ebpf-for-windows/tests/socket/socket_tests_common.h

// Copyright (c) Microsoft Corporation
// SPDX-License-Identifier: MIT

#pragma once

#include <stdbool.h>
#include <stdint.h>

#define SOCKET_TEST_PORT 8989
#define REDIRECT_CONTEXT_MESSAGE "RedirectContextTestMessage"

typedef struct _ip_address
{
    union
    {
        uint32_t ipv4;
        uint32_t ipv6[4];
    };
} ip_address_t;

typedef enum _connection_type
{
    INVALID,
    TCP,
    UNCONNECTED_UDP,
    CONNECTED_UDP
} connection_type_t;

typedef struct _connection_tuple
{
    ip_address_t local_ip;
    uint16_t local_port;
    ip_address_t remote_ip;
    uint16_t remote_port;
    uint32_t protocol;
    uint64_t interface_luid;
} connection_tuple_t;

typedef struct _audit_entry
{
    connection_tuple_t tuple;
    bool outbound : 1;
    bool connected : 1;
} audit_entry_t;

typedef struct _destination_entry_key
{
    ip_address_t destination_ip;
    uint16_t destination_port;
    uint32_t protocol;
} destination_entry_key_t;

typedef struct _destination_entry_value
{
    ip_address_t destination_ip;
    uint16_t destination_port;
    uint32_t connection_type;
} destination_entry_value_t;

typedef struct _sock_addr_audit_entry
{
    uint64_t logon_id;
    uint64_t process_id;
    int32_t is_admin;
    uint16_t local_port;
} sock_addr_audit_entry_t;
Sock addr hook callout test (#922) * remove dependabot from the fork. * Revert "remove dependabot from the fork." This reverts commit c542c6cd4411f1f59da9e299cd863fb16f0b1342. * Program info and hook NPI providers for sock_addr. * PR Feedback. * PR Feedback 2. * sock_addr hook tests. * PR feedback. * PR Feedback 2. * fix. 2022-04-12 21:37:44 +03:00			`// Copyright (c) Microsoft Corporation`
			`// SPDX-License-Identifier: MIT`

			`#pragma once`

WFP ALE Flow established callout, tests etc. (#978) * WFP ALE Flow established callout, tests etc. * PR Feedback. * bug fixes. * PR feedback 2. 2022-04-21 02:48:20 +03:00			`#include <stdbool.h>`
Sock addr hook callout test (#922) * remove dependabot from the fork. * Revert "remove dependabot from the fork." This reverts commit c542c6cd4411f1f59da9e299cd863fb16f0b1342. * Program info and hook NPI providers for sock_addr. * PR Feedback. * PR Feedback 2. * sock_addr hook tests. * PR feedback. * PR Feedback 2. * fix. 2022-04-12 21:37:44 +03:00			`#include <stdint.h>`

			`#define SOCKET_TEST_PORT 8989`
Add helper function to set redirect context (#2823) * add new helper function to set redirect context * WIP * update typo * build failure fix * update expected programs, update tcp_udp_listener to initialize to null terminated * update expected program with proper clang version * disable expected failing test * update comments with periods * address comment regarding potentially leaked memory * Add checks for invalid parameters * update comment * add tracing for errors * address CR 2023-09-12 01:40:33 +03:00			`#define REDIRECT_CONTEXT_MESSAGE "RedirectContextTestMessage"`
Sock addr hook callout test (#922) * remove dependabot from the fork. * Revert "remove dependabot from the fork." This reverts commit c542c6cd4411f1f59da9e299cd863fb16f0b1342. * Program info and hook NPI providers for sock_addr. * PR Feedback. * PR Feedback 2. * sock_addr hook tests. * PR feedback. * PR Feedback 2. * fix. 2022-04-12 21:37:44 +03:00
			`typedef struct _ip_address`
			`{`
			`union`
			`{`
			`uint32_t ipv4;`
			`uint32_t ipv6[4];`
			`};`
			`} ip_address_t;`

Add connected UDP tests to cgroup/sock_addr_connect (#3041) * add connected UDP Tests * ensure we do not issue two connect calls * minor updates * add debug traces * temporarily remove connected udp tests * add connected UDP tests for non-dual stack sockets * enable v4 tests only * only test redirect temporarily * temporarily remove TCP tests * fix connected udp issue by removing stale contexts * remove debug tracing, add if check for free * skip setting redirect context for connected udp * update ebpf program * update ebpf program for v6 * remove debug logs * fix compiler error with incorrect enum * update to use connection instead of protocol * update to use connection instead of protocol * update tests with CR feedback * update expected * update to using different key and value types to allow for proper usage of protocol vs connection type 2023-12-13 02:03:15 +03:00			`typedef enum _connection_type`
			`{`
			`INVALID,`
			`TCP,`
			`UNCONNECTED_UDP,`
			`CONNECTED_UDP`
			`} connection_type_t;`

Sock addr hook callout test (#922) * remove dependabot from the fork. * Revert "remove dependabot from the fork." This reverts commit c542c6cd4411f1f59da9e299cd863fb16f0b1342. * Program info and hook NPI providers for sock_addr. * PR Feedback. * PR Feedback 2. * sock_addr hook tests. * PR feedback. * PR Feedback 2. * fix. 2022-04-12 21:37:44 +03:00			`typedef struct _connection_tuple`
			`{`
fix sock_ops test. (#3083) * fix sock_ops test. * forgot to update event count 2023-11-28 19:08:56 +03:00			`ip_address_t local_ip;`
			`uint16_t local_port;`
			`ip_address_t remote_ip;`
			`uint16_t remote_port;`
Sock addr hook callout test (#922) * remove dependabot from the fork. * Revert "remove dependabot from the fork." This reverts commit c542c6cd4411f1f59da9e299cd863fb16f0b1342. * Program info and hook NPI providers for sock_addr. * PR Feedback. * PR Feedback 2. * sock_addr hook tests. * PR feedback. * PR Feedback 2. * fix. 2022-04-12 21:37:44 +03:00			`uint32_t protocol;`
Expose interface luid and compartment id to sock_ops and sock_addr hooks (#1222) * Add interface luid to bpf_sock_addr and bpf_sock_ops And also add compartment id to bpf_sock_ops for consistency with bpf_sock_addr, so that it is available to eBPF programs. Signed-off-by: Dave Thaler <dthaler@microsoft.com> * Expose interface luid and compartment id to sock_ops and sock_addr hooks * compartment_id was exposed to sock_addr but not sock_ops * interface_luid was not exposed to either Exposing the interface_luid should be a performant way to compensate for lack of scope_id in the hooks, since the interface luid is available in the WFP callout, and is more specific than a scope id (so a scope id can always be looked up from the interface luid in the future if needed). Fixes #1129 Signed-off-by: Dave Thaler <dthaler@microsoft.com> * Update expected bpf2c output Signed-off-by: Dave Thaler <dthaler@microsoft.com> 2022-06-17 19:31:48 +03:00			`uint64_t interface_luid;`
Sock addr hook callout test (#922) * remove dependabot from the fork. * Revert "remove dependabot from the fork." This reverts commit c542c6cd4411f1f59da9e299cd863fb16f0b1342. * Program info and hook NPI providers for sock_addr. * PR Feedback. * PR Feedback 2. * sock_addr hook tests. * PR feedback. * PR Feedback 2. * fix. 2022-04-12 21:37:44 +03:00			`} connection_tuple_t;`
WFP ALE Flow established callout, tests etc. (#978) * WFP ALE Flow established callout, tests etc. * PR Feedback. * bug fixes. * PR feedback 2. 2022-04-21 02:48:20 +03:00
			`typedef struct _audit_entry`
			`{`
			`connection_tuple_t tuple;`
			`bool outbound : 1;`
			`bool connected : 1;`
			`} audit_entry_t;`
Connect redirect implementation (#1651) * draft fix * fix * demo * fix initial ref counts * fix * cleanup * backup * checkpoint * backup * tests working * fix analyze errors * fix netebpfext build / bad merge * sln file update * v6 tests * fix netebpfext user build * refactor connect_redirect tests * netebpfext changes * fix tests * fix netebpfext user tests * fix sal * add sublayer, remove filter_instance * fix * fix * driver_tests * fix bad merge * fix scripts * fix driver tests script * driver tests script * script fix * add trace to debug failure * fix driver test script * create context only on allow, and create 2 contexts * fix script * netsh fix * fix scripts * add tests for pure v4 and v6 sockets * fix test * v6 test vm addresses * remove commented code * code cleanup * cleanup * remove bad_map_name files * cleanup * fix tests print statements * Apply suggestions from code review Co-authored-by: Dave Thaler <dthaler@microsoft.com> * CR comments, fixes * update connection context key, address CR comments * fix build break, cr comments * cr comments * cr comments * rename * fix test script * CR comments * cleanup * Apply suggestions from code review Co-authored-by: Dave Thaler <dthaler@microsoft.com> * fix * cr comments Co-authored-by: Dave Thaler <dthaler@microsoft.com> 2022-11-29 23:49:42 +03:00
Add connected UDP tests to cgroup/sock_addr_connect (#3041) * add connected UDP Tests * ensure we do not issue two connect calls * minor updates * add debug traces * temporarily remove connected udp tests * add connected UDP tests for non-dual stack sockets * enable v4 tests only * only test redirect temporarily * temporarily remove TCP tests * fix connected udp issue by removing stale contexts * remove debug tracing, add if check for free * skip setting redirect context for connected udp * update ebpf program * update ebpf program for v6 * remove debug logs * fix compiler error with incorrect enum * update to use connection instead of protocol * update to use connection instead of protocol * update tests with CR feedback * update expected * update to using different key and value types to allow for proper usage of protocol vs connection type 2023-12-13 02:03:15 +03:00			`typedef struct _destination_entry_key`
Connect redirect implementation (#1651) * draft fix * fix * demo * fix initial ref counts * fix * cleanup * backup * checkpoint * backup * tests working * fix analyze errors * fix netebpfext build / bad merge * sln file update * v6 tests * fix netebpfext user build * refactor connect_redirect tests * netebpfext changes * fix tests * fix netebpfext user tests * fix sal * add sublayer, remove filter_instance * fix * fix * driver_tests * fix bad merge * fix scripts * fix driver tests script * driver tests script * script fix * add trace to debug failure * fix driver test script * create context only on allow, and create 2 contexts * fix script * netsh fix * fix scripts * add tests for pure v4 and v6 sockets * fix test * v6 test vm addresses * remove commented code * code cleanup * cleanup * remove bad_map_name files * cleanup * fix tests print statements * Apply suggestions from code review Co-authored-by: Dave Thaler <dthaler@microsoft.com> * CR comments, fixes * update connection context key, address CR comments * fix build break, cr comments * cr comments * cr comments * rename * fix test script * CR comments * cleanup * Apply suggestions from code review Co-authored-by: Dave Thaler <dthaler@microsoft.com> * fix * cr comments Co-authored-by: Dave Thaler <dthaler@microsoft.com> 2022-11-29 23:49:42 +03:00			`{`
			`ip_address_t destination_ip;`
			`uint16_t destination_port;`
			`uint32_t protocol;`
Add connected UDP tests to cgroup/sock_addr_connect (#3041) * add connected UDP Tests * ensure we do not issue two connect calls * minor updates * add debug traces * temporarily remove connected udp tests * add connected UDP tests for non-dual stack sockets * enable v4 tests only * only test redirect temporarily * temporarily remove TCP tests * fix connected udp issue by removing stale contexts * remove debug tracing, add if check for free * skip setting redirect context for connected udp * update ebpf program * update ebpf program for v6 * remove debug logs * fix compiler error with incorrect enum * update to use connection instead of protocol * update to use connection instead of protocol * update tests with CR feedback * update expected * update to using different key and value types to allow for proper usage of protocol vs connection type 2023-12-13 02:03:15 +03:00			`} destination_entry_key_t;`

			`typedef struct _destination_entry_value`
			`{`
			`ip_address_t destination_ip;`
			`uint16_t destination_port;`
			`uint32_t connection_type;`
			`} destination_entry_value_t;`
Implement sock_addr specific global helper functions (#1847) * fix * add native test * cleanup * CR comments * update expected files * fix * cr comments * add 2 helper * fix proj * add admin helper * fix expected files * test fix * fix log * fix * fix * fix * fix test * implement global helper, add tests * fix cmake build * fix analysis failure, update expected files * update expected fileS * reuse bpf_get_current_pid_tgid * fix tests * fix helper * fix tests * update expected files * backup * formatting * fix bad merge * cleanup * cleanup * update issue number * add header file * add standard user test * update helper definition * fix * code cleanup * code cleanup * fix kernel test * add check for API calls * fix test, PR comments * pr comments * add debug logs * add debug logs, fix netebpfext test * fix netebpfext test * comment out log * add traces to debug * CR comments * fix netebpfext_unit sock_addr test * cr comments 2023-01-31 02:44:30 +03:00
			`typedef struct _sock_addr_audit_entry`
			`{`
			`uint64_t logon_id;`
			`uint64_t process_id;`
			`int32_t is_admin;`
connect_redirect tests: Add check that source port is not 0 (#2289) * fix * update expected files 2023-04-10 23:47:41 +03:00			`uint16_t local_port;`
Implement sock_addr specific global helper functions (#1847) * fix * add native test * cleanup * CR comments * update expected files * fix * cr comments * add 2 helper * fix proj * add admin helper * fix expected files * test fix * fix log * fix * fix * fix * fix test * implement global helper, add tests * fix cmake build * fix analysis failure, update expected files * update expected fileS * reuse bpf_get_current_pid_tgid * fix tests * fix helper * fix tests * update expected files * backup * formatting * fix bad merge * cleanup * cleanup * update issue number * add header file * add standard user test * update helper definition * fix * code cleanup * code cleanup * fix kernel test * add check for API calls * fix test, PR comments * pr comments * add debug logs * add debug logs, fix netebpfext test * fix netebpfext test * comment out log * add traces to debug * CR comments * fix netebpfext_unit sock_addr test * cr comments 2023-01-31 02:44:30 +03:00			`} sock_addr_audit_entry_t;`