eBPF for Windows
ebpf_nethooks.h
Go to the documentation of this file.
1 // Copyright (c) Microsoft Corporation
2 // SPDX-License-Identifier: MIT
3 #pragma once
4 #include <stdint.h>
5 
6 // This file contains APIs for hooks and helpers that are
7 // exposed by netebpfext.sys for use by eBPF programs.
8 
9 // XDP hook. We use "struct xdp_md" for cross-platform compatibility.
10 typedef struct xdp_md
11 {
12  void* data;
13  void* data_end;
14  uint64_t data_meta;
15  uint32_t ingress_ifindex;
16 
17  /* size: 26, cachelines: 1, members: 4 */
18  /* last cacheline: 26 bytes */
19 } xdp_md_t;
20 
21 typedef enum _xdp_action
22 {
23  XDP_PASS = 1,
24  XDP_DROP,
25  XDP_TX
26 } xdp_action_t;
27 
38 typedef xdp_action_t
39 xdp_hook_t(xdp_md_t* context);
40 
41 // XDP helper functions.
42 #define XDP_EXT_HELPER_FN_BASE 0xFFFF
43 
44 #ifndef __doxygen
45 #define EBPF_HELPER(return_type, name, args) typedef return_type(*name##_t) args
46 #endif
47 
48 typedef enum
49 {
50  BPF_FUNC_xdp_adjust_head = XDP_EXT_HELPER_FN_BASE + 1,
51 } ebpf_nethook_helper_id_t;
52 
62 EBPF_HELPER(int, bpf_xdp_adjust_head, (xdp_md_t * ctx, int delta));
63 #ifndef __doxygen
64 #define bpf_xdp_adjust_head ((bpf_xdp_adjust_head_t)BPF_FUNC_xdp_adjust_head)
65 #endif
66 
67 // BIND hook
68 
69 typedef enum _bind_operation
70 {
71  BIND_OPERATION_BIND,
72  BIND_OPERATION_POST_BIND,
73  BIND_OPERATION_UNBIND,
74 } bind_operation_t;
75 
76 typedef struct _bind_md
77 {
78  uint8_t* app_id_start;
79  uint8_t* app_id_end;
80  uint64_t process_id;
81  uint8_t socket_address[16];
82  uint8_t socket_address_length;
83  bind_operation_t operation;
84  uint8_t protocol;
85 } bind_md_t;
86 
87 typedef enum _bind_action
88 {
89  BIND_PERMIT,
90  BIND_DENY,
91  BIND_REDIRECT,
92 } bind_action_t;
93 
104 typedef bind_action_t
105 bind_hook_t(bind_md_t* context);
106 
107 //
108 // CGROUP_SOCK_ADDR.
109 //
110 
111 #define BPF_SOCK_ADDR_VERDICT_REJECT 0
112 #define BPF_SOCK_ADDR_VERDICT_PROCEED 1
113 
114 #ifdef _MSC_VER
115 #pragma warning(push)
116 #pragma warning(disable : 4201)
117 #endif
121 typedef struct bpf_sock_addr
122 {
123  uint32_t family;
124  struct
125  {
130  union
131  {
132  uint32_t msg_src_ip4;
133  uint32_t msg_src_ip6[4];
134  };
135  uint16_t msg_src_port;
136  };
137  struct
138  {
139  /* @brief Destination IP address in network byte order.
140  * Local for egress, remote for ingress.
141  */
142  union
143  {
144  uint32_t user_ip4;
145  uint32_t user_ip6[4];
146  };
147  uint16_t user_port;
148  };
149  uint32_t protocol;
150  uint32_t compartment_id;
151  uint64_t interface_luid;
152 } bpf_sock_addr_t;
153 
171 typedef int
172 sock_addr_hook_t(bpf_sock_addr_t* context);
173 
174 typedef enum _bpf_sock_op_type
175 {
177  BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB,
179  BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB,
181  BPF_SOCK_OPS_CONNECTION_DELETED_CB
182 } bpf_sock_op_type_t;
183 
184 typedef struct _bpf_sock_ops
185 {
186  bpf_sock_op_type_t op;
187  uint32_t family;
188  struct
189  {
190  union
191  {
192  uint32_t local_ip4;
193  uint32_t local_ip6[4];
194  };
195  uint32_t local_port;
196  };
197  struct
198  {
199  union
200  {
201  uint32_t remote_ip4;
202  uint32_t remote_ip6[4];
203  };
204  uint32_t remote_port;
205  };
206  uint8_t protocol;
207  uint32_t compartment_id;
208  uint64_t interface_luid;
209 } bpf_sock_ops_t;
210 
223 typedef int
224 sock_ops_hook_t(bpf_sock_ops_t* context);
225 
226 #ifdef _MSC_VER
227 #pragma warning(pop)
228 #endif
bind_operation_t
enum _bind_operation bind_operation_t
bpf_sock_op_type_t
enum _bpf_sock_op_type bpf_sock_op_type_t
sock_addr_hook_t
int sock_addr_hook_t(bpf_sock_addr_t *context)
Handle socket operation. Currently supports ingress/egress connection initialization.
Definition: ebpf_nethooks.h:172
sock_ops_hook_t
int sock_ops_hook_t(bpf_sock_ops_t *context)
Handle socket event notification. Currently notifies ingress/egress connection establishment and tear...
Definition: ebpf_nethooks.h:224
_xdp_action
_xdp_action
Definition: ebpf_nethooks.h:22
XDP_TX
@ XDP_TX
Bounce the received packet back out the same NIC it arrived on.
Definition: ebpf_nethooks.h:25
XDP_PASS
@ XDP_PASS
Allow the packet to pass.
Definition: ebpf_nethooks.h:23
XDP_DROP
@ XDP_DROP
Drop the packet.
Definition: ebpf_nethooks.h:24
_bind_operation
_bind_operation
Definition: ebpf_nethooks.h:70
BIND_OPERATION_BIND
@ BIND_OPERATION_BIND
Entry to bind.
Definition: ebpf_nethooks.h:71
BIND_OPERATION_UNBIND
@ BIND_OPERATION_UNBIND
Release port.
Definition: ebpf_nethooks.h:73
BIND_OPERATION_POST_BIND
@ BIND_OPERATION_POST_BIND
After port allocation.
Definition: ebpf_nethooks.h:72
xdp_hook_t
xdp_action_t xdp_hook_t(xdp_md_t *context)
Handle an incoming packet as early as possible.
Definition: ebpf_nethooks.h:39
xdp_action_t
enum _xdp_action xdp_action_t
_bind_action
_bind_action
Definition: ebpf_nethooks.h:88
BIND_REDIRECT
@ BIND_REDIRECT
Change the bind endpoint.
Definition: ebpf_nethooks.h:91
BIND_PERMIT
@ BIND_PERMIT
Permit the bind operation.
Definition: ebpf_nethooks.h:89
BIND_DENY
@ BIND_DENY
Deny the bind operation.
Definition: ebpf_nethooks.h:90
_bpf_sock_op_type
_bpf_sock_op_type
Definition: ebpf_nethooks.h:175
BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
Indicates when a passive (inbound) connection is established.
Definition: ebpf_nethooks.h:179
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
Indicates when an active (outbound) connection is established.
Definition: ebpf_nethooks.h:177
BPF_SOCK_OPS_CONNECTION_DELETED_CB
@ BPF_SOCK_OPS_CONNECTION_DELETED_CB
Indicates when a connection is deleted.
Definition: ebpf_nethooks.h:181
bind_hook_t
bind_action_t bind_hook_t(bind_md_t *context)
Handle an AF_INET socket bind() request.
Definition: ebpf_nethooks.h:105
bpf_sock_addr_t
struct bpf_sock_addr bpf_sock_addr_t
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
ebpf_nethook_helper_id_t
ebpf_nethook_helper_id_t
Definition: ebpf_nethooks.h:49
BPF_FUNC_xdp_adjust_head
@ BPF_FUNC_xdp_adjust_head
Definition: ebpf_nethooks.h:50
XDP_EXT_HELPER_FN_BASE
#define XDP_EXT_HELPER_FN_BASE
Definition: ebpf_nethooks.h:42
xdp_md_t
struct xdp_md xdp_md_t
bind_action_t
enum _bind_action bind_action_t
bind_md_t
struct _bind_md bind_md_t
bpf_sock_ops_t
struct _bpf_sock_ops bpf_sock_ops_t
bpf_xdp_adjust_head
int bpf_xdp_adjust_head(xdp_md_t *ctx, int delta)
Adjust XDP context data pointer.
_bind_md
Definition: ebpf_nethooks.h:77
_bind_md::protocol
uint8_t protocol
Protocol number (e.g., IPPROTO_TCP).
Definition: ebpf_nethooks.h:84
_bind_md::operation
bind_operation_t operation
Operation to do.
Definition: ebpf_nethooks.h:83
_bind_md::app_id_end
uint8_t * app_id_end
Pointer to end of App ID.
Definition: ebpf_nethooks.h:79
_bind_md::socket_address
uint8_t socket_address[16]
Socket address to bind to.
Definition: ebpf_nethooks.h:81
_bind_md::process_id
uint64_t process_id
Process ID.
Definition: ebpf_nethooks.h:80
_bind_md::app_id_start
uint8_t * app_id_start
Pointer to start of App ID.
Definition: ebpf_nethooks.h:78
_bind_md::socket_address_length
uint8_t socket_address_length
Length in bytes of the socket address.
Definition: ebpf_nethooks.h:82
_bpf_sock_ops
Definition: ebpf_nethooks.h:185
_bpf_sock_ops::local_ip4
uint32_t local_ip4
Definition: ebpf_nethooks.h:192
_bpf_sock_ops::family
uint32_t family
IP address family.
Definition: ebpf_nethooks.h:187
_bpf_sock_ops::remote_ip4
uint32_t remote_ip4
Definition: ebpf_nethooks.h:201
_bpf_sock_ops::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition: ebpf_nethooks.h:207
_bpf_sock_ops::protocol
uint8_t protocol
IP protocol.
Definition: ebpf_nethooks.h:206
_bpf_sock_ops::remote_port
uint32_t remote_port
Definition: ebpf_nethooks.h:204
_bpf_sock_ops::interface_luid
uint64_t interface_luid
Interface LUID.
Definition: ebpf_nethooks.h:208
_bpf_sock_ops::local_ip6
uint32_t local_ip6[4]
Definition: ebpf_nethooks.h:193
_bpf_sock_ops::op
bpf_sock_op_type_t op
Definition: ebpf_nethooks.h:186
_bpf_sock_ops::remote_ip6
uint32_t remote_ip6[4]
Definition: ebpf_nethooks.h:202
_bpf_sock_ops::local_port
uint32_t local_port
Definition: ebpf_nethooks.h:195
bpf_sock_addr
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
Definition: ebpf_nethooks.h:122
bpf_sock_addr::protocol
uint32_t protocol
IP protocol.
Definition: ebpf_nethooks.h:149
bpf_sock_addr::user_port
uint16_t user_port
Destination port in network byte order.
Definition: ebpf_nethooks.h:147
bpf_sock_addr::msg_src_port
uint16_t msg_src_port
Source port in network byte order.
Definition: ebpf_nethooks.h:135
bpf_sock_addr::user_ip4
uint32_t user_ip4
Definition: ebpf_nethooks.h:144
bpf_sock_addr::user_ip6
uint32_t user_ip6[4]
Definition: ebpf_nethooks.h:145
bpf_sock_addr::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition: ebpf_nethooks.h:150
bpf_sock_addr::msg_src_ip6
uint32_t msg_src_ip6[4]
Definition: ebpf_nethooks.h:133
bpf_sock_addr::interface_luid
uint64_t interface_luid
Interface LUID.
Definition: ebpf_nethooks.h:151
bpf_sock_addr::msg_src_ip4
uint32_t msg_src_ip4
Definition: ebpf_nethooks.h:132
bpf_sock_addr::family
uint32_t family
IP address family.
Definition: ebpf_nethooks.h:123
xdp_md
Definition: ebpf_nethooks.h:11
xdp_md::data_end
void * data_end
Pointer to end of packet data.
Definition: ebpf_nethooks.h:13
xdp_md::data
void * data
Pointer to start of packet data.
Definition: ebpf_nethooks.h:12
xdp_md::data_meta
uint64_t data_meta
Packet metadata.
Definition: ebpf_nethooks.h:14
xdp_md::ingress_ifindex
uint32_t ingress_ifindex
Ingress interface index.
Definition: ebpf_nethooks.h:15
Generated by doxygen 1.9.1