* Clean up order of includes
Fixes#1963
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update clang-format
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Clean up headers
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update sort
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* FIx various build errors
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix ordering if including a .c file
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix cmake build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More header cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected bpf2c output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More header fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected bpf2c output for custom bpf.c
The generate script does not handle this file.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix more expected bpf2c output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
---------
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Anurag Saxena <43585259+saxena-anurag@users.noreply.github.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Fix code analysis annotations for _In_ and _In_opt_ parameters,
add const where appropriate or change to _Inout_ where appropriate.
The following regex expressions were used to find the problems:
Find _In_ or _In_opt_ that are not const and are not followed by _Post_invalid_ or _Frees_ptr_ or _Post_ptr_invalid_:
```_In_[ ]+(?!.*(const|_Post_invalid_|_Frees_ptr_|_Post_ptr_invalid_))```
```_In_opt_[ ]+(?!.*(const|_Post_invalid_|_Frees_ptr_|_Post_ptr_invalid_))```
Some of the _In_ and _In_opt_ parameters are not const due to required compatibility with the Windows API.
Pointers to functions are const by definition, so the const qualifier is not required.
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix code analysis failure
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Annotate EBPF API's with _Must_inspect_result_
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix build break
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
* Fix test failure
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Handles may be closed by fuzzing
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix code-analysis failure
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Update to latest libbpf .h files
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_bpf_{prog,attach}_type_str APIs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_attach_type_by_name
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf_bpf_{link,map}_type_str
And add tests for prog type and attach type names
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add tests
And change type names to match Linux
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix cmake build
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update docs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_program__insn_cnt()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add MSVC deprecated attribute to most deprecated APIs
Still haven't done bpf_object__next() or bpf_prog_load_deprecated()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Mark bpf_object__next was deprecated
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix some test failures
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Suppress instead of disable deprecated warnings
To simplify diffs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Merge with latest main
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Try some cleanup of Verifier.cpp
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Analysis fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix error messages
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: saxena-anurag <43585259+saxena-anurag@users.noreply.github.com>
* Create bpf_map structures from bpf_object__open() on a native file
Fixes#1140
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix map update when loading native object
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update tests
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix for test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More test fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More test fixes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Increase bound on instruction count
And align more with other platforms
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix compiler error
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_prog_load()
* Move prototype for bpf_prog_load_deprecated() from libbpf.h to bpf.h
to match libbpf
* Mark as deprecated bpf_object__load_xattr(), bpf_load_program(), and
bpf_load_program_xattr() to match libbpf
* Make bpf_load_program_xattr() support the program name field, where
previously it was ignored and a random name was used.
Fixes#1073
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf_object__open_file work with native files
* Update bpf_object__open_file()
* Add bpf_object__open()
* Rename ebpf_enumerate_sections() to ebpf_enumerate_program_sections()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_program_load
And add a couple of windows-specific libbpf related APIs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug in enumerate sections hit by tail_call_multiple_um.dll
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program_name field in object_open
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Cleanup
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix order of PE sections returned
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Bug fix and revert enumerate_sections rename
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updated expected bpf2c output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warning
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Updated issue number in TODO comments
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address Anurag's feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Remove ebpf_get_next_program (bpf_prog_get_next_id should be used
instead)
* Don't export the internal ebpf_map_pin api
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* WIP: enumerate sections in native code
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Make bpf2c emit section names
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More of PE section enumeration
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix program type and map count display for native programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update cmake files
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Temporarily disable some compiler warnings for the pe-parse project
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Native programs have different sizes for skeleton in debug vs release
Also add text case for section is just ".text"
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Force inlining utility functions inside ebpf programs
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update expected output
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* More expected output changes
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix ebpfapi to allow a single section of name .text
To match libbpf behavior
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Resolve analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix analysis warnings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR comments from Anurag
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Call ebpf_verifier prior to code gen
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Resovle failures after merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Revert rollback of catch2
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
ebpf_get_next_map was obsoleted by standard libbpf apis
(specifically bpf_map_get_next_id and bpf_map_get_fd_by_id)
and isn't called by anything including test code.
This increases our code coverage percentage.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* initial_commit
* fix build
* fix build
* fix build break due to merge
* debug build
* api changes, other changes
* bpf2c change to enmit program type, other fixes
* hydrate UM ebpf_object, other fixes
* remove logic to disable programs
* fixes
* fix sal
* build break
* build break
* fix sal errors
* fixes
* fix bpf2c_tests failure
* unload driver when program ref count becomes 0, other minor fixes
* fixes
* tail_call fixes, add test cases, other fixes
* build break
* build break
* code cleanup
* fix bad merge
* code cleanup
* code cleanup
* cleanup
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* address cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* add tracing in ebpfcore, other fixes
* tracing
* add section for each map in sample
* do not delete the native service
* fix bad merge
* remove code to delete service, other fixes
* cr comments
* bpf2c should read and populate all the maps in ELF file
* add test case for creating map-in-map from native driver
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* cr comments
* add tracing for api code changes
* rename epbf_native_t to ebpf_native_module_t
* fix bad merge
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* fix crash.
* use NMR APIs.
* program info provider; bind program info
rename attach provider as hook provider
function renaming
* refactor hook providers.
* async client detach.
* cicd automation and documentation.
* PR Feedback.
* switch to server 2019.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Allow attaching an XDP program to a specific ifindex
* Update tests since droppacket.o changed
* Add ifindex use back to droppacket.c for testing purposes
* Verify xdp program to unlink is actually an XDP program
* Add comment re moving xdp fd replace logic to execution context
* Add libbpf test and add support for bpf_xdp_query_id
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_xattr() API
Needed for bpftool and other apps
* Add bpf_create_map_xattr() which allows creating maps with extended
attributes such as name
* Remove unused ebpf_api_create_map()
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add option to pin all programs added and show links and maps
* "add programs" now supports the equivalent of bpftool's "prog loadall"
in addition to just "prog load"
* add "show links" netsh command
* expose "show maps" netsh command. It was partially implemented but
never exposed before.
* remove ebpf_map_query_definition() and test as being redundant with
bpf_obj_get_info_by_fd() (and in the future, a strongly typed one that
is map specific but different from the query map definition prototype)
* Fix bug where getting the next ID failed to check for index beyond
array size. And add test cases for it.
* Fix bug in ebpf_state.c where after enough tests ran it would start
returning EBPF_NO_MEMORY because _ebpf_state_next_index was never
reset.
Addresses #549
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Improve netsh show programs functionality
* Rename ebpf_get_next_pinned_program_name to ebpf_get_next_pinned_program_path for clarity
* Show link count and pinned path count
* Support "level=verbose" format
* Support filtering by attached and/or pinned
Fixes#188
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add netsh capability to unpin programs
* The netsh "set program id=<id> pinned=" (with no value) will now unpin a
program from all paths
* The netsh "delete program <id>" will now unpin a program from all
paths before and releasing any reference held by netsh itself
* Make the "attached=<string>" argument to netsh set programs work
with a section name like string
* Add libbpf api bpf_obj_get()
* Add ebpf_get_next_pinned_program_name() API to enumerate pinned
programs
Fixes#190#373
This is required for #188 which will update the "show programs"
and also add an option to "add program" to pin all programs rather
than just the first one in a file, like bpftool has such an option.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update mock netsh behavior since PR 540 changed the underlying requirements
PreprocessCommand now correctly matches tags so you can specify a later
optional tag without having to specify earlier optional tags
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add libpf's libbpf_prog_type_by_name() API
And add an ebpf_get_program_type_by_name() that returns the GUIDs
instead of ints.
This also removes the hard-coding of GUIDs or ints from the netsh
helper.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update netsh commands to use more standard libbpf apis
* Add support for libbpf bpf_obj_pin() API
* Add support for libbpf bpf_object__next() API
* Rename BPF_{PROG,ATTACH}_TYPE_UNKNOWN to ...UNSPEC for libbpf compat
* Remove now-unused handle APIs ebpf_api_load_program and
ebpf_api_pin_object, which is part of issue #383
* netsh set/delete program now uses the ID to identify the program,
like bpftool does, so that it can work even if the program wasn't
loaded from an ELF file
Fixes#191
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add doxygen documentation for libbpf apis
Eventually this should be upstreamed, but as a workaround the docs
are put into our repo in the meantime.
As discussed at
https://stackoverflow.com/questions/23798053/how-to-document-errno-value-with-doxygen
doxygen does not have a built-in way to document errno values set. It is
possible by creating doxygen custom commands, but for now we use
the "exception" section as recommended at the bottom of that page.
Fixes#490
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add object IDs
Add support for the following libbpf APIs:
* bpf_{link,map,prog}_get_fd_by_id
* bpf_{link,map,prog}_get_next_id
Addresses the main part of #396.
A subsequent PR will handle the rest of 396 which includes:
* remove "extra_value" complexity from maps
The changes in api_common.hpp and libbpf_internal.h are from PR 482 and so will go
away in a rebase once that PR is merged.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Libbpf has bpf_helpers.h which is mostly platform-agnostic, and
bpf_helper_defs.h which is platform-specific but is included
by bpf_helpers.h. Until libbpf is made more platform-agnostic
(issue #351), the workaround is to have a separate pair of files.
Our bpf_helpers.h and our own bpf_helper_defs.h, both of which
would ideally be merged into libbpf's in the future.
Platform-specific defines are in ebpf_struct.h, though that
name may need to change later on. Linux uses "linux/bpf.h"
(e.g., as used in the https://docs.cilium.io/en/v1.8/bpf/ and
https://developers.redhat.com/blog/2021/04/01/get-started-with-xdp
articles) or "vmlinux.h" (e.g., as used in the
https://ruderich.org/simon/notes/xdp-minimal-example article),
and these filenames are hard coded in eBPF programs. In the future,
we should probably settle on a cross-platform name and use include
paths to distinguish them, as opposed to requiring ifdefs in eBPF
programs. However, all of that is part of issue 351 and not this
issue.
Also removed obsolete/unused "repro.c" from tests/samples
Fixes#426
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
* Add tests for libbpf bpf_map_*_elem APIs
* Return correct error between EBPF_OBJECT_ALREADY_EXISTS (A program or
map is already pinned with the *same* path) vs
EBPF_ALREADY_PINNED (The program or map already pinned to a *different*
path).
* Update vs lookup elem were inconsistent in whether returning
EBPF_KEY_NOT_FOUND vs EBPF_INVALID_ARGUMENT when passing an array
index >= max_entries. Made them be consistent in using
EBPF_INVALID_ARGUMENT.
Fixes#376
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add map-in-map support
Replace UM ebpf_map_update/delete_element with libbpf-compliant
bpf_map_update/delete_elem
This adds the basic functionality needed for #375
Not in this PR, but in a subsequent PR:
* ensure that all inner maps match the one specified by inner_map_idx,
much like prog_types have to match in a prog_array.
* ensure that putting a prog_array in an array of maps adheres to the
prog_array contract that any associated progs have to match the
type of the calling program.
* read a map id not fd when UM reads the value (will be done together
with issue #396 since also affects prog_arrays)
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Since there is a name conflict between KM helpers and UM libbpf APIs,
the end-to-end tests need to _not_ include the KM helper prototypes,
so removed ebpf_helpers.h from ebpf.h and made samples include it
directly.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Test Extension Part 2
* rename test extension to sample extension and update Getting-started doc.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>