#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
Go to the source code of this file.
|
| struct | _ebpf_extension_header |
| | Header of an eBPF extension data structure. Every eBPF extension data structure must start with this header. New fields can be added to the end of an eBPF extension data structure without breaking backward compatibility. The version field must be updated only if the new data structure is not backward compatible. More...
|
| |
|
| #define | EBPF_OFFSET_OF(s, m) (((size_t) & ((s*)0)->m)) |
| |
| #define | EBPF_FIELD_SIZE(s, m) (sizeof(((s*)0)->m)) |
| |
| #define | EBPF_SIZE_INCLUDING_FIELD(s, m) (EBPF_OFFSET_OF(s, m) + EBPF_FIELD_SIZE(s, m)) |
| |
| #define | EBPF_ROOT_REGISTRY_PATH L"\\Registry\\Machine\\Software\\eBPF" |
| |
| #define | EBPF_ROOT_RELATIVE_PATH L"Software\\eBPF" |
| |
| #define | EBPF_STORE_REGISTRY_PATH L"Software\\eBPF\\Providers" |
| |
| #define | EBPF_PROVIDERS_REGISTRY_KEY L"Providers" |
| |
| #define | EBPF_SECTIONS_REGISTRY_KEY L"SectionData" |
| |
| #define | EBPF_PROGRAM_DATA_REGISTRY_KEY L"ProgramData" |
| |
| #define | EBPF_PROGRAM_TYPE_DESCRIPTOR_REGISTRY_KEY L"TypeDescriptor" |
| |
| #define | EBPF_PROGRAM_DATA_HELPERS_REGISTRY_KEY L"Helpers" |
| |
| #define | EBPF_GLOBAL_HELPERS_REGISTRY_KEY L"GlobalHelpers" |
| |
| #define | EBPF_EXTENSION_HEADER_VERSION L"Version" |
| |
| #define | EBPF_EXTENSION_HEADER_SIZE L"Size" |
| |
| #define | EBPF_SECTION_DATA_PROGRAM_TYPE L"ProgramType" |
| |
| #define | EBPF_SECTION_DATA_ATTACH_TYPE L"AttachType" |
| |
| #define | EBPF_PROGRAM_DATA_NAME L"Name" |
| |
| #define | EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR L"ContextDescriptor" |
| |
| #define | EBPF_PROGRAM_DATA_PLATFORM_SPECIFIC_DATA L"PlatformSpecificData" |
| |
| #define | EBPF_PROGRAM_DATA_PRIVILEGED L"IsPrivileged" |
| |
| #define | EBPF_PROGRAM_DATA_HELPER_COUNT L"HelperCount" |
| |
| #define | EBPF_HELPER_DATA_PROTOTYPE L"Prototype" |
| |
| #define | EBPF_HELPER_DATA_REALLOCATE_PACKET L"ReallocatePacket" |
| |
| #define | EBPF_DATA_BPF_PROG_TYPE L"BpfProgType" |
| |
| #define | EBPF_DATA_BPF_ATTACH_TYPE L"BpfAttachType" |
| |
| #define | EBPF_MAX_GENERAL_HELPER_FUNCTION 0xFFFF |
| |
| #define | EBPF_ATTACH_CLIENT_DATA_CURRENT_VERSION 1 |
| |
| #define | EBPF_PROGRAM_INFORMATION_CLIENT_DATA_CURRENT_VERSION 1 |
| |
| #define | EBPF_ATTACH_PROVIDER_DATA_CURRENT_VERSION 1 |
| |
| #define | EBPF_ATTACH_PROVIDER_DATA_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(ebpf_attach_provider_data_t, link_type) |
| |
| #define | EBPF_PROGRAM_TYPE_DESCRIPTOR_CURRENT_VERSION 1 |
| |
| #define | EBPF_PROGRAM_TYPE_DESCRIPTOR_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(ebpf_program_type_descriptor_t, is_privileged) |
| |
| #define | EBPF_HELPER_FUNCTION_PROTOTYPE_CURRENT_VERSION 1 |
| |
| #define | EBPF_HELPER_FUNCTION_PROTOTYPE_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(ebpf_helper_function_prototype_t, flags) |
| |
| #define | EBPF_PROGRAM_INFORMATION_CURRENT_VERSION 1 |
| |
| #define | EBPF_PROGRAM_INFORMATION_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(ebpf_program_info_t, global_helper_prototype) |
| |
| #define | EBPF_HELPER_FUNCTION_ADDRESSES_CURRENT_VERSION 1 |
| |
| #define | EBPF_HELPER_FUNCTION_ADDRESSES_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(ebpf_helper_function_addresses_t, helper_function_address) |
| |
| #define | EBPF_PROGRAM_DATA_CURRENT_VERSION 1 |
| |
| #define | EBPF_PROGRAM_DATA_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(ebpf_program_data_t, required_irql) |
| |
| #define | EBPF_PROGRAM_SECTION_INFORMATION_CURRENT_VERSION 1 |
| |
| #define | EBPF_PROGRAM_SECTION_INFORMATION_CURRENT_VERSION_SIZE EBPF_SIZE_INCLUDING_FIELD(ebpf_program_section_info_t, bpf_attach_type) |
| |
◆ EBPF_ATTACH_CLIENT_DATA_CURRENT_VERSION
| #define EBPF_ATTACH_CLIENT_DATA_CURRENT_VERSION 1 |
◆ EBPF_ATTACH_PROVIDER_DATA_CURRENT_VERSION
| #define EBPF_ATTACH_PROVIDER_DATA_CURRENT_VERSION 1 |
◆ EBPF_ATTACH_PROVIDER_DATA_CURRENT_VERSION_SIZE
◆ EBPF_DATA_BPF_ATTACH_TYPE
| #define EBPF_DATA_BPF_ATTACH_TYPE L"BpfAttachType" |
◆ EBPF_DATA_BPF_PROG_TYPE
| #define EBPF_DATA_BPF_PROG_TYPE L"BpfProgType" |
◆ EBPF_EXTENSION_HEADER_SIZE
| #define EBPF_EXTENSION_HEADER_SIZE L"Size" |
◆ EBPF_EXTENSION_HEADER_VERSION
| #define EBPF_EXTENSION_HEADER_VERSION L"Version" |
◆ EBPF_FIELD_SIZE
| #define EBPF_FIELD_SIZE |
( |
|
s, |
|
|
|
m |
|
) |
| (sizeof(((s*)0)->m)) |
◆ EBPF_GLOBAL_HELPERS_REGISTRY_KEY
| #define EBPF_GLOBAL_HELPERS_REGISTRY_KEY L"GlobalHelpers" |
◆ EBPF_HELPER_DATA_PROTOTYPE
| #define EBPF_HELPER_DATA_PROTOTYPE L"Prototype" |
◆ EBPF_HELPER_DATA_REALLOCATE_PACKET
| #define EBPF_HELPER_DATA_REALLOCATE_PACKET L"ReallocatePacket" |
◆ EBPF_HELPER_FUNCTION_ADDRESSES_CURRENT_VERSION
| #define EBPF_HELPER_FUNCTION_ADDRESSES_CURRENT_VERSION 1 |
◆ EBPF_HELPER_FUNCTION_ADDRESSES_CURRENT_VERSION_SIZE
◆ EBPF_HELPER_FUNCTION_PROTOTYPE_CURRENT_VERSION
| #define EBPF_HELPER_FUNCTION_PROTOTYPE_CURRENT_VERSION 1 |
◆ EBPF_HELPER_FUNCTION_PROTOTYPE_CURRENT_VERSION_SIZE
◆ EBPF_MAX_GENERAL_HELPER_FUNCTION
| #define EBPF_MAX_GENERAL_HELPER_FUNCTION 0xFFFF |
◆ EBPF_OFFSET_OF
| #define EBPF_OFFSET_OF |
( |
|
s, |
|
|
|
m |
|
) |
| (((size_t) & ((s*)0)->m)) |
◆ EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR
| #define EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR L"ContextDescriptor" |
◆ EBPF_PROGRAM_DATA_CURRENT_VERSION
| #define EBPF_PROGRAM_DATA_CURRENT_VERSION 1 |
◆ EBPF_PROGRAM_DATA_CURRENT_VERSION_SIZE
◆ EBPF_PROGRAM_DATA_HELPER_COUNT
| #define EBPF_PROGRAM_DATA_HELPER_COUNT L"HelperCount" |
◆ EBPF_PROGRAM_DATA_HELPERS_REGISTRY_KEY
| #define EBPF_PROGRAM_DATA_HELPERS_REGISTRY_KEY L"Helpers" |
◆ EBPF_PROGRAM_DATA_NAME
| #define EBPF_PROGRAM_DATA_NAME L"Name" |
◆ EBPF_PROGRAM_DATA_PLATFORM_SPECIFIC_DATA
| #define EBPF_PROGRAM_DATA_PLATFORM_SPECIFIC_DATA L"PlatformSpecificData" |
◆ EBPF_PROGRAM_DATA_PRIVILEGED
| #define EBPF_PROGRAM_DATA_PRIVILEGED L"IsPrivileged" |
◆ EBPF_PROGRAM_DATA_REGISTRY_KEY
| #define EBPF_PROGRAM_DATA_REGISTRY_KEY L"ProgramData" |
◆ EBPF_PROGRAM_INFORMATION_CLIENT_DATA_CURRENT_VERSION
| #define EBPF_PROGRAM_INFORMATION_CLIENT_DATA_CURRENT_VERSION 1 |
◆ EBPF_PROGRAM_INFORMATION_CURRENT_VERSION
| #define EBPF_PROGRAM_INFORMATION_CURRENT_VERSION 1 |
◆ EBPF_PROGRAM_INFORMATION_CURRENT_VERSION_SIZE
◆ EBPF_PROGRAM_SECTION_INFORMATION_CURRENT_VERSION
| #define EBPF_PROGRAM_SECTION_INFORMATION_CURRENT_VERSION 1 |
◆ EBPF_PROGRAM_SECTION_INFORMATION_CURRENT_VERSION_SIZE
◆ EBPF_PROGRAM_TYPE_DESCRIPTOR_CURRENT_VERSION
| #define EBPF_PROGRAM_TYPE_DESCRIPTOR_CURRENT_VERSION 1 |
◆ EBPF_PROGRAM_TYPE_DESCRIPTOR_CURRENT_VERSION_SIZE
◆ EBPF_PROGRAM_TYPE_DESCRIPTOR_REGISTRY_KEY
| #define EBPF_PROGRAM_TYPE_DESCRIPTOR_REGISTRY_KEY L"TypeDescriptor" |
◆ EBPF_PROVIDERS_REGISTRY_KEY
| #define EBPF_PROVIDERS_REGISTRY_KEY L"Providers" |
◆ EBPF_ROOT_REGISTRY_PATH
| #define EBPF_ROOT_REGISTRY_PATH L"\\Registry\\Machine\\Software\\eBPF" |
◆ EBPF_ROOT_RELATIVE_PATH
| #define EBPF_ROOT_RELATIVE_PATH L"Software\\eBPF" |
◆ EBPF_SECTION_DATA_ATTACH_TYPE
| #define EBPF_SECTION_DATA_ATTACH_TYPE L"AttachType" |
◆ EBPF_SECTION_DATA_PROGRAM_TYPE
| #define EBPF_SECTION_DATA_PROGRAM_TYPE L"ProgramType" |
◆ EBPF_SECTIONS_REGISTRY_KEY
| #define EBPF_SECTIONS_REGISTRY_KEY L"SectionData" |
◆ EBPF_SIZE_INCLUDING_FIELD
◆ EBPF_STORE_REGISTRY_PATH
| #define EBPF_STORE_REGISTRY_PATH L"Software\\eBPF\\Providers" |
◆ ebpf_attach_type_t
◆ ebpf_extension_header_t
Header of an eBPF extension data structure. Every eBPF extension data structure must start with this header. New fields can be added to the end of an eBPF extension data structure without breaking backward compatibility. The version field must be updated only if the new data structure is not backward compatible.
◆ ebpf_helper_function_t
◆ ebpf_program_type_t
◆ GUID
◆ _ebpf_helper_function
| Enumerator |
|---|
| EBPF_LOOKUP_ELEMENT | Look up a map element.
|
| EBPF_UPDATE_ELEMENT | Update map element.
|
| EBPF_DELETE_ELEMENT | Delete a map element.
|
