ebpf_nethooks.h

Go to the documentation of this file.

// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#pragma once
#include <stdint.h>
 
// This file contains APIs for hooks and helpers that are
// exposed by netebpfext.sys for use by eBPF programs.
 
// XDP_TEST hook.  We use "struct xdp_md" for cross-platform compatibility.
typedef struct xdp_md_
{
    void* data;               
    void* data_end;           
    uint64_t data_meta;       
    uint32_t ingress_ifindex; 
 
    /* size: 26, cachelines: 1, members: 4 */
    /* last cacheline: 26 bytes */
} xdp_md_t;
 
typedef enum _xdp_action
{
    XDP_PASS = 1, 
    XDP_DROP,     
    XDP_TX        
} xdp_action_t;
 
typedef xdp_action_t
xdp_hook_t(xdp_md_t* context);
 
// XDP_TEST helper functions.
#define XDP_EXT_HELPER_FN_BASE 0xFFFF
 
#ifndef __doxygen
#define EBPF_HELPER(return_type, name, args) typedef return_type(*const name##_t) args
#endif
 
typedef enum
{
    BPF_FUNC_xdp_adjust_head = XDP_EXT_HELPER_FN_BASE + 1,
} ebpf_nethook_helper_id_t;
 
EBPF_HELPER(int, bpf_xdp_adjust_head, (xdp_md_t * ctx, int delta));
#ifndef __doxygen
#define bpf_xdp_adjust_head ((bpf_xdp_adjust_head_t)BPF_FUNC_xdp_adjust_head)
#endif
 
// BIND hook
 
typedef enum _bind_operation
{
    BIND_OPERATION_BIND,      
    BIND_OPERATION_POST_BIND, 
    BIND_OPERATION_UNBIND,    
} bind_operation_t;
 
typedef struct _bind_md
{
    uint8_t* app_id_start;         
    uint8_t* app_id_end;           
    uint64_t process_id;           
    uint8_t socket_address[16];    
    uint8_t socket_address_length; 
    bind_operation_t operation;    
    uint8_t protocol;              
} bind_md_t;
 
typedef enum _bind_action
{
    BIND_PERMIT,   
    BIND_DENY,     
    BIND_REDIRECT, 
} bind_action_t;
 
typedef bind_action_t
bind_hook_t(bind_md_t* context);
 
//
// CGROUP_SOCK_ADDR.
//
 
#define BPF_SOCK_ADDR_VERDICT_REJECT 0
#define BPF_SOCK_ADDR_VERDICT_PROCEED 1
 
#ifdef _MSC_VER
#pragma warning(push)
#pragma warning(disable : 4201)
#endif
typedef struct bpf_sock_addr
{
    uint32_t family; 
    struct
    {
        union
        {
            uint32_t msg_src_ip4;
            uint32_t msg_src_ip6[4];
        };
        uint16_t msg_src_port; 
    };
    struct
    {
        /* @brief Destination IP address in network byte order.
         * Local for egress, remote for ingress.
         */
        union
        {
            uint32_t user_ip4;
            uint32_t user_ip6[4];
        };
        uint16_t user_port; 
    };
    uint32_t protocol;       
    uint32_t compartment_id; 
    uint64_t interface_luid; 
} bpf_sock_addr_t;
 
#define SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF
 
typedef enum
{
    BPF_FUNC_sock_addr_get_current_pid_tgid = SOCK_ADDR_EXT_HELPER_FN_BASE + 1,
    BPF_FUNC_sock_addr_set_redirect_context = SOCK_ADDR_EXT_HELPER_FN_BASE + 2,
} ebpf_sock_addr_helper_id_t;
 
EBPF_HELPER(uint64_t, bpf_sock_addr_get_current_pid_tgid, (bpf_sock_addr_t * ctx));
#ifndef __doxygen
#define bpf_sock_addr_get_current_pid_tgid \
    ((bpf_sock_addr_get_current_pid_tgid_t)BPF_FUNC_sock_addr_get_current_pid_tgid)
#endif
 
EBPF_HELPER(int, bpf_sock_addr_set_redirect_context, (bpf_sock_addr_t * ctx, void* data, uint32_t data_size));
#ifndef __doxygen
#define bpf_sock_addr_set_redirect_context \
    ((bpf_sock_addr_set_redirect_context_t)BPF_FUNC_sock_addr_set_redirect_context)
#endif
 
typedef int
sock_addr_hook_t(bpf_sock_addr_t* context);
 
typedef enum _bpf_sock_op_type
{
    BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB,
    BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB,
    BPF_SOCK_OPS_CONNECTION_DELETED_CB
} bpf_sock_op_type_t;
 
typedef struct _bpf_sock_ops
{
    bpf_sock_op_type_t op;
    uint32_t family; 
    struct
    {
        union
        {
            uint32_t local_ip4;
            uint32_t local_ip6[4];
        }; 
        uint32_t local_port;
    }; 
    struct
    {
        union
        {
            uint32_t remote_ip4;
            uint32_t remote_ip6[4];
        }; 
        uint32_t remote_port;
    };                       
    uint8_t protocol;        
    uint32_t compartment_id; 
    uint64_t interface_luid; 
} bpf_sock_ops_t;
 
typedef int
sock_ops_hook_t(bpf_sock_ops_t* context);
 
#ifdef _MSC_VER
#pragma warning(pop)
#endif