eBPF for Windows
ebpf_extension.h
Go to the documentation of this file.
1 // Copyright (c) eBPF for Windows contributors
2 // SPDX-License-Identifier: MIT
3 #pragma once
4 
5 #include "ebpf_result.h"
6 #include "ebpf_structs.h"
7 #include "ebpf_windows.h"
8 
9 typedef ebpf_result_t (*_ebpf_extension_dispatch_function)();
10 
11 typedef struct _ebpf_extension_dispatch_table
12 {
13  uint16_t version;
14  uint16_t count;
15  _Field_size_(count) _ebpf_extension_dispatch_function function[1];
16 } ebpf_extension_dispatch_table_t;
17 
30 typedef ebpf_result_t (*ebpf_program_invoke_function_t)(
31  _In_ const void* extension_client_binding_context, _Inout_ void* program_context, _Out_ uint32_t* result);
32 
44 typedef ebpf_result_t (*ebpf_program_batch_begin_invoke_function_t)(
45  size_t state_size, _Out_writes_(state_size) void* state);
46 
58 typedef ebpf_result_t (*ebpf_program_batch_invoke_function_t)(
59  _In_ const void* extension_client_binding_context,
60  _Inout_ void* program_context,
61  _Out_ uint32_t* result,
62  _In_ const void* state);
63 
71 typedef ebpf_result_t (*ebpf_program_batch_end_invoke_function_t)(_Inout_ void* state);
72 
73 typedef enum _ebpf_link_dispatch_table_version
74 {
75  EBPF_LINK_DISPATCH_TABLE_VERSION_1 = 1,
76  EBPF_LINK_DISPATCH_TABLE_VERSION_CURRENT =
77  EBPF_LINK_DISPATCH_TABLE_VERSION_1,
78 } ebpf_link_dispatch_table_version_t;
79 
80 #define EBPF_LINK_DISPATCH_TABLE_FUNCTION_COUNT_1 4
81 #define EBPF_LINK_DISPATCH_TABLE_FUNCTION_COUNT_CURRENT \
82  EBPF_LINK_DISPATCH_TABLE_FUNCTION_COUNT_1
83 
84 typedef struct _ebpf_extension_program_dispatch_table
85 {
86  uint16_t version;
87  uint16_t count;
88  ebpf_program_invoke_function_t ebpf_program_invoke_function;
89  ebpf_program_batch_begin_invoke_function_t ebpf_program_batch_begin_invoke_function;
90  ebpf_program_batch_invoke_function_t ebpf_program_batch_invoke_function;
91  ebpf_program_batch_end_invoke_function_t ebpf_program_batch_end_invoke_function;
92 } ebpf_extension_program_dispatch_table_t;
93 
94 typedef struct _ebpf_extension_data
95 {
96  ebpf_extension_header_t header;
97  const void* data;
98 } ebpf_extension_data_t;
99 
100 typedef struct _ebpf_attach_provider_data
101 {
102  ebpf_extension_header_t header;
103  ebpf_program_type_t supported_program_type;
104  bpf_attach_type_t bpf_attach_type;
105  enum bpf_link_type link_type;
106 } ebpf_attach_provider_data_t;
107 
108 /***
109  * The state of the execution context when the eBPF program was invoked.
110  * This is used to cache state that won't change during the execution of
111  * the eBPF program and is expensive to query.
112  */
113 typedef struct _ebpf_execution_context_state
114 {
115  uint64_t epoch_state[4];
116  union
117  {
118  uint64_t thread;
119  uint32_t cpu;
120  } id;
121  uint8_t current_irql;
122  struct
123  {
124  const void* next_program;
125  uint32_t count;
126  } tail_call_state;
127 } ebpf_execution_context_state_t;
128 
129 #define EBPF_CONTEXT_HEADER uint64_t context_header[8]
ebpf_program_batch_begin_invoke_function_t
ebpf_result_t(* ebpf_program_batch_begin_invoke_function_t)(size_t state_size, _Out_writes_(state_size) void *state)
Prepare the eBPF program for batch invocation.
Definition: ebpf_extension.h:44
ebpf_attach_provider_data_t
struct _ebpf_attach_provider_data ebpf_attach_provider_data_t
ebpf_extension_dispatch_table_t
struct _ebpf_extension_dispatch_table ebpf_extension_dispatch_table_t
ebpf_extension_data_t
struct _ebpf_extension_data ebpf_extension_data_t
ebpf_extension_program_dispatch_table_t
struct _ebpf_extension_program_dispatch_table ebpf_extension_program_dispatch_table_t
ebpf_link_dispatch_table_version_t
enum _ebpf_link_dispatch_table_version ebpf_link_dispatch_table_version_t
_ebpf_extension_dispatch_function
ebpf_result_t(* _ebpf_extension_dispatch_function)()
Definition: ebpf_extension.h:9
ebpf_program_batch_invoke_function_t
ebpf_result_t(* ebpf_program_batch_invoke_function_t)(const void *extension_client_binding_context, _Inout_ void *program_context, uint32_t *result, const void *state)
Invoke the eBPF program in batch mode.
Definition: ebpf_extension.h:58
ebpf_execution_context_state_t
struct _ebpf_execution_context_state ebpf_execution_context_state_t
ebpf_program_batch_end_invoke_function_t
ebpf_result_t(* ebpf_program_batch_end_invoke_function_t)(_Inout_ void *state)
Clean up the eBPF program after batch invocation.
Definition: ebpf_extension.h:71
ebpf_program_invoke_function_t
ebpf_result_t(* ebpf_program_invoke_function_t)(const void *extension_client_binding_context, _Inout_ void *program_context, uint32_t *result)
Invoke the eBPF program.
Definition: ebpf_extension.h:30
_ebpf_link_dispatch_table_version
_ebpf_link_dispatch_table_version
Definition: ebpf_extension.h:74
EBPF_LINK_DISPATCH_TABLE_VERSION_1
@ EBPF_LINK_DISPATCH_TABLE_VERSION_1
Initial version of the dispatch table.
Definition: ebpf_extension.h:75
EBPF_LINK_DISPATCH_TABLE_VERSION_CURRENT
@ EBPF_LINK_DISPATCH_TABLE_VERSION_CURRENT
Current version of the dispatch table.
Definition: ebpf_extension.h:76
ebpf_result.h
ebpf_result_t
enum ebpf_result ebpf_result_t
ebpf_structs.h
This file contains eBPF definitions common to eBPF programs, core execution engine as well as eBPF AP...
bpf_link_type
bpf_link_type
Definition: ebpf_structs.h:244
bpf_attach_type_t
enum bpf_attach_type bpf_attach_type_t
Definition: ebpf_structs.h:322
ebpf_windows.h
ebpf_program_type_t
GUID ebpf_program_type_t
Definition: ebpf_windows.h:61
_ebpf_attach_provider_data
Definition: ebpf_extension.h:101
_ebpf_attach_provider_data::header
ebpf_extension_header_t header
Definition: ebpf_extension.h:102
_ebpf_attach_provider_data::supported_program_type
ebpf_program_type_t supported_program_type
Definition: ebpf_extension.h:103
_ebpf_attach_provider_data::bpf_attach_type
bpf_attach_type_t bpf_attach_type
Definition: ebpf_extension.h:104
_ebpf_attach_provider_data::link_type
enum bpf_link_type link_type
Definition: ebpf_extension.h:105
_ebpf_execution_context_state
Definition: ebpf_extension.h:114
_ebpf_execution_context_state::id
union _ebpf_execution_context_state::@6 id
_ebpf_execution_context_state::tail_call_state
struct _ebpf_execution_context_state::@7 tail_call_state
_ebpf_execution_context_state::current_irql
uint8_t current_irql
Definition: ebpf_extension.h:121
_ebpf_execution_context_state::count
uint32_t count
Definition: ebpf_extension.h:125
_ebpf_execution_context_state::epoch_state
uint64_t epoch_state[4]
Definition: ebpf_extension.h:115
_ebpf_execution_context_state::thread
uint64_t thread
Definition: ebpf_extension.h:118
_ebpf_execution_context_state::next_program
const void * next_program
Definition: ebpf_extension.h:124
_ebpf_execution_context_state::cpu
uint32_t cpu
Definition: ebpf_extension.h:119
_ebpf_extension_data
Definition: ebpf_extension.h:95
_ebpf_extension_data::header
ebpf_extension_header_t header
Definition: ebpf_extension.h:96
_ebpf_extension_data::data
const void * data
Definition: ebpf_extension.h:97
_ebpf_extension_dispatch_table
Definition: ebpf_extension.h:12
_ebpf_extension_dispatch_table::version
uint16_t version
Version of the dispatch table.
Definition: ebpf_extension.h:13
_ebpf_extension_dispatch_table::count
uint16_t count
Number of entries in the dispatch table.
Definition: ebpf_extension.h:14
_ebpf_extension_dispatch_table::_Field_size_
_Field_size_(count) _ebpf_extension_dispatch_function function[1]
_ebpf_extension_header
Header of an eBPF extension data structure. Every eBPF extension data structure must start with this ...
Definition: ebpf_windows.h:153
_ebpf_extension_program_dispatch_table
Definition: ebpf_extension.h:85
_ebpf_extension_program_dispatch_table::ebpf_program_invoke_function
ebpf_program_invoke_function_t ebpf_program_invoke_function
Definition: ebpf_extension.h:88
_ebpf_extension_program_dispatch_table::ebpf_program_batch_begin_invoke_function
ebpf_program_batch_begin_invoke_function_t ebpf_program_batch_begin_invoke_function
Definition: ebpf_extension.h:89
_ebpf_extension_program_dispatch_table::ebpf_program_batch_end_invoke_function
ebpf_program_batch_end_invoke_function_t ebpf_program_batch_end_invoke_function
Definition: ebpf_extension.h:91
_ebpf_extension_program_dispatch_table::version
uint16_t version
Version of the dispatch table.
Definition: ebpf_extension.h:86
_ebpf_extension_program_dispatch_table::ebpf_program_batch_invoke_function
ebpf_program_batch_invoke_function_t ebpf_program_batch_invoke_function
Definition: ebpf_extension.h:90
_ebpf_extension_program_dispatch_table::count
uint16_t count
Number of entries in the dispatch table.
Definition: ebpf_extension.h:87
Generated by doxygen 1.9.1