eBPF for Windows
Loading...
Searching...
No Matches
ebpf_nethooks.h
Go to the documentation of this file.
1// Copyright (c) eBPF for Windows contributors
2// SPDX-License-Identifier: MIT
3#pragma once
4#include <stdint.h>
5
6// This file contains APIs for hooks and helpers that are
7// exposed by netebpfext.sys for use by eBPF programs.
8
9#ifndef __doxygen
10#define EBPF_HELPER(return_type, name, args) typedef return_type(*const name##_t) args
11#endif
12
13// BIND hook
14
21
32
39
50typedef bind_action_t
51bind_hook_t(bind_md_t* context);
52
53//
54// CGROUP_SOCK_ADDR.
55//
56
57#define BPF_SOCK_ADDR_VERDICT_REJECT 0
58#define BPF_SOCK_ADDR_VERDICT_PROCEED 1
59#define BPF_SOCK_ADDR_VERDICT_PROCEED_HARD 2
60
61#ifdef _MSC_VER
62#pragma warning(push)
63#pragma warning(disable : 4201)
64#endif
68typedef struct bpf_sock_addr
69{
70 uint32_t family;
71 struct
72 {
77 union
78 {
79 uint32_t msg_src_ip4;
80 uint32_t msg_src_ip6[4];
81 };
82 uint16_t msg_src_port;
83 };
84 struct
85 {
86 /* @brief Destination IP address in network byte order.
87 * Local for egress, remote for ingress.
88 */
89 union
90 {
91 uint32_t user_ip4;
92 uint32_t user_ip6[4];
93 };
94 uint16_t user_port;
95 };
96 uint32_t protocol;
97 uint32_t compartment_id;
98 uint64_t interface_luid;
99} bpf_sock_addr_t;
100
101#define SOCK_ADDR_EXT_HELPER_FN_BASE 0xFFFF
102
108
120EBPF_HELPER(int, bpf_sock_addr_set_redirect_context, (bpf_sock_addr_t * ctx, void* data, uint32_t data_size));
121#ifndef __doxygen
122#define bpf_sock_addr_set_redirect_context \
123 ((bpf_sock_addr_set_redirect_context_t)BPF_FUNC_sock_addr_set_redirect_context)
124#endif
125
144typedef int
145sock_addr_hook_t(bpf_sock_addr_t* context);
146
156
157typedef struct _bpf_sock_ops
158{
159 bpf_sock_op_type_t op;
160 uint32_t family;
161 struct
162 {
163 union
164 {
165 uint32_t local_ip4;
166 uint32_t local_ip6[4];
167 };
168 uint32_t local_port;
169 };
170 struct
171 {
172 union
173 {
174 uint32_t remote_ip4;
175 uint32_t remote_ip6[4];
176 };
177 uint32_t remote_port;
178 };
179 uint8_t protocol;
180 uint32_t compartment_id;
181 uint64_t interface_luid;
182} bpf_sock_ops_t;
183
196typedef int
197sock_ops_hook_t(bpf_sock_ops_t* context);
198
199#ifdef _MSC_VER
200#pragma warning(pop)
201#endif
bind_operation_t
enum _bind_operation bind_operation_t
SOCK_ADDR_EXT_HELPER_FN_BASE
#define SOCK_ADDR_EXT_HELPER_FN_BASE
Definition ebpf_nethooks.h:101
ebpf_sock_addr_helper_id_t
ebpf_sock_addr_helper_id_t
Definition ebpf_nethooks.h:104
BPF_FUNC_sock_addr_set_redirect_context
@ BPF_FUNC_sock_addr_set_redirect_context
Definition ebpf_nethooks.h:106
BPF_FUNC_sock_addr_get_current_pid_tgid
@ BPF_FUNC_sock_addr_get_current_pid_tgid
Definition ebpf_nethooks.h:105
bpf_sock_op_type_t
enum _bpf_sock_op_type bpf_sock_op_type_t
sock_addr_hook_t
int sock_addr_hook_t(bpf_sock_addr_t *context)
Handle socket operation. Currently supports ingress/egress connection initialization.
Definition ebpf_nethooks.h:145
sock_ops_hook_t
int sock_ops_hook_t(bpf_sock_ops_t *context)
Handle socket event notification. Currently notifies ingress/egress connection establishment and tear...
Definition ebpf_nethooks.h:197
bpf_sock_addr_set_redirect_context
int bpf_sock_addr_set_redirect_context(bpf_sock_addr_t *ctx, void *data, uint32_t data_size)
Set a context for consumption by a user-mode application (sock_addr specific only)....
_bind_operation
_bind_operation
Definition ebpf_nethooks.h:16
BIND_OPERATION_BIND
@ BIND_OPERATION_BIND
Entry to bind.
Definition ebpf_nethooks.h:17
BIND_OPERATION_UNBIND
@ BIND_OPERATION_UNBIND
Release port.
Definition ebpf_nethooks.h:19
BIND_OPERATION_POST_BIND
@ BIND_OPERATION_POST_BIND
After port allocation.
Definition ebpf_nethooks.h:18
_bind_action
_bind_action
Definition ebpf_nethooks.h:34
BIND_REDIRECT
@ BIND_REDIRECT
Change the bind endpoint.
Definition ebpf_nethooks.h:37
BIND_PERMIT
@ BIND_PERMIT
Permit the bind operation.
Definition ebpf_nethooks.h:35
BIND_DENY
@ BIND_DENY
Deny the bind operation.
Definition ebpf_nethooks.h:36
_bpf_sock_op_type
_bpf_sock_op_type
Definition ebpf_nethooks.h:148
BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
Indicates when a passive (inbound) connection is established.
Definition ebpf_nethooks.h:152
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
@ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
Indicates when an active (outbound) connection is established.
Definition ebpf_nethooks.h:150
BPF_SOCK_OPS_CONNECTION_DELETED_CB
@ BPF_SOCK_OPS_CONNECTION_DELETED_CB
Indicates when a connection is deleted.
Definition ebpf_nethooks.h:154
bind_hook_t
bind_action_t bind_hook_t(bind_md_t *context)
Handle an AF_INET socket bind() request.
Definition ebpf_nethooks.h:51
bpf_sock_addr_t
struct bpf_sock_addr bpf_sock_addr_t
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
bind_action_t
enum _bind_action bind_action_t
bind_md_t
struct _bind_md bind_md_t
bpf_sock_ops_t
struct _bpf_sock_ops bpf_sock_ops_t
_bind_md
Definition ebpf_nethooks.h:23
_bind_md::protocol
uint8_t protocol
Protocol number (e.g., IPPROTO_TCP).
Definition ebpf_nethooks.h:30
_bind_md::operation
bind_operation_t operation
Operation to do.
Definition ebpf_nethooks.h:29
_bind_md::app_id_end
uint8_t * app_id_end
Pointer to end of App ID.
Definition ebpf_nethooks.h:25
_bind_md::socket_address
uint8_t socket_address[16]
Socket address to bind to.
Definition ebpf_nethooks.h:27
_bind_md::process_id
uint64_t process_id
Process ID.
Definition ebpf_nethooks.h:26
_bind_md::app_id_start
uint8_t * app_id_start
Pointer to start of App ID.
Definition ebpf_nethooks.h:24
_bind_md::socket_address_length
uint8_t socket_address_length
Length in bytes of the socket address.
Definition ebpf_nethooks.h:28
_bpf_sock_ops
Definition ebpf_nethooks.h:158
_bpf_sock_ops::local_ip4
uint32_t local_ip4
Definition ebpf_nethooks.h:165
_bpf_sock_ops::family
uint32_t family
IP address family.
Definition ebpf_nethooks.h:160
_bpf_sock_ops::remote_ip4
uint32_t remote_ip4
Definition ebpf_nethooks.h:174
_bpf_sock_ops::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition ebpf_nethooks.h:180
_bpf_sock_ops::protocol
uint8_t protocol
IP protocol.
Definition ebpf_nethooks.h:179
_bpf_sock_ops::remote_port
uint32_t remote_port
Definition ebpf_nethooks.h:177
_bpf_sock_ops::interface_luid
uint64_t interface_luid
Interface LUID.
Definition ebpf_nethooks.h:181
_bpf_sock_ops::local_ip6
uint32_t local_ip6[4]
Definition ebpf_nethooks.h:166
_bpf_sock_ops::op
bpf_sock_op_type_t op
Definition ebpf_nethooks.h:159
_bpf_sock_ops::remote_ip6
uint32_t remote_ip6[4]
Definition ebpf_nethooks.h:175
_bpf_sock_ops::local_port
uint32_t local_port
Definition ebpf_nethooks.h:168
bpf_sock_addr
Data structure used as context for BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type.
Definition ebpf_nethooks.h:69
bpf_sock_addr::protocol
uint32_t protocol
IP protocol.
Definition ebpf_nethooks.h:96
bpf_sock_addr::user_port
uint16_t user_port
Destination port in network byte order.
Definition ebpf_nethooks.h:94
bpf_sock_addr::msg_src_port
uint16_t msg_src_port
Source port in network byte order.
Definition ebpf_nethooks.h:82
bpf_sock_addr::user_ip4
uint32_t user_ip4
Definition ebpf_nethooks.h:91
bpf_sock_addr::user_ip6
uint32_t user_ip6[4]
Definition ebpf_nethooks.h:92
bpf_sock_addr::compartment_id
uint32_t compartment_id
Network compartment Id.
Definition ebpf_nethooks.h:97
bpf_sock_addr::msg_src_ip6
uint32_t msg_src_ip6[4]
Definition ebpf_nethooks.h:80
bpf_sock_addr::interface_luid
uint64_t interface_luid
Interface LUID.
Definition ebpf_nethooks.h:98
bpf_sock_addr::msg_src_ip4
uint32_t msg_src_ip4
Definition ebpf_nethooks.h:79
bpf_sock_addr::family
uint32_t family
IP address family.
Definition ebpf_nethooks.h:70
Generated by doxygen 1.9.8