* Use netebpfext_user in fuzz testing
Address the helper function part of #1325
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix winsock inclusion issues
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix nmr implementation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update WDK path for more projects
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Disable ubpf warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix unit tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make build install execution context fuzzer corpus
Filed #1505 to improve this
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix libfuzz harness
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix MBL use by core helper fuzzer
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix cmake build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix user-mode NMR locking issue
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Extra debug statements
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bad merge
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Update to latest libbpf .h files
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_bpf_{prog,attach}_type_str APIs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_attach_type_by_name
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_bpf_{link,map}_type_str
And add tests for prog type and attach type names
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add tests
And change type names to match Linux
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix cmake build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update docs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_program__insn_cnt()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add MSVC deprecated attribute to most deprecated APIs
Still haven't done bpf_object__next() or bpf_prog_load_deprecated()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Mark bpf_object__next was deprecated
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix some test failures
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Suppress instead of disable deprecated warnings
To simplify diffs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Merge with latest main
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Build ELF parse at compile time using EverParse
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix build
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Enable bpf2c fuzzer and execution context fuzzer in CI/CD
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Create bpf2c fuzzer corpus
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make absolute path and strip trailing slash from it. (#1175)
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Add libsancov.lib when building fuzzer (#1179)
* Add libsancov.lib when building fuzzer
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* upload artifacts as dumps
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Bpf2c fuzzer fix build (#1180)
* Disable caching of verifier cmake project for now
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix dump upload path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix dump upload path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix crash dump upload
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Add Execution Context corpus
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Limit fuzzing to 15 minutes
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix artifact path
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix yaml to corectly upload artifacts
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix yaml to corectly upload artifacts
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix yaml to corectly upload artifacts
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Bpf2c fuzzer fix build (#1182)
* Disable caching of verifier cmake project for now
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Limit fuzzing memory
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Validate symbols offset
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Reject maps that have no associated symbols
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Add bpf_prog_load()
* Move prototype for bpf_prog_load_deprecated() from libbpf.h to bpf.h
to match libbpf
* Mark as deprecated bpf_object__load_xattr(), bpf_load_program(), and
bpf_load_program_xattr() to match libbpf
* Make bpf_load_program_xattr() support the program name field, where
previously it was ignored and a random name was used.
Fixes#1073
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf_object__open_file work with native files
* Update bpf_object__open_file()
* Add bpf_object__open()
* Rename ebpf_enumerate_sections() to ebpf_enumerate_program_sections()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_program_load
And add a couple of windows-specific libbpf related APIs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug in enumerate sections hit by tail_call_multiple_um.dll
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program_name field in object_open
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix order of PE sections returned
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix and revert enumerate_sections rename
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updated expected bpf2c output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warning
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updated issue number in TODO comments
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address Anurag's feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_get_next_program (bpf_prog_get_next_id should be used
instead)
* Don't export the internal ebpf_map_pin api
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP: enumerate sections in native code
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf2c emit section names
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More of PE section enumeration
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program type and map count display for native programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update cmake files
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Temporarily disable some compiler warnings for the pe-parse project
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Native programs have different sizes for skeleton in debug vs release
Also add text case for section is just ".text"
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Force inlining utility functions inside ebpf programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More expected output changes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix ebpfapi to allow a single section of name .text
To match libbpf behavior
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Resolve analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR comments from Anurag
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_verify_program API
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Remove old test
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Cleanup runners
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Cleanup old artifacts
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
* Call ebpf_verifier prior to code gen
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Resovle failures after merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert rollback of catch2
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
ebpf_get_next_map was obsoleted by standard libbpf apis
(specifically bpf_map_get_next_id and bpf_map_get_fd_by_id)
and isn't called by anything including test code.
This increases our code coverage percentage.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* remove dependabot from the fork.
* Revert "remove dependabot from the fork."
This reverts commit c542c6cd44.
* Program info and hook NPI providers for sock_addr.
* Program info and hook NPI providers for sock_addr.
* PR Feedback.
* PR Feedback 2.
* wfp callout for sock_addr hook.
* PR Feedback.
* fix build break.
* Add mutual auth for RPC client / server.
RPC client and server should authenticate each other, to ensure:
Only admin client makes a call to ebpfsvc.
Client is talking only to ebpfsvc.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Allow attaching an XDP program to a specific ifindex
* Update tests since droppacket.o changed
* Add ifindex use back to droppacket.c for testing purposes
* Verify xdp program to unlink is actually an XDP program
* Add comment re moving xdp fd replace logic to execution context
* Add libbpf test and add support for bpf_xdp_query_id
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_prog_bind_map() API
Fixes#379
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix SAL annotation
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix leak
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make program lock protect the set of maps associated with the program
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Add support for BPF_MAP_TYPE_QUEUE
* Expose bpf_map_lookup_and_delete_elem helper and API
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_in_map() API
* bpf_create_map() now fails for outer maps. You must use
bpf_create_map_in_map() instead.
* Fix bug where EBPF_INVALID_FD was incorrectly converted to
EBPF_INVALID_ARGUMENT by ioctl handling code (part of issue #595)
One symptom of this bug was that errno was being set to EINVAL
in a number of cases which should have been EBADF.
* Fix bug where a HASH_OF_MAPS (unlike ARRAY_OF_MAPS) wasn't enforcing
that an inner map value had to match the inner map template.
Refactored the code in ebpf_maps.c so the checking is in done in one
place called by both maps, to ensure consistency.
* Fix bug in HASH_OF_MAPS where if an update failed, it would leave
the old entry but incorrectly drop the reference it held. It now
preserves the reference since the entry is unchanged.
* Added test case for ARRAY_OF_MAPS created via libbpf. Previously
only HASH_OF_MAPS creation was tested for that path.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug caught by kernel test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_xattr() API
Needed for bpftool and other apps
* Add bpf_create_map_xattr() which allows creating maps with extended
attributes such as name
* Remove unused ebpf_api_create_map()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Improve netsh show programs functionality
* Rename ebpf_get_next_pinned_program_name to ebpf_get_next_pinned_program_path for clarity
* Show link count and pinned path count
* Support "level=verbose" format
* Support filtering by attached and/or pinned
Fixes#188
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add netsh capability to unpin programs
* The netsh "set program id=<id> pinned=" (with no value) will now unpin a
program from all paths
* The netsh "delete program <id>" will now unpin a program from all
paths before and releasing any reference held by netsh itself
* Make the "attached=<string>" argument to netsh set programs work
with a section name like string
* Add libbpf api bpf_obj_get()
* Add ebpf_get_next_pinned_program_name() API to enumerate pinned
programs
Fixes#190#373
This is required for #188 which will update the "show programs"
and also add an option to "add program" to pin all programs rather
than just the first one in a file, like bpftool has such an option.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update mock netsh behavior since PR 540 changed the underlying requirements
PreprocessCommand now correctly matches tags so you can specify a later
optional tag without having to specify earlier optional tags
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libpf's libbpf_prog_type_by_name() API
And add an ebpf_get_program_type_by_name() that returns the GUIDs
instead of ints.
This also removes the hard-coding of GUIDs or ints from the netsh
helper.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update netsh commands to use more standard libbpf apis
* Add support for libbpf bpf_obj_pin() API
* Add support for libbpf bpf_object__next() API
* Rename BPF_{PROG,ATTACH}_TYPE_UNKNOWN to ...UNSPEC for libbpf compat
* Remove now-unused handle APIs ebpf_api_load_program and
ebpf_api_pin_object, which is part of issue #383
* netsh set/delete program now uses the ID to identify the program,
like bpftool does, so that it can work even if the program wasn't
loaded from an ELF file
Fixes#191
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add support for libbpf bpf_obj_get_info_by_fd API
This is the last libbpf api needed to enable the bpftool
flow to detach an already loaded program.
The count of maps is changed from size_t to uint32_t for
consistency with libbpf and because it's not actually a size
in the sizeof() sense, it's a count in the countof() sense.
Also fix bug where map_name was never being set in the kernel
Fixes#372
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix non-determinism in build due to multiple projects generating header
* Only regenerate git_commit_id.h on change
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add object IDs
Add support for the following libbpf APIs:
* bpf_{link,map,prog}_get_fd_by_id
* bpf_{link,map,prog}_get_next_id
Addresses the main part of #396.
A subsequent PR will handle the rest of 396 which includes:
* remove "extra_value" complexity from maps
The changes in api_common.hpp and libbpf_internal.h are from PR 482 and so will go
away in a rebase once that PR is merged.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_link_detach and bpf_link__fd APIs
Fixes#372
Addresses leftover TODO comments referencing issue 81.
Fixes bug where errno was not being set to correct errno values
Signed-off-by: Dave Thaler <dthaler@microsoft.com>