microsoft
/
ebpf-for-windows
зеркало из https://github.com/microsoft/ebpf-for-windows.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
1 378 коммитов 34 Ветки 22 Теги 41 MiB
Граф коммитов

1378 Коммитов

Автор SHA1 Сообщение Дата
Dave Thaler 5e685b9911
More improvements to README file (#120) 
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-05-03 12:28:30 -07:00
Alan Jowett 3e55125d7c
Verify handles are from correct driver (#117) 
Verify handles are from correct driver

Resolves: #116 

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-30 14:57:36 -06:00
Alan Jowett c2734bbeaf
Modify epbf_program_t to take a reference on the ebpf_map_t it uses. (#115) 
ebpf_program_t should take a reference on ebpf_map_t object that it uses.

Resolves: #112

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-30 14:14:25 -06:00
Alan Jowett 05eb2789f9
Separate object enumeration from handle code (#114) 
* Seperate object enumeration from handle code

Signed-off-by: Alan Jowett <alanjo@microsoft.com>

* Fix typos

Signed-off-by: Alan Jowett <alanjo@microsoft.com>

* PR feedback

Signed-off-by: Alan Jowett <alanjo@microsoft.com>

* Add rules about object lifetime

Signed-off-by: Alan Jowett <alanjo@microsoft.com>

Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-30 12:55:21 -07:00
Alan Jowett b138e2fb83
eBPF should use Windows Handles for eBPF objects (#110) 
* Pickup changes from upstream ubpf

Signed-off-by: Alan Jowett <alanjo@microsoft.com>

* Add ebpf_handle_kernel.c to interface with Windows object manager to manage lifetimes.

Signed-off-by: Alan Jowett <alanjo@microsoft.com>

* PR feedback

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-30 11:49:23 -07:00
Alan Jowett 5be028810b
Fix pool corruption and memory leak (#109) 
Fix pool corruption and memory leak

Resolves: #107

Signed-off-by: Alan Jowett <alanjo@microsoft.com>

Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-29 18:17:02 -06:00
poornagmsft 71f86e72e2
fixing a minor typo (#108) 2021-04-29 15:22:29 -07:00
Alan Jowett eecf006201
Reduce churn in upstream ubpf repo (#104) 
* Reduce churn in upstream ubpf repo

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-29 09:43:28 -06:00
Dave Thaler 39c1819f18
Update verifier to include changes to check ctx mismatches (#106) 
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-28 17:49:18 -07:00
Alan Jowett 88cd4bf3cb
All internal code should be /w4 /wx clean (#103) 
All internal code should be /w4 /wx clean

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-28 15:51:58 -06:00
Alan Jowett a249f0f333
Switch demo to use ebpf_link APIs (#100) 
Switch demo to use ebpf_link APIs

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-27 21:39:20 -06:00
Dave Thaler e88aedf4dc
Fix nits in architecture diagram (#101) 
Fixes #99

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-27 18:56:50 -07:00
Alan Jowett 191920814c
Plumb API to call ebpf_hook API's from user mode (#98) 
Plumb API to call ebpf_hook API's from user mode

Resolves: #98 

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-27 16:21:21 -06:00
Alan Jowett 9d08b00aef
Rename ebpf_hook_instance_t to ebpf_link_t (#95) 
Resolves: #95 

Rename ebf_hook  to ebpf_link.

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-26 17:17:44 -06:00
Alan Jowett 0b0eaca37c
Implement eBPF extension and provider loading functionality (#90) 
* Add support for invoking NMR to register client and providers.
Load global helper functions as extensions.
Create user-mode mocks to test extension loading.

Resolves: #80

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-26 16:37:12 -06:00
Alan Jowett 68cc22c090
Cleanup obsolute build files (#93) 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>

Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-26 12:44:37 -07:00
Dave Thaler db9dea71e1
Remove some header ordering dependencies (#92) 
Fixes #22

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-26 12:16:20 -07:00
Dave Thaler 08c116b8d6
More cleanup (#91) 
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-26 11:43:13 -07:00
Dave Thaler 762e25939f
Cleanup (#89) 
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-25 15:25:25 -07:00
Alan Jowett a3d1f7fc4c
Switch ebpf_hook_instance_t to common ebpf_object_t ref-counting (#87) 
Switch ebpf_hook_instance_t to common ebpf_object_t ref-counting

Resolves: #86

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2021-04-25 10:19:40 -06:00
Alan Jowett 1c0c4599bc
Update pinning table to use ebpf_utf8_string_t (#85) 
Update pinning table to use ebpf_utf8_string_t

Resolves: #72

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2021-04-24 19:31:28 -06:00
Alan Jowett cc11c81a26
Create ebpf_program_t as first class object (#70) 
Create ebpf_program_t as first class object

Refactor old code in ebpf_core.c into new ebpf_program.c

Switch code in ebpf_core.c to call new code in ebpf_program.c

Resolves: #61

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2021-04-24 17:03:51 -06:00
Dave Thaler 26429bc8b8
Update to latest verifier code (#69) 
Also update boost to 1.75 to match what verifier uses

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-23 14:59:02 -07:00
Alan Jowett a1c6e9d73a
Implement handles as an abstraction (#68) 
Implement handles as an abstraction

Resolves: #60

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-23 14:26:54 -06:00
Alan Jowett 44e748fcd8
Add doxygen style comments to all common ebpf headers (#58) 
Update shared headers with Doxygen comments.

Resolves: #57

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-23 10:48:13 -06:00
Alan Jowett 2dee0dcebd
Add support for generic objects reference counting (#66) 
Add support for generic objects reference counting.

Resolves: #65

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-23 10:21:12 -06:00
Alan Jowett ff1bbbf749
Add support for hook as first class object. (#54) 
An ebpf_hook_instance represents the connection between an ebpf program and a attach point.

Signed-off-by: Alan Jowett alanjo@microsoft.com
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-23 09:42:55 -06:00
Alan Jowett 37dbd348f7
Remove remnants that assume CPU epoch starts at 0 (#63) 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-22 16:52:08 -07:00
Alan Jowett c2611f741b
Switch ebpf_epoch to use WDM standard linked list functions. (#56) 
* Switch ebpf_epoch to use WDM standard linked list functions.
Store free entries in incresing epoch to speed cleanup.

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-20 16:38:12 -06:00
Alan Jowett 199cfce121
Can't rely on initial 0 epoch to determine that a CPU isn't actively running eBPF programs. 
Can't rely on initial 0 epoch to determine that a CPU isn't actively running eBPF programs.

Resolves: #51 (#52)

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-19 19:11:28 -06:00
Alan Jowett a289a253bc
Document how to run kernel driver on Windows. (#47) 
* Document how to run kernel driver on Windows.

Resolves: 28

Signed-off-by: Alan Jowett <alanjo@microsoft.com>

Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-19 18:47:33 -06:00
Alan Jowett e7001b5c4c
Implement pinning as an abstraction. (#49) 
* Implement pinning as an abstraction.
Update execution context to use pinning abstraction.

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-19 17:12:08 -06:00
Alan Jowett a57bfb30d4
Add epoch logic to handle run down of map entries. (#43) 
* Add epoch logic to handle run down of map entries.
Integrate with execution context to invoke epoch_enter/epoch_exit on entry/exit of execution context.

Resolve: #24

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-19 16:43:45 -06:00
Dave Thaler b115fce38d
Fix CODEOWNERS (#45) 
The alias has to be prefixed with the github org to be recognized

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-19 08:31:01 -07:00
Dave Thaler 57bef3dc03
Improve performance of boost install during windows CI pass (#44) 
Pick up change to ebpf-verifier that potentially shaves a couple of minutes off the time needed for a CI pass

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-19 08:15:50 -07:00
Dave Thaler bbfb442b19
Fix format-code.ps1 extension matching (#42) 
Use exact matching, not against a regex,
so "c" should not match "rc" for example.

Fixes #31

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-17 13:59:07 -07:00
Dave Thaler 8928f5eb90
Add architectural overview to README (#41) 
And move instructions to a GettingStarted page.

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-17 13:37:48 -07:00
Dave Thaler 1c0e6c9b9f
Add CODEOWNERS file (#40) 
So that pull request reviewers are automatically populated

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-17 13:22:43 -07:00
Dave Thaler 31b77e578c
Add option to show verbose verifier output (#38) 
Fixes #20

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-17 13:09:43 -07:00
Dave Thaler c8a612ae19
Remove obsolete .sln files (#39) 
And rename ebpf-demo.sln to ebpf-for-windows.sln

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-16 18:14:30 -07:00
Alan Jowett 9b45f8d24d
Switch ebpf_platform usermode to use NTDLL's Generic AVL table (#34) 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>

Co-authored-by: Dave Thaler <dthaler@microsoft.com>
 2021-04-16 17:59:47 -07:00
Dave Thaler d773102b04
Make "show disassembly" work again when ebpfcore is not running (#37) 
Fixes #35

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-16 17:34:57 -07:00
Dave Thaler 5b7b947ac0
Add FAQ to README file (#36) 
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-16 17:23:21 -07:00
Dave Thaler d2faba3e25
Build Debug configuration (#29) 
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-16 12:52:47 -07:00
Alan Jowett 1c019afc9c
Change interface to maps to use opaque type and simplify interface. (#23) 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-16 12:59:38 -06:00
Dave Thaler 8246f41b8c
Fix references to ebpfverifier project (#25) 
The GUID referenced didn't match the project's GUID in the ebpf-demo.sln file

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-16 11:38:56 -07:00
Dave Thaler 0f9c96e17f
Fix instruction count computation (#26) 
The instruction count is shown twice, with both numbers incorrect.
This PR fixes the first one.
The second one comes from the stats section which is off by one since it
counts "entry:", which is also why the Prevail "check" tool skips
printing it.   I'm following up separately to see if that one can just be removed.

Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-16 08:58:37 -07:00
Dave Thaler 648b0fe963
Convert tutorial to use netsh commands (#16) 
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
 2021-04-15 18:36:36 -07:00
Alan Jowett 7d791e5643
Refactor maps into static lib to permit easier testing or replacement. (#15) 
Resolves: #14

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-15 17:15:00 -06:00
Alan Jowett b9eb5a080b
Add -g to build of eBPF programs to run tests with debug inforormation. (#13) 
Resolves: #12

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-04-15 14:57:31 -07:00