eBPF for Windows
Loading...
Searching...
No Matches
ebpf_nethooks.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3#pragma once
4#include <stdint.h>
5
6// This file contains APIs for hooks and helpers that are
7// exposed by netebpfext.sys for use by eBPF programs.
8
9#ifndef __doxygen
10#define EBPF_HELPER(return_type, name, args) typedef return_type(*const name##_t) args
11#endif
12
13// BIND hook.
14
21
32
76
98typedef bind_action_t
99bind_hook_t(bind_md_t* context);
100
101//
102// CGROUP_SOCK_ADDR.
103//
104
111
112#ifdef _MSC_VER
113#pragma warning(push)
114#pragma warning(disable : 4201)
115#endif
119typedef struct bpf_sock_addr
120{
121 uint32_t family;
122 struct
123 {
128 union
129 {
130 uint32_t msg_src_ip4;
131 uint32_t msg_src_ip6[4];
132 };
133 uint16_t msg_src_port;
134 };
135 struct
136 {
137 /* @brief Destination IP address in network byte order.
138 * Local for egress, remote for ingress.
139 */
140 union
141 {
142 uint32_t user_ip4;
143 uint32_t user_ip6[4];
144 };
145 uint16_t user_port;
146 };
147 uint32_t protocol;
148 uint32_t compartment_id;
149 uint64_t interface_luid;
150} bpf_sock_addr_t;
151
152#define SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF
153
160
172EBPF_HELPER(int, bpf_sock_addr_set_redirect_context, (bpf_sock_addr_t * ctx, void* data, uint32_t data_size));
173#ifndef __doxygen
174#define bpf_sock_addr_set_redirect_context \
175 ((bpf_sock_addr_set_redirect_context_t)BPF_FUNC_sock_addr_set_redirect_context)
176#endif
177
190
191#define BPF_SOCK_ADDR_NETWORK_CONTEXT_VERSION 1
192
203EBPF_HELPER(int, bpf_sock_addr_get_network_context, (bpf_sock_addr_t * ctx, void* context_ptr, uint32_t context_size));
204#ifndef __doxygen
205#define bpf_sock_addr_get_network_context ((bpf_sock_addr_get_network_context_t)BPF_FUNC_sock_addr_get_network_context)
206#endif
207
228typedef ebpf_sock_addr_verdict_t
229sock_addr_hook_t(bpf_sock_addr_t* context);
230
240
241typedef struct _bpf_sock_ops
242{
243 bpf_sock_op_type_t op;
244 uint32_t family;
245 struct
246 {
247 union
248 {
249 uint32_t local_ip4;
250 uint32_t local_ip6[4];
251 };
252 uint32_t local_port;
253 };
254 struct
255 {
256 union
257 {
258 uint32_t remote_ip4;
259 uint32_t remote_ip6[4];
260 };
261 uint32_t remote_port;
262 };
263 uint8_t protocol;
264 uint32_t compartment_id;
265 uint64_t interface_luid;
266} bpf_sock_ops_t;
267
280typedef int
281sock_ops_hook_t(bpf_sock_ops_t* context);
282
283#define SOCK_OPS_EXT_HELPER_FN_BASE 0xFFFF
284
289
297EBPF_HELPER(uint64_t, bpf_sock_ops_get_flow_id, (bpf_sock_ops_t * ctx));
298#ifndef __doxygen
299#define bpf_sock_ops_get_flow_id ((bpf_sock_ops_get_flow_id_t)BPF_FUNC_sock_ops_get_flow_id)
300#endif
301
302#ifdef _MSC_VER
303#pragma warning(pop)
304#endif
bind_operation_t
enum _bind_operation bind_operation_t
SOCK_ADDR_EXT_HELPER_FN_BASE
#define SOCK_ADDR_EXT_HELPER_FN_BASE
Definition ebpf_nethooks.h:152
ebpf_sock_ops_helper_id_t
ebpf_sock_ops_helper_id_t
Definition ebpf_nethooks.h:286
BPF_FUNC_sock_ops_get_flow_id
@ BPF_FUNC_sock_ops_get_flow_id
Definition ebpf_nethooks.h:287
sock_addr_hook_t
ebpf_sock_addr_verdict_t sock_addr_hook_t(bpf_sock_addr_t *context)
Handle socket operation. Currently supports ingress/egress connection initialization.
Definition ebpf_nethooks.h:229
ebpf_sock_addr_verdict_t
enum _ebpf_sock_addr_verdict ebpf_sock_addr_verdict_t
bpf_sock_ops_get_flow_id
uint64_t bpf_sock_ops_get_flow_id(bpf_sock_ops_t *ctx)
Get the WFP flow ID associated with the current sock_ops context.
ebpf_sock_addr_helper_id_t
ebpf_sock_addr_helper_id_t
Definition ebpf_nethooks.h:155
BPF_FUNC_sock_addr_set_redirect_context
@ BPF_FUNC_sock_addr_set_redirect_context
Definition ebpf_nethooks.h:157
BPF_FUNC_sock_addr_get_current_pid_tgid
@ BPF_FUNC_sock_addr_get_current_pid_tgid
Definition ebpf_nethooks.h:156
BPF_FUNC_sock_addr_get_network_context
@ BPF_FUNC_sock_addr_get_network_context
Definition ebpf_nethooks.h:158
bpf_sock_op_type_t
enum _bpf_sock_op_type bpf_sock_op_type_t
sock_ops_hook_t
int sock_ops_hook_t(bpf_sock_ops_t *context)
Handle socket event notification. Currently notifies ingress/egress connection establishment and tear...
Definition ebpf_nethooks.h:281
bpf_sock_addr_set_redirect_context
int bpf_sock_addr_set_redirect_context(bpf_sock_addr_t *ctx, void *data, uint32_t data_size)
Set a context for consumption by a user-mode application (sock_addr specific only)....
_bind_operation
_bind_operation
Definition ebpf_nethooks.h:16
BIND_OPERATION_BIND
@ BIND_OPERATION_BIND
Entry to bind.
Definition ebpf_nethooks.h:17
BIND_OPERATION_UNBIND
@ BIND_OPERATION_UNBIND
Release port.
Definition ebpf_nethooks.h:19
BIND_OPERATION_POST_BIND
@ BIND_OPERATION_POST_BIND
After port allocation.
Definition ebpf_nethooks.h:18
_bind_action
_bind_action
Actions that can be returned by a bind hook program.
Definition ebpf_nethooks.h:37
BIND_REDIRECT
@ BIND_REDIRECT
Change the bind endpoint.
Definition ebpf_nethooks.h:60
BIND_PERMIT_SOFT
@ BIND_PERMIT_SOFT
Permit the bind operation (soft permit).
Definition ebpf_nethooks.h:44
BIND_PERMIT
@ BIND_PERMIT
Backward compatibility alias for BIND_PERMIT_SOFT.
Definition ebpf_nethooks.h:74
BIND_PERMIT_HARD
@ BIND_PERMIT_HARD
Permit the bind operation (hard permit).
Definition ebpf_nethooks.h:68
BIND_DENY
@ BIND_DENY
Deny the bind operation.
Definition ebpf_nethooks.h:51
_bpf_sock_op_type
_bpf_sock_op_type
Definition ebpf_nethooks.h:232
BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
Indicates when a passive (inbound) connection is established.
Definition ebpf_nethooks.h:236
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
Indicates when an active (outbound) connection is established.
Definition ebpf_nethooks.h:234
BPF_SOCK_OPS_CONNECTION_DELETED_CB
@ BPF_SOCK_OPS_CONNECTION_DELETED_CB
Indicates when a connection is deleted.
Definition ebpf_nethooks.h:238
bind_hook_t
bind_action_t bind_hook_t(bind_md_t *context)
Handle IPv4 and IPv6 socket bind() requests.
Definition ebpf_nethooks.h:99
bpf_sock_addr_t
struct bpf_sock_addr bpf_sock_addr_t
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
SOCK_OPS_EXT_HELPER_FN_BASE
#define SOCK_OPS_EXT_HELPER_FN_BASE
Definition ebpf_nethooks.h:283
bpf_sock_addr_get_network_context
int bpf_sock_addr_get_network_context(bpf_sock_addr_t *ctx, void *context_ptr, uint32_t context_size)
Get the network context for the connection (CONNECT_AUTHORIZATION and RECV_ACCEPT only).
_ebpf_sock_addr_verdict
_ebpf_sock_addr_verdict
Definition ebpf_nethooks.h:106
BPF_SOCK_ADDR_VERDICT_REJECT
@ BPF_SOCK_ADDR_VERDICT_REJECT
Definition ebpf_nethooks.h:107
BPF_SOCK_ADDR_VERDICT_PROCEED_SOFT
@ BPF_SOCK_ADDR_VERDICT_PROCEED_SOFT
Definition ebpf_nethooks.h:108
BPF_SOCK_ADDR_VERDICT_PROCEED_HARD
@ BPF_SOCK_ADDR_VERDICT_PROCEED_HARD
Definition ebpf_nethooks.h:109
bind_action_t
enum _bind_action bind_action_t
Actions that can be returned by a bind hook program.
bind_md_t
struct _bind_md bind_md_t
bpf_sock_ops_t
struct _bpf_sock_ops bpf_sock_ops_t
bpf_sock_addr_network_context_t
struct _bpf_sock_addr_network_context bpf_sock_addr_network_context_t
Network context information for the connection. Available for CONNECT_AUTHORIZATION and RECV_ACCEPT a...
_bind_md
Definition ebpf_nethooks.h:23
_bind_md::protocol
uint8_t protocol
Protocol number (e.g., IPPROTO_TCP).
Definition ebpf_nethooks.h:30
_bind_md::operation
bind_operation_t operation
Operation to do.
Definition ebpf_nethooks.h:29
_bind_md::app_id_end
uint8_t * app_id_end
Pointer to end of App ID.
Definition ebpf_nethooks.h:25
_bind_md::socket_address
uint8_t socket_address[16]
Socket address to bind to.
Definition ebpf_nethooks.h:27
_bind_md::process_id
uint64_t process_id
Process ID.
Definition ebpf_nethooks.h:26
_bind_md::app_id_start
uint8_t * app_id_start
Pointer to start of App ID.
Definition ebpf_nethooks.h:24
_bind_md::socket_address_length
uint8_t socket_address_length
Length in bytes of the socket address.
Definition ebpf_nethooks.h:28
_bpf_sock_addr_network_context
Network context information for the connection. Available for CONNECT_AUTHORIZATION and RECV_ACCEPT a...
Definition ebpf_nethooks.h:183
_bpf_sock_addr_network_context::sub_interface_index
uint32_t sub_interface_index
Sub-interface index, or 0 if not available.
Definition ebpf_nethooks.h:188
_bpf_sock_addr_network_context::interface_type
uint32_t interface_type
IANA interface type, or UINT32_MAX if not available.
Definition ebpf_nethooks.h:185
_bpf_sock_addr_network_context::version
uint32_t version
Struct version (currently 1).
Definition ebpf_nethooks.h:184
_bpf_sock_addr_network_context::tunnel_type
uint32_t tunnel_type
IANA tunnel type; 0 if not a tunnel, or UINT32_MAX if not available.
Definition ebpf_nethooks.h:186
_bpf_sock_addr_network_context::next_hop_interface_luid
uint64_t next_hop_interface_luid
Next-hop interface LUID, or 0 if not available.
Definition ebpf_nethooks.h:187
_bpf_sock_ops
Definition ebpf_nethooks.h:242
_bpf_sock_ops::local_ip4
uint32_t local_ip4
Definition ebpf_nethooks.h:249
_bpf_sock_ops::family
uint32_t family
IP address family.
Definition ebpf_nethooks.h:244
_bpf_sock_ops::remote_ip4
uint32_t remote_ip4
Definition ebpf_nethooks.h:258
_bpf_sock_ops::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition ebpf_nethooks.h:264
_bpf_sock_ops::protocol
uint8_t protocol
IP protocol.
Definition ebpf_nethooks.h:263
_bpf_sock_ops::remote_port
uint32_t remote_port
Definition ebpf_nethooks.h:261
_bpf_sock_ops::interface_luid
uint64_t interface_luid
Interface LUID.
Definition ebpf_nethooks.h:265
_bpf_sock_ops::local_ip6
uint32_t local_ip6[4]
Definition ebpf_nethooks.h:250
_bpf_sock_ops::op
bpf_sock_op_type_t op
Definition ebpf_nethooks.h:243
_bpf_sock_ops::remote_ip6
uint32_t remote_ip6[4]
Definition ebpf_nethooks.h:259
_bpf_sock_ops::local_port
uint32_t local_port
Definition ebpf_nethooks.h:252
bpf_sock_addr
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
Definition ebpf_nethooks.h:120
bpf_sock_addr::protocol
uint32_t protocol
IP protocol.
Definition ebpf_nethooks.h:147
bpf_sock_addr::user_port
uint16_t user_port
Destination port in network byte order.
Definition ebpf_nethooks.h:145
bpf_sock_addr::msg_src_port
uint16_t msg_src_port
Source port in network byte order.
Definition ebpf_nethooks.h:133
bpf_sock_addr::user_ip4
uint32_t user_ip4
Definition ebpf_nethooks.h:142
bpf_sock_addr::user_ip6
uint32_t user_ip6[4]
Definition ebpf_nethooks.h:143
bpf_sock_addr::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition ebpf_nethooks.h:148
bpf_sock_addr::msg_src_ip6
uint32_t msg_src_ip6[4]
Definition ebpf_nethooks.h:131
bpf_sock_addr::interface_luid
uint64_t interface_luid
Interface LUID.
Definition ebpf_nethooks.h:149
bpf_sock_addr::msg_src_ip4
uint32_t msg_src_ip4
Definition ebpf_nethooks.h:130
bpf_sock_addr::family
uint32_t family
IP address family.
Definition ebpf_nethooks.h:121
Generated by doxygen 1.9.8