* Add support for BPF_MAP_TYPE_QUEUE
* Expose bpf_map_lookup_and_delete_elem helper and API
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_in_map() API
* bpf_create_map() now fails for outer maps. You must use
bpf_create_map_in_map() instead.
* Fix bug where EBPF_INVALID_FD was incorrectly converted to
EBPF_INVALID_ARGUMENT by ioctl handling code (part of issue #595)
One symptom of this bug was that errno was being set to EINVAL
in a number of cases which should have been EBADF.
* Fix bug where a HASH_OF_MAPS (unlike ARRAY_OF_MAPS) wasn't enforcing
that an inner map value had to match the inner map template.
Refactored the code in ebpf_maps.c so the checking is in done in one
place called by both maps, to ensure consistency.
* Fix bug in HASH_OF_MAPS where if an update failed, it would leave
the old entry but incorrectly drop the reference it held. It now
preserves the reference since the entry is unchanged.
* Added test case for ARRAY_OF_MAPS created via libbpf. Previously
only HASH_OF_MAPS creation was tested for that path.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug caught by kernel test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Libbpf doxygen fixes
* Add missing bpf_map__name
* Move bpf_object__unload to be in alphabetical order
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix netsh "show maps" output
* Display correct inner map ID
* Display Map ID
* Display count of # paths pinned
* Correct "set program" help text
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix rebase
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add libbpf bpf_create_map_xattr() API
Needed for bpftool and other apps
* Add bpf_create_map_xattr() which allows creating maps with extended
attributes such as name
* Remove unused ebpf_api_create_map()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add option to pin all programs added and show links and maps
* "add programs" now supports the equivalent of bpftool's "prog loadall"
in addition to just "prog load"
* add "show links" netsh command
* expose "show maps" netsh command. It was partially implemented but
never exposed before.
* remove ebpf_map_query_definition() and test as being redundant with
bpf_obj_get_info_by_fd() (and in the future, a strongly typed one that
is map specific but different from the query map definition prototype)
* Fix bug where getting the next ID failed to check for index beyond
array size. And add test cases for it.
* Fix bug in ebpf_state.c where after enough tests ran it would start
returning EBPF_NO_MEMORY because _ebpf_state_next_index was never
reset.
Addresses #549
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Improve netsh show programs functionality
* Rename ebpf_get_next_pinned_program_name to ebpf_get_next_pinned_program_path for clarity
* Show link count and pinned path count
* Support "level=verbose" format
* Support filtering by attached and/or pinned
Fixes#188
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add netsh capability to unpin programs
* The netsh "set program id=<id> pinned=" (with no value) will now unpin a
program from all paths
* The netsh "delete program <id>" will now unpin a program from all
paths before and releasing any reference held by netsh itself
* Make the "attached=<string>" argument to netsh set programs work
with a section name like string
* Add libbpf api bpf_obj_get()
* Add ebpf_get_next_pinned_program_name() API to enumerate pinned
programs
Fixes#190#373
This is required for #188 which will update the "show programs"
and also add an option to "add program" to pin all programs rather
than just the first one in a file, like bpftool has such an option.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update mock netsh behavior since PR 540 changed the underlying requirements
PreprocessCommand now correctly matches tags so you can specify a later
optional tag without having to specify earlier optional tags
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libpf's libbpf_prog_type_by_name() API
And add an ebpf_get_program_type_by_name() that returns the GUIDs
instead of ints.
This also removes the hard-coding of GUIDs or ints from the netsh
helper.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update netsh commands to use more standard libbpf apis
* Add support for libbpf bpf_obj_pin() API
* Add support for libbpf bpf_object__next() API
* Rename BPF_{PROG,ATTACH}_TYPE_UNKNOWN to ...UNSPEC for libbpf compat
* Remove now-unused handle APIs ebpf_api_load_program and
ebpf_api_pin_object, which is part of issue #383
* netsh set/delete program now uses the ID to identify the program,
like bpftool does, so that it can work even if the program wasn't
loaded from an ELF file
Fixes#191
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add support for libbpf bpf_obj_get_info_by_fd API
This is the last libbpf api needed to enable the bpftool
flow to detach an already loaded program.
The count of maps is changed from size_t to uint32_t for
consistency with libbpf and because it's not actually a size
in the sizeof() sense, it's a count in the countof() sense.
Also fix bug where map_name was never being set in the kernel
Fixes#372
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add doxygen documentation for libbpf apis
Eventually this should be upstreamed, but as a workaround the docs
are put into our repo in the meantime.
As discussed at
https://stackoverflow.com/questions/23798053/how-to-document-errno-value-with-doxygen
doxygen does not have a built-in way to document errno values set. It is
possible by creating doxygen custom commands, but for now we use
the "exception" section as recommended at the bottom of that page.
Fixes#490
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add object IDs
Add support for the following libbpf APIs:
* bpf_{link,map,prog}_get_fd_by_id
* bpf_{link,map,prog}_get_next_id
Addresses the main part of #396.
A subsequent PR will handle the rest of 396 which includes:
* remove "extra_value" complexity from maps
The changes in api_common.hpp and libbpf_internal.h are from PR 482 and so will go
away in a rebase once that PR is merged.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Libbpf has bpf_helpers.h which is mostly platform-agnostic, and
bpf_helper_defs.h which is platform-specific but is included
by bpf_helpers.h. Until libbpf is made more platform-agnostic
(issue #351), the workaround is to have a separate pair of files.
Our bpf_helpers.h and our own bpf_helper_defs.h, both of which
would ideally be merged into libbpf's in the future.
Platform-specific defines are in ebpf_struct.h, though that
name may need to change later on. Linux uses "linux/bpf.h"
(e.g., as used in the https://docs.cilium.io/en/v1.8/bpf/ and
https://developers.redhat.com/blog/2021/04/01/get-started-with-xdp
articles) or "vmlinux.h" (e.g., as used in the
https://ruderich.org/simon/notes/xdp-minimal-example article),
and these filenames are hard coded in eBPF programs. In the future,
we should probably settle on a cross-platform name and use include
paths to distinguish them, as opposed to requiring ifdefs in eBPF
programs. However, all of that is part of issue 351 and not this
issue.
Also removed obsolete/unused "repro.c" from tests/samples
Fixes#426
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add map-in-map type checking
This PR enforces that all inner maps must be of the same type
as the inner map template used for verification. Other fields
might need to match too, and if so those will be updated in
a subsequent PR once it is confirmed which fields must match.
A few pieces of this PR related to map_id are prerequisites
for issue #396 which will add IDs for programs, maps, and links.
Finally, there are multiple definitions of bpf_map, since the
version used to write eBPF programs is different from what is
stored in memory (which uses map IDs) so to avoid confusion in
code and allow the compiler to do type checking to catch some
bugs, this splits ebpf_map_definition_t into two, one for
in_memory and one for in_file (meaning in an eBPF program).
This will also allow the future PR for issue 396 to be more
understandable, but also aids clarity in some parts of this PR.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update Getting Started to recommend current release version of Clang/LLVM
Clang-format behaves differently depending on the version of Clang installed.
Update getting started guide to recommend Clang / LLVM 10.0.0.
Update the development guide to indicate that Clang 10 or higher is required for consistent formatting.
Reformat all code using Clang 10.0.0
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add tests for libbpf bpf_map_*_elem APIs
* Return correct error between EBPF_OBJECT_ALREADY_EXISTS (A program or
map is already pinned with the *same* path) vs
EBPF_ALREADY_PINNED (The program or map already pinned to a *different*
path).
* Update vs lookup elem were inconsistent in whether returning
EBPF_KEY_NOT_FOUND vs EBPF_INVALID_ARGUMENT when passing an array
index >= max_entries. Made them be consistent in using
EBPF_INVALID_ARGUMENT.
Fixes#376
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add map-in-map support
Replace UM ebpf_map_update/delete_element with libbpf-compliant
bpf_map_update/delete_elem
This adds the basic functionality needed for #375
Not in this PR, but in a subsequent PR:
* ensure that all inner maps match the one specified by inner_map_idx,
much like prog_types have to match in a prog_array.
* ensure that putting a prog_array in an array of maps adheres to the
prog_array contract that any associated progs have to match the
type of the calling program.
* read a map id not fd when UM reads the value (will be done together
with issue #396 since also affects prog_arrays)
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Since there is a name conflict between KM helpers and UM libbpf APIs,
the end-to-end tests need to _not_ include the KM helper prototypes,
so removed ebpf_helpers.h from ebpf.h and made samples include it
directly.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Prevent mismatched program types in PROG_ARRAY maps
* Each prog array map has a natural progtype, determined when
asociating it from a program, or when adding the first program
to it, if not associated with any program.
* Trying to add a program with mismatching type will fail
* Added libbpf bpf_create_map() API
* Fixed error returns from several libbpf APIs to be negative
* For efficiency, ebpf_program_get_properties now returns a
pointer rather than copying the data inside the execution
context, and is renamed to ebpf_program_get_parameters()
to match what its return type always was.
* Fixed a bug in map size calculation that resulted in a huge
amount of memory being allocated
* Updated return type of bpf_tail_call to the value meant
to signal stack unwind needed
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Test Extension Part 2
* rename test extension to sample extension and update Getting-started doc.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add prog array map type and bpf_tail_call()
This also fixes a bug where bpf_object__find_program_by_name
could only find the first program because program->object
was always null.
Also fixes tests to correctly use a signed int for what hooks return,
instead of an unsigned int.
Not done in this PR, but will be in a separate PR:
* make tail call replace stack frame instead of simply calling into the callee
* limit number of tail calls to 32
* require the same program type for caller and callee
* test with load byte array instead of from a file
Addresses part of #344
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add missing file
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Disable warning due to C enum types used in C++
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* add UNLINK operation
* Some fixes:
1. Added attach_lock to synchronize multiple detach calls on same link object.
2. ebpf_extension_unload() should be called from ebpf_link_detach_program()
3. Changed return type of ebpf_program_get_properties to void.
* Update libs/execution_context/ebpf_program.c
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Libbpf API compatibility
Libbpf is incorporated as a submodule just for the header file.
As discussed in issue #84, we cannot currently use the implementation
since it is very Linux and GCC specific.
This PR also fixes a bug where the user-mode API was calling
CloseHandle directly instead of Platform::CloseHandle which is needed
to make tests work with the mock platform.
Addresses #84
Some code will be cleaner once issue #81 is done
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Previously some places had "info" and some had "information".
Both appear in dictionaries, so guidance to avoid abbreviations does not apply.
Fixes#314
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
This PR is the second of three steps towards fully addressing #259
The doxygen \ref annotation tells doxygen to make the following word
be linked to the appropriate location in the generated docs.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Before this change, the API docs at
https://microsoft.github.io/ebpf-for-windows/ebpf__helpers_8h.html
just show the typedefs. This PR updates the documentation so that the
helpers are documented just like normal public APIs would be.
This is the first step towards addressing #259
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make all enum values have a description in the generated API docs
* Also remove SAL annotation from the generated docs, since SAL
breaks doxygen type detection
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Switch from _Pre_maybenull_ to _In_opt_
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011 in PreprocessCommand
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Remove duplicate types:
* ebpf_helper_return_type_t
* ebpf_helper_argument_type_t
* ebpf_context_descriptor_t
https://github.com/vbpf/ebpf-verifier/pull/238 already made the
necessary changes in the PREVAIL project, which got rid of the
issue with VOID and so the 'undef VOID' workarounds are removed
in the present PR.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* First pass of adding SAL annotations
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Finish annotating platform
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Cleanup annotation to get lock tracking work correctly
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback and fix static analysis issues
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix build break from merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Simplify names of some ebpf_result codes
* Remove _ERROR_ for consistency
* Combine EBPF_INVALID_HANDLE and EBPF_INVALID_OBJECT
* Rename EBPF_ERROR_NOT_FOUND to EBPF_KEY_NOT_FOUND for consistency with the associated description.
* Change code that returned EBPF_ERROR_NOT_FOUND for a case other than a
key, to use a different appropriate result, so the description stays correct.
Fixes#212
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Pinning a program requires a name to pin to
* The load program API doesn't correctly deal with an empty section name
(it does use the first section but then tells the execution context
that the section name is empty instead of the chosen one), so for now
require the section name in any "add program" command
* Allow netsh to hold references on multiple programs
* Fix handle leak in "show programs"
* Implement ability to pin a program, but unpinning requires
a way to look up what a program was pinned to, and no such
API exists currently.
* Implement filtering "show programs" output by filename and section
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
"git commit -am" only adds changes to existing files, not new files
and so was missing adding docs when new headers were added, resulting
in a failure.
Also some params were missing from doxygen which resulted in
a bunch of warnings.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
The IDL was generating MIDL2279 because it used const on an [out] param,
which is warned against since RPC marshaling copies the result into new
memory. See https://marc.info/?l=ms-dcom&m=103440617317922 for some
discussion.
Other changes should hopefully be obvious.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* First draft of code to serialize EBPF program info
* Add code to encode program information from extension
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add support for notifying on provider change
* Build trampoline functions for relocation of provider helper functions
Resolves: #135Resolves: #133
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Alan Jowett
Dave Thaler
Shankar Seal
saxena-anurag