eBPF for Windows
ebpf_nethooks.h
Go to the documentation of this file.
1 // Copyright (c) Microsoft Corporation
2 // SPDX-License-Identifier: MIT
3 #pragma once
4 #include <stdint.h>
5 
6 // This file contains APIs for hooks and helpers that are
7 // exposed by netebpfext.sys for use by eBPF programs.
8 
9 // XDP hook. We use "struct xdp_md" for cross-platform compatibility.
10 typedef struct xdp_md
11 {
12  void* data;
13  void* data_end;
14  uint64_t data_meta;
15  uint32_t ingress_ifindex;
16 
17  /* size: 26, cachelines: 1, members: 4 */
18  /* last cacheline: 26 bytes */
19 } xdp_md_t;
20 
21 typedef enum _xdp_action
22 {
23  XDP_PASS = 1,
24  XDP_DROP,
25  XDP_TX
26 } xdp_action_t;
27 
38 typedef xdp_action_t
39 xdp_hook_t(xdp_md_t* context);
40 
41 // XDP helper functions.
42 #define XDP_EXT_HELPER_FN_BASE 0xFFFF
43 
44 #ifndef __doxygen
45 #define EBPF_HELPER(return_type, name, args) typedef return_type(*name##_t) args
46 #endif
47 
48 typedef enum
49 {
50  BPF_FUNC_xdp_adjust_head = XDP_EXT_HELPER_FN_BASE + 1,
51 } ebpf_nethook_helper_id_t;
52 
62 EBPF_HELPER(int, bpf_xdp_adjust_head, (xdp_md_t * ctx, int delta));
63 #ifndef __doxygen
64 #define bpf_xdp_adjust_head ((bpf_xdp_adjust_head_t)BPF_FUNC_xdp_adjust_head)
65 #endif
66 
67 // BIND hook
68 
69 typedef enum _bind_operation
70 {
71  BIND_OPERATION_BIND,
72  BIND_OPERATION_POST_BIND,
73  BIND_OPERATION_UNBIND,
74 } bind_operation_t;
75 
76 typedef struct _bind_md
77 {
78  uint8_t* app_id_start;
79  uint8_t* app_id_end;
80  uint64_t process_id;
81  uint8_t socket_address[16];
82  uint8_t socket_address_length;
83  bind_operation_t operation;
84  uint8_t protocol;
85 } bind_md_t;
86 
87 typedef enum _bind_action
88 {
89  BIND_PERMIT,
90  BIND_DENY,
91  BIND_REDIRECT,
92 } bind_action_t;
93 
104 typedef bind_action_t
105 bind_hook_t(bind_md_t* context);
106 
107 //
108 // CGROUP_SOCK_ADDR.
109 //
110 
111 #define BPF_SOCK_ADDR_VERDICT_REJECT 0
112 #define BPF_SOCK_ADDR_VERDICT_PROCEED 1
113 
114 #ifdef _MSC_VER
115 #pragma warning(push)
116 #pragma warning(disable : 4201)
117 #endif
121 typedef struct bpf_sock_addr
122 {
123  uint32_t family;
124  struct
125  {
130  union
131  {
132  uint32_t msg_src_ip4;
133  uint32_t msg_src_ip6[4];
134  };
135  uint16_t msg_src_port;
136  };
137  struct
138  {
139  /* @brief Destination IP address in network byte order.
140  * Local for egress, remote for ingress.
141  */
142  union
143  {
144  uint32_t user_ip4;
145  uint32_t user_ip6[4];
146  };
147  uint16_t user_port;
148  };
149  uint32_t protocol;
150  uint32_t compartment_id;
151  uint64_t interface_luid;
152 } bpf_sock_addr_t;
153 
154 #define SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF
155 
156 typedef enum
157 {
158  BPF_FUNC_sock_addr_get_current_pid_tgid = SOCK_ADDR_EXT_HELPER_FN_BASE + 1,
159  BPF_FUNC_sock_addr_set_redirect_context = SOCK_ADDR_EXT_HELPER_FN_BASE + 2,
160 } ebpf_sock_addr_helper_id_t;
161 
173 EBPF_HELPER(uint64_t, bpf_sock_addr_get_current_pid_tgid, (bpf_sock_addr_t * ctx));
174 #ifndef __doxygen
175 #define bpf_sock_addr_get_current_pid_tgid \
176  ((bpf_sock_addr_get_current_pid_tgid_t)BPF_FUNC_sock_addr_get_current_pid_tgid)
177 #endif
178 
190 EBPF_HELPER(int, bpf_sock_addr_set_redirect_context, (bpf_sock_addr_t * ctx, void* data, uint32_t data_size));
191 #ifndef __doxygen
192 #define bpf_sock_addr_set_redirect_context \
193  ((bpf_sock_addr_set_redirect_context_t)BPF_FUNC_sock_addr_set_redirect_context)
194 #endif
195 
213 typedef int
214 sock_addr_hook_t(bpf_sock_addr_t* context);
215 
216 typedef enum _bpf_sock_op_type
217 {
219  BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB,
221  BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB,
223  BPF_SOCK_OPS_CONNECTION_DELETED_CB
224 } bpf_sock_op_type_t;
225 
226 typedef struct _bpf_sock_ops
227 {
228  bpf_sock_op_type_t op;
229  uint32_t family;
230  struct
231  {
232  union
233  {
234  uint32_t local_ip4;
235  uint32_t local_ip6[4];
236  };
237  uint32_t local_port;
238  };
239  struct
240  {
241  union
242  {
243  uint32_t remote_ip4;
244  uint32_t remote_ip6[4];
245  };
246  uint32_t remote_port;
247  };
248  uint8_t protocol;
249  uint32_t compartment_id;
250  uint64_t interface_luid;
251 } bpf_sock_ops_t;
252 
265 typedef int
266 sock_ops_hook_t(bpf_sock_ops_t* context);
267 
268 #ifdef _MSC_VER
269 #pragma warning(pop)
270 #endif
bind_operation_t
enum _bind_operation bind_operation_t
SOCK_ADDR_EXT_HELPER_FN_BASE
#define SOCK_ADDR_EXT_HELPER_FN_BASE
Definition: ebpf_nethooks.h:154
bpf_sock_addr_get_current_pid_tgid
uint64_t bpf_sock_addr_get_current_pid_tgid(bpf_sock_addr_t *ctx)
Get current pid and tgid (sock_addr specific only).
ebpf_sock_addr_helper_id_t
ebpf_sock_addr_helper_id_t
Definition: ebpf_nethooks.h:157
BPF_FUNC_sock_addr_set_redirect_context
@ BPF_FUNC_sock_addr_set_redirect_context
Definition: ebpf_nethooks.h:159
BPF_FUNC_sock_addr_get_current_pid_tgid
@ BPF_FUNC_sock_addr_get_current_pid_tgid
Definition: ebpf_nethooks.h:158
bpf_sock_op_type_t
enum _bpf_sock_op_type bpf_sock_op_type_t
sock_addr_hook_t
int sock_addr_hook_t(bpf_sock_addr_t *context)
Handle socket operation. Currently supports ingress/egress connection initialization.
Definition: ebpf_nethooks.h:214
sock_ops_hook_t
int sock_ops_hook_t(bpf_sock_ops_t *context)
Handle socket event notification. Currently notifies ingress/egress connection establishment and tear...
Definition: ebpf_nethooks.h:266
_xdp_action
_xdp_action
Definition: ebpf_nethooks.h:22
XDP_TX
@ XDP_TX
Bounce the received packet back out the same NIC it arrived on.
Definition: ebpf_nethooks.h:25
XDP_PASS
@ XDP_PASS
Allow the packet to pass.
Definition: ebpf_nethooks.h:23
XDP_DROP
@ XDP_DROP
Drop the packet.
Definition: ebpf_nethooks.h:24
bpf_sock_addr_set_redirect_context
int bpf_sock_addr_set_redirect_context(bpf_sock_addr_t *ctx, void *data, uint32_t data_size)
Set a context for consumption by a user-mode application (sock_addr specific only)....
_bind_operation
_bind_operation
Definition: ebpf_nethooks.h:70
BIND_OPERATION_BIND
@ BIND_OPERATION_BIND
Entry to bind.
Definition: ebpf_nethooks.h:71
BIND_OPERATION_UNBIND
@ BIND_OPERATION_UNBIND
Release port.
Definition: ebpf_nethooks.h:73
BIND_OPERATION_POST_BIND
@ BIND_OPERATION_POST_BIND
After port allocation.
Definition: ebpf_nethooks.h:72
xdp_hook_t
xdp_action_t xdp_hook_t(xdp_md_t *context)
Handle an incoming packet as early as possible.
Definition: ebpf_nethooks.h:39
xdp_action_t
enum _xdp_action xdp_action_t
_bind_action
_bind_action
Definition: ebpf_nethooks.h:88
BIND_REDIRECT
@ BIND_REDIRECT
Change the bind endpoint.
Definition: ebpf_nethooks.h:91
BIND_PERMIT
@ BIND_PERMIT
Permit the bind operation.
Definition: ebpf_nethooks.h:89
BIND_DENY
@ BIND_DENY
Deny the bind operation.
Definition: ebpf_nethooks.h:90
_bpf_sock_op_type
_bpf_sock_op_type
Definition: ebpf_nethooks.h:217
BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
Indicates when a passive (inbound) connection is established.
Definition: ebpf_nethooks.h:221
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
Indicates when an active (outbound) connection is established.
Definition: ebpf_nethooks.h:219
BPF_SOCK_OPS_CONNECTION_DELETED_CB
@ BPF_SOCK_OPS_CONNECTION_DELETED_CB
Indicates when a connection is deleted.
Definition: ebpf_nethooks.h:223
bind_hook_t
bind_action_t bind_hook_t(bind_md_t *context)
Handle an AF_INET socket bind() request.
Definition: ebpf_nethooks.h:105
bpf_sock_addr_t
struct bpf_sock_addr bpf_sock_addr_t
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
ebpf_nethook_helper_id_t
ebpf_nethook_helper_id_t
Definition: ebpf_nethooks.h:49
BPF_FUNC_xdp_adjust_head
@ BPF_FUNC_xdp_adjust_head
Definition: ebpf_nethooks.h:50
XDP_EXT_HELPER_FN_BASE
#define XDP_EXT_HELPER_FN_BASE
Definition: ebpf_nethooks.h:42
xdp_md_t
struct xdp_md xdp_md_t
bind_action_t
enum _bind_action bind_action_t
bind_md_t
struct _bind_md bind_md_t
bpf_sock_ops_t
struct _bpf_sock_ops bpf_sock_ops_t
bpf_xdp_adjust_head
int bpf_xdp_adjust_head(xdp_md_t *ctx, int delta)
Adjust XDP context data pointer.
_bind_md
Definition: ebpf_nethooks.h:77
_bind_md::protocol
uint8_t protocol
Protocol number (e.g., IPPROTO_TCP).
Definition: ebpf_nethooks.h:84
_bind_md::operation
bind_operation_t operation
Operation to do.
Definition: ebpf_nethooks.h:83
_bind_md::app_id_end
uint8_t * app_id_end
Pointer to end of App ID.
Definition: ebpf_nethooks.h:79
_bind_md::socket_address
uint8_t socket_address[16]
Socket address to bind to.
Definition: ebpf_nethooks.h:81
_bind_md::process_id
uint64_t process_id
Process ID.
Definition: ebpf_nethooks.h:80
_bind_md::app_id_start
uint8_t * app_id_start
Pointer to start of App ID.
Definition: ebpf_nethooks.h:78
_bind_md::socket_address_length
uint8_t socket_address_length
Length in bytes of the socket address.
Definition: ebpf_nethooks.h:82
_bpf_sock_ops
Definition: ebpf_nethooks.h:227
_bpf_sock_ops::local_ip4
uint32_t local_ip4
Definition: ebpf_nethooks.h:234
_bpf_sock_ops::family
uint32_t family
IP address family.
Definition: ebpf_nethooks.h:229
_bpf_sock_ops::remote_ip4
uint32_t remote_ip4
Definition: ebpf_nethooks.h:243
_bpf_sock_ops::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition: ebpf_nethooks.h:249
_bpf_sock_ops::protocol
uint8_t protocol
IP protocol.
Definition: ebpf_nethooks.h:248
_bpf_sock_ops::remote_port
uint32_t remote_port
Definition: ebpf_nethooks.h:246
_bpf_sock_ops::interface_luid
uint64_t interface_luid
Interface LUID.
Definition: ebpf_nethooks.h:250
_bpf_sock_ops::local_ip6
uint32_t local_ip6[4]
Definition: ebpf_nethooks.h:235
_bpf_sock_ops::op
bpf_sock_op_type_t op
Definition: ebpf_nethooks.h:228
_bpf_sock_ops::remote_ip6
uint32_t remote_ip6[4]
Definition: ebpf_nethooks.h:244
_bpf_sock_ops::local_port
uint32_t local_port
Definition: ebpf_nethooks.h:237
bpf_sock_addr
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
Definition: ebpf_nethooks.h:122
bpf_sock_addr::protocol
uint32_t protocol
IP protocol.
Definition: ebpf_nethooks.h:149
bpf_sock_addr::user_port
uint16_t user_port
Destination port in network byte order.
Definition: ebpf_nethooks.h:147
bpf_sock_addr::msg_src_port
uint16_t msg_src_port
Source port in network byte order.
Definition: ebpf_nethooks.h:135
bpf_sock_addr::user_ip4
uint32_t user_ip4
Definition: ebpf_nethooks.h:144
bpf_sock_addr::user_ip6
uint32_t user_ip6[4]
Definition: ebpf_nethooks.h:145
bpf_sock_addr::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition: ebpf_nethooks.h:150
bpf_sock_addr::msg_src_ip6
uint32_t msg_src_ip6[4]
Definition: ebpf_nethooks.h:133
bpf_sock_addr::interface_luid
uint64_t interface_luid
Interface LUID.
Definition: ebpf_nethooks.h:151
bpf_sock_addr::msg_src_ip4
uint32_t msg_src_ip4
Definition: ebpf_nethooks.h:132
bpf_sock_addr::family
uint32_t family
IP address family.
Definition: ebpf_nethooks.h:123
xdp_md
Definition: ebpf_nethooks.h:11
xdp_md::data_end
void * data_end
Pointer to end of packet data.
Definition: ebpf_nethooks.h:13
xdp_md::data
void * data
Pointer to start of packet data.
Definition: ebpf_nethooks.h:12
xdp_md::data_meta
uint64_t data_meta
Packet metadata.
Definition: ebpf_nethooks.h:14
xdp_md::ingress_ifindex
uint32_t ingress_ifindex
Ingress interface index.
Definition: ebpf_nethooks.h:15
Generated by doxygen 1.9.1