* Libbpf API compatibility
Libbpf is incorporated as a submodule just for the header file.
As discussed in issue #84, we cannot currently use the implementation
since it is very Linux and GCC specific.
This PR also fixes a bug where the user-mode API was calling
CloseHandle directly instead of Platform::CloseHandle which is needed
to make tests work with the mock platform.
Addresses #84
Some code will be cleaner once issue #81 is done
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Includes support for marking a helper as doing packet reallocation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Set device type to something _open_osfhandle understands
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
This PR addresses two gaps:
https://microsoft.github.io/ebpf-for-windows mentioned the hooks but
didn't mention what header file to include.
And it talked about ebpf programs, but didn't mention the reference for
user-mode apps to interact with them.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Previously some places had "info" and some had "information".
Both appear in dictionaries, so guidance to avoid abbreviations does not apply.
Fixes#314
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
This PR is the second of three steps towards fully addressing #259
The doxygen \ref annotation tells doxygen to make the following word
be linked to the appropriate location in the generated docs.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Before this change, the API docs at
https://microsoft.github.io/ebpf-for-windows/ebpf__helpers_8h.html
just show the typedefs. This PR updates the documentation so that the
helpers are documented just like normal public APIs would be.
This is the first step towards addressing #259
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make all enum values have a description in the generated API docs
* Also remove SAL annotation from the generated docs, since SAL
breaks doxygen type detection
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Switch from _Pre_maybenull_ to _In_opt_
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix C6011 in PreprocessCommand
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add configuration option to run code analysis
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add analysis to build matrix
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix typo
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Enable code analysis on all builds
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add default ruleset
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Enable all passing rules
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Update Analyze.default.ruleset
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Update Analyze.default.ruleset
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Switch rules from prevail to warning
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Fix a couple bugs that the tests uncovered
Remove duplicate "error: error:" prefix in messages on verification
Fixes#240
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add test that JITs the bindmonitor.o eBPF program and runs it
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Refactor tests to allow common code between JIT and interpret
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix test bug
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix rebase issue
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Make a couple of `_In_` arguments be const
* Add `_opt_` to a number of arguments that can be NULL
* Add SAL annotation to a few more APIs that were missing it
* Remove annotations like
`_Pre_readable_byte_size_(hash_table->key_size)` since they just give
code analysis warnings such as:
```
c:\git\dthaler\ebpf-for-windows\libs\platform\ebpf_platform.h(445):
warning C28230: The type of '_Param_(1)' has no member 'key_size'.
c:\git\dthaler\ebpf-for-windows\libs\platform\ebpf_platform.h(445):
warning C28285: For function 'ebpf_hash_table_delete' '_Param_(2)'
syntax error in
'SAL_readableTo(byteCount(__formal(0,hash_table)->key_size))' near
'key_size))'.
```
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Remove duplicate types:
* ebpf_helper_return_type_t
* ebpf_helper_argument_type_t
* ebpf_context_descriptor_t
https://github.com/vbpf/ebpf-verifier/pull/238 already made the
necessary changes in the PREVAIL project, which got rid of the
issue with VOID and so the 'undef VOID' workarounds are removed
in the present PR.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Without the annotation, clang-format would convert
`uuid(6bef171d-7205-4b63-a1e5-d00f01e6a0c1)`
to
`uuid(6bef171d - 7205 - 4b63 - a1e5 - d00f01e6a0c1)`
which would be invalid.
Fixes#269
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Create an install script rather than having to manually do lots
of steps
* Make Debug build use vcruntime as static libs to avoid adding
another prerequisite on a machine before installing eBPF. This
isn't required for Release builds as vcruntime release DLLs
are part of Windows, unlike vcruntime debug DLLs
Fixes#248
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Abstract hook registration and handle passive and dispatch
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Switch to new license header format
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Clarify memory barrier
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add SAL annotation
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Switch to approved license header format (#268)
* Switch to approved license header format
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add comments to clarify how the code works
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* First pass of adding SAL annotations
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Finish annotating platform
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Cleanup annotation to get lock tracking work correctly
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback and fix static analysis issues
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix build break from merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Simplify names of some ebpf_result codes
* Remove _ERROR_ for consistency
* Combine EBPF_INVALID_HANDLE and EBPF_INVALID_OBJECT
* Rename EBPF_ERROR_NOT_FOUND to EBPF_KEY_NOT_FOUND for consistency with the associated description.
* Change code that returned EBPF_ERROR_NOT_FOUND for a case other than a
key, to use a different appropriate result, so the description stays correct.
Fixes#212
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
Dave Thaler
Alan Jowett
Shankar Seal
poornagmsft
saxena-anurag