* Rename win32 error code APIs for internal consistency
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update error mappings
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Replace unstable NTSTATUS code with a documented one
STATUS_FILE_NOT_SUPPORTED does not appear in MS-ERREF and support varies
by OS version so cannot be relied on. Replaced with
STATUS_INVALID_IMAGE_FORMAT.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* add auto-pinning option
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Configure custom pin_root_path using bpf_object_open_opts
* use new api for map-in-map, remove pinning restriction for inner map, remove workaround for inner map id
* code cleanup
* cr comments
* Apply suggestions from code review
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* fix bad merge
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
* Add libbpf bpf_create_map_in_map() API
* bpf_create_map() now fails for outer maps. You must use
bpf_create_map_in_map() instead.
* Fix bug where EBPF_INVALID_FD was incorrectly converted to
EBPF_INVALID_ARGUMENT by ioctl handling code (part of issue #595)
One symptom of this bug was that errno was being set to EINVAL
in a number of cases which should have been EBADF.
* Fix bug where a HASH_OF_MAPS (unlike ARRAY_OF_MAPS) wasn't enforcing
that an inner map value had to match the inner map template.
Refactored the code in ebpf_maps.c so the checking is in done in one
place called by both maps, to ensure consistency.
* Fix bug in HASH_OF_MAPS where if an update failed, it would leave
the old entry but incorrectly drop the reference it held. It now
preserves the reference since the entry is unchanged.
* Added test case for ARRAY_OF_MAPS created via libbpf. Previously
only HASH_OF_MAPS creation was tested for that path.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Fix bug caught by kernel test
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Addresses part of issue #595
A more comprehensive fix is left for a separate PR.
This PR fixes some bad error messages from bpftool.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add netsh capability to unpin programs
* The netsh "set program id=<id> pinned=" (with no value) will now unpin a
program from all paths
* The netsh "delete program <id>" will now unpin a program from all
paths before and releasing any reference held by netsh itself
* Make the "attached=<string>" argument to netsh set programs work
with a section name like string
* Add libbpf api bpf_obj_get()
* Add ebpf_get_next_pinned_program_name() API to enumerate pinned
programs
Fixes#190#373
This is required for #188 which will update the "show programs"
and also add an option to "add program" to pin all programs rather
than just the first one in a file, like bpftool has such an option.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update mock netsh behavior since PR 540 changed the underlying requirements
PreprocessCommand now correctly matches tags so you can specify a later
optional tag without having to specify earlier optional tags
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update netsh commands to use more standard libbpf apis
* Add support for libbpf bpf_obj_pin() API
* Add support for libbpf bpf_object__next() API
* Rename BPF_{PROG,ATTACH}_TYPE_UNKNOWN to ...UNSPEC for libbpf compat
* Remove now-unused handle APIs ebpf_api_load_program and
ebpf_api_pin_object, which is part of issue #383
* netsh set/delete program now uses the ID to identify the program,
like bpftool does, so that it can work even if the program wasn't
loaded from an ELF file
Fixes#191
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add object IDs
Add support for the following libbpf APIs:
* bpf_{link,map,prog}_get_fd_by_id
* bpf_{link,map,prog}_get_next_id
Addresses the main part of #396.
A subsequent PR will handle the rest of 396 which includes:
* remove "extra_value" complexity from maps
The changes in api_common.hpp and libbpf_internal.h are from PR 482 and so will go
away in a rebase once that PR is merged.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Address PR feedback
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add bpf_link_detach and bpf_link__fd APIs
Fixes#372
Addresses leftover TODO comments referencing issue 81.
Fixes bug where errno was not being set to correct errno values
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add map-in-map type checking
This PR enforces that all inner maps must be of the same type
as the inner map template used for verification. Other fields
might need to match too, and if so those will be updated in
a subsequent PR once it is confirmed which fields must match.
A few pieces of this PR related to map_id are prerequisites
for issue #396 which will add IDs for programs, maps, and links.
Finally, there are multiple definitions of bpf_map, since the
version used to write eBPF programs is different from what is
stored in memory (which uses map IDs) so to avoid confusion in
code and allow the compiler to do type checking to catch some
bugs, this splits ebpf_map_definition_t into two, one for
in_memory and one for in_file (meaning in an eBPF program).
This will also allow the future PR for issue 396 to be more
understandable, but also aids clarity in some parts of this PR.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Update Getting Started to recommend current release version of Clang/LLVM
Clang-format behaves differently depending on the version of Clang installed.
Update getting started guide to recommend Clang / LLVM 10.0.0.
Update the development guide to indicate that Clang 10 or higher is required for consistent formatting.
Reformat all code using Clang 10.0.0
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Add tests for libbpf bpf_map_*_elem APIs
* Return correct error between EBPF_OBJECT_ALREADY_EXISTS (A program or
map is already pinned with the *same* path) vs
EBPF_ALREADY_PINNED (The program or map already pinned to a *different*
path).
* Update vs lookup elem were inconsistent in whether returning
EBPF_KEY_NOT_FOUND vs EBPF_INVALID_ARGUMENT when passing an array
index >= max_entries. Made them be consistent in using
EBPF_INVALID_ARGUMENT.
Fixes#376
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Add map-in-map support
Replace UM ebpf_map_update/delete_element with libbpf-compliant
bpf_map_update/delete_elem
This adds the basic functionality needed for #375
Not in this PR, but in a subsequent PR:
* ensure that all inner maps match the one specified by inner_map_idx,
much like prog_types have to match in a prog_array.
* ensure that putting a prog_array in an array of maps adheres to the
prog_array contract that any associated progs have to match the
type of the calling program.
* read a map id not fd when UM reads the value (will be done together
with issue #396 since also affects prog_arrays)
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Prevent mismatched program types in PROG_ARRAY maps
* Each prog array map has a natural progtype, determined when
asociating it from a program, or when adding the first program
to it, if not associated with any program.
* Trying to add a program with mismatching type will fail
* Added libbpf bpf_create_map() API
* Fixed error returns from several libbpf APIs to be negative
* For efficiency, ebpf_program_get_properties now returns a
pointer rather than copying the data inside the execution
context, and is renamed to ebpf_program_get_parameters()
to match what its return type always was.
* Fixed a bug in map size calculation that resulted in a huge
amount of memory being allocated
* Updated return type of bpf_tail_call to the value meant
to signal stack unwind needed
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
* Test Extension Part 2
* rename test extension to sample extension and update Getting-started doc.
Co-authored-by: Dave Thaler <dthaler@microsoft.com>
Previously some places had "info" and some had "information".
Both appear in dictionaries, so guidance to avoid abbreviations does not apply.
Fixes#314
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
Remove duplicate types:
* ebpf_helper_return_type_t
* ebpf_helper_argument_type_t
* ebpf_context_descriptor_t
https://github.com/vbpf/ebpf-verifier/pull/238 already made the
necessary changes in the PREVAIL project, which got rid of the
issue with VOID and so the 'undef VOID' workarounds are removed
in the present PR.
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* Create an install script rather than having to manually do lots
of steps
* Make Debug build use vcruntime as static libs to avoid adding
another prerequisite on a machine before installing eBPF. This
isn't required for Release builds as vcruntime release DLLs
are part of Windows, unlike vcruntime debug DLLs
Fixes#248
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>
* First pass of adding SAL annotations
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Finish annotating platform
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Cleanup annotation to get lock tracking work correctly
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback and fix static analysis issues
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Fix build break from merge
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Simplify names of some ebpf_result codes
* Remove _ERROR_ for consistency
* Combine EBPF_INVALID_HANDLE and EBPF_INVALID_OBJECT
* Rename EBPF_ERROR_NOT_FOUND to EBPF_KEY_NOT_FOUND for consistency with the associated description.
* Change code that returned EBPF_ERROR_NOT_FOUND for a case other than a
key, to use a different appropriate result, so the description stays correct.
Fixes#212
Signed-off-by: Dave Thaler <dthaler@ntdev.microsoft.com>