ebpf_structs.h

Go to the documentation of this file.

// Copyright (c) eBPF for Windows contributors
// SPDX-License-Identifier: MIT
#pragma once
 
#include "ebpf_windows.h"
 
#define MAX_TAIL_CALL_CNT 33
 
#define BPF_ENUM_TO_STRING(X) #X
 
typedef enum bpf_map_type
{
    BPF_MAP_TYPE_UNSPEC = 0, 
    BPF_MAP_TYPE_HASH = 1,   
    BPF_MAP_TYPE_ARRAY = 2,  
    BPF_MAP_TYPE_PROG_ARRAY =
        3, 
    BPF_MAP_TYPE_PERCPU_HASH = 4,       
    BPF_MAP_TYPE_PERCPU_ARRAY = 5,      
    BPF_MAP_TYPE_HASH_OF_MAPS = 6,      
    BPF_MAP_TYPE_ARRAY_OF_MAPS = 7,     
    BPF_MAP_TYPE_LRU_HASH = 8,          
    BPF_MAP_TYPE_LPM_TRIE = 9,          
    BPF_MAP_TYPE_QUEUE = 10,            
    BPF_MAP_TYPE_LRU_PERCPU_HASH = 11,  
    BPF_MAP_TYPE_STACK = 12,            
    BPF_MAP_TYPE_RINGBUF = 13,          
    BPF_MAP_TYPE_PERF_EVENT_ARRAY = 14, 
} ebpf_map_type_t;
 
#define BPF_MAP_TYPE_PER_CPU(X)                                                                                    \
    ((X) == BPF_MAP_TYPE_PERCPU_HASH || (X) == BPF_MAP_TYPE_PERCPU_ARRAY || (X) == BPF_MAP_TYPE_LRU_PERCPU_HASH || \
     (X) == BPF_MAP_TYPE_PERF_EVENT_ARRAY)
 
static const char* const _ebpf_map_type_names[] = {
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_UNSPEC),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_HASH),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_ARRAY),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_PROG_ARRAY),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_PERCPU_HASH),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_PERCPU_ARRAY),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_HASH_OF_MAPS),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_ARRAY_OF_MAPS),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_LRU_HASH),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_LPM_TRIE),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_QUEUE),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_LRU_PERCPU_HASH),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_STACK),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_RINGBUF),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_PERF_EVENT_ARRAY),
};
 
static const char* const _ebpf_map_display_names[] = {
    "unspec",
    "hash",
    "array",
    "prog_array",
    "percpu_hash",
    "percpu_array",
    "hash_of_maps",
    "array_of_maps",
    "lru_hash",
    "lpm_trie",
    "queue",
    "lru_percpu_hash",
    "stack",
    "ringbuf",
    "perf_event_array",
};
 
typedef enum ebpf_map_option
{
    EBPF_ANY,     
    EBPF_NOEXIST, 
    EBPF_EXIST    
} ebpf_map_option_t;
 
typedef enum ebpf_pin_type
{
    LIBBPF_PIN_NONE = 0, 
    LIBBPF_PIN_BY_NAME,  
} ebpf_pin_type_t;
 
static const char* const _ebpf_pin_type_names[] = {
    BPF_ENUM_TO_STRING(LIBBPF_PIN_NONE),
    BPF_ENUM_TO_STRING(LIBBPF_PIN_BY_NAME),
};
 
typedef uint32_t ebpf_id_t;
#define EBPF_ID_NONE 0
 
typedef struct _ebpf_map_definition_in_memory
{
    ebpf_map_type_t type; 
    uint32_t key_size;    
    uint32_t value_size;  
    uint32_t max_entries; 
    ebpf_id_t inner_map_id;
    ebpf_pin_type_t pinning;
} ebpf_map_definition_in_memory_t;
 
typedef struct _ebpf_map_definition_in_file
{
    ebpf_map_type_t type; 
    uint32_t key_size;    
    uint32_t value_size;  
    uint32_t max_entries; 
 
    uint32_t inner_map_idx;
    ebpf_pin_type_t pinning;
 
    uint32_t id;
    uint32_t inner_id;
} ebpf_map_definition_in_file_t;
 
typedef enum
{
    BPF_FUNC_map_lookup_elem = 1,            
    BPF_FUNC_map_update_elem = 2,            
    BPF_FUNC_map_delete_elem = 3,            
    BPF_FUNC_map_lookup_and_delete_elem = 4, 
    BPF_FUNC_tail_call = 5,                  
    BPF_FUNC_get_prandom_u32 = 6,            
    BPF_FUNC_ktime_get_boot_ns = 7,          
    BPF_FUNC_get_smp_processor_id = 8,       
    BPF_FUNC_ktime_get_ns = 9,               
    BPF_FUNC_csum_diff = 10,                 
    BPF_FUNC_ringbuf_output = 11,            
    BPF_FUNC_trace_printk2 = 12,             
    BPF_FUNC_trace_printk3 = 13,             
    BPF_FUNC_trace_printk4 = 14,             
    BPF_FUNC_trace_printk5 = 15,             
    BPF_FUNC_map_push_elem = 16,             
    BPF_FUNC_map_pop_elem = 17,              
    BPF_FUNC_map_peek_elem = 18,             
    BPF_FUNC_get_current_pid_tgid = 19,      
    BPF_FUNC_get_current_logon_id = 20,      
    BPF_FUNC_is_current_admin = 21,          
    BPF_FUNC_memcpy_s = 22,                  
    BPF_FUNC_memcmp_s = 23,                  
    BPF_FUNC_memset = 24,                    
    BPF_FUNC_memmove_s = 25,                 
    BPF_FUNC_get_socket_cookie = 26,         
    BPF_FUNC_strncpy_s = 27,                 
    BPF_FUNC_strncat_s = 28,                 
    BPF_FUNC_strnlen_s = 29,                 
    BPF_FUNC_ktime_get_boot_ms = 30,         
    BPF_FUNC_ktime_get_ms = 31,              
    BPF_FUNC_perf_event_output = 32,         
} ebpf_helper_id_t;
 
// Cross-platform BPF program types.
enum bpf_prog_type
{
    BPF_PROG_TYPE_UNSPEC, 
 
    BPF_PROG_TYPE_XDP,
 
    BPF_PROG_TYPE_BIND, // TODO(#333): replace with cross-platform program type
 
    BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
 
    BPF_PROG_TYPE_SOCK_OPS,
 
    BPF_PROG_TYPE_NETEVENT,
 
    BPF_PROG_TYPE_PROCESS,
 
    BPF_PROG_TYPE_XDP_TEST = 998,
 
    BPF_PROG_TYPE_SAMPLE = 999
};
 
typedef enum bpf_prog_type bpf_prog_type_t;
 
#define XDP_FLAGS_REPLACE 0x01
 
// The link type is used to tell which union member is present
// in the bpf_link_info struct.  There is exactly one non-zero value
// per union member.
enum bpf_link_type
{
    BPF_LINK_TYPE_UNSPEC, 
    BPF_LINK_TYPE_PLAIN,  
    BPF_LINK_TYPE_CGROUP, 
    BPF_LINK_TYPE_XDP,    
    BPF_LINK_TYPE_MAX
};
 
static const char* const _ebpf_link_display_names[] = {"unspec", "plain", "cgroup", "xdp"};
 
enum bpf_attach_type
{
    BPF_ATTACH_TYPE_UNSPEC, 
 
    BPF_XDP,
 
    BPF_ATTACH_TYPE_BIND,
 
    BPF_CGROUP_INET4_CONNECT,
 
    BPF_CGROUP_INET6_CONNECT,
 
    BPF_CGROUP_INET4_RECV_ACCEPT,
 
    BPF_CGROUP_INET6_RECV_ACCEPT,
 
    BPF_CGROUP_SOCK_OPS,
 
    BPF_ATTACH_TYPE_SAMPLE,
 
    BPF_XDP_TEST,
 
    BPF_ATTACH_TYPE_NETEVENT,
 
    BPF_ATTACH_TYPE_PROCESS,
 
    __MAX_BPF_ATTACH_TYPE,
};
 
typedef enum bpf_attach_type bpf_attach_type_t;
 
// Libbpf itself requires the following structs to be defined, but doesn't
// care what fields they have.  Applications such as bpftool on the other
// hand depend on fields of specific names and types.
 
#ifdef _MSC_VER
#pragma warning(push)
#pragma warning(disable : 4201) /* nameless struct/union */
#endif
struct bpf_link_info
{
    ebpf_id_t id;                          
    ebpf_id_t prog_id;                     
    enum bpf_link_type type;               
    enum bpf_attach_type attach_type;      
    ebpf_attach_type_t attach_type_uuid;   
    ebpf_program_type_t program_type_uuid; 
    union
    {
        struct
        {
            uint32_t ifindex;
        } xdp;
        struct
        {
            uint64_t cgroup_id;
        } cgroup;
        uint8_t attach_data;
    };
};
#ifdef _MSC_VER
#pragma warning(pop)
#endif
 
#define BPF_OBJ_NAME_LEN 64
 
struct bpf_map_info
{
    // Cross-platform fields.
    ebpf_id_t id;                
    ebpf_map_type_t type;        
    uint32_t key_size;           
    uint32_t value_size;         
    uint32_t max_entries;        
    char name[BPF_OBJ_NAME_LEN]; 
    uint32_t map_flags;          
 
    // Windows-specific fields.
    ebpf_id_t inner_map_id;     
    uint32_t pinned_path_count; 
};
 
#define BPF_ANY 0x0
#define BPF_NOEXIST 0x1
#define BPF_EXIST 0x2
 
struct bpf_prog_info
{
    // Cross-platform fields.
    ebpf_id_t id;                
    enum bpf_prog_type type;     
    uint32_t nr_map_ids;         
    uintptr_t map_ids;           
    char name[BPF_OBJ_NAME_LEN]; 
 
    // Windows-specific fields.
    ebpf_program_type_t type_uuid;       
    ebpf_attach_type_t attach_type_uuid; 
    uint32_t pinned_path_count;          
    uint32_t link_count;                 
};
 
/* BPF_FUNC_perf_event_output flags. */
#define EBPF_MAP_FLAG_INDEX_MASK 0xffffffffULL
#define EBPF_MAP_FLAG_INDEX_SHIFT 0
#define EBPF_MAP_FLAG_CURRENT_CPU EBPF_MAP_FLAG_INDEX_MASK
/* BPF_FUNC_perf_event_output flags for program types with data pointer in context. */
#define EBPF_MAP_FLAG_CTX_LENGTH_SHIFT 32
#define EBPF_MAP_FLAG_CTX_LENGTH_MAX (0xfffffULL)
#define EBPF_MAP_FLAG_CTX_LENGTH_MASK (EBPF_MAP_FLAG_CTX_LENGTH_MAX << EBPF_MAP_FLAG_CTX_LENGTH_SHIFT)
 
typedef ebpf_extension_header_t ebpf_native_module_header_t;