* Create bpf_map structures from bpf_object__open() on a native file
Fixes#1140
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix map update when loading native object
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix for test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More test fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More test fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Increase bound on instruction count
And align more with other platforms
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix compiler error
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_prog_load()
* Move prototype for bpf_prog_load_deprecated() from libbpf.h to bpf.h
to match libbpf
* Mark as deprecated bpf_object__load_xattr(), bpf_load_program(), and
bpf_load_program_xattr() to match libbpf
* Make bpf_load_program_xattr() support the program name field, where
previously it was ignored and a random name was used.
Fixes#1073
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf_object__open_file work with native files
* Update bpf_object__open_file()
* Add bpf_object__open()
* Rename ebpf_enumerate_sections() to ebpf_enumerate_program_sections()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_program_load
And add a couple of windows-specific libbpf related APIs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug in enumerate sections hit by tail_call_multiple_um.dll
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program_name field in object_open
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix order of PE sections returned
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix and revert enumerate_sections rename
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updated expected bpf2c output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warning
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updated issue number in TODO comments
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address Anurag's feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_get_next_program (bpf_prog_get_next_id should be used
instead)
* Don't export the internal ebpf_map_pin api
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP: enumerate sections in native code
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf2c emit section names
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More of PE section enumeration
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program type and map count display for native programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update cmake files
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Temporarily disable some compiler warnings for the pe-parse project
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Native programs have different sizes for skeleton in debug vs release
Also add text case for section is just ".text"
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Force inlining utility functions inside ebpf programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More expected output changes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix ebpfapi to allow a single section of name .text
To match libbpf behavior
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Resolve analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR comments from Anurag
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Call ebpf_verifier prior to code gen
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Resovle failures after merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert rollback of catch2
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
ebpf_get_next_map was obsoleted by standard libbpf apis
(specifically bpf_map_get_next_id and bpf_map_get_fd_by_id)
and isn't called by anything including test code.
This increases our code coverage percentage.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* initial_commit
* fix build
* fix build
* fix build break due to merge
* debug build
* api changes, other changes
* bpf2c change to enmit program type, other fixes
* hydrate UM ebpf_object, other fixes
* remove logic to disable programs
* fixes
* fix sal
* build break
* build break
* fix sal errors
* fixes
* fix bpf2c_tests failure
* unload driver when program ref count becomes 0, other minor fixes
* fixes
* tail_call fixes, add test cases, other fixes
* build break
* build break
* code cleanup
* fix bad merge
* code cleanup
* code cleanup
* cleanup
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* address cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* add tracing in ebpfcore, other fixes
* tracing
* add section for each map in sample
* do not delete the native service
* fix bad merge
* remove code to delete service, other fixes
* cr comments
* bpf2c should read and populate all the maps in ELF file
* add test case for creating map-in-map from native driver
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* add tracing for api code changes
* rename epbf_native_t to ebpf_native_module_t
* fix bad merge
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* fix crash.
* use NMR APIs.
* program info provider; bind program info
rename attach provider as hook provider
function renaming
* refactor hook providers.
* async client detach.
* cicd automation and documentation.
* PR Feedback.
* switch to server 2019.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Allow attaching an XDP program to a specific ifindex
* Update tests since droppacket.o changed
* Add ifindex use back to droppacket.c for testing purposes
* Verify xdp program to unlink is actually an XDP program
* Add comment re moving xdp fd replace logic to execution context
* Add libbpf test and add support for bpf_xdp_query_id
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_xattr() API
Needed for bpftool and other apps
* Add bpf_create_map_xattr() which allows creating maps with extended
attributes such as name
* Remove unused ebpf_api_create_map()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add option to pin all programs added and show links and maps
* "add programs" now supports the equivalent of bpftool's "prog loadall"
in addition to just "prog load"
* add "show links" netsh command
* expose "show maps" netsh command. It was partially implemented but
never exposed before.
* remove ebpf_map_query_definition() and test as being redundant with
bpf_obj_get_info_by_fd() (and in the future, a strongly typed one that
is map specific but different from the query map definition prototype)
* Fix bug where getting the next ID failed to check for index beyond
array size. And add test cases for it.
* Fix bug in ebpf_state.c where after enough tests ran it would start
returning EBPF_NO_MEMORY because _ebpf_state_next_index was never
reset.
Addresses #549
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Improve netsh show programs functionality
* Rename ebpf_get_next_pinned_program_name to ebpf_get_next_pinned_program_path for clarity
* Show link count and pinned path count
* Support "level=verbose" format
* Support filtering by attached and/or pinned
Fixes#188
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add netsh capability to unpin programs
* The netsh "set program id=<id> pinned=" (with no value) will now unpin a
program from all paths
* The netsh "delete program <id>" will now unpin a program from all
paths before and releasing any reference held by netsh itself
* Make the "attached=<string>" argument to netsh set programs work
with a section name like string
* Add libbpf api bpf_obj_get()
* Add ebpf_get_next_pinned_program_name() API to enumerate pinned
programs
Fixes#190#373
This is required for #188 which will update the "show programs"
and also add an option to "add program" to pin all programs rather
than just the first one in a file, like bpftool has such an option.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update mock netsh behavior since PR 540 changed the underlying requirements
PreprocessCommand now correctly matches tags so you can specify a later
optional tag without having to specify earlier optional tags
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libpf's libbpf_prog_type_by_name() API
And add an ebpf_get_program_type_by_name() that returns the GUIDs
instead of ints.
This also removes the hard-coding of GUIDs or ints from the netsh
helper.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update netsh commands to use more standard libbpf apis
* Add support for libbpf bpf_obj_pin() API
* Add support for libbpf bpf_object__next() API
* Rename BPF_{PROG,ATTACH}_TYPE_UNKNOWN to ...UNSPEC for libbpf compat
* Remove now-unused handle APIs ebpf_api_load_program and
ebpf_api_pin_object, which is part of issue #383
* netsh set/delete program now uses the ID to identify the program,
like bpftool does, so that it can work even if the program wasn't
loaded from an ELF file
Fixes#191
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add doxygen documentation for libbpf apis
Eventually this should be upstreamed, but as a workaround the docs
are put into our repo in the meantime.
As discussed at
https://stackoverflow.com/questions/23798053/how-to-document-errno-value-with-doxygen
doxygen does not have a built-in way to document errno values set. It is
possible by creating doxygen custom commands, but for now we use
the "exception" section as recommended at the bottom of that page.
Fixes#490
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add object IDs
Add support for the following libbpf APIs:
* bpf_{link,map,prog}_get_fd_by_id
* bpf_{link,map,prog}_get_next_id
Addresses the main part of #396.
A subsequent PR will handle the rest of 396 which includes:
* remove "extra_value" complexity from maps
The changes in api_common.hpp and libbpf_internal.h are from PR 482 and so will go
away in a rebase once that PR is merged.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Libbpf has bpf_helpers.h which is mostly platform-agnostic, and
bpf_helper_defs.h which is platform-specific but is included
by bpf_helpers.h. Until libbpf is made more platform-agnostic
(issue #351), the workaround is to have a separate pair of files.
Our bpf_helpers.h and our own bpf_helper_defs.h, both of which
would ideally be merged into libbpf's in the future.
Platform-specific defines are in ebpf_struct.h, though that
name may need to change later on. Linux uses "linux/bpf.h"
(e.g., as used in the https://docs.cilium.io/en/v1.8/bpf/ and
https://developers.redhat.com/blog/2021/04/01/get-started-with-xdp
articles) or "vmlinux.h" (e.g., as used in the
https://ruderich.org/simon/notes/xdp-minimal-example article),
and these filenames are hard coded in eBPF programs. In the future,
we should probably settle on a cross-platform name and use include
paths to distinguish them, as opposed to requiring ifdefs in eBPF
programs. However, all of that is part of issue 351 and not this
issue.
Also removed obsolete/unused "repro.c" from tests/samples
Fixes#426
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add tests for libbpf bpf_map_*_elem APIs
* Return correct error between EBPF_OBJECT_ALREADY_EXISTS (A program or
map is already pinned with the *same* path) vs
EBPF_ALREADY_PINNED (The program or map already pinned to a *different*
path).
* Update vs lookup elem were inconsistent in whether returning
EBPF_KEY_NOT_FOUND vs EBPF_INVALID_ARGUMENT when passing an array
index >= max_entries. Made them be consistent in using
EBPF_INVALID_ARGUMENT.
Fixes#376
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add map-in-map support
Replace UM ebpf_map_update/delete_element with libbpf-compliant
bpf_map_update/delete_elem
This adds the basic functionality needed for #375
Not in this PR, but in a subsequent PR:
* ensure that all inner maps match the one specified by inner_map_idx,
much like prog_types have to match in a prog_array.
* ensure that putting a prog_array in an array of maps adheres to the
prog_array contract that any associated progs have to match the
type of the calling program.
* read a map id not fd when UM reads the value (will be done together
with issue #396 since also affects prog_arrays)
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Since there is a name conflict between KM helpers and UM libbpf APIs,
the end-to-end tests need to _not_ include the KM helper prototypes,
so removed ebpf_helpers.h from ebpf.h and made samples include it
directly.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Test Extension Part 2
* rename test extension to sample extension and update Getting-started doc.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* add UNLINK operation
* Some fixes:
1. Added attach_lock to synchronize multiple detach calls on same link object.
2. ebpf_extension_unload() should be called from ebpf_link_detach_program()
3. Changed return type of ebpf_program_get_properties to void.
* Update libs/execution_context/ebpf_program.c
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Previously some places had "info" and some had "information".
Both appear in dictionaries, so guidance to avoid abbreviations does not apply.
Fixes#314
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
This PR is the second of three steps towards fully addressing #259
The doxygen \ref annotation tells doxygen to make the following word
be linked to the appropriate location in the generated docs.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Switch from _Pre_maybenull_ to _In_opt_
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011 in PreprocessCommand
Signed-off-by: Alan Jowett <alanjo@microsoft.com>