_CURRENT
Current version of the dispatch table.
Definition ebpf_extension.h:76
ebpf_result.h
ebpf_result_t
enum ebpf_result ebpf_result_t
ebpf_structs.h
This file contains eBPF definitions common to eBPF programs, core execution engine as well as eBPF AP...
bpf_link_type
bpf_link_type
Definition ebpf_structs.h:278
bpf_attach_type_t
enum bpf_attach_type bpf_attach_type_t
Definition ebpf_structs.h:368
ebpf_windows.h
ebpf_program_type_t
GUID ebpf_program_type_t
Definition ebpf_windows.h:61
_ebpf_attach_provider_data
Definition ebpf_extension.h:103
_ebpf_attach_provider_data::header
ebpf_extension_header_t header
Definition ebpf_extension.h:104
_ebpf_attach_provider_data::supported_program_type
ebpf_program_type_t supported_program_type
Definition ebpf_extension.h:105
_ebpf_attach_provider_data::bpf_attach_type
bpf_attach_type_t bpf_attach_type
Definition ebpf_extension.h:106
_ebpf_attach_provider_data::link_type
enum bpf_link_type link_type
Definition ebpf_extension.h:107
_ebpf_execution_context_state
Definition ebpf_extension.h:116
_ebpf_execution_context_state::id
union _ebpf_execution_context_state::@6 id
_ebpf_execution_context_state::tail_call_state
struct _ebpf_execution_context_state::@7 tail_call_state
_ebpf_execution_context_state::current_irql
uint8_t current_irql
Definition ebpf_extension.h:123
_ebpf_execution_context_state::count
uint32_t count
Definition ebpf_extension.h:127
_ebpf_execution_context_state::epoch_state
uint64_t epoch_state[4]
Definition ebpf_extension.h:117
_ebpf_execution_context_state::thread
uint64_t thread
Definition ebpf_extension.h:120
_ebpf_execution_context_state::next_program
const void * next_program
Definition ebpf_extension.h:126
_ebpf_execution_context_state::cpu
uint32_t cpu
Definition ebpf_extension.h:121
_ebpf_extension_data
Definition ebpf_extension.h:95
_ebpf_extension_data::prog_attach_flags
uint64_t prog_attach_flags
Definition ebpf_extension.h:99
_ebpf_extension_data::header
ebpf_extension_header_t header
Definition ebpf_extension.h:96
_ebpf_extension_data::data
const void * data
Definition ebpf_extension.h:97
_ebpf_extension_data::data_size
size_t data_size
Definition ebpf_extension.h:98
_ebpf_extension_dispatch_table
Definition ebpf_extension.h:12
_ebpf_extension_dispatch_table::version
uint16_t version
Version of the dispatch table.
Definition ebpf_extension.h:13
_ebpf_extension_dispatch_table::count
uint16_t count
Number of entries in the dispatch table.
Definition ebpf_extension.h:14
_ebpf_extension_dispatch_table::_Field_size_
_Field_size_(count) _ebpf_extension_dispatch_function function[1]
_ebpf_extension_header
Header of an eBPF extension data structure. Every eBPF extension data structure must start with this ...
Definition ebpf_windows.h:153
_ebpf_extension_program_dispatch_table
Definition ebpf_extension.h:85
_ebpf_extension_program_dispatch_table::ebpf_program_invoke_function
ebpf_program_invoke_function_t ebpf_program_invoke_function
Definition ebpf_extension.h:88
_ebpf_extension_program_dispatch_table::ebpf_program_batch_begin_invoke_function
ebpf_program_batch_begin_invoke_function_t ebpf_program_batch_begin_invoke_function
Definition ebpf_extension.h:89
_ebpf_extension_program_dispatch_table::ebpf_program_batch_end_invoke_function
ebpf_program_batch_end_invoke_function_t ebpf_program_batch_end_invoke_function
Definition ebpf_extension.h:91
_ebpf_extension_program_dispatch_table::version
uint16_t version
Version of the dispatch table.
Definition ebpf_extension.h:86
_ebpf_extension_program_dispatch_table::ebpf_program_batch_invoke_function
ebpf_program_batch_invoke_function_t ebpf_program_batch_invoke_function
Definition ebpf_extension.h:90
_ebpf_extension_program_dispatch_table::count
uint16_t count
Number of entries in the dispatch table.
Definition ebpf_extension.h:87
Generated by doxygen 1.9.8