eBPF for Windows
ebpf_extension.h
Go to the documentation of this file.
1 // Copyright (c) Microsoft Corporation
2 // SPDX-License-Identifier: MIT
3 #pragma once
4 
5 #include "ebpf_result.h"
6 #include "ebpf_structs.h"
7 #include "ebpf_windows.h"
8 
9 typedef ebpf_result_t (*_ebpf_extension_dispatch_function)();
10 
11 typedef struct _ebpf_extension_dispatch_table
12 {
13  uint16_t version;
14  uint16_t count;
15  _Field_size_(count) _ebpf_extension_dispatch_function function[1];
16 } ebpf_extension_dispatch_table_t;
17 
30 typedef ebpf_result_t (*ebpf_program_invoke_function_t)(
31  _In_ const void* extension_client_binding_context, _Inout_ void* program_context, _Out_ uint32_t* result);
32 
46 typedef ebpf_result_t (*ebpf_program_batch_begin_invoke_function_t)(
47  _In_ const void* extension_client_binding_context, size_t state_size, _Out_writes_(state_size) void* state);
48 
60 typedef ebpf_result_t (*ebpf_program_batch_invoke_function_t)(
61  _In_ const void* extension_client_binding_context,
62  _Inout_ void* program_context,
63  _Out_ uint32_t* result,
64  _In_ const void* state);
65 
75 typedef ebpf_result_t (*ebpf_program_batch_end_invoke_function_t)(
76  _In_ const void* extension_client_binding_context, _Inout_ void* state);
77 
78 typedef struct _ebpf_extension_program_dispatch_table
79 {
80  uint16_t version;
81  uint16_t count;
82  ebpf_program_invoke_function_t ebpf_program_invoke_function;
83  ebpf_program_batch_begin_invoke_function_t ebpf_program_batch_begin_invoke_function;
84  ebpf_program_batch_invoke_function_t ebpf_program_batch_invoke_function;
85  ebpf_program_batch_end_invoke_function_t ebpf_program_batch_end_invoke_function;
86 } ebpf_extension_program_dispatch_table_t;
87 
88 typedef struct _ebpf_extension_data
89 {
90  ebpf_extension_header_t header;
91  const void* data;
92 } ebpf_extension_data_t;
93 
94 typedef struct _ebpf_attach_provider_data
95 {
96  ebpf_extension_header_t header;
97  ebpf_program_type_t supported_program_type;
98  bpf_attach_type_t bpf_attach_type;
99  enum bpf_link_type link_type;
100 } ebpf_attach_provider_data_t;
101 
102 /***
103  * The state of the execution context when the eBPF program was invoked.
104  * This is used to cache state that won't change during the execution of
105  * the eBPF program and is expensive to query.
106  */
107 typedef struct _ebpf_execution_context_state
108 {
109  uint64_t epoch_state[4];
110  union
111  {
112  uint64_t thread;
113  uint32_t cpu;
114  } id;
115  uint8_t current_irql;
116  struct
117  {
118  const void* next_program;
119  uint32_t count;
120  } tail_call_state;
121 } ebpf_execution_context_state_t;
ebpf_attach_provider_data_t
struct _ebpf_attach_provider_data ebpf_attach_provider_data_t
ebpf_extension_dispatch_table_t
struct _ebpf_extension_dispatch_table ebpf_extension_dispatch_table_t
ebpf_extension_data_t
struct _ebpf_extension_data ebpf_extension_data_t
ebpf_extension_program_dispatch_table_t
struct _ebpf_extension_program_dispatch_table ebpf_extension_program_dispatch_table_t
_ebpf_extension_dispatch_function
ebpf_result_t(* _ebpf_extension_dispatch_function)()
Definition: ebpf_extension.h:9
ebpf_program_batch_begin_invoke_function_t
ebpf_result_t(* ebpf_program_batch_begin_invoke_function_t)(const void *extension_client_binding_context, size_t state_size, _Out_writes_(state_size) void *state)
Prepare the eBPF program for batch invocation.
Definition: ebpf_extension.h:46
ebpf_program_batch_invoke_function_t
ebpf_result_t(* ebpf_program_batch_invoke_function_t)(const void *extension_client_binding_context, _Inout_ void *program_context, uint32_t *result, const void *state)
Invoke the eBPF program in batch mode.
Definition: ebpf_extension.h:60
ebpf_execution_context_state_t
struct _ebpf_execution_context_state ebpf_execution_context_state_t
ebpf_program_batch_end_invoke_function_t
ebpf_result_t(* ebpf_program_batch_end_invoke_function_t)(const void *extension_client_binding_context, _Inout_ void *state)
Clean up the eBPF program after batch invocation.
Definition: ebpf_extension.h:75
ebpf_program_invoke_function_t
ebpf_result_t(* ebpf_program_invoke_function_t)(const void *extension_client_binding_context, _Inout_ void *program_context, uint32_t *result)
Invoke the eBPF program.
Definition: ebpf_extension.h:30
ebpf_result.h
ebpf_result_t
enum ebpf_result ebpf_result_t
ebpf_structs.h
This file contains eBPF definitions common to eBPF programs, core execution engine as well as eBPF AP...
bpf_link_type
bpf_link_type
Definition: ebpf_structs.h:243
bpf_attach_type_t
enum bpf_attach_type bpf_attach_type_t
Definition: ebpf_structs.h:321
ebpf_windows.h
ebpf_program_type_t
GUID ebpf_program_type_t
Definition: ebpf_windows.h:61
_ebpf_attach_provider_data
Definition: ebpf_extension.h:95
_ebpf_attach_provider_data::header
ebpf_extension_header_t header
Definition: ebpf_extension.h:96
_ebpf_attach_provider_data::supported_program_type
ebpf_program_type_t supported_program_type
Definition: ebpf_extension.h:97
_ebpf_attach_provider_data::bpf_attach_type
bpf_attach_type_t bpf_attach_type
Definition: ebpf_extension.h:98
_ebpf_attach_provider_data::link_type
enum bpf_link_type link_type
Definition: ebpf_extension.h:99
_ebpf_execution_context_state
Definition: ebpf_extension.h:108
_ebpf_execution_context_state::id
union _ebpf_execution_context_state::@6 id
_ebpf_execution_context_state::tail_call_state
struct _ebpf_execution_context_state::@7 tail_call_state
_ebpf_execution_context_state::current_irql
uint8_t current_irql
Definition: ebpf_extension.h:115
_ebpf_execution_context_state::count
uint32_t count
Definition: ebpf_extension.h:119
_ebpf_execution_context_state::epoch_state
uint64_t epoch_state[4]
Definition: ebpf_extension.h:109
_ebpf_execution_context_state::thread
uint64_t thread
Definition: ebpf_extension.h:112
_ebpf_execution_context_state::next_program
const void * next_program
Definition: ebpf_extension.h:118
_ebpf_execution_context_state::cpu
uint32_t cpu
Definition: ebpf_extension.h:113
_ebpf_extension_data
Definition: ebpf_extension.h:89
_ebpf_extension_data::header
ebpf_extension_header_t header
Definition: ebpf_extension.h:90
_ebpf_extension_data::data
const void * data
Definition: ebpf_extension.h:91
_ebpf_extension_dispatch_table
Definition: ebpf_extension.h:12
_ebpf_extension_dispatch_table::version
uint16_t version
Version of the dispatch table.
Definition: ebpf_extension.h:13
_ebpf_extension_dispatch_table::count
uint16_t count
Number of entries in the dispatch table.
Definition: ebpf_extension.h:14
_ebpf_extension_dispatch_table::_Field_size_
_Field_size_(count) _ebpf_extension_dispatch_function function[1]
_ebpf_extension_header
Header of an eBPF extension data structure. Every eBPF extension data structure must start with this ...
Definition: ebpf_windows.h:111
_ebpf_extension_program_dispatch_table
Definition: ebpf_extension.h:79
_ebpf_extension_program_dispatch_table::ebpf_program_invoke_function
ebpf_program_invoke_function_t ebpf_program_invoke_function
Definition: ebpf_extension.h:82
_ebpf_extension_program_dispatch_table::ebpf_program_batch_begin_invoke_function
ebpf_program_batch_begin_invoke_function_t ebpf_program_batch_begin_invoke_function
Definition: ebpf_extension.h:83
_ebpf_extension_program_dispatch_table::ebpf_program_batch_end_invoke_function
ebpf_program_batch_end_invoke_function_t ebpf_program_batch_end_invoke_function
Definition: ebpf_extension.h:85
_ebpf_extension_program_dispatch_table::version
uint16_t version
Version of the dispatch table.
Definition: ebpf_extension.h:80
_ebpf_extension_program_dispatch_table::ebpf_program_batch_invoke_function
ebpf_program_batch_invoke_function_t ebpf_program_batch_invoke_function
Definition: ebpf_extension.h:84
_ebpf_extension_program_dispatch_table::count
uint16_t count
Number of entries in the dispatch table.
Definition: ebpf_extension.h:81
Generated by doxygen 1.9.1