ebpf-for-windows/ebpf__windows_8h_source.html

// Copyright (c) Microsoft Corporation

// SPDX-License-Identifier: MIT

#pragma once


#ifdef _MSC_VER

#include <guiddef.h>

#else

typedef uint8_t GUID[16];

#endif


// This file contains eBPF definitions needed by eBPF programs as well as

// the verifier and execution context.


#define EBPF_ROOT_REGISTRY_PATH L"\\Registry\\Machine\\Software\\eBPF"

#define EBPF_ROOT_RELATIVE_PATH L"Software\\eBPF"

#define EBPF_STORE_REGISTRY_PATH L"Software\\eBPF\\Providers"


#define EBPF_PROVIDERS_REGISTRY_PATH L"Providers"

#define EBPF_SECTIONS_REGISTRY_PATH L"SectionData"

#define EBPF_PROGRAM_DATA_REGISTRY_PATH L"ProgramData"

#define EBPF_PROGRAM_DATA_HELPERS_REGISTRY_PATH L"Helpers"

#define EBPF_GLOBAL_HELPERS_REGISTRY_PATH L"GlobalHelpers"


#define EBPF_SECTION_DATA_PROGRAM_TYPE L"ProgramType"

#define EBPF_SECTION_DATA_ATTACH_TYPE L"AttachType"


#define EBPF_PROGRAM_DATA_NAME L"Name"

#define EBPF_PROGRAM_DATA_CONTEXT_DESCRIPTOR L"ContextDescriptor"

#define EBPF_PROGRAM_DATA_PLATFORM_SPECIFIC_DATA L"PlatformSpecificData"

#define EBPF_PROGRAM_DATA_PRIVELEGED L"IsPrivileged"

#define EBPF_PROGRAM_DATA_HELPER_COUNT L"HelperCount"


#define EBPF_HELPER_DATA_PROTOTYPE L"Prototype"


#define EBPF_DATA_BPF_PROG_TYPE L"BpfProgType"

#define EBPF_DATA_BPF_ATTACH_TYPE L"BpfAttachType"


typedef GUID ebpf_program_type_t;

typedef GUID ebpf_attach_type_t;


typedef enum _ebpf_helper_function

{

    EBPF_LOOKUP_ELEMENT = 1,

    EBPF_UPDATE_ELEMENT = 2,

    EBPF_DELETE_ELEMENT = 3,

} ebpf_helper_function_t;