* WIP: enumerate sections in native code
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf2c emit section names
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More of PE section enumeration
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program type and map count display for native programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update cmake files
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Temporarily disable some compiler warnings for the pe-parse project
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Native programs have different sizes for skeleton in debug vs release
Also add text case for section is just ".text"
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Force inlining utility functions inside ebpf programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More expected output changes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix ebpfapi to allow a single section of name .text
To match libbpf behavior
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Resolve analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR comments from Anurag
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_verify_program API
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Remove old test
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Cleanup runners
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Cleanup old artifacts
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Call ebpf_verifier prior to code gen
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Resovle failures after merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert rollback of catch2
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
ebpf_get_next_map was obsoleted by standard libbpf apis
(specifically bpf_map_get_next_id and bpf_map_get_fd_by_id)
and isn't called by anything including test code.
This increases our code coverage percentage.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* remove dependabot from the fork.
* Revert "remove dependabot from the fork."
This reverts commit c542c6cd44.
* Program info and hook NPI providers for sock_addr.
* Program info and hook NPI providers for sock_addr.
* PR Feedback.
* PR Feedback 2.
* wfp callout for sock_addr hook.
* PR Feedback.
* fix build break.
* Add mutual auth for RPC client / server.
RPC client and server should authenticate each other, to ensure:
Only admin client makes a call to ebpfsvc.
Client is talking only to ebpfsvc.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Allow attaching an XDP program to a specific ifindex
* Update tests since droppacket.o changed
* Add ifindex use back to droppacket.c for testing purposes
* Verify xdp program to unlink is actually an XDP program
* Add comment re moving xdp fd replace logic to execution context
* Add libbpf test and add support for bpf_xdp_query_id
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_prog_bind_map() API
Fixes#379
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix SAL annotation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix leak
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make program lock protect the set of maps associated with the program
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Add support for BPF_MAP_TYPE_QUEUE
* Expose bpf_map_lookup_and_delete_elem helper and API
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_in_map() API
* bpf_create_map() now fails for outer maps. You must use
bpf_create_map_in_map() instead.
* Fix bug where EBPF_INVALID_FD was incorrectly converted to
EBPF_INVALID_ARGUMENT by ioctl handling code (part of issue #595)
One symptom of this bug was that errno was being set to EINVAL
in a number of cases which should have been EBADF.
* Fix bug where a HASH_OF_MAPS (unlike ARRAY_OF_MAPS) wasn't enforcing
that an inner map value had to match the inner map template.
Refactored the code in ebpf_maps.c so the checking is in done in one
place called by both maps, to ensure consistency.
* Fix bug in HASH_OF_MAPS where if an update failed, it would leave
the old entry but incorrectly drop the reference it held. It now
preserves the reference since the entry is unchanged.
* Added test case for ARRAY_OF_MAPS created via libbpf. Previously
only HASH_OF_MAPS creation was tested for that path.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug caught by kernel test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_xattr() API
Needed for bpftool and other apps
* Add bpf_create_map_xattr() which allows creating maps with extended
attributes such as name
* Remove unused ebpf_api_create_map()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Improve netsh show programs functionality
* Rename ebpf_get_next_pinned_program_name to ebpf_get_next_pinned_program_path for clarity
* Show link count and pinned path count
* Support "level=verbose" format
* Support filtering by attached and/or pinned
Fixes#188
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add netsh capability to unpin programs
* The netsh "set program id=<id> pinned=" (with no value) will now unpin a
program from all paths
* The netsh "delete program <id>" will now unpin a program from all
paths before and releasing any reference held by netsh itself
* Make the "attached=<string>" argument to netsh set programs work
with a section name like string
* Add libbpf api bpf_obj_get()
* Add ebpf_get_next_pinned_program_name() API to enumerate pinned
programs
Fixes#190#373
This is required for #188 which will update the "show programs"
and also add an option to "add program" to pin all programs rather
than just the first one in a file, like bpftool has such an option.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update mock netsh behavior since PR 540 changed the underlying requirements
PreprocessCommand now correctly matches tags so you can specify a later
optional tag without having to specify earlier optional tags
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libpf's libbpf_prog_type_by_name() API
And add an ebpf_get_program_type_by_name() that returns the GUIDs
instead of ints.
This also removes the hard-coding of GUIDs or ints from the netsh
helper.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update netsh commands to use more standard libbpf apis
* Add support for libbpf bpf_obj_pin() API
* Add support for libbpf bpf_object__next() API
* Rename BPF_{PROG,ATTACH}_TYPE_UNKNOWN to ...UNSPEC for libbpf compat
* Remove now-unused handle APIs ebpf_api_load_program and
ebpf_api_pin_object, which is part of issue #383
* netsh set/delete program now uses the ID to identify the program,
like bpftool does, so that it can work even if the program wasn't
loaded from an ELF file
Fixes#191
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add support for libbpf bpf_obj_get_info_by_fd API
This is the last libbpf api needed to enable the bpftool
flow to detach an already loaded program.
The count of maps is changed from size_t to uint32_t for
consistency with libbpf and because it's not actually a size
in the sizeof() sense, it's a count in the countof() sense.
Also fix bug where map_name was never being set in the kernel
Fixes#372
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix non-determinism in build due to multiple projects generating header
* Only regenerate git_commit_id.h on change
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add object IDs
Add support for the following libbpf APIs:
* bpf_{link,map,prog}_get_fd_by_id
* bpf_{link,map,prog}_get_next_id
Addresses the main part of #396.
A subsequent PR will handle the rest of 396 which includes:
* remove "extra_value" complexity from maps
The changes in api_common.hpp and libbpf_internal.h are from PR 482 and so will go
away in a rebase once that PR is merged.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_link_detach and bpf_link__fd APIs
Fixes#372
Addresses leftover TODO comments referencing issue 81.
Fixes bug where errno was not being set to correct errno values
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Since there is a name conflict between KM helpers and UM libbpf APIs,
the end-to-end tests need to _not_ include the KM helper prototypes,
so removed ebpf_helpers.h from ebpf.h and made samples include it
directly.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Prevent mismatched program types in PROG_ARRAY maps
* Each prog array map has a natural progtype, determined when
asociating it from a program, or when adding the first program
to it, if not associated with any program.
* Trying to add a program with mismatching type will fail
* Added libbpf bpf_create_map() API
* Fixed error returns from several libbpf APIs to be negative
* For efficiency, ebpf_program_get_properties now returns a
pointer rather than copying the data inside the execution
context, and is renamed to ebpf_program_get_parameters()
to match what its return type always was.
* Fixed a bug in map size calculation that resulted in a huge
amount of memory being allocated
* Updated return type of bpf_tail_call to the value meant
to signal stack unwind needed
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Test Extension Part 2
* rename test extension to sample extension and update Getting-started doc.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Libbpf API compatibility
Libbpf is incorporated as a submodule just for the header file.
As discussed in issue #84, we cannot currently use the implementation
since it is very Linux and GCC specific.
This PR also fixes a bug where the user-mode API was calling
CloseHandle directly instead of Platform::CloseHandle which is needed
to make tests work with the mock platform.
Addresses #84
Some code will be cleaner once issue #81 is done
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Previously some places had "info" and some had "information".
Both appear in dictionaries, so guidance to avoid abbreviations does not apply.
Fixes#314
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Create an install script rather than having to manually do lots
of steps
* Make Debug build use vcruntime as static libs to avoid adding
another prerequisite on a machine before installing eBPF. This
isn't required for Release builds as vcruntime release DLLs
are part of Windows, unlike vcruntime debug DLLs
Fixes#248
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>