eBPF for Windows
Loading...
Searching...
No Matches
ebpf_nethooks.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3#pragma once
4#include <stdint.h>
5
6// This file contains APIs for hooks and helpers that are
7// exposed by netebpfext.sys for use by eBPF programs.
8
9#ifndef __doxygen
10#define EBPF_HELPER(return_type, name, args) typedef return_type(*const name##_t) args
11#endif
12
13// BIND hook
14
21
32
39
50typedef bind_action_t
51bind_hook_t(bind_md_t* context);
52
53//
54// CGROUP_SOCK_ADDR.
55//
56
57#define BPF_SOCK_ADDR_VERDICT_REJECT 0
58#define BPF_SOCK_ADDR_VERDICT_PROCEED 1
59
60#ifdef _MSC_VER
61#pragma warning(push)
62#pragma warning(disable : 4201)
63#endif
67typedef struct bpf_sock_addr
68{
69 uint32_t family;
70 struct
71 {
76 union
77 {
78 uint32_t msg_src_ip4;
79 uint32_t msg_src_ip6[4];
80 };
81 uint16_t msg_src_port;
82 };
83 struct
84 {
85 /* @brief Destination IP address in network byte order.
86 * Local for egress, remote for ingress.
87 */
88 union
89 {
90 uint32_t user_ip4;
91 uint32_t user_ip6[4];
92 };
93 uint16_t user_port;
94 };
95 uint32_t protocol;
96 uint32_t compartment_id;
97 uint64_t interface_luid;
98} bpf_sock_addr_t;
99
100#define SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF
101
107
119EBPF_HELPER(int, bpf_sock_addr_set_redirect_context, (bpf_sock_addr_t * ctx, void* data, uint32_t data_size));
120#ifndef __doxygen
121#define bpf_sock_addr_set_redirect_context \
122 ((bpf_sock_addr_set_redirect_context_t)BPF_FUNC_sock_addr_set_redirect_context)
123#endif
124
142typedef int
143sock_addr_hook_t(bpf_sock_addr_t* context);
144
154
155typedef struct _bpf_sock_ops
156{
157 bpf_sock_op_type_t op;
158 uint32_t family;
159 struct
160 {
161 union
162 {
163 uint32_t local_ip4;
164 uint32_t local_ip6[4];
165 };
166 uint32_t local_port;
167 };
168 struct
169 {
170 union
171 {
172 uint32_t remote_ip4;
173 uint32_t remote_ip6[4];
174 };
175 uint32_t remote_port;
176 };
177 uint8_t protocol;
178 uint32_t compartment_id;
179 uint64_t interface_luid;
180} bpf_sock_ops_t;
181
194typedef int
195sock_ops_hook_t(bpf_sock_ops_t* context);
196
197#ifdef _MSC_VER
198#pragma warning(pop)
199#endif
bind_operation_t
enum _bind_operation bind_operation_t
SOCK_ADDR_EXT_HELPER_FN_BASE
#define SOCK_ADDR_EXT_HELPER_FN_BASE
Definition ebpf_nethooks.h:100
ebpf_sock_addr_helper_id_t
ebpf_sock_addr_helper_id_t
Definition ebpf_nethooks.h:103
BPF_FUNC_sock_addr_set_redirect_context
@ BPF_FUNC_sock_addr_set_redirect_context
Definition ebpf_nethooks.h:105
BPF_FUNC_sock_addr_get_current_pid_tgid
@ BPF_FUNC_sock_addr_get_current_pid_tgid
Definition ebpf_nethooks.h:104
bpf_sock_op_type_t
enum _bpf_sock_op_type bpf_sock_op_type_t
sock_addr_hook_t
int sock_addr_hook_t(bpf_sock_addr_t *context)
Handle socket operation. Currently supports ingress/egress connection initialization.
Definition ebpf_nethooks.h:143
sock_ops_hook_t
int sock_ops_hook_t(bpf_sock_ops_t *context)
Handle socket event notification. Currently notifies ingress/egress connection establishment and tear...
Definition ebpf_nethooks.h:195
bpf_sock_addr_set_redirect_context
int bpf_sock_addr_set_redirect_context(bpf_sock_addr_t *ctx, void *data, uint32_t data_size)
Set a context for consumption by a user-mode application (sock_addr specific only)....
_bind_operation
_bind_operation
Definition ebpf_nethooks.h:16
BIND_OPERATION_BIND
@ BIND_OPERATION_BIND
Entry to bind.
Definition ebpf_nethooks.h:17
BIND_OPERATION_UNBIND
@ BIND_OPERATION_UNBIND
Release port.
Definition ebpf_nethooks.h:19
BIND_OPERATION_POST_BIND
@ BIND_OPERATION_POST_BIND
After port allocation.
Definition ebpf_nethooks.h:18
_bind_action
_bind_action
Definition ebpf_nethooks.h:34
BIND_REDIRECT
@ BIND_REDIRECT
Change the bind endpoint.
Definition ebpf_nethooks.h:37
BIND_PERMIT
@ BIND_PERMIT
Permit the bind operation.
Definition ebpf_nethooks.h:35
BIND_DENY
@ BIND_DENY
Deny the bind operation.
Definition ebpf_nethooks.h:36
_bpf_sock_op_type
_bpf_sock_op_type
Definition ebpf_nethooks.h:146
BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
Indicates when a passive (inbound) connection is established.
Definition ebpf_nethooks.h:150
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
Indicates when an active (outbound) connection is established.
Definition ebpf_nethooks.h:148
BPF_SOCK_OPS_CONNECTION_DELETED_CB
@ BPF_SOCK_OPS_CONNECTION_DELETED_CB
Indicates when a connection is deleted.
Definition ebpf_nethooks.h:152
bind_hook_t
bind_action_t bind_hook_t(bind_md_t *context)
Handle an AF_INET socket bind() request.
Definition ebpf_nethooks.h:51
bpf_sock_addr_t
struct bpf_sock_addr bpf_sock_addr_t
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
bind_action_t
enum _bind_action bind_action_t
bind_md_t
struct _bind_md bind_md_t
bpf_sock_ops_t
struct _bpf_sock_ops bpf_sock_ops_t
_bind_md
Definition ebpf_nethooks.h:23
_bind_md::protocol
uint8_t protocol
Protocol number (e.g., IPPROTO_TCP).
Definition ebpf_nethooks.h:30
_bind_md::operation
bind_operation_t operation
Operation to do.
Definition ebpf_nethooks.h:29
_bind_md::app_id_end
uint8_t * app_id_end
Pointer to end of App ID.
Definition ebpf_nethooks.h:25
_bind_md::socket_address
uint8_t socket_address[16]
Socket address to bind to.
Definition ebpf_nethooks.h:27
_bind_md::process_id
uint64_t process_id
Process ID.
Definition ebpf_nethooks.h:26
_bind_md::app_id_start
uint8_t * app_id_start
Pointer to start of App ID.
Definition ebpf_nethooks.h:24
_bind_md::socket_address_length
uint8_t socket_address_length
Length in bytes of the socket address.
Definition ebpf_nethooks.h:28
_bpf_sock_ops
Definition ebpf_nethooks.h:156
_bpf_sock_ops::local_ip4
uint32_t local_ip4
Definition ebpf_nethooks.h:163
_bpf_sock_ops::family
uint32_t family
IP address family.
Definition ebpf_nethooks.h:158
_bpf_sock_ops::remote_ip4
uint32_t remote_ip4
Definition ebpf_nethooks.h:172
_bpf_sock_ops::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition ebpf_nethooks.h:178
_bpf_sock_ops::protocol
uint8_t protocol
IP protocol.
Definition ebpf_nethooks.h:177
_bpf_sock_ops::remote_port
uint32_t remote_port
Definition ebpf_nethooks.h:175
_bpf_sock_ops::interface_luid
uint64_t interface_luid
Interface LUID.
Definition ebpf_nethooks.h:179
_bpf_sock_ops::local_ip6
uint32_t local_ip6[4]
Definition ebpf_nethooks.h:164
_bpf_sock_ops::op
bpf_sock_op_type_t op
Definition ebpf_nethooks.h:157
_bpf_sock_ops::remote_ip6
uint32_t remote_ip6[4]
Definition ebpf_nethooks.h:173
_bpf_sock_ops::local_port
uint32_t local_port
Definition ebpf_nethooks.h:166
bpf_sock_addr
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
Definition ebpf_nethooks.h:68
bpf_sock_addr::protocol
uint32_t protocol
IP protocol.
Definition ebpf_nethooks.h:95
bpf_sock_addr::user_port
uint16_t user_port
Destination port in network byte order.
Definition ebpf_nethooks.h:93
bpf_sock_addr::msg_src_port
uint16_t msg_src_port
Source port in network byte order.
Definition ebpf_nethooks.h:81
bpf_sock_addr::user_ip4
uint32_t user_ip4
Definition ebpf_nethooks.h:90
bpf_sock_addr::user_ip6
uint32_t user_ip6[4]
Definition ebpf_nethooks.h:91
bpf_sock_addr::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition ebpf_nethooks.h:96
bpf_sock_addr::msg_src_ip6
uint32_t msg_src_ip6[4]
Definition ebpf_nethooks.h:79
bpf_sock_addr::interface_luid
uint64_t interface_luid
Interface LUID.
Definition ebpf_nethooks.h:97
bpf_sock_addr::msg_src_ip4
uint32_t msg_src_ip4
Definition ebpf_nethooks.h:78
bpf_sock_addr::family
uint32_t family
IP address family.
Definition ebpf_nethooks.h:69
Generated by doxygen 1.9.8