476 строки
17 KiB
C
476 строки
17 KiB
C
// Copyright (c) eBPF for Windows contributors
|
|
// SPDX-License-Identifier: MIT
|
|
#pragma once
|
|
|
|
// This file contains APIs for global helpers that are exposed for
|
|
// use by all eBPF programs. Libbpf has bpf_helper_defs.h which is
|
|
// auto-generated but it's not platform-agnostic currently as it
|
|
// hard-codes the actual helper IDs.
|
|
|
|
/**
|
|
* @brief Get a pointer to an entry in the map.
|
|
*
|
|
* @param[in] map Map to search.
|
|
* @param[in] key Key to use when searching map.
|
|
* @return Pointer to the value if found or NULL.
|
|
*/
|
|
EBPF_HELPER(void*, bpf_map_lookup_elem, (void* map, void* key));
|
|
#ifndef __doxygen
|
|
#define bpf_map_lookup_elem ((bpf_map_lookup_elem_t)BPF_FUNC_map_lookup_elem)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Insert or update an entry in the map.
|
|
*
|
|
* @param[in] map Map to update.
|
|
* @param[in] key Key to use when searching and updating the map.
|
|
* @param[in] value Value to insert into the map.
|
|
* @param[in] flags Map flags.
|
|
* @retval EBPF_SUCCESS The operation was successful.
|
|
* @retval -EBPF_NO_MEMORY Unable to allocate resources for this
|
|
* entry.
|
|
*/
|
|
EBPF_HELPER(int64_t, bpf_map_update_elem, (void* map, void* key, void* value, uint64_t flags));
|
|
#ifndef __doxygen
|
|
#define bpf_map_update_elem ((bpf_map_update_elem_t)BPF_FUNC_map_update_elem)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Remove an entry from the map.
|
|
*
|
|
* @param[in] map Map to update.
|
|
* @param[in] key Key to use when searching and updating the map.
|
|
* @retval EBPF_SUCCESS The operation was successful.
|
|
* @retval -EBPF_INVALID_ARGUMENT One or more parameters are invalid.
|
|
*/
|
|
EBPF_HELPER(int64_t, bpf_map_delete_elem, (void* map, void* key));
|
|
#ifndef __doxygen
|
|
#define bpf_map_delete_elem ((bpf_map_delete_elem_t)BPF_FUNC_map_delete_elem)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Get a pointer to an entry in the map and erase that element.
|
|
*
|
|
* @param[in] map Map to search.
|
|
* @param[in] key Key to use when searching map.
|
|
* @return Pointer to the value if found or NULL.
|
|
*/
|
|
EBPF_HELPER(void*, bpf_map_lookup_and_delete_elem, (void* map, void* key));
|
|
#ifndef __doxygen
|
|
#define bpf_map_lookup_and_delete_elem ((bpf_map_lookup_and_delete_elem_t)BPF_FUNC_map_lookup_and_delete_elem)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Perform a tail call into another eBPF program.
|
|
*
|
|
* @param[in] ctx Context to pass to the called program.
|
|
* @param[in] prog_array_map Map of program fds.
|
|
* @param[in] index Index in map of program to call.
|
|
* @retval EBPF_SUCCESS The operation was successful.
|
|
* @retval -EBPF_INVALID_ARGUMENT One or more parameters are invalid.
|
|
*/
|
|
EBPF_HELPER(int64_t, bpf_tail_call, (void* ctx, void* prog_array_map, uint32_t index));
|
|
#ifndef __doxygen
|
|
#define bpf_tail_call ((bpf_tail_call_t)BPF_FUNC_tail_call)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Get a pseudo-random number.
|
|
*
|
|
* @return A random 32-bit unsigned value.
|
|
*/
|
|
EBPF_HELPER(uint32_t, bpf_get_prandom_u32, ());
|
|
#ifndef __doxygen
|
|
#define bpf_get_prandom_u32 ((bpf_get_prandom_u32_t)BPF_FUNC_get_prandom_u32)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Return time elapsed since boot in nanoseconds including time while suspended.
|
|
*
|
|
* @return Time elapsed since boot in nanosecond units.
|
|
*/
|
|
EBPF_HELPER(uint64_t, bpf_ktime_get_boot_ns, ());
|
|
#ifndef __doxygen
|
|
#define bpf_ktime_get_boot_ns ((bpf_ktime_get_boot_ns_t)BPF_FUNC_ktime_get_boot_ns)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Return SMP id of the processor running the program.
|
|
*
|
|
* @return SMP id of the processor running the program.
|
|
*/
|
|
EBPF_HELPER(uint64_t, bpf_get_smp_processor_id, ());
|
|
#ifndef __doxygen
|
|
#define bpf_get_smp_processor_id ((bpf_get_smp_processor_id_t)BPF_FUNC_get_smp_processor_id)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Return time elapsed since boot in nanoseconds excluding time while suspended.
|
|
*
|
|
* @return Time elapsed since boot in nanosecond units.
|
|
*/
|
|
EBPF_HELPER(uint64_t, bpf_ktime_get_ns, ());
|
|
#ifndef __doxygen
|
|
#define bpf_ktime_get_ns ((bpf_ktime_get_ns_t)BPF_FUNC_ktime_get_ns)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Computes difference of checksum values for two input raw buffers using 1's complement arithmetic.
|
|
*
|
|
* @param[in] from Pointer to first raw buffer.
|
|
* @param[in] from_size Length of the "from" buffer. Must be a multiple of 4.
|
|
* @param[in] to Pointer to the second raw buffer, whose checksum will be subtracted from that of the "from" buffer.
|
|
* @param[in] to_size Length of the "to" buffer. Must be a multiple of 4.
|
|
* @param[in] seed An optional integer that can be added to the value, which can be used to carry result of a previous
|
|
* csum_diff operation.
|
|
*
|
|
* @returns The checksum delta on success, or <0 on failure.
|
|
*/
|
|
EBPF_HELPER(int, bpf_csum_diff, (void* from, int from_size, void* to, int to_size, int seed));
|
|
#ifndef __doxygen
|
|
#define bpf_csum_diff ((bpf_csum_diff_t)BPF_FUNC_csum_diff)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Copy data into the ring buffer map.
|
|
*
|
|
* @param[in, out] map Pointer to ring buffer map.
|
|
* @param[in] data Data to copy into ring buffer map.
|
|
* @param[in] size Length of data.
|
|
* @param[in] flags Flags indicating if notification for new data availability should be sent.
|
|
* @returns 0 on success and a negative value on error.
|
|
*/
|
|
EBPF_HELPER(int, bpf_ringbuf_output, (void* ring_buffer, void* data, uint64_t size, uint64_t flags));
|
|
#ifndef __doxygen
|
|
#define bpf_ringbuf_output ((bpf_ringbuf_output_t)BPF_FUNC_ringbuf_output)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Print debug output.
|
|
*
|
|
* @param[in] fmt Printf-style format string.
|
|
* @param[in] fmt_size Size in bytes of *fmt*.
|
|
*
|
|
* @returns The number of bytes written, or a negative error in case of failure.
|
|
*/
|
|
EBPF_HELPER(long, bpf_trace_printk2, (const char* fmt, uint32_t fmt_size));
|
|
#ifndef __doxygen
|
|
#define bpf_trace_printk2 ((bpf_trace_printk2_t)BPF_FUNC_trace_printk2)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Print debug output.
|
|
*
|
|
* @param[in] fmt Printf-style format string.
|
|
* @param[in] fmt_size Size in bytes of *fmt*.
|
|
* @param[in] arg3 Numeric argument to be used by the format string.
|
|
*
|
|
* @returns The number of bytes written, or a negative error in case of failure.
|
|
*/
|
|
EBPF_HELPER(long, bpf_trace_printk3, (const char* fmt, uint32_t fmt_size, uint64_t arg3));
|
|
#ifndef __doxygen
|
|
#define bpf_trace_printk3 ((bpf_trace_printk3_t)BPF_FUNC_trace_printk3)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Print debug output.
|
|
*
|
|
* @param[in] fmt Printf-style format string.
|
|
* @param[in] fmt_size Size in bytes of *fmt*.
|
|
* @param[in] arg3 Numeric argument to be used by the format string.
|
|
* @param[in] arg4 Numeric argument to be used by the format string.
|
|
*
|
|
* @returns The number of bytes written, or a negative error in case of failure.
|
|
*/
|
|
EBPF_HELPER(long, bpf_trace_printk4, (const char* fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4));
|
|
#ifndef __doxygen
|
|
#define bpf_trace_printk4 ((bpf_trace_printk4_t)BPF_FUNC_trace_printk4)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Print debug output.
|
|
*
|
|
* @param[in] fmt Printf-style format string.
|
|
* @param[in] fmt_size Size in bytes of *fmt*.
|
|
* @param[in] arg3 Numeric argument to be used by the format string.
|
|
* @param[in] arg4 Numeric argument to be used by the format string.
|
|
* @param[in] arg5 Numeric argument to be used by the format string.
|
|
*
|
|
* @returns The number of bytes written, or a negative error in case of failure.
|
|
*/
|
|
EBPF_HELPER(long, bpf_trace_printk5, (const char* fmt, uint32_t fmt_size, uint64_t arg3, uint64_t arg4, uint64_t arg5));
|
|
#ifndef __doxygen
|
|
#define bpf_trace_printk5 ((bpf_trace_printk5_t)BPF_FUNC_trace_printk5)
|
|
#endif
|
|
|
|
#ifndef __doxygen
|
|
// The following macros allow bpf_printk to accept a variable number of arguments
|
|
// while mapping to separate helper functions that each have a strict prototype
|
|
// that can be understood by the verifier.
|
|
#define EBPF_CONCATENATE(X, Y) X##Y
|
|
#define EBPF_MAKE_HELPER_NAME(PREFIX, ARG_COUNT) EBPF_CONCATENATE(PREFIX, ARG_COUNT)
|
|
#define EBPF_GET_NTH_ARG(_1, _2, _3, _4, _5, N, ...) N
|
|
#define EBPF_COUNT_VA_ARGS(...) EBPF_GET_NTH_ARG(__VA_ARGS__, 5, 4, 3, 2, 1)
|
|
#define EBPF_VA_ARGS_HELPER(PREFIX, ...) EBPF_MAKE_HELPER_NAME(PREFIX, EBPF_COUNT_VA_ARGS(__VA_ARGS__))(__VA_ARGS__)
|
|
|
|
#undef bpf_trace_printk
|
|
#define bpf_trace_printk(fmt, size, ...) ({ EBPF_VA_ARGS_HELPER(bpf_trace_printk, fmt, size, ##__VA_ARGS__); })
|
|
#else
|
|
/**
|
|
* @brief Print debug output. For instructions on viewing the output, see the
|
|
* <a href="https://github.com/microsoft/ebpf-for-windows/blob/main/docs/GettingStarted.md#using-tracing">Using
|
|
* tracing</a> section of the Getting Started Guide for eBPF for Windows.
|
|
*
|
|
* @param[in] fmt Printf-style format string.
|
|
* @param[in] size Size in bytes of the format string.
|
|
* @param[in] ... Numeric arguments to be used by the format string.
|
|
*
|
|
* @returns The number of bytes written, or a negative error in case of failure.
|
|
*/
|
|
long
|
|
bpf_trace_printk(const char* fmt, uint32_t size, ...);
|
|
#endif
|
|
|
|
#ifndef __doxygen
|
|
#undef bpf_printk
|
|
#define bpf_printk(fmt, ...) \
|
|
({ \
|
|
char ____fmt[] = fmt; \
|
|
bpf_trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__); \
|
|
})
|
|
#else
|
|
/**
|
|
* @brief Print debug output. For instructions on viewing the output, see the
|
|
* <a href="https://github.com/microsoft/ebpf-for-windows/blob/main/docs/GettingStarted.md#using-tracing">Using
|
|
* tracing</a> section of the Getting Started Guide for eBPF for Windows.
|
|
*
|
|
* @param[in] fmt Printf-style format string.
|
|
* @param[in] ... Numeric arguments to be used by the format string.
|
|
*
|
|
* @returns The number of bytes written, or a negative error in case of failure.
|
|
*/
|
|
long
|
|
bpf_printk(const char* fmt, ...);
|
|
#endif
|
|
|
|
/**
|
|
* @brief Insert an element at the end of the map (only valid for stack and queue).
|
|
*
|
|
* @param[in] map Map to update.
|
|
* @param[in] value Value to insert into the map.
|
|
* @param[in] flags Map flags - BPF_EXIST: If the map is full, the entry at the start of the map is discarded.
|
|
* @retval EBPF_SUCCESS The operation was successful.
|
|
* @retval -EBPF_NO_MEMORY Unable to allocate resources for this
|
|
* entry.
|
|
* @retval -EBPF_OUT_OF_SPACE Map is full and BPF_EXIST was not supplied.
|
|
*/
|
|
EBPF_HELPER(int64_t, bpf_map_push_elem, (void* map, void* value, uint64_t flags));
|
|
#ifndef __doxygen
|
|
#define bpf_map_push_elem ((bpf_map_push_elem_t)BPF_FUNC_map_push_elem)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Copy an entry from the map and remove it from the map (only valid for stack and queue).
|
|
* Queue pops from the beginning of the map.
|
|
* Stack pops from the end of the map.
|
|
*
|
|
* @param[in] map Map to search.
|
|
* @param[out] value Value buffer to copy value from map into.
|
|
* @retval EBPF_SUCCESS The operation was successful.
|
|
* @retval -EBPF_OBJECT_NOT_FOUND The map is empty.
|
|
*/
|
|
EBPF_HELPER(int64_t, bpf_map_pop_elem, (void* map, void* value));
|
|
#ifndef __doxygen
|
|
#define bpf_map_pop_elem ((bpf_map_pop_elem_t)BPF_FUNC_map_pop_elem)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Copy an entry from the map (only valid for stack and queue).
|
|
* Queue peeks at the beginning of the map.
|
|
* Stack peeks at the end of the map.
|
|
*
|
|
* @param[in] map Map to search.
|
|
* @param[out] value Value buffer to copy value from map into.
|
|
* @retval EBPF_SUCCESS The operation was successful.
|
|
* @retval -EBPF_OBJECT_NOT_FOUND The map is empty.
|
|
*/
|
|
EBPF_HELPER(int64_t, bpf_map_peek_elem, (void* map, void* value));
|
|
#ifndef __doxygen
|
|
#define bpf_map_peek_elem ((bpf_map_pop_elem_t)BPF_FUNC_map_peek_elem)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Get the current thread ID (PID) and process ID (TGID).
|
|
*
|
|
* @returns A 64-bit integer containing the current process ID and
|
|
* thread ID, and created as such: (process ID << 32) | (thread ID).
|
|
*/
|
|
EBPF_HELPER(uint64_t, bpf_get_current_pid_tgid, ());
|
|
#ifndef __doxygen
|
|
#define bpf_get_current_pid_tgid ((bpf_get_current_pid_tgid_t)BPF_FUNC_get_current_pid_tgid)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Get the 64-bit logon ID of the current thread. In case of sock_addr
|
|
* attach types, get the logon ID of the user mode app making the request. In other
|
|
* cases, get the logon ID of the current thread.
|
|
*
|
|
* @param[in] ctx Context passed to the eBPF program.
|
|
*
|
|
* @returns The logon ID, or 0 in case of error.
|
|
*/
|
|
EBPF_HELPER(uint64_t, bpf_get_current_logon_id, (const void* ctx));
|
|
#ifndef __doxygen
|
|
#define bpf_get_current_logon_id ((bpf_get_current_logon_id_t)BPF_FUNC_get_current_logon_id)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Get whether the current user is admin. In case of sock_addr attach types,
|
|
* returns whether the user initiating the request is admin or not. In other
|
|
* cases, returns whether the current thread user is admin or not.
|
|
*
|
|
* @param[in] ctx Context passed to the eBPF program.
|
|
*
|
|
* @retval 1 Is admin.
|
|
* @retval 0 Is not admin.
|
|
* @retval <0 An error occurred.
|
|
*/
|
|
EBPF_HELPER(int32_t, bpf_is_current_admin, (const void* ctx));
|
|
#ifndef __doxygen
|
|
#define bpf_is_current_admin ((bpf_is_current_admin_t)BPF_FUNC_is_current_admin)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Copy memory from one location to another.
|
|
*
|
|
* @param[in] destination Destination buffer.
|
|
* @param[in] destination_size Size of the destination buffer.
|
|
* @param[in] source Source buffer.
|
|
* @param[in] source_size Size of the source buffer.
|
|
*
|
|
* @retval 0 The operation was successful.
|
|
* @retval -EINVAL One or more parameters are invalid.
|
|
*/
|
|
EBPF_HELPER(long, bpf_memcpy, (void* destination, uint32_t destination_size, const void* source, uint32_t source_size));
|
|
#ifndef __doxygen
|
|
#define bpf_memcpy ((bpf_memcpy_t)BPF_FUNC_memcpy)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Compare two memory regions.
|
|
*
|
|
* @param[in] memory1 First memory region.
|
|
* @param[in] memory1_size Size of the first memory region.
|
|
* @param[in] memory2 Second memory region.
|
|
* @param[in] memory2_size Size of the second memory region.
|
|
*
|
|
* @returns 0 if the contents of memory regions are equal, a negative value if the contents of memory1 is less than the
|
|
* contents memory2, or a positive value if the contents memory1 is greater than the contents memory2.
|
|
*/
|
|
|
|
EBPF_HELPER(int, bpf_memcmp, (const void* memory1, uint32_t memory1_size, const void* memory2, uint32_t memory2_size));
|
|
#ifndef __doxygen
|
|
#define bpf_memcmp ((bpf_memcmp_t)BPF_FUNC_memcmp)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Set memory to a specific value.
|
|
*
|
|
* @param[in] memory Memory region to set.
|
|
* @param[in] size Size of the memory region.
|
|
* @param[in] value Value to set the memory region to.
|
|
*
|
|
* @returns Pointer to the memory region, or a negative error in case of failure.
|
|
*/
|
|
|
|
EBPF_HELPER(long, bpf_memset, (void* memory, uint32_t size, int value));
|
|
#ifndef __doxygen
|
|
#define bpf_memset ((bpf_memset_t)BPF_FUNC_memset)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Copy memory from one location to another, handling overlapping regions.
|
|
*
|
|
* @param[in] destination Destination buffer.
|
|
* @param[in] destination_size Size of the destination buffer.
|
|
* @param[in] source Source buffer.
|
|
* @param[in] source_size Size of the source buffer.
|
|
*
|
|
* @retval 0 The operation was successful.
|
|
* @retval -EINVAL One or more parameters are invalid.
|
|
*/
|
|
|
|
EBPF_HELPER(
|
|
long, bpf_memmove, (void* destination, uint32_t destination_size, const void* source, uint32_t source_size));
|
|
#ifndef __doxygen
|
|
#define bpf_memmove ((bpf_memmove_t)BPF_FUNC_memmove)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Get the socket cookie associated with the socket context.
|
|
* The context can be *bpf_sock_addr* struct, *bpf_sock_ops* struct, or *bpf_sock* struct.
|
|
*
|
|
* @param[in] ctx Context passed to the eBPF program.
|
|
*
|
|
* @returns The socket cookie.
|
|
*/
|
|
EBPF_HELPER(int64_t, bpf_get_socket_cookie, (const void* ctx));
|
|
#ifndef __doxygen
|
|
#define bpf_get_socket_cookie ((bpf_get_socket_cookie_t)BPF_FUNC_get_socket_cookie)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Copy a string into a buffer, of a fixed size.
|
|
*
|
|
* @param[in] dest Destination buffer.
|
|
* @param[in] dest_size Size of the destination buffer.
|
|
* @param[in] src Source string.
|
|
* @param[in] count Upper limit on bytes to copy.
|
|
*
|
|
* @retval 0 The operation was successful.
|
|
* @retval -ERANGE The destination buffer isn't large enough for the string being copied.
|
|
*/
|
|
EBPF_HELPER(int, bpf_strncpy_s, (char* dest, size_t dest_size, const char* src, size_t count));
|
|
#ifndef __doxygen
|
|
#define bpf_strncpy_s ((bpf_strncpy_s_t)BPF_FUNC_strncpy_s)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Concatenate a string to an existing buffer, up to a certain number of characters.
|
|
*
|
|
* @param[in,out] dest Destination buffer.
|
|
* @param[in] dest_size Size of the destination buffer.
|
|
* @param[in] src String to append to the contents of dest.
|
|
* @param[in] count Upper limit on the characters to append to dest.
|
|
*
|
|
* @retval 0 Concatenation was successful.
|
|
* @retval <0 Error code on failure, depending on the error.
|
|
*/
|
|
EBPF_HELPER(int, bpf_strncat_s, (char* dest, size_t dest_size, const char* src, size_t count));
|
|
#ifndef __doxygen
|
|
#define bpf_strncat_s ((bpf_strncat_s_t)BPF_FUNC_strncat_s)
|
|
#endif
|
|
|
|
/**
|
|
* @brief Find the length of a string, up to a certain number of characters.
|
|
*
|
|
* @param[in] str Buffer containing one or more null-terminated strings.
|
|
* @param[in] str_size Buffer length.
|
|
*
|
|
* @returns The length of the first string encountered in the str buffer. If str[0] is the null terminator, or str
|
|
* itself is null, returns 0. If there is no null terminator in the first str_size bytes, returns str_size.
|
|
*/
|
|
EBPF_HELPER(size_t, bpf_strnlen_s, (const char* str, size_t str_size));
|
|
#ifndef __doxygen
|
|
#define bpf_strnlen_s ((bpf_strnlen_s_t)BPF_FUNC_strnlen_s)
|
|
#endif
|
|
|
|
#if __clang__
|
|
#define memcpy(dest, src, dest_size) bpf_memcpy(dest, dest_size, src, dest_size)
|
|
#define memcmp(mem1, mem2, mem1_size) bpf_memcmp(mem1, mem1_size, mem2, mem1_size)
|
|
#define memset(mem, value, mem_size) bpf_memset(mem, mem_size, value)
|
|
#define memmove(dest, src, dest_size) bpf_memmove(dest, dest_size, src, dest_size)
|
|
#define memcpy_s bpf_memcpy
|
|
#define memmove_s bpf_memmove
|
|
#endif
|