ebpf_structs.h

Go to the documentation of this file.

// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT
#pragma once
 
#include "ebpf_windows.h"
 
#if !defined(NO_CRT)
#include <stdbool.h>
#include <stdint.h>
#else
typedef unsigned char uint8_t;
typedef unsigned int uint32_t;
typedef unsigned long long uint64_t;
#endif
 
#define BPF_ENUM_TO_STRING(X) #X
 
typedef enum bpf_map_type
{
    BPF_MAP_TYPE_UNSPEC = 0, 
    BPF_MAP_TYPE_HASH = 1,   
    BPF_MAP_TYPE_ARRAY = 2,  
    BPF_MAP_TYPE_PROG_ARRAY =
        3, 
    BPF_MAP_TYPE_PERCPU_HASH = 4,      
    BPF_MAP_TYPE_PERCPU_ARRAY = 5,     
    BPF_MAP_TYPE_HASH_OF_MAPS = 6,     
    BPF_MAP_TYPE_ARRAY_OF_MAPS = 7,    
    BPF_MAP_TYPE_LRU_HASH = 8,         
    BPF_MAP_TYPE_LPM_TRIE = 9,         
    BPF_MAP_TYPE_QUEUE = 10,           
    BPF_MAP_TYPE_LRU_PERCPU_HASH = 11, 
    BPF_MAP_TYPE_STACK = 12,           
    BPF_MAP_TYPE_RINGBUF = 13          
} ebpf_map_type_t;
 
#define BPF_MAP_TYPE_PER_CPU(X) \
    ((X) == BPF_MAP_TYPE_PERCPU_HASH || (X) == BPF_MAP_TYPE_PERCPU_ARRAY || (X) == BPF_MAP_TYPE_LRU_PERCPU_HASH)
 
static const char* const _ebpf_map_type_names[] = {
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_UNSPEC),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_HASH),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_ARRAY),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_PROG_ARRAY),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_PERCPU_HASH),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_PERCPU_ARRAY),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_HASH_OF_MAPS),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_ARRAY_OF_MAPS),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_LRU_HASH),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_LPM_TRIE),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_QUEUE),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_LRU_PERCPU_HASH),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_STACK),
    BPF_ENUM_TO_STRING(BPF_MAP_TYPE_RINGBUF),
};
 
static const char* const _ebpf_map_display_names[] = {
    "unspec",
    "hash",
    "array",
    "prog_array",
    "percpu_hash",
    "percpu_array",
    "hash_of_maps",
    "array_of_maps",
    "lru_hash",
    "lpm_trie",
    "queue",
    "lru_percpu_hash",
    "stack",
    "ringbuf",
};
 
typedef enum ebpf_map_option
{
    EBPF_ANY,     
    EBPF_NOEXIST, 
    EBPF_EXIST    
} ebpf_map_option_t;
 
typedef enum ebpf_pin_type
{
    PIN_NONE,      
    PIN_OBJECT_NS, 
    PIN_GLOBAL_NS, 
    PIN_CUSTOM_NS  
} ebpf_pin_type_t;
 
static const char* const _ebpf_pin_type_names[] = {
    BPF_ENUM_TO_STRING(PIN_NONE),
    BPF_ENUM_TO_STRING(PIN_OBJECT_NS),
    BPF_ENUM_TO_STRING(PIN_GLOBAL_NS),
    BPF_ENUM_TO_STRING(PIN_CUSTOM_NS),
};
 
typedef uint32_t ebpf_id_t;
#define EBPF_ID_NONE UINT32_MAX
 
typedef struct _ebpf_map_definition_in_memory
{
    ebpf_map_type_t type; 
    uint32_t key_size;    
    uint32_t value_size;  
    uint32_t max_entries; 
    ebpf_id_t inner_map_id;
    ebpf_pin_type_t pinning;
} ebpf_map_definition_in_memory_t;
 
typedef struct _ebpf_map_definition_in_file
{
    ebpf_map_type_t type; 
    uint32_t key_size;    
    uint32_t value_size;  
    uint32_t max_entries; 
 
    uint32_t inner_map_idx;
    ebpf_pin_type_t pinning;
 
    uint32_t id;
    uint32_t inner_id;
} ebpf_map_definition_in_file_t;
 
typedef enum
{
    BPF_FUNC_map_lookup_elem = 1,            
    BPF_FUNC_map_update_elem = 2,            
    BPF_FUNC_map_delete_elem = 3,            
    BPF_FUNC_map_lookup_and_delete_elem = 4, 
    BPF_FUNC_tail_call = 5,                  
    BPF_FUNC_get_prandom_u32 = 6,            
    BPF_FUNC_ktime_get_boot_ns = 7,          
    BPF_FUNC_get_smp_processor_id = 8,       
    BPF_FUNC_ktime_get_ns = 9,               
    BPF_FUNC_csum_diff = 10,                 
    BPF_FUNC_ringbuf_output = 11,            
    BPF_FUNC_trace_printk2 = 12,             
    BPF_FUNC_trace_printk3 = 13,             
    BPF_FUNC_trace_printk4 = 14,             
    BPF_FUNC_trace_printk5 = 15,             
    BPF_FUNC_map_push_elem = 16,             
    BPF_FUNC_map_pop_elem = 17,              
    BPF_FUNC_map_peek_elem = 18,             
    BPF_FUNC_get_current_pid_tgid = 19,      
    BPF_FUNC_get_current_logon_id = 20,      
    BPF_FUNC_is_current_admin = 21,          
} ebpf_helper_id_t;
 
// Cross-platform BPF program types.
enum bpf_prog_type
{
    BPF_PROG_TYPE_UNSPEC, 
 
    BPF_PROG_TYPE_XDP,
 
    BPF_PROG_TYPE_BIND, // TODO(#333): replace with cross-platform program type
 
    BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
 
    BPF_PROG_TYPE_SOCK_OPS,
 
    BPF_PROG_TYPE_SAMPLE = 999
};
 
typedef enum bpf_prog_type bpf_prog_type_t;
 
#define XDP_FLAGS_REPLACE 0x01
 
// The link type is used to tell which union member is present
// in the bpf_link_info struct.  There is exactly one non-zero value
// per union member.
enum bpf_link_type
{
    BPF_LINK_TYPE_UNSPEC, 
    BPF_LINK_TYPE_PLAIN,  
    BPF_LINK_TYPE_CGROUP, 
    BPF_LINK_TYPE_XDP,    
};
 
static const char* const _ebpf_link_display_names[] = {
    "unspec",
    "plain",
};
 
enum bpf_attach_type
{
    BPF_ATTACH_TYPE_UNSPEC, 
 
    BPF_XDP,
 
    BPF_ATTACH_TYPE_BIND,
 
    BPF_CGROUP_INET4_CONNECT,
 
    BPF_CGROUP_INET6_CONNECT,
 
    BPF_CGROUP_INET4_RECV_ACCEPT,
 
    BPF_CGROUP_INET6_RECV_ACCEPT,
 
    BPF_CGROUP_SOCK_OPS,
 
    BPF_ATTACH_TYPE_SAMPLE,
 
    __MAX_BPF_ATTACH_TYPE,
};
 
typedef enum bpf_attach_type bpf_attach_type_t;
 
// Libbpf itself requires the following structs to be defined, but doesn't
// care what fields they have.  Applications such as bpftool on the other
// hand depend on fields of specific names and types.
 
#ifdef _MSC_VER
#pragma warning(push)
#pragma warning(disable : 4201) /* nameless struct/union */
#endif
struct bpf_link_info
{
    ebpf_id_t id;                          
    ebpf_id_t prog_id;                     
    enum bpf_link_type type;               
    enum bpf_attach_type attach_type;      
    ebpf_attach_type_t attach_type_uuid;   
    ebpf_program_type_t program_type_uuid; 
    union
    {
        struct
        {
            uint32_t ifindex;
        } xdp;
        struct
        {
            uint64_t cgroup_id;
        } cgroup;
        uint8_t attach_data;
    };
};
#ifdef _MSC_VER
#pragma warning(pop)
#endif
 
#define BPF_OBJ_NAME_LEN 64
 
struct bpf_map_info
{
    // Cross-platform fields.
    ebpf_id_t id;                
    ebpf_map_type_t type;        
    uint32_t key_size;           
    uint32_t value_size;         
    uint32_t max_entries;        
    char name[BPF_OBJ_NAME_LEN]; 
    uint32_t map_flags;          
 
    // Windows-specific fields.
    ebpf_id_t inner_map_id;     
    uint32_t pinned_path_count; 
};
 
#define BPF_ANY 0x0
#define BPF_NOEXIST 0x1
#define BPF_EXIST 0x2
 
struct bpf_prog_info
{
    // Cross-platform fields.
    ebpf_id_t id;                
    enum bpf_prog_type type;     
    uint32_t nr_map_ids;         
    uintptr_t map_ids;           
    char name[BPF_OBJ_NAME_LEN]; 
 
    // Windows-specific fields.
    ebpf_program_type_t type_uuid;       
    ebpf_attach_type_t attach_type_uuid; 
    uint32_t pinned_path_count;          
    uint32_t link_count;                 
};