* Allow multiple programs per section
Temporarily use a fork of ebpf-verifier until
https://github.com/vbpf/ebpf-verifier/pull/642 is merged.
Per https://stackoverflow.com/questions/13147170/attribute-always-inline-failing
the __attribute__((always_inline)) doesn't do anything unless you also
have the "inline" keyword.
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Update verifier to latest
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Address comment from Alan
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Address API compat comment from Anurag
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
---------
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Add option to control the level of verbosity emitted by verifier.
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Re-order enums to make normal < informational < verbose
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Workaround for verifier failure #643
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Revert change in ebpf-service verification path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---------
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Dave Thaler <dthaler1968@gmail.com>
* Update copyright to be eBPF for Windows contributors
Fixes#3507
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* Undo gratuitous formatting changes in expected files
---------
Signed-off-by: Dave Thaler <dthaler1968@gmail.com>
* replace XDP guids with XDP_TEST guids
* updated missde instance
* update bpf2c
* leave xdp_hook as is
* remove extra files
* update with new XDP_TEST guid, update other tests to use sample_ext
* update some tests, update test_helper
* update fuzzer
* temporarily remove bpftool tests
* update execution context test
* replace XDP guids with XDP_TEST guids
* updated missde instance
* update bpf2c
* leave xdp_hook as is
* remove extra files
* update with new XDP_TEST guid, update other tests to use sample_ext
* update some tests, update test_helper
* update fuzzer
* temporarily remove bpftool tests
* update execution context test
* build failures
* update sample ext with context_allocate and destroy
* update vm script to use xdp_test
* switch api tests to use sample program
* rename to xdp_Test
* update sample ext
* update incorrect SAL, update netsh tests
* update sample, update tests to use sample where applicable
* update tests
* fix up tests
* fix libbpf tets
* revert unnecessary changes
* remove extra prints
* add back in bpftool tests
* update to use xdp instead of xdp_test for bpftool test
* update atomic_instructions_others.o
* extra debug logs
* updated expected, update bpftool tests
* correct bpftool tests
* more debug logs
* add reg debug
* clear program info
* Attempt fix of buffer overrun
* remove debug logs, minor cleanup, set XDP guids back to their original names
* update docs with xdp_test
* fix guid usage
* CR: remove program, update comments, fix commented out tests, update bpf_program__attach_xdp
* revert changes in libbpf, as they need to use the actual XDP guids
* update comment
* update some XDP tests to use sample ext, comment out some expected failing tests
* update bpftool tests
* fix up bpf prog test run expected output, move to #if instead of comments
* fix up return code issue
* fix bpftool testes
* add some failed xdp tests, set some params to null for sample tests
* update comment
* tmp commit - move to xdp mock
* update unit tests to use mock XDP where possible
* made some samples back to XDP type
* netebpfext unit tests should use xdp_test
* CR
Other projects can now consume ebpf-for-windows in binary form,
using either nuget or MSI install. We no longer need to build
ebpf-for-windows both ways, so removing the cmake build to free
up build resources and reduce the development cost of maintaining
both msbuild and cmake builds.
Fixes#2743
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add netsh command to enumerate processes using eBPF
Addresses part of issue #555
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix build/test issues
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix potential buffer overrun
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix output when running non-elevated
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Exclude [processes] test from CodeCoverage
OpenCodeCoverage uses STATUS_BREAKPOINT and doesn't work reliably
with code that uses TerminateThread(). For now we exclude this
test from code coverage runs.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add compartment support to netsh ebpf add program
Fixes#2185
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix sanitizer build of fuzzer
Fixes#1817
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Disable some build steps for FuzzerDebug
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update github workflows
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update verifier to latest
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix execution_context_fuzzer build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bpf2c and samples
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix samples compilation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix custom program type sample
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Refactor low memory test into generic fault injection
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Update number of frames to skip
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
---------
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* clean up code
* fixing the build
* Update libs/ebpfnetsh/elf.cpp
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* fixing the build
* fixing the build
* fixing the build
* fixing the build
* fixing the build
* fixing the build
* revert HRESULT
* change BOOL type
* change BOOL type
* change BOOL type
* change BOOL type
* change BOOL type
* change BOOL type
* revert LPSERVICE_MAIN_FUNCTION
* revert SERVICE_MAIN_FUNCTION*
* SAL annotation for svcmain.cpp
* revert some SAL annotation
* remove some extra spaces
* fix tests
* change to bool type
* Update map_dll.c
* fix according to dll_main prototype
* fix BOOL
* fix according to dll_main prototype
* BOOl type
* BOOl type
* modify doc for self host runner setup
* modify doc for self host runner setup
* update tests with bool
* Update tests/unit/wer_report_test_wrapper.cpp
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Update libs/platform/user/ebpf_platform_user.cpp
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Update libs/ebpfnetsh/programs.cpp
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* change _Null_terminated_ to _Field_z_
* address PR comment
---------
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Gianni Trevisiol <gtrevi@users.noreply.github.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Clean up order of includes
Fixes#1963
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update clang-format
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Clean up headers
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update sort
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* FIx various build errors
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix ordering if including a .c file
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix cmake build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More header cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected bpf2c output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More header fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected bpf2c output for custom bpf.c
The generate script does not handle this file.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix more expected bpf2c output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Anurag Saxena <43585259+saxena-anurag@users.noreply.github.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add option to generate .spd files for sample driven PGO
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix test failure
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix code analysis annotations for _In_ and _In_opt_ parameters,
add const where appropriate or change to _Inout_ where appropriate.
The following regex expressions were used to find the problems:
Find _In_ or _In_opt_ that are not const and are not followed by _Post_invalid_ or _Frees_ptr_ or _Post_ptr_invalid_:
```_In_[ ]+(?!.*(const|_Post_invalid_|_Frees_ptr_|_Post_ptr_invalid_))```
```_In_opt_[ ]+(?!.*(const|_Post_invalid_|_Frees_ptr_|_Post_ptr_invalid_))```
Some of the _In_ and _In_opt_ parameters are not const due to required compatibility with the Windows API.
Pointers to functions are const by definition, so the const qualifier is not required.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix code analysis failure
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Clear the _ebpf_netsh_objects at the start of the test and verify objects are removed.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add map ids test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Enumerate maps associated with a program
Fixes#1339
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Initialize info before calling
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update bpftool
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make "netsh show prog l=v" show map ids for program
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Return EFAULT if map_ids is not a valid pointer
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix warning
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More test fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix socket test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add more checks in the socket test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix socket test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix netsh
Also fix GettingStarted.md and a missing space in the logs
that were found while testing this fix.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Set map_ids on output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update to latest libbpf .h files
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_bpf_{prog,attach}_type_str APIs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_attach_type_by_name
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_bpf_{link,map}_type_str
And add tests for prog type and attach type names
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add tests
And change type names to match Linux
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix cmake build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update docs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_program__insn_cnt()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add MSVC deprecated attribute to most deprecated APIs
Still haven't done bpf_object__next() or bpf_prog_load_deprecated()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Mark bpf_object__next was deprecated
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix some test failures
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Suppress instead of disable deprecated warnings
To simplify diffs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Merge with latest main
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Create bpf_map structures from bpf_object__open() on a native file
Fixes#1140
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix map update when loading native object
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix for test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More test fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More test fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf_object__open_file work with native files
* Update bpf_object__open_file()
* Add bpf_object__open()
* Rename ebpf_enumerate_sections() to ebpf_enumerate_program_sections()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_program_load
And add a couple of windows-specific libbpf related APIs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug in enumerate sections hit by tail_call_multiple_um.dll
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program_name field in object_open
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix order of PE sections returned
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix and revert enumerate_sections rename
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updated expected bpf2c output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warning
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updated issue number in TODO comments
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address Anurag's feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_get_next_program (bpf_prog_get_next_id should be used
instead)
* Don't export the internal ebpf_map_pin api
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP: enumerate sections in native code
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf2c emit section names
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More of PE section enumeration
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program type and map count display for native programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update cmake files
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Temporarily disable some compiler warnings for the pe-parse project
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Native programs have different sizes for skeleton in debug vs release
Also add text case for section is just ".text"
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Force inlining utility functions inside ebpf programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More expected output changes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix ebpfapi to allow a single section of name .text
To match libbpf behavior
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Resolve analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR comments from Anurag
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP: Developer nuget package
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf2c utility
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Build nupkg from within VisualStudio
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Don't use relative path to externals
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update props file in nuget package
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix include and library paths
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix debug build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Call ebpf_verifier prior to code gen
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Resovle failures after merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert rollback of catch2
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* initial_commit
* fix build
* fix build
* fix build break due to merge
* debug build
* api changes, other changes
* bpf2c change to enmit program type, other fixes
* hydrate UM ebpf_object, other fixes
* remove logic to disable programs
* fixes
* fix sal
* build break
* build break
* fix sal errors
* fixes
* fix bpf2c_tests failure
* unload driver when program ref count becomes 0, other minor fixes
* fixes
* tail_call fixes, add test cases, other fixes
* build break
* build break
* code cleanup
* fix bad merge
* code cleanup
* code cleanup
* cleanup
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* address cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* add tracing in ebpfcore, other fixes
* tracing
* add section for each map in sample
* do not delete the native service
* fix bad merge
* remove code to delete service, other fixes
* cr comments
* bpf2c should read and populate all the maps in ELF file
* add test case for creating map-in-map from native driver
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* add tracing for api code changes
* rename epbf_native_t to ebpf_native_module_t
* fix bad merge
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Fix netsh "show maps" output
* Display correct inner map ID
* Display Map ID
* Display count of # paths pinned
* Correct "set program" help text
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix rebase
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add option to pin all programs added and show links and maps
* "add programs" now supports the equivalent of bpftool's "prog loadall"
in addition to just "prog load"
* add "show links" netsh command
* expose "show maps" netsh command. It was partially implemented but
never exposed before.
* remove ebpf_map_query_definition() and test as being redundant with
bpf_obj_get_info_by_fd() (and in the future, a strongly typed one that
is map specific but different from the query map definition prototype)
* Fix bug where getting the next ID failed to check for index beyond
array size. And add test cases for it.
* Fix bug in ebpf_state.c where after enough tests ran it would start
returning EBPF_NO_MEMORY because _ebpf_state_next_index was never
reset.
Addresses #549
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Dave Thaler
Alan Jowett
Matthew Ige
Dave Thaler
Anurag Saxena
Delaram Amiri
Gianni Trevisiol
Alessandro Gario
Shankar Seal