ebpf_nethooks.h

Go to the documentation of this file.

// Copyright (c) eBPF for Windows contributors
// SPDX-License-Identifier: MIT
#pragma once
#include <stdint.h>
 
// This file contains APIs for hooks and helpers that are
// exposed by netebpfext.sys for use by eBPF programs.
 
#ifndef __doxygen
#define EBPF_HELPER(return_type, name, args) typedef return_type(*const name##_t) args
#endif
 
// BIND hook
 
typedef enum _bind_operation
{
    BIND_OPERATION_BIND,      
    BIND_OPERATION_POST_BIND, 
    BIND_OPERATION_UNBIND,    
} bind_operation_t;
 
typedef struct _bind_md
{
    uint8_t* app_id_start;         
    uint8_t* app_id_end;           
    uint64_t process_id;           
    uint8_t socket_address[16];    
    uint8_t socket_address_length; 
    bind_operation_t operation;    
    uint8_t protocol;              
} bind_md_t;
 
typedef enum _bind_action
{
    BIND_PERMIT_SOFT,
 
    BIND_DENY,
 
    BIND_REDIRECT,
 
    BIND_PERMIT_HARD,
 
    BIND_PERMIT = BIND_PERMIT_SOFT,
} bind_action_t;
 
typedef bind_action_t
bind_hook_t(bind_md_t* context);
 
//
// CGROUP_SOCK_ADDR.
//
 
typedef enum _ebpf_sock_addr_verdict
{
    BPF_SOCK_ADDR_VERDICT_REJECT,
    BPF_SOCK_ADDR_VERDICT_PROCEED_SOFT,
    BPF_SOCK_ADDR_VERDICT_PROCEED_HARD
} ebpf_sock_addr_verdict_t;
 
#ifdef _MSC_VER
#pragma warning(push)
#pragma warning(disable : 4201)
#endif
typedef struct bpf_sock_addr
{
    uint32_t family; 
    struct
    {
        union
        {
            uint32_t msg_src_ip4;
            uint32_t msg_src_ip6[4];
        };
        uint16_t msg_src_port; 
    };
    struct
    {
        /* @brief Destination IP address in network byte order.
         * Local for egress, remote for ingress.
         */
        union
        {
            uint32_t user_ip4;
            uint32_t user_ip6[4];
        };
        uint16_t user_port; 
    };
    uint32_t protocol;       
    uint32_t compartment_id; 
    uint64_t interface_luid; 
} bpf_sock_addr_t;
 
#define SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF
 
typedef enum
{
    BPF_FUNC_sock_addr_get_current_pid_tgid = SOCK_ADDR_EXT_HELPER_FN_BASE + 1,
    BPF_FUNC_sock_addr_set_redirect_context = SOCK_ADDR_EXT_HELPER_FN_BASE + 2,
} ebpf_sock_addr_helper_id_t;
 
EBPF_HELPER(int, bpf_sock_addr_set_redirect_context, (bpf_sock_addr_t * ctx, void* data, uint32_t data_size));
#ifndef __doxygen
#define bpf_sock_addr_set_redirect_context \
    ((bpf_sock_addr_set_redirect_context_t)BPF_FUNC_sock_addr_set_redirect_context)
#endif
 
typedef ebpf_sock_addr_verdict_t
sock_addr_hook_t(bpf_sock_addr_t* context);
 
typedef enum _bpf_sock_op_type
{
    BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB,
    BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB,
    BPF_SOCK_OPS_CONNECTION_DELETED_CB
} bpf_sock_op_type_t;
 
typedef struct _bpf_sock_ops
{
    bpf_sock_op_type_t op;
    uint32_t family; 
    struct
    {
        union
        {
            uint32_t local_ip4;
            uint32_t local_ip6[4];
        }; 
        uint32_t local_port;
    }; 
    struct
    {
        union
        {
            uint32_t remote_ip4;
            uint32_t remote_ip6[4];
        }; 
        uint32_t remote_port;
    }; 
    uint8_t protocol;        
    uint32_t compartment_id; 
    uint64_t interface_luid; 
} bpf_sock_ops_t;
 
typedef int
sock_ops_hook_t(bpf_sock_ops_t* context);
 
#ifdef _MSC_VER
#pragma warning(pop)
#endif