eBPF for Windows
Loading...
Searching...
No Matches
ebpf_nethooks.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3#pragma once
4#include <stdint.h>
5
6// This file contains APIs for hooks and helpers that are
7// exposed by netebpfext.sys for use by eBPF programs.
8
9#ifndef __doxygen
10#define EBPF_HELPER(return_type, name, args) typedef return_type(*const name##_t) args
11#endif
12
13// BIND hook
14
21
32
39
50typedef bind_action_t
51bind_hook_t(bind_md_t* context);
52
53//
54// CGROUP_SOCK_ADDR.
55//
56
63
64#ifdef _MSC_VER
65#pragma warning(push)
66#pragma warning(disable : 4201)
67#endif
71typedef struct bpf_sock_addr
72{
73 uint32_t family;
74 struct
75 {
80 union
81 {
82 uint32_t msg_src_ip4;
83 uint32_t msg_src_ip6[4];
84 };
85 uint16_t msg_src_port;
86 };
87 struct
88 {
89 /* @brief Destination IP address in network byte order.
90 * Local for egress, remote for ingress.
91 */
92 union
93 {
94 uint32_t user_ip4;
95 uint32_t user_ip6[4];
96 };
97 uint16_t user_port;
98 };
99 uint32_t protocol;
100 uint32_t compartment_id;
101 uint64_t interface_luid;
102} bpf_sock_addr_t;
103
104#define SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF
105
111
123EBPF_HELPER(int, bpf_sock_addr_set_redirect_context, (bpf_sock_addr_t * ctx, void* data, uint32_t data_size));
124#ifndef __doxygen
125#define bpf_sock_addr_set_redirect_context \
126 ((bpf_sock_addr_set_redirect_context_t)BPF_FUNC_sock_addr_set_redirect_context)
127#endif
128
147typedef ebpf_sock_addr_verdict_t
148sock_addr_hook_t(bpf_sock_addr_t* context);
149
159
160typedef struct _bpf_sock_ops
161{
162 bpf_sock_op_type_t op;
163 uint32_t family;
164 struct
165 {
166 union
167 {
168 uint32_t local_ip4;
169 uint32_t local_ip6[4];
170 };
171 uint32_t local_port;
172 };
173 struct
174 {
175 union
176 {
177 uint32_t remote_ip4;
178 uint32_t remote_ip6[4];
179 };
180 uint32_t remote_port;
181 };
182 uint8_t protocol;
183 uint32_t compartment_id;
184 uint64_t interface_luid;
185} bpf_sock_ops_t;
186
199typedef int
200sock_ops_hook_t(bpf_sock_ops_t* context);
201
202#ifdef _MSC_VER
203#pragma warning(pop)
204#endif
bind_operation_t
enum _bind_operation bind_operation_t
SOCK_ADDR_EXT_HELPER_FN_BASE
#define SOCK_ADDR_EXT_HELPER_FN_BASE
Definition ebpf_nethooks.h:104
sock_addr_hook_t
ebpf_sock_addr_verdict_t sock_addr_hook_t(bpf_sock_addr_t *context)
Handle socket operation. Currently supports ingress/egress connection initialization.
Definition ebpf_nethooks.h:148
ebpf_sock_addr_verdict_t
enum _ebpf_sock_addr_verdict ebpf_sock_addr_verdict_t
ebpf_sock_addr_helper_id_t
ebpf_sock_addr_helper_id_t
Definition ebpf_nethooks.h:107
BPF_FUNC_sock_addr_set_redirect_context
@ BPF_FUNC_sock_addr_set_redirect_context
Definition ebpf_nethooks.h:109
BPF_FUNC_sock_addr_get_current_pid_tgid
@ BPF_FUNC_sock_addr_get_current_pid_tgid
Definition ebpf_nethooks.h:108
bpf_sock_op_type_t
enum _bpf_sock_op_type bpf_sock_op_type_t
sock_ops_hook_t
int sock_ops_hook_t(bpf_sock_ops_t *context)
Handle socket event notification. Currently notifies ingress/egress connection establishment and tear...
Definition ebpf_nethooks.h:200
bpf_sock_addr_set_redirect_context
int bpf_sock_addr_set_redirect_context(bpf_sock_addr_t *ctx, void *data, uint32_t data_size)
Set a context for consumption by a user-mode application (sock_addr specific only)....
_bind_operation
_bind_operation
Definition ebpf_nethooks.h:16
BIND_OPERATION_BIND
@ BIND_OPERATION_BIND
Entry to bind.
Definition ebpf_nethooks.h:17
BIND_OPERATION_UNBIND
@ BIND_OPERATION_UNBIND
Release port.
Definition ebpf_nethooks.h:19
BIND_OPERATION_POST_BIND
@ BIND_OPERATION_POST_BIND
After port allocation.
Definition ebpf_nethooks.h:18
_bind_action
_bind_action
Definition ebpf_nethooks.h:34
BIND_REDIRECT
@ BIND_REDIRECT
Change the bind endpoint.
Definition ebpf_nethooks.h:37
BIND_PERMIT
@ BIND_PERMIT
Permit the bind operation.
Definition ebpf_nethooks.h:35
BIND_DENY
@ BIND_DENY
Deny the bind operation.
Definition ebpf_nethooks.h:36
_bpf_sock_op_type
_bpf_sock_op_type
Definition ebpf_nethooks.h:151
BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
Indicates when a passive (inbound) connection is established.
Definition ebpf_nethooks.h:155
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
Indicates when an active (outbound) connection is established.
Definition ebpf_nethooks.h:153
BPF_SOCK_OPS_CONNECTION_DELETED_CB
@ BPF_SOCK_OPS_CONNECTION_DELETED_CB
Indicates when a connection is deleted.
Definition ebpf_nethooks.h:157
bind_hook_t
bind_action_t bind_hook_t(bind_md_t *context)
Handle an AF_INET socket bind() request.
Definition ebpf_nethooks.h:51
bpf_sock_addr_t
struct bpf_sock_addr bpf_sock_addr_t
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
_ebpf_sock_addr_verdict
_ebpf_sock_addr_verdict
Definition ebpf_nethooks.h:58
BPF_SOCK_ADDR_VERDICT_REJECT
@ BPF_SOCK_ADDR_VERDICT_REJECT
Definition ebpf_nethooks.h:59
BPF_SOCK_ADDR_VERDICT_PROCEED_SOFT
@ BPF_SOCK_ADDR_VERDICT_PROCEED_SOFT
Definition ebpf_nethooks.h:60
BPF_SOCK_ADDR_VERDICT_PROCEED_HARD
@ BPF_SOCK_ADDR_VERDICT_PROCEED_HARD
Definition ebpf_nethooks.h:61
bind_action_t
enum _bind_action bind_action_t
bind_md_t
struct _bind_md bind_md_t
bpf_sock_ops_t
struct _bpf_sock_ops bpf_sock_ops_t
_bind_md
Definition ebpf_nethooks.h:23
_bind_md::protocol
uint8_t protocol
Protocol number (e.g., IPPROTO_TCP).
Definition ebpf_nethooks.h:30
_bind_md::operation
bind_operation_t operation
Operation to do.
Definition ebpf_nethooks.h:29
_bind_md::app_id_end
uint8_t * app_id_end
Pointer to end of App ID.
Definition ebpf_nethooks.h:25
_bind_md::socket_address
uint8_t socket_address[16]
Socket address to bind to.
Definition ebpf_nethooks.h:27
_bind_md::process_id
uint64_t process_id
Process ID.
Definition ebpf_nethooks.h:26
_bind_md::app_id_start
uint8_t * app_id_start
Pointer to start of App ID.
Definition ebpf_nethooks.h:24
_bind_md::socket_address_length
uint8_t socket_address_length
Length in bytes of the socket address.
Definition ebpf_nethooks.h:28
_bpf_sock_ops
Definition ebpf_nethooks.h:161
_bpf_sock_ops::local_ip4
uint32_t local_ip4
Definition ebpf_nethooks.h:168
_bpf_sock_ops::family
uint32_t family
IP address family.
Definition ebpf_nethooks.h:163
_bpf_sock_ops::remote_ip4
uint32_t remote_ip4
Definition ebpf_nethooks.h:177
_bpf_sock_ops::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition ebpf_nethooks.h:183
_bpf_sock_ops::protocol
uint8_t protocol
IP protocol.
Definition ebpf_nethooks.h:182
_bpf_sock_ops::remote_port
uint32_t remote_port
Definition ebpf_nethooks.h:180
_bpf_sock_ops::interface_luid
uint64_t interface_luid
Interface LUID.
Definition ebpf_nethooks.h:184
_bpf_sock_ops::local_ip6
uint32_t local_ip6[4]
Definition ebpf_nethooks.h:169
_bpf_sock_ops::op
bpf_sock_op_type_t op
Definition ebpf_nethooks.h:162
_bpf_sock_ops::remote_ip6
uint32_t remote_ip6[4]
Definition ebpf_nethooks.h:178
_bpf_sock_ops::local_port
uint32_t local_port
Definition ebpf_nethooks.h:171
bpf_sock_addr
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
Definition ebpf_nethooks.h:72
bpf_sock_addr::protocol
uint32_t protocol
IP protocol.
Definition ebpf_nethooks.h:99
bpf_sock_addr::user_port
uint16_t user_port
Destination port in network byte order.
Definition ebpf_nethooks.h:97
bpf_sock_addr::msg_src_port
uint16_t msg_src_port
Source port in network byte order.
Definition ebpf_nethooks.h:85
bpf_sock_addr::user_ip4
uint32_t user_ip4
Definition ebpf_nethooks.h:94
bpf_sock_addr::user_ip6
uint32_t user_ip6[4]
Definition ebpf_nethooks.h:95
bpf_sock_addr::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition ebpf_nethooks.h:100
bpf_sock_addr::msg_src_ip6
uint32_t msg_src_ip6[4]
Definition ebpf_nethooks.h:83
bpf_sock_addr::interface_luid
uint64_t interface_luid
Interface LUID.
Definition ebpf_nethooks.h:101
bpf_sock_addr::msg_src_ip4
uint32_t msg_src_ip4
Definition ebpf_nethooks.h:82
bpf_sock_addr::family
uint32_t family
IP address family.
Definition ebpf_nethooks.h:73
Generated by doxygen 1.9.8