f896c5244e
Add BPF_PROG_TYPE_CGROUP_SOCK_ADDR support ( #858 )
...
* Add BPF_PROG_TYPE_CGROUP_SOCK_ADDR program type and CGROUP_INET4/6_CONNECT/RECV_ACCEPT attach types.
* PR Feedback #1 .
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2022-03-31 19:49:13 -07:00
ecea57b4d8
Change extensions npiid ( #841 )
...
* remove dependabot from the fork.
* change extension provider NPI IDs.
* PR feedback.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2022-03-28 11:26:19 -07:00
5e468b8857
Switch to current catch2 release ( #809 )
...
* Switch to current catch2 release
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
2022-03-18 17:39:21 -06:00
fc2f504a40
Collect and upload kernel crash dumps. ( #808 )
2022-03-15 22:52:31 -07:00
a8e3a30767
Support attaching XDP program per NIC. ( #803 )
...
* Support attaching XDP program per NIC.
* PR Feedback.
* fix bug.
* PR Feedback.
2022-03-14 15:16:11 -07:00
d8d66bd9e3
Update README.md ( #806 )
...
* Update README.md
* Add files via upload
* Update README.md
* Add files via upload
Added svg file to docs.
* Update README.md
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2022-03-14 11:21:44 -07:00
047222ccb7
Add real-time tracing documentation ( #800 )
...
* Add real-time tracing documentation
Fixes #795
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix grammar nit
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2022-03-11 15:46:15 -07:00
0d8ad76c36
Add option to specify generator for cmake command ( #798 )
...
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
2022-03-10 15:39:38 -07:00
cc51efe6d9
Update tutorials to match latest verifier output ( #782 )
...
Fixes #630
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2022-02-28 10:40:20 -08:00
40915b0d15
Netebpfext refactor ( #776 )
...
* fix crash.
* use NMR APIs.
* program info provider; bind program info
rename attach provider as hook provider
function renaming
* refactor hook providers.
* async client detach.
* cicd automation and documentation.
* PR Feedback.
* switch to server 2019.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
2022-02-25 17:53:12 -08:00
9bf579de43
Document Native Code Generations ( #763 )
...
* Document Native Code Generations
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2022-02-23 08:58:29 -07:00
d98a296d42
Add option EBPF_JIT_ALWAYS_ON to permit building EC with no interpreter ( #742 )
...
* Add option EBPF_JIT_ALWAYS_ON to permit building EC with no interpreter
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add documentation on using compile time options
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Set EBPF_JIT_ALWAYS_ON for release builds
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Tests should expect interpret to fail if EBPF_JIT_ALWAYS_ON is defined
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Rename EBPF_JIT_ALWAYS_ON to CONFIG_BPF_JIT_ALWAYS_ON
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Tests should expect interpret to fail if EBPF_JIT_ALWAYS_ON is defined
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Update docs/GettingStarted.md
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Load returns EBPF_PROGRAM_LOAD_FAILED
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Split up load into individual test cases
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Program load fails with EBPF_PROGRAM_LOAD_FAILED
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Skip tests that depend on interpret mode when it's disabled
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2022-02-04 10:41:52 -07:00
6ab5030e54
Fix broken link to InstallEbpf.md ( #743 )
...
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2022-02-02 10:04:31 -07:00
cf0e761216
run_tests workflow. ( #729 )
2022-01-24 17:18:25 -08:00
8a5e2f8db2
Update docs ( #724 )
...
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2022-01-24 08:51:23 -08:00
eae18558cc
minor updates to arch diagram ( #713 )
...
* minor updates to arch diagram
* update the png file based on the visio
* update extension description
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2022-01-11 09:03:54 -08:00
c4ced0928d
Align formatting ( #705 )
...
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
2022-01-04 11:03:37 -08:00
90e9672735
More improvements on GettingStarted.md ( #695 )
...
* More improvements on GettingStarted.md
* Update docs/GettingStarted.md
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Update docs/GettingStarted.md
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2021-12-14 16:15:10 -08:00
562e51c057
updated version of Spectre-mitigated libs for docs ( #690 )
...
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2021-12-13 12:01:02 -07:00
e9f454c4e1
Add tutorial for debugging verification issues ( #676 )
...
* Add tutorial for debugging verification issues
Fixes #656
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR comment
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2021-12-06 08:54:47 -08:00
b771bac9bd
Update docs ( #665 )
...
* Update docs
Fixes #651
Fixes #655
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix xdp_hook_t documentation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address CR comment
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
2021-11-19 17:10:49 -08:00
260a8d77dc
Instrument eBPF for Windows platform layer ( #647 )
...
* Instrument eBPF Core with tracing
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
2021-11-03 09:33:40 -06:00
d6fca3107b
doc changes ( #643 )
...
* doc changes
* PR Feedback.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2021-10-27 08:19:26 -07:00
c0339539fb
selfhost runner ( #622 )
...
* selfhost runner
* Apply suggestions from code review
* Remove Release from WF
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2021-10-06 23:40:17 -07:00
c87bdf7a5c
Add documentation on how to debug the kernel of a VM ( #614 )
...
* Add documentation on how to debug the kernel of a VM.
* Add network debugging as an alternative link
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2021-10-01 18:52:34 -07:00
65783fb64d
Getting started should nuget restore ( #602 )
...
The getting started guide doesn't say to run nuget restore. Without that step the build fails.
2021-09-28 12:46:35 -07:00
f8ee22f4f4
add port_quota demo tool to the getting started document ( #587 )
...
* add port_quota demo tool to the getting started document
Co-authored-by: Poorna Gaddehosur <poornag@ntdev.microsoft.com>
2021-09-28 10:28:58 -07:00
6a1c193b5b
Add kernel test as part of PR checks ( #593 )
...
* Build on self-hosted runner so can report kernel test status check
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2021-09-23 14:59:09 -07:00
91400e41a2
Clang treat warning as error ( #578 )
...
* bpf_xdp_adjust_head Part 2
* Fix csum_diff algorithm to use 1's complement arithmetic.
* treat warning as error
2021-09-21 12:03:06 -07:00
9102f1e8c4
Remove reference to MSVC Runtime from docs as it is no longer needed ( #529 )
...
* Remove reference to MSVC Runtime from docs as it is no longer needed
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2021-09-14 18:45:33 -06:00
12bb2e7195
Update netsh commands to use more standard libbpf apis ( #527 )
...
* Update netsh commands to use more standard libbpf apis
* Add support for libbpf bpf_obj_pin() API
* Add support for libbpf bpf_object__next() API
* Rename BPF_{PROG,ATTACH}_TYPE_UNKNOWN to ...UNSPEC for libbpf compat
* Remove now-unused handle APIs ebpf_api_load_program and
ebpf_api_pin_object, which is part of issue #383
* netsh set/delete program now uses the ID to identify the program,
like bpftool does, so that it can work even if the program wasn't
loaded from an ELF file
Fixes #191
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2021-09-14 10:59:57 -07:00
f5ba5c5d7c
Use CRT library to map handles to fds ( #513 )
...
* Use CRT library to map handles to fds
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
2021-09-14 09:25:56 -06:00
acb6859758
Support for xdp_tx. ( #498 )
...
* xdp_tx
* Fix analysis error.
* update documentation.
* IPv6 tests.
* Apply suggestions from code review
2021-09-09 22:34:03 -07:00
4083f4eeb2
Add driver.yml - the workflow to install eBPF core on a self-host machine. ( #504 )
...
* Add driver.yml - the workflow to install eBPF core on a self-host machine and run tests.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
2021-09-09 18:01:52 -06:00
86d01a743b
fix typo ( #435 )
...
* fix typo
2021-08-25 14:09:08 -07:00
adfac5ee7d
eBPF extension readme ( #430 )
...
* eBPF extension readme
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback.
* PR Feedback.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
2021-08-25 12:50:05 -06:00
4be43a7ea1
Include required Clang version ( #431 )
...
* Update Getting Started to recommend current release version of Clang/LLVM
Clang-format behaves differently depending on the version of Clang installed.
Update getting started guide to recommend Clang / LLVM 10.0.0.
Update the development guide to indicate that Clang 10 or higher is required for consistent formatting.
Reformat all code using Clang 10.0.0
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
2021-08-25 09:01:16 -06:00
c99a43e5e9
Revert "Remove dead code ( #381 )" ( #401 )
...
This reverts commit 7d779cf117
2021-08-20 12:07:57 -07:00
7d779cf117
Remove dead code ( #381 )
...
* Remove dead code
* Address PR feedback
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
2021-08-13 14:56:36 -06:00
be67121fda
Test Extension Part 2 ( #361 )
...
* Test Extension Part 2
* rename test extension to sample extension and update Getting-started doc.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2021-08-07 14:19:00 -07:00
2fe891abf7
Add FS filter hook proposal AV signature based malware detection scenario ( #355 )
...
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
2021-08-03 10:03:40 -07:00
5510fd0571
Remove mention of PPL since there may be better candidates ( #286 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-06-21 13:14:49 -07:00
a46b00c2e3
Add VM setup scripts and docs ( #281 )
...
* Create an install script rather than having to manually do lots
of steps
* Make Debug build use vcruntime as static libs to avoid adding
another prerequisite on a machine before installing eBPF. This
isn't required for Release builds as vcruntime release DLLs
are part of Windows, unlike vcruntime debug DLLs
Fixes #248
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-06-15 08:44:43 -07:00
6fde4777e5
Change ebpfsvc to LocalService ( #272 )
...
* ebpfsvc should be localservice
* cr comments, change sidtype to restricted
* pr comments
2021-06-14 15:38:42 -07:00
50aac54be4
update doc for ebpf_client.exe ( #250 )
...
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
2021-06-07 16:26:44 -06:00
cf2ef87325
Move program load to ebpfsvc ( #245 )
...
* remove duplicate windows_helpers.cpp, refactor
* remove commented code
* move program load to service
* cleanup commented code
* remove commented code
* cr comments
* make device handle init optional
* cr comments
* change return type of some functions
* fix
* cr comments
* cr comments, cover more error conditions in windows_error_to_ebpf_result
* cr comments
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
2021-06-07 15:22:04 -06:00
c059112b78
Add advice to DevelopmentGuide about not using magic numbers ( #244 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-06-02 13:50:20 -07:00
85277df9d6
Add guidance to make sure all code is actually built ( #221 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-05-25 11:29:24 -06:00
2a928a6c71
Document testing in Ebpf-For-Windows ( #216 )
...
* Add LLVM for code generation proposal
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert "Add LLVM for code generation proposal"
This reverts commit cd896afd94
2021-05-21 13:55:48 -06:00
d9ee25f035
Add info on slack channel and zoom meeting ( #209 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
2021-05-21 11:32:50 -07:00
34de16f43b
Add guidance about order of header includes ( #207 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-05-19 14:52:38 -06:00
a33045073c
Improve clarify of eBPF extensions doc ( #199 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-05-18 12:53:56 -07:00
1e8ed8af2c
Improve clarity of filesystem proposal doc ( #200 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-05-18 12:37:16 -07:00
704e70c6a6
Add proposal for FS filter hook ( #196 )
...
* Add proposal for FS filter hook
* Document ebpf ext model
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
2021-05-13 13:36:24 -06:00
656e7becc1
Add doxygen automation ( #180 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-05-12 08:23:02 -06:00
fba10c87b3
Update verifier to get latest disassembly format ( #164 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-05-11 09:25:47 -07:00
728699217f
Fix link to "eBPF assembly with LLVM" post in tutorial ( #167 )
...
The current link points to the binary for LLVM-7, instead of the blog
post mentioned. Let's fix the URL.
2021-05-11 07:30:42 -07:00
67e1e85633
Minor tweaks to diagram ( #126 )
...
Straighten arrow
Make PPL service box wider
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-05-04 15:20:29 -07:00
932b16cff3
Split out NetEbpfExt from eBPF execution context ( #123 )
...
Split EbpfCore.sys into EbpfCore.sys and NetEbpfExt.sys
Resolves : #122
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
2021-05-04 15:31:12 -06:00
5e685b9911
More improvements to README file ( #120 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-05-03 12:28:30 -07:00
39c1819f18
Update verifier to include changes to check ctx mismatches ( #106 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-28 17:49:18 -07:00
e88aedf4dc
Fix nits in architecture diagram ( #101 )
...
Fixes #99
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-27 18:56:50 -07:00
08c116b8d6
More cleanup ( #91 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-26 11:43:13 -07:00
26429bc8b8
Update to latest verifier code ( #69 )
...
Also update boost to 1.75 to match what verifier uses
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-23 14:59:02 -07:00
44e748fcd8
Add doxygen style comments to all common ebpf headers ( #58 )
...
Update shared headers with Doxygen comments.
Resolves : #57
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2021-04-23 10:48:13 -06:00
a289a253bc
Document how to run kernel driver on Windows. ( #47 )
...
* Document how to run kernel driver on Windows.
Resolves: 28
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
2021-04-19 18:47:33 -06:00
8928f5eb90
Add architectural overview to README ( #41 )
...
And move instructions to a GettingStarted page.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-17 13:37:48 -07:00
31b77e578c
Add option to show verbose verifier output ( #38 )
...
Fixes #20
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-17 13:09:43 -07:00
c8a612ae19
Remove obsolete .sln files ( #39 )
...
And rename ebpf-demo.sln to ebpf-for-windows.sln
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-16 18:14:30 -07:00
d773102b04
Make "show disassembly" work again when ebpfcore is not running ( #37 )
...
Fixes #35
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-16 17:34:57 -07:00
0f9c96e17f
Fix instruction count computation ( #26 )
...
The instruction count is shown twice, with both numbers incorrect.
This PR fixes the first one.
The second one comes from the stats section which is off by one since it
counts "entry:", which is also why the Prevail "check" tool skips
printing it. I'm following up separately to see if that one can just be removed.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-16 08:58:37 -07:00
648b0fe963
Convert tutorial to use netsh commands ( #16 )
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-15 18:36:36 -07:00
d2c9ba6c71
Add maps discussion to tutorial
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-14 11:47:16 -07:00
bf8fd86429
Convert tutorial doc to markdown
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-14 11:47:16 -07:00
48fa5458af
Add more contributing guidelines ( #4 )
...
Using the MSQUIC project as the example to copy from.
https://github.com/microsoft/msquic/blob/main/.github/CONTRIBUTING.md
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-14 11:45:32 -07:00
a0304a0172
Add github files
...
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
2021-04-13 15:48:48 -07:00
Shankar Seal
Alan Jowett
Daniel M. Havey
Dave Thaler
poornagmsft
Yinon Avraham
Song Jiang
Juraj Vijtiuk
saxena-anurag
Quentin Monnet
Dave Thaler