eBPF for Windows
Data Structures | Macros | Typedefs | Enumerations | Functions
ebpf_nethooks.h File Reference
#include <stdint.h>

Go to the source code of this file.

Data Structures

struct  _bind_md
 
struct  bpf_sock_addr
 Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type. More...
 
struct  _bpf_sock_ops
 

Macros

#define BPF_SOCK_ADDR_VERDICT_REJECT   0
 
#define BPF_SOCK_ADDR_VERDICT_PROCEED   1
 
#define SOCK_ADDR_EXT_HELPER_FN_BASE   0xFFFF
 

Typedefs

typedef enum _bind_operation bind_operation_t
 
typedef struct _bind_md bind_md_t
 
typedef enum _bind_action bind_action_t
 
typedef bind_action_t bind_hook_t(bind_md_t *context)
 Handle an AF_INET socket bind() request. More...
 
typedef struct bpf_sock_addr bpf_sock_addr_t
 Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type. More...
 
typedef int sock_addr_hook_t(bpf_sock_addr_t *context)
 Handle socket operation. Currently supports ingress/egress connection initialization. More...
 
typedef enum _bpf_sock_op_type bpf_sock_op_type_t
 
typedef struct _bpf_sock_ops bpf_sock_ops_t
 
typedef int sock_ops_hook_t(bpf_sock_ops_t *context)
 Handle socket event notification. Currently notifies ingress/egress connection establishment and tear down. More...
 

Enumerations

enum  _bind_operation { BIND_OPERATION_BIND , BIND_OPERATION_POST_BIND , BIND_OPERATION_UNBIND }
 
enum  _bind_action { BIND_PERMIT , BIND_DENY , BIND_REDIRECT }
 
enum  ebpf_sock_addr_helper_id_t { BPF_FUNC_sock_addr_get_current_pid_tgid = SOCK_ADDR_EXT_HELPER_FN_BASE + 1 , BPF_FUNC_sock_addr_set_redirect_context = SOCK_ADDR_EXT_HELPER_FN_BASE + 2 }
 
enum  _bpf_sock_op_type { BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB , BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB , BPF_SOCK_OPS_CONNECTION_DELETED_CB }
 

Functions

uint64_t bpf_sock_addr_get_current_pid_tgid (bpf_sock_addr_t *ctx)
 Get current pid and tgid (sock_addr specific only). More...
 
int bpf_sock_addr_set_redirect_context (bpf_sock_addr_t *ctx, void *data, uint32_t data_size)
 Set a context for consumption by a user-mode application (sock_addr specific only). This function is not supported for the recv_accept hooks. More...
 

Macro Definition Documentation

◆ BPF_SOCK_ADDR_VERDICT_PROCEED

#define BPF_SOCK_ADDR_VERDICT_PROCEED   1

◆ BPF_SOCK_ADDR_VERDICT_REJECT

#define BPF_SOCK_ADDR_VERDICT_REJECT   0

◆ SOCK_ADDR_EXT_HELPER_FN_BASE

#define SOCK_ADDR_EXT_HELPER_FN_BASE   0xFFFF

Typedef Documentation

◆ bind_action_t

typedef enum _bind_action bind_action_t

◆ bind_hook_t

typedef bind_action_t bind_hook_t(bind_md_t *context)

Handle an AF_INET socket bind() request.

Program type: EBPF_PROGRAM_TYPE_BIND

Parameters
[in]contextSocket metadata.
Return values
BIND_PERMITPermit the bind operation.
BIND_DENYDeny the bind operation.
BIND_REDIRECTChange the bind endpoint.

◆ bind_md_t

typedef struct _bind_md bind_md_t

◆ bind_operation_t

typedef enum _bind_operation bind_operation_t

◆ bpf_sock_addr_t

typedef struct bpf_sock_addr bpf_sock_addr_t

Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.

◆ bpf_sock_op_type_t

typedef enum _bpf_sock_op_type bpf_sock_op_type_t

◆ bpf_sock_ops_t

typedef struct _bpf_sock_ops bpf_sock_ops_t

◆ sock_addr_hook_t

typedef int sock_addr_hook_t(bpf_sock_addr_t *context)

Handle socket operation. Currently supports ingress/egress connection initialization.

Program type: EBPF_PROGRAM_TYPE_CGROUP_SOCK_ADDR

Attach type(s): EBPF_ATTACH_TYPE_CGROUP_INET4_CONNECT EBPF_ATTACH_TYPE_CGROUP_INET6_CONNECT EBPF_ATTACH_TYPE_CGROUP_INET4_RECV_ACCEPT EBPF_ATTACH_TYPE_CGROUP_INET6_RECV_ACCEPT

Parameters
[in]contextbpf_sock_addr_t
Return values
BPF_SOCK_ADDR_VERDICT_PROCEEDBlock the socket operation.
BPF_SOCK_ADDR_VERDICT_REJECTAllow the socket operation.

Any other return value other than the two mentioned above is treated as BPF_SOCK_ADDR_VERDICT_REJECT.

◆ sock_ops_hook_t

typedef int sock_ops_hook_t(bpf_sock_ops_t *context)

Handle socket event notification. Currently notifies ingress/egress connection establishment and tear down.

Program type: EBPF_PROGRAM_TYPE_SOCK_OPS

Attach type(s): EBPF_ATTACH_TYPE_CGROUP_SOCK_OPS

Parameters
[in]contextbpf_sock_ops_t
Returns
0 on success, or error value in case of failure.

Enumeration Type Documentation

◆ _bind_action

enum _bind_action
Enumerator
BIND_PERMIT 

Permit the bind operation.

BIND_DENY 

Deny the bind operation.

BIND_REDIRECT 

Change the bind endpoint.

◆ _bind_operation

enum _bind_operation
Enumerator
BIND_OPERATION_BIND 

Entry to bind.

BIND_OPERATION_POST_BIND 

After port allocation.

BIND_OPERATION_UNBIND 

Release port.

◆ _bpf_sock_op_type

enum _bpf_sock_op_type
Enumerator
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB 

Indicates when an active (outbound) connection is established.

BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB 

Indicates when a passive (inbound) connection is established.

BPF_SOCK_OPS_CONNECTION_DELETED_CB 

Indicates when a connection is deleted.

◆ ebpf_sock_addr_helper_id_t

enum ebpf_sock_addr_helper_id_t
Enumerator
BPF_FUNC_sock_addr_get_current_pid_tgid 
BPF_FUNC_sock_addr_set_redirect_context 

Function Documentation

◆ bpf_sock_addr_get_current_pid_tgid()

uint64_t bpf_sock_addr_get_current_pid_tgid ( bpf_sock_addr_t ctx)

Get current pid and tgid (sock_addr specific only).

Deprecated:
Use bpf_get_current_pid_tgid instead.
Parameters
[in]ctxPointer to bpf_sock_addr_t context.
Returns
a 64-bit integer containing the current tgid and pid, and created as such:

current_task\ ->tgid << 32 | current_task\ ->pid.

◆ bpf_sock_addr_set_redirect_context()

int bpf_sock_addr_set_redirect_context ( bpf_sock_addr_t ctx,
void *  data,
uint32_t  data_size 
)

Set a context for consumption by a user-mode application (sock_addr specific only). This function is not supported for the recv_accept hooks.

Parameters
[in]ctxPointer to bpf_sock_addr_t context.
[in]dataPointer to data to store.
[in]data_sizeThe size of the data to store.
Return values
0The operation was successful.
<0A failure occurred.
Generated by doxygen 1.9.1