eBPF implementation that runs on top of Windows

Last update: Jan 9, 2023

Overview

eBPF for Windows

eBPF is a well-known technology for providing programmability and agility, especially for extending an OS kernel, for use cases such as DoS protection and observability. This project is a work-in-progress that allows using existing eBPF toolchains and APIs familiar in the Linux ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.

New to eBPF?

See our eBPF tutorial.

Architectural Overview

The following diagram shows the architecture of this project and related components:

As shown in the diagram, existing eBPF toolchains (clang, etc.) can be used to generate eBPF bytecode from source code in various languages. Bytecode can be consumed by any application, or via the Netsh command line tool, which use a shared library that exposes Libbpf APIs, though this is still in progress.

The eBPF bytecode is sent to a static verifier (the PREVAIL verifier) that is hosted in a user-mode protected process (a Windows security environment that allows a kernel component to trust a user-mode daemon signed by a key that it trusts). If the bytecode passes all the verifier checks, it can be either loaded into an interpreter (from uBPF in the kernel-mode execution context), or JIT compiled (via the uBPF JIT compiler) and have native code load into the kernel-mode execution context (but see the FAQ at bottom about HVCI).

Temporary Note: some parts are still under development and may not appear when building the master branch, but the end-to-end functionality can still be tested immediately while the security hardening is still in progress.

eBPF programs installed into the kernel-mode execution context can attach to various hooks (currently two hooks so far: an XDP-like hook that is based on the Windows Filtering Platform (WFP) layer 2 filtering, and a socket bind hook) and call various helper APIs exposed by the eBPF shim, which internally wraps public Windows kernel APIs, allowing the use of eBPF on existing versions of Windows. More hooks and helpers will be added over time.

Getting Started

This project supports eBPF on Windows 10, and on Windows Server 2016 or later. To try out this project, see our Getting Started Guide.

Want to help? We welcome contributions! See our Contributing guidelines.

Want to chat with us? We have a:

Slack channel
Zoom meeting for github issue triage: see meeting info

Frequently Asked Questions

1. Is this a fork of eBPF?

No.

The eBPF for Windows project leverages existing projects, including the IOVisor uBPF project and the PREVAIL verifier, running them on top of Windows by adding the Windows-specific hosting environment for that code.

2. Does this provide app compatibility with eBPF programs written for Linux?

The intent is to provide source code compatibility for code that uses common hooks and helpers that apply across OS ecosystems.

Linux provides many hooks and helpers, some of which are very Linux specific (e.g., using Linux internal data structs) that would not be applicable to other platforms. Other hooks and helpers are generically applicable and the intent is to support them for eBPF programs.

Similarly, the eBPF for Windows project exposes Libbpf APIs to provide source code compatibility for applications that interact with eBPF programs.

3. Will eBPF work with HyperVisor-enforced Code Integrity (HVCI)?

eBPF programs can be run either in an interpreter or natively using a JIT compiler.

HyperVisor-enforced Code Integrity (HVCI) is a mechanism whereby a hypervisor, such as Hyper-V, uses hardware virtualization to protect kernel-mode processes against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the hypervisor.

Since a hypervisor doing such code integrity checks will refuse to accept code pages that aren't signed by a key that the hypervisor trusts, this does impact eBPF programs running natively. As such, when HVCI is enabled, eBPF programs work fine in interpreted mode, but not when using JIT compilation.

Comments

How to test XDP_TX performance using Linux traffic gen?

Hi,

I have a sender Linux machine and receiver Windows machine, followed the xdp_test.exe guide https://github.com/microsoft/ebpf-for-windows/blob/master/docs/GettingStarted.md#xdp_testsexe to load the xdp program using netsh

netsh ebpf>add program reflect_packet.o xdp
netsh ebpf>show programs

    ID  Pins  Links  Mode       Type           Name
======  ====  =====  =========  =============  ====================
 65539     1      1  JIT        xdp            reflect_packet

And I have another Linux machine running DPDK test-me to generate traffic

root@t3600-2:~/dpdk/build/app# ./dpdk-testpmd -a 0000:02:00.0 -- -i --port-topology=chained --forward-mode=txonly --eth-peer=0,18:66:da:a2:62:6c --tx-ip=10.20.114.118,10.20.114.115
Waiting for lcores to finish...

  ---------------------- Forward statistics for port 0  ----------------------
  RX-packets: 0              RX-dropped: 0             RX-total: 0
  TX-packets: 512830304      TX-dropped: 748000        TX-total: 513578304
  ----------------------------------------------------------------------------

At Windows, I saw RX packets, but no TX packets. Screen Shot 2021-10-18 at 6 37 58 AM

Question: How do I know which Windows interface the XDP program binds to? Is there a tool / command to know the XDP_TX packet rate? (Or any pointer to the source code for me to read)

Thank you William

documentation triaged

opened by williamtu 21

Failed to build with Visual Studio 2019 Community

Describe the bug

I was trying to follow GettingStarted to build the project with Visual Studio 2109 Community. Build failed.

My Dev Environment:

VM on Azure

OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19044 N/A Build 19044
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation

Visual Studio

Microsoft Visual Studio Community 2019
Version 16.11.15
VisualStudio.16.Release/16.11.15+32510.428
Microsoft .NET Framework
Version 4.8.04084

Installed Version: Community

Visual C++ 2019   00435-00000-00000-AA081
Microsoft Visual C++ 2019

ASP.NET and Web Tools 2019   16.11.106.23128
ASP.NET and Web Tools 2019

C# Tools   3.11.0-4.22108.8+d9bef045c4362fbcab27ef35daec4e95c8ff47e1
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

IntelliCode Extension   1.0
IntelliCode Visual Studio Extension Detailed Info

Microsoft JVM Debugger   1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft MI-Based Debugger   1.0
Provides support for connecting Visual Studio to MI compatible debuggers

Microsoft Visual C++ Wizards   1.0
Microsoft Visual C++ Wizards

Microsoft Visual Studio VC Package   1.0
Microsoft Visual Studio VC Package

NuGet Package Manager   5.11.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

ProjectServicesPackage Extension   1.0
ProjectServicesPackage Visual Studio Extension Detailed Info

Test Adapter for Boost.Test   1.0
Enables Visual Studio's testing tools with unit tests written for Boost.Test.  The use terms and Third Party Notices are available in the extension installation directory.

Test Adapter for Google Test   1.0
Enables Visual Studio's testing tools with unit tests written for Google Test.  The use terms and Third Party Notices are available in the extension installation directory.

TypeScript Tools   16.0.30526.2002
TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools   3.11.0-4.22108.8+d9bef045c4362fbcab27ef35daec4e95c8ff47e1
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual Studio Code Debug Adapter Host Package   1.0
Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

Visual Studio Tools for CMake   1.0
Visual Studio Tools for CMake

OS information

No response

Steps taken to reproduce bug

Following GettingStarted to build the project with Visual Studio 2109 Community.

Build failed with the step nuget.exe restore ebpf-for-windows.sln

Expected behavior

Build Successfully

Actual outcome

Build failed with the step nuget.exe restore ebpf-for-windows.sln

C:\Users\song\ebpf-for-windows>c:\pkgs\downloads\nuget.exe restore ebpf-for-windows.sln
MSBuild auto-detection: using msbuild version '16.11.2.50704' from 'C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Current\Bin'.
C:\Users\song\ebpf-for-windows\external\ebpf-verifier\build\ebpfverifier.vcxproj(32,3): error MSB4019: The imported project "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Microsoft\VC\v160\Microsoft.Cpp.Default.props" was not found. Confirm that the expression in the Import declaration "C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Microsoft\VC\v160\\Microsoft.Cpp.Default.props" is correct, and that the file exists on disk.

Additional details

Hit the same issue with Visual Studio 2019 professional as well.

documentation triaged

opened by song-jiang 14

Fix code scanning alert - Comparison of narrow type with wide type in…

… loop condition ,index variable type are modified

Description

The purpose of this changes is to maintain code sanitation.

Documentation

No documentation impact by this changes
cleanup

opened by Keerthivardhan1 13

Failed to build targets with Visual Studio IDE

I was trying to follow GettingStarted to build the project with Visual Studio IDE.

After worked around issue https://github.com/microsoft/ebpf-for-windows/issues/683 , build failed for number of targets with entire VS output attached on the following comment.

My Dev Environment:

VM on Azure

OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19042 N/A Build 19042
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation

Visual Studio

Microsoft Visual Studio Professional 2019
Version 16.9.14
VisualStudio.16.Release/16.9.14+31910.168
Microsoft .NET Framework
Version 4.8.04084

Installed Version: Professional

Visual C++ 2019   00435-60000-00000-AA179
Microsoft Visual C++ 2019

ASP.NET and Web Tools 2019   16.9.693.2781
ASP.NET and Web Tools 2019

C# Tools   3.9.0-6.21160.10+59eedc33d35754759994155ea2f4e1012a9951e3
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Debugging Tools for Windows   10.0.19030.1000
Integrates the Windows Debugger functionality (http://go.microsoft.com/fwlink/?linkid=223405) in Visual Studio.

IntelliCode Extension   1.0
IntelliCode Visual Studio Extension Detailed Info

Microsoft JVM Debugger   1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft MI-Based Debugger   1.0
Provides support for connecting Visual Studio to MI compatible debuggers

Microsoft Visual C++ Wizards   1.0
Microsoft Visual C++ Wizards

Microsoft Visual Studio VC Package   1.0
Microsoft Visual Studio VC Package

NuGet Package Manager   5.9.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

ProjectServicesPackage Extension   1.0
ProjectServicesPackage Visual Studio Extension Detailed Info

Test Adapter for Boost.Test   1.0
Enables Visual Studio's testing tools with unit tests written for Boost.Test.  The use terms and Third Party Notices are available in the extension installation directory.

Test Adapter for Google Test   1.0
Enables Visual Studio's testing tools with unit tests written for Google Test.  The use terms and Third Party Notices are available in the extension installation directory.

TypeScript Tools   16.0.30201.2001
TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools   3.9.0-6.21160.10+59eedc33d35754759994155ea2f4e1012a9951e3
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual Studio Code Debug Adapter Host Package   1.0
Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

Visual Studio Tools for CMake   1.0
Visual Studio Tools for CMake

Windows Driver Kit   10.0.19030.1000
Headers, libraries, and tools needed to develop, debug, and test Windows drivers (msdn.microsoft.com/en-us/windows/hardware/gg487428.aspx)

documentation triaged

opened by song-jiang 13

Return module handle on native module load
Description

This PR adds returning a module handle for the native module that are loaded.

Changes:

Add ebpf_base_object which is used for creating handles.

Refactor code so that both ebpf_core_object ebpf_native_module derive from ebpf_base_object.

Return module handle when EBPF_OPERATION_LOAD_NATIVE_MODULE is called.

Testing

Both existing tests and new tests cover this.

Documentation

NA

Fixes #1303 Fixes #1664
bug
opened by saxena-anurag 12
verifier_fuzzer crash 0453e1624bfaa415598db12a53e1c3745d5e4625

Describe the bug

verifier_fuzzer.exe crash-0453e1624bfaa415598db12a53e1c3745d5e4625.o

==9992== ERROR: libFuzzer: fuzz target exited #0 0x7ffc953bca4d (C:\artifacts\clang_rt.asan_dbg_dynamic-x86_64.dll+0x18005ca4d) #1 0x7ff6be115caf in fuzzer::PrintStackTrace(void) D:\a_work\1\s\src\vctools\crt\asan\llvm\compiler-rt\lib\fuzzer\FuzzerUtil.cpp:210 #2 0x7ff6be12b33f in fuzzer::Fuzzer::ExitCallback(void) D:\a_work\1\s\src\vctools\crt\asan\llvm\compiler-rt\lib\fuzzer\FuzzerLoop.cpp:250 #3 0x7ffc992d2930 (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b2930) #4 0x7ffc992d2104 (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b2104) #5 0x7ffc992d2256 (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b2256) #6 0x7ffc992d2b43 (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b2b43) #7 0x7ffc992d19a4 (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b19a4) #8 0x7ffc992d170c (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b170c) #9 0x7ffc992d1786 (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b1786) #10 0x7ffc992d1b4f (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b1b4f) #11 0x7ffc992d1f05 (C:\Windows\SYSTEM32\ucrtbased.dll+0x1800b1f05) #12 0x7ff6be241164 in crab::z_number::operator unsigned __int64(void) const D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab_utils\bignums.hpp:45 #13 0x7ff6be233646 in crab::domains::kill_and_find_var D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\array_domain.cpp:455 #14 0x7ff6be2305db in crab::domains::array_domain_t::store_type(class crab::domains::SplitDBM &, class linear_expression_t const &, class linear_expression_t const &, class linear_expression_t const &) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\array_domain.cpp:574 #15 0x7ff6be2309b5 in crab::domains::array_domain_t::store_type(class crab::domains::SplitDBM &, class linear_expression_t const &, class linear_expression_t const &, struct asm_syntax::Reg const &) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\array_domain.cpp:593 #16 0x7ff6be26d8c9 in ebpf_domain_t::do_store_stack<int, struct asm_syntax::Reg, class crab::variable_t>(class crab::domains::SplitDBM &, int, int const &, struct asm_syntax::Reg, class crab::variable_t, class std::optional const &) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\ebpf_domain.cpp:1150 #17 0x7ff6be26d422 in ebpf_domain_t::do_mem_store<struct asm_syntax::Reg, class crab::variable_t>(struct asm_syntax::Mem const &, struct asm_syntax::Reg, class crab::variable_t, class std::optional const &) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\ebpf_domain.cpp:1253 #18 0x7ff6be25281b in ebpf_domain_t::operator()(struct asm_syntax::Mem const &) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\ebpf_domain.cpp:1237 #19 0x7ff6be275de4 in std::invoke<class ebpf_domain_t &, struct asm_syntax::Mem const &>(class ebpf_domain_t &, struct asm_syntax::Mem const &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\type_traits:1534 #20 0x7ff6be268a64 in std::_Variant_dispatcher<struct std::integer_sequence<unsigned __int64, 8>>::_Dispatch2<void, class ebpf_domain_t &, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert> const &, 0>(class ebpf_domain_t &, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert> const &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\variant:1499 #21 0x7ff6be26b378 in std::_Visit_strategy<2>::_Visit2<void, struct std::_Meta_list<struct std::integer_sequence<unsigned __int64, 0>, struct std::integer_sequence<unsigned __int64, 1>, struct std::integer_sequence<unsigned __int64, 2>, struct std::integer_sequence<unsigned __int64, 3>, struct std::integer_sequence<unsigned __int64, 4>, struct std::integer_sequence<unsigned __int64, 5>, struct std::integer_sequence<unsigned __int64, 6>, struct std::integer_sequence<unsigned __int64, 7>, struct std::integer_sequence<unsigned __int64, 8>, struct std::integer_sequence<unsigned __int64, 9>, struct std::integer_sequence<unsigned __int64, 10>, struct std::integer_sequence<unsigned __int64, 11>, struct std::integer_sequence<unsigned __int64, 12>>, class ebpf_domain_t &, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert> const &>(unsigned __int64, class ebpf_domain_t &, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert> const &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\variant:1614 #22 0x7ff6be26b61b in std::_Visit_impl<13, void, struct std::_Meta_list<struct std::integer_sequence<unsigned __int64, 0>, struct std::integer_sequence<unsigned __int64, 1>, struct std::integer_sequence<unsigned __int64, 2>, struct std::integer_sequence<unsigned __int64, 3>, struct std::integer_sequence<unsigned __int64, 4>, struct std::integer_sequence<unsigned __int64, 5>, struct std::integer_sequence<unsigned __int64, 6>, struct std::integer_sequence<unsigned __int64, 7>, struct std::integer_sequence<unsigned __int64, 8>, struct std::integer_sequence<unsigned __int64, 9>, struct std::integer_sequence<unsigned __int64, 10>, struct std::integer_sequence<unsigned __int64, 11>, struct std::integer_sequence<unsigned __int64, 12>>, class ebpf_domain_t &, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert> const &>(class ebpf_domain_t &, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert> const &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\variant:1659 #23 0x7ff6be277b3d in std::visit<class ebpf_domain_t &, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert> const &, void>(class ebpf_domain_t &, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert> const &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\variant:1677 #24 0x7ff6be24fd19 in ebpf_domain_t::operator()(class crab::basic_block_t const &, bool) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\ebpf_domain.cpp:594 #25 0x7ff6be28d907 in crab::interleaved_fwd_fixpoint_iterator_t::transform_to_post(struct crab::label_t const &, class ebpf_domain_t) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\fwd_analyzer.cpp:73 #26 0x7ff6be281007 in crab::interleaved_fwd_fixpoint_iterator_t::operator()(struct crab::label_t const &) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\fwd_analyzer.cpp:147 #27 0x7ff6be285c14 in std::invoke<class crab::interleaved_fwd_fixpoint_iterator_t &, struct crab::label_t &>(class crab::interleaved_fwd_fixpoint_iterator_t &, struct crab::label_t &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\type_traits:1534 #28 0x7ff6be283204 in std::_Variant_dispatcher<struct std::integer_sequence<unsigned __int64, 2>>::_Dispatch2<void, class crab::interleaved_fwd_fixpoint_iterator_t &, class std::variant<class std::shared_ptr, struct crab::label_t> &, 0>(class crab::interleaved_fwd_fixpoint_iterator_t &, class std::variant<class std::shared_ptr, struct crab::label_t> &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\variant:1499 #29 0x7ff6be28494c in std::_Visit_strategy<1>::_Visit2<void, struct std::_Meta_list<struct std::integer_sequence<unsigned __int64, 0>, struct std::integer_sequence<unsigned __int64, 1>, struct std::integer_sequence<unsigned __int64, 2>>, class crab::interleaved_fwd_fixpoint_iterator_t &, class std::variant<class std::shared_ptr, struct crab::label_t> &>(unsigned __int64, class crab::interleaved_fwd_fixpoint_iterator_t &, class std::variant<class std::shared_ptr, struct crab::label_t> &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\variant:1605 #30 0x7ff6be284a7b in std::_Visit_impl<3, void, struct std::_Meta_list<struct std::integer_sequence<unsigned __int64, 0>, struct std::integer_sequence<unsigned __int64, 1>, struct std::integer_sequence<unsigned __int64, 2>>, class crab::interleaved_fwd_fixpoint_iterator_t &, class std::variant<class std::shared_ptr, struct crab::label_t> &>(class crab::interleaved_fwd_fixpoint_iterator_t &, class std::variant<class std::shared_ptr, struct crab::label_t> &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\variant:1659 #31 0x7ff6be285dcd in std::visit<class crab::interleaved_fwd_fixpoint_iterator_t &, class std::variant<class std::shared_ptr, struct crab::label_t> &, void>(class crab::interleaved_fwd_fixpoint_iterator_t &, class std::variant<class std::shared_ptr, struct crab::label_t> &) C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.29.30133\include\variant:1677 #32 0x7ff6be280c18 in crab::run_forward_analyzer(class crab::cfg_t &, class ebpf_domain_t const &, bool) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab\fwd_analyzer.cpp:130 #33 0x7ff6be1920aa in get_ebpf_report(class std::basic_ostream<char, struct std::char_traits> &, class crab::cfg_t &, struct program_info, struct ebpf_verifier_options_t const *) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab_verifier.cpp:158 #34 0x7ff6be190b6a in ebpf_verify_program(class std::basic_ostream<char, struct std::char_traits> &, class std::vector<class std::tuple<struct crab::label_t, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert>, class std::optional>, class std::allocator<class std::tuple<struct crab::label_t, class std::variant<struct asm_syntax::Undefined, struct asm_syntax::Bin, struct asm_syntax::Un, struct asm_syntax::LoadMapFd, struct asm_syntax::Call, struct asm_syntax::Exit, struct asm_syntax::Jmp, struct asm_syntax::Mem, struct asm_syntax::Packet, struct asm_syntax::LockAdd, struct asm_syntax::Assume, struct asm_syntax::Assert>, class std::optional>>> const &, struct program_info const &, struct ebpf_verifier_options_t const *, struct ebpf_verifier_stats_t *) D:\a\ebpf-for-windows\ebpf-for-windows\external\ebpf-verifier\src\crab_verifier.cpp:230 #35 0x7ff6bdf3b5cb in _ebpf_api_elf_verify_section_from_stream D:\a\ebpf-for-windows\ebpf-for-windows\libs\api\Verifier.cpp:504 #36 0x7ff6bdf655f5 in ebpf_api_elf_verify_section_from_memory D:\a\ebpf-for-windows\ebpf-for-windows\libs\api\Verifier.cpp:553 #37 0x7ff6bdefefbb in LLVMFuzzerTestOneInput D:\a\ebpf-for-windows\ebpf-for-windows\tests\libfuzzer\verifier\libfuzz_harness.cpp:16 #38 0x7ff6be12b1cf in fuzzer::Fuzzer::ExecuteCallback(unsigned char const *, unsigned __int64) D:\a_work\1\s\src\vctools\crt\asan\llvm\compiler-rt\lib\fuzzer\FuzzerLoop.cpp:559 #39 0x7ff6be1035cd in fuzzer::RunOneTest(class fuzzer::Fuzzer *, char const *, unsigned __int64) D:\a_work\1\s\src\vctools\crt\asan\llvm\compiler-rt\lib\fuzzer\FuzzerDriver.cpp:301 #40 0x7ff6be0fe6b6 in fuzzer::FuzzerDriver(int *, char ***, int (__cdecl *)(unsigned char const *, unsigned __int64)) D:\a_work\1\s\src\vctools\crt\asan\llvm\compiler-rt\lib\fuzzer\FuzzerDriver.cpp:803 #41 0x7ff6be0f3cb2 in main D:\a_work\1\s\src\vctools\crt\asan\llvm\compiler-rt\lib\fuzzer\FuzzerMain.cpp:20 #42 0x7ff6be0ef968 in invoke_main D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78 #43 0x7ff6be0ef8bd in __scrt_common_main_seh D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288 #44 0x7ff6be0ef77d in __scrt_common_main D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330 #45 0x7ff6be0ef9dd in mainCRTStartup D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp:16 #46 0x7ffcca227033 (C:\Windows\System32\KERNEL32.DLL+0x180017033) #47 0x7ffccc022650 (C:\Windows\SYSTEM32\ntdll.dll+0x180052650)

SUMMARY: libFuzzer: fuzz target exited

crash-0453e1624bfaa415598db12a53e1c3745d5e4625.o.zip

OS information

No response

Steps taken to reproduce bug

verifier_fuzzer.exe crash-0453e1624bfaa415598db12a53e1c3745d5e4625.o

Expected behavior

Fails verification

Actual outcome

Crashes

Additional details

No response
bug triaged

opened by Alan-Jowett 10
build: Add CMake support
Description

This PR rewrites most of the existing Visual Studio-based build system in CMake. It is an initial PoC to simplify the build process. If this kind of work is interesting, it can be further refined to include:

Packaging (MSI/NuGet through CPack)

Better transitive dependencies and properties, which will automatically propagate things like include headers without having to copy/paste them for each target

Better build settings
opened by alessandrogario 10
Bump ossf/scorecard-action from 1.0.3 to 1.1.1
Bumps ossf/scorecard-action from 1.0.3 to 1.1.1.

Release notes

Sourced from ossf/scorecard-action's releases.

v1.1.1

What's Changed

Fix for ossf/scorecard-action#323

Full Changelog: https://github.com/ossf/scorecard-action/compare/v1.1.0...v1.1.1

v1.1.0

Main changes

This release lets you run Scorecards without creating a PAT token. If you don't provide a PAT token, Scorecards will use the default GITHUB_TOKEN available in the workflow. Due to limitations of the permissions model and GitHub APIs, be aware of the following limitations:

Without a PAT, the Branch-Protection is not supported, so it will be disabled. You will not receive alerts for this check.

Scorecards only supports PAT on private repositories. If you want to install Scorecards on a private repository, you still need to use a PAT.

For more information, visit the README.md

New Contributors

@rohankh532 made their first contribution in ossf/scorecard-action#112

@justaugustus made their first contribution in ossf/scorecard-action#126

@jamietanna made their first contribution in ossf/scorecard-action#145

@jonasbb made their first contribution in ossf/scorecard-action#129

@azeemshaikh38 made their first contribution in ossf/scorecard-action#247

Full Changelog: https://github.com/ossf/scorecard-action/compare/v1.0.4...v1.1.0

v1.0.4

Summary

This release fixes null repository and branch issues: see ossf/scorecard-action#106, ossf/scorecard-action#84 and ossf/scorecard-action#73

What's Changed

Update codeql-analysis.yml by @jauderho in ossf/scorecard-action#76

use GITHUB_REPOSITORY in shell script by @laurentsimon in ossf/scorecard-action#83

Bump github/codeql-action from 1.0.30 to 1.0.31 by @dependabot in ossf/scorecard-action#81

✨ Add warning for empty repo token by @laurentsimon in ossf/scorecard-action#71

🐛 Fix default parameter requirement by @laurentsimon in ossf/scorecard-action#89

:sparkles: Initial porting the shellscript to go by @naveensrinivasan in ossf/scorecard-action#87

:seedling: Golang CI for clean code. by @naveensrinivasan in ossf/scorecard-action#90

Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in ossf/scorecard-action#93

:seedling: Porting shell script to Go by @naveensrinivasan in ossf/scorecard-action#94

🌱 More tests by @naveensrinivasan in ossf/scorecard-action#95

🐛 Fix null is fork in script by @laurentsimon in ossf/scorecard-action#98

:seedling: Porting of shell script to go by @naveensrinivasan in ossf/scorecard-action#99

Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in ossf/scorecard-action#102

Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in ossf/scorecard-action#101

:seedling: Final bits of porting the shell to go by @naveensrinivasan in ossf/scorecard-action#103

:seedling: Dependabot for go by @naveensrinivasan in ossf/scorecard-action#104

:seedling: Verify clean env in build by @naveensrinivasan in ossf/scorecard-action#105

New Contributors

@dependabot made their first contribution in ossf/scorecard-action#81

... (truncated)

Commits

3e15ea8 ✨ Bump container hash to use scorecard v4.3.1 (#324)

6c071ac :seedling: Bump actions/setup-go from 3.1.0 to 3.2.0

51fbe79 :seedling: Bump debian from fbaacd5 to 06a93cb

d8a25b2 :seedling: Bump github.com/caarlos0/env/v6 from 6.9.2 to 6.9.3

cd3637b Update README.md (#319)

77f5e34 :seedling: .github: Add dependency review action (#165)

ef34fe9 📖 docs/e2e: Add information about golang-staging branch tests (#170)

1aa187d :seedling: Bump github/codeql-action from 2.1.10 to 2.1.11 (#311)

049eb0c :seedling: Bump github.com/ossf/scorecard/v4 from 4.2.0 to 4.3.0 (#313)

5c8bc69 multi-repo-action: Cleanups (1/n) (#301)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 9

Does not build on Windows Server 2016

Turned up a fresh EC2 on AWS with Windows Server 2016, followed the Getting Started procedure verbatim. Everything looked good until the msbuild step. First issue was a dialog that said:

The procedure entry point VirtualAlloc2 could not be located in the dynamic link library C:\Users\Administrator\git\ebpf-for-windows\x64\Debug\encode_program_info.exe

Then the build failed after dismissing the dialog with:

C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Microsoft\VC\v160\Microsoft.CppBuild.targets(439,5): error MSB8020: The build tools for WindowsKernelModeDriver10.0 (Platform Toolset = 'WindowsKernelModeDriver10.0') cannot be found. To build using the WindowsKernelModeDriver10.0 build tools, please install WindowsKernelModeDriver10.0 build tools.  Alternatively, you may upgrade to the current Visual Studio tools by selecting the Project menu or right-click the solution, and then selecting "Retarget solution". [C:\Users\Administrator\git\ebpf-for-windows\libs\ubpf\kernel\ubpf_kernel.vcxproj]

C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Microsoft\VC\v160\Microsoft.CppBuild.targets(439,5): error MSB8020: The build tools for WindowsKernelModeDriver10.0 (Platform Toolset = 'WindowsKernelModeDriver10.0') cannot be found. To build using the WindowsKernelModeDriver10.0 build tools, please install WindowsKernelModeDriver10.0 build tools.  Alternatively, you may upgrade to the current Visual Studio tools by selecting the Project menu or right-click the solution, and then selecting "Retarget solution". [C:\Users\Administrator\git\ebpf-for-windows\libs\execution_context\kernel\execution_context_kernel.vcxproj]

C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Microsoft\VC\v160\Microsoft.CppCommon.targets(286,5): error MSB3073: The command "cd /d C:\Users\Administrator\git\ebpf-for-windows\x64\Debug\ [C:\Users\Administrator\git\ebpf-for-windows\tools\encode_program_info\encode_program_info.vcxproj]C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Microsoft\VC\v160\Microsoft.CppCommon.targets(286,5): error MSB3073: C:\Users\Administrator\git\ebpf-for-windows\x64\Debug\encode_program_info.exe [C:\Users\Administrator\git\ebpf-for-windows\tools\encode_program_info\encode_program_info.vcxproj] C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\MSBuild\Microsoft\VC\v160\Microsoft.CppCommon.targets(286,5): error MSB3073: :VCEnd" exited with code -1073741511. [C:\Users\Administrator\git\ebpf-for-windows\tools\encode_program_info\encode_program_info.vcxproj]

Maybe Windows Server 2016 isn't supported with this procedure?

Visual Studio details:

Microsoft Visual Studio Community 2019
Version 16.11.8
VisualStudio.16.Release/16.11.8+32002.261
Microsoft .NET Framework
Version 4.8.03761

Installed Version: Community

Visual C++ 2019   00435-60000-00000-AA081
Microsoft Visual C++ 2019

ASP.NET and Web Tools 2019   16.11.94.52318
ASP.NET and Web Tools 2019

Azure App Service Tools v3.0.0   16.11.94.52318
Azure App Service Tools v3.0.0

C# Tools   3.11.0-4.21403.6+ae1fff344d46976624e68ae17164e0607ab68b10
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Common Azure Tools   1.10
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Debugging Tools for Windows   10.0.19030.1000
Integrates the Windows Debugger functionality (http://go.microsoft.com/fwlink/?linkid=223405) in Visual Studio.

IntelliCode Extension   1.0
IntelliCode Visual Studio Extension Detailed Info

Microsoft JVM Debugger   1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft MI-Based Debugger   1.0
Provides support for connecting Visual Studio to MI compatible debuggers

Microsoft Visual C++ Wizards   1.0
Microsoft Visual C++ Wizards

Microsoft Visual Studio VC Package   1.0
Microsoft Visual Studio VC Package

NuGet Package Manager   5.11.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

ProjectServicesPackage Extension   1.0
ProjectServicesPackage Visual Studio Extension Detailed Info

Test Adapter for Boost.Test   1.0
Enables Visual Studio's testing tools with unit tests written for Boost.Test.  The use terms and Third Party Notices are available in the extension installation directory.

Test Adapter for Google Test   1.0
Enables Visual Studio's testing tools with unit tests written for Google Test.  The use terms and Third Party Notices are available in the extension installation directory.

TypeScript Tools   16.0.30526.2002
TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools   3.11.0-4.21403.6+ae1fff344d46976624e68ae17164e0607ab68b10
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual Studio Code Debug Adapter Host Package   1.0
Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

Visual Studio Tools for CMake   1.0
Visual Studio Tools for CMake

Windows Driver Kit   10.0.19030.1000
Headers, libraries, and tools needed to develop, debug, and test Windows drivers (msdn.microsoft.com/en-us/windows/hardware/gg487428.aspx)

documentation triaged

opened by jayhoughton 9

Add support for j*32 instructions

Description

This PR adds support for the 32-bit JMP instruction variants.

Testing

Existing tests are sufficient to test this change-set. No new tests needed.

Results of the command bpf_conformance_runner.exe --test_file_directory D:\wrk\ebpf-for-windows\external\bpf_conformance\tests\ --exclude_regex lock* --plugin_path .\bpf2c_plugin.exe --plugin_options "--include d:\wrk\ebpf-for-windows\include" attached.

Documentation

No documentation changes needed

Fixes #1667

bpf_conformance_test_results.txt

opened by dv-msft 8
Fix code scanning alert - Comparison of narrow type with wide type in loop condition
Tracking issue for:

[ ] https://github.com/microsoft/ebpf-for-windows/security/code-scanning/436

Not a threat, but should be fixed for code sanitation.
good first issue cleanup triaged
opened by Alan-Jowett 8
Replace dawidd6/action-download-artifact with actions/download-artifact

Describe the bug

Currently we use two different github actions to download artifacts across our workflows:

ossar-scan.yml: uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 reusable-build.yml: uses: dawidd6/action-download-artifact@e6e25ac3a2b93187502a8be1ef9e9603afc34925 reusable-cmake-build.yml: uses: dawidd6/action-download-artifact@e6e25ac3a2b93187502a8be1ef9e9603afc34925 reusable-test.yml: uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7

We should make them all just use actions/download-artifact.

OS information

No response

Steps taken to reproduce bug

cd .github/workflows findstr download *

Expected behavior

Should just use actions/download-artifact

Actual outcome

Half the workflows use one action, and half use the other action

Additional details

No response
cleanup

opened by dthaler 0
Bump dawidd6/action-download-artifact from 2.24.2 to 2.24.3
Bumps dawidd6/action-download-artifact from 2.24.2 to 2.24.3.

Commits

bd10f38 Merge pull request #218 from dawidd6/dependabot-npm_and_yarn-adm-zip-0.5.10

61a654a build(deps): bump adm-zip from 0.5.9 to 0.5.10

dcadc4b Merge pull request #211 from koplo199/master

ceeb280 Remove unnecessary semicolon

806bb52 Catch 'Artifact has expired' error

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 1
Bump actions/download-artifact from 3.0.1 to 3.0.2
Bumps actions/download-artifact from 3.0.1 to 3.0.2.

Release notes

Sourced from actions/download-artifact's releases.

v3.0.2

Bump @actions/artifact to v1.1.1 - actions/download-artifact#195

Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet actions/toolkit#1278

Commits

9bc31d5 Update to latest actions/artifact NPM package (#195)

d2278a1 Update release-new-action-version.yml (#196)

c1a6d8f Update codeql-analysis.yml (#197)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 1
Bump external/ubpf from `253031d` to `2936d81`
Bumps external/ubpf from 253031d to 2936d81.

Commits

2936d81 build(deps): bump external/bpf_conformance from d7afc94 to 3432dc3 (#204)

15de1a9 Fix ubpf as submodule (#206)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies submodules
opened by dependabot[bot] 1
Bump external/Catch2 from `72b60df` to `04382af`
Bumps external/Catch2 from 72b60df to 04382af.

Commits

04382af Slightly better clang-format

ac93f19 Improved path normalization in approvalTests.py

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies submodules
opened by dependabot[bot] 1
Bump actions/checkout from 3.2.0 to 3.3.0
Bumps actions/checkout from 3.2.0 to 3.3.0.

Release notes

Sourced from actions/checkout's releases.

v3.3.0

What's Changed

Implement branch list using callbacks from exec function by @cory-miller in actions/checkout#1045

Add in explicit reference to private checkout options by @vanZeben in actions/checkout#1050

Fix comment typos (that got added in #770) by @lurch in actions/checkout#1057

New Contributors

@vanZeben made their first contribution in actions/checkout#1050

@lurch made their first contribution in actions/checkout#1057

Full Changelog: https://github.com/actions/checkout/compare/v3.2.0...v3.3.0

Commits

ac59398 Fix comment typos (that got added in #770) (#1057)

3ba5ee6 Add in explicit reference to private checkout options (#1050)

8856415 Implement branch list using callbacks from exec function (#1045)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies github_actions
opened by dependabot[bot] 1

Releases(v0.5.0)

v0.5.0(Oct 3, 2022)
What's Changed

Add xdp_tests.exe to deploy script by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1397

Fix unregistering hook providers by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/1402

Include hash of program information in metadata by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1376

Fix get_attach_type_windows() by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/1421

Update verifier to latest by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1419

Pull version number from resource\ebpf_version.h by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1373

Update ebpf_version.h by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1428

Add correct path to .guid files by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1429

Implement correct division by zero behavior by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1411

Add tests to verify BPF code generation for interpret and jit by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1430

Fix the bpf_map_lookup_elem / bpf_map_update_elem API for per-cpu maps. by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1423

Update setup_build.vcxproj by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1432

Add ability to enumerate maps associated with a program by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1395

Full Changelog: https://github.com/microsoft/ebpf-for-windows/compare/v0.4.0...v0.5.0
Source code(tar.gz)
Source code(zip)
ebpf-for-windows-0.5.0.msi(11.02 MB)
eBPF-for-Windows.0.5.0.nupkg(826.34 KB)
v0.4.0(Sep 15, 2022)
What's Changed

Bump external/Catch2 from 5a1ef7e to 5f9109a by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1278

Bump external/FindWDK from 43fd504 to 0492964 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1277

Update install instructions to allow using released MSI by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1274

add --type option to bpf2c tool by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/1283

Add support for ifindex and ifalias in bpftool attach command on Windows by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1280

Fix ring buffer test subscriber logic. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/1286

Move TestLog.log to the TEMP directory by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1281

Clean up hard coded program type in EC by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/1294

Explain where to find the wprp file by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1292

Bump external/Catch2 from 5f9109a to 1bd2338 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1298

Bump actions/cache from 3.0.4 to 3.0.5 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1299

Bump external/ebpf-verifier from d259d31 to 8f0bb3f by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1297

Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1301

Clean up Verifier.cpp by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1296

Clean up ebpf_program.c by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1302

Update ubpf and fix build by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1293

Bump external/Catch2 from 1bd2338 to 97c48e0 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1309

Add support for new libbpf APIs by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1288

Bump external/pe-parse from eecdb3d to 29220c9 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1308

Bump external/ebpf-verifier from 8f0bb3f to 88735d9 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1314

Add negative tests for native module by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/1310

Bump external/Catch2 from 97c48e0 to 997a7d4 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1313

Add noexcept keyword to various internal APIs by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1305

Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1315

Implement bpf_prog_detach and bpf_prog_detach2 APIs. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/1311

Bump actions/cache from 3.0.5 to 3.0.6 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1318

Bump external/Catch2 from 997a7d4 to 47d56f2 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1320

Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1321

Bump version to 0.3.0 by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1323

Bump external/ebpf-verifier from 88735d9 to 11366cd by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1317

Bump external/ubpf from ee1eb2a to af0194f by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1319

Fix handling of long map names by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1328

Add note about WDK vsix checkbox when installing WDK by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1327

Bump dawidd6/action-download-artifact from 2.21.1 to 2.22.0 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1333

Fix issued that caused epoch to not cleanup by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1332

Fix LLVM guidance in Getting Started by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1331

Bump actions/cache from 3.0.6 to 3.0.7 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1334

Move preemptible check outside of spinlock region by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1350

Bump step-security/harden-runner from 1.4.4 to 1.4.5 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1335

Bump microsoft/setup-msbuild from becb80cf9a036187bb1e07e74eb64e25850d757a to 1.1 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1359

Update actions/checkout requirement to 2541b1294d2704b0964813337f33b291d3f8596b by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1356

Bump external/Catch2 from 47d56f2 to dc001fa by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1357

Bump github/codeql-action from 2.1.18 to 2.1.20 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1362

Fix doc link by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1338

Update bpftool by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1337

bpf_object__open_file() should allow null opts by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1363

Fix invalid map value size for prog_array and map_array by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1361

remove deprecated prog_load API. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/1352

Bump actions/cache from 3.0.7 to 3.0.8 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1381

Clean up the deprecated netsh use of bpf_object__for_each_safe() by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1368

Remove trailing whitespace in committed files by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1377

Fix leak of reference on WDFREQUEST by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1383

Bump github/codeql-action from 2.1.20 to 2.1.21 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1380

Create or update issue on workflow failure by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1385

Enable KMDF tag tracking. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/1375

Update nuget package to include export_program_info.exe by @Alan-Jowett in https://github.com/microsoft/ebpf-for-windows/pull/1372

Add nuget docs by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1386

Bump external/Catch2 from dc001fa to 7b2e7d6 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1387

Bump dawidd6/action-download-artifact from 2.22.0 to 2.23.0 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1389

Bump github/codeql-action from 2.1.21 to 2.1.22 by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1388

Add workaround for netsh regression by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1396

Bump external/Catch2 from 7b2e7d6 to dea1a6a by @dependabot in https://github.com/microsoft/ebpf-for-windows/pull/1393

Bump version to 0.4.0 by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1391

Full Changelog: https://github.com/microsoft/ebpf-for-windows/compare/v0.2.0...v0.4.0
Source code(tar.gz)
Source code(zip)
ebpf-for-windows-0.4.0.msi(10.93 MB)
eBPF-for-Windows.0.4.0.nupkg(822.75 KB)
v0.3.0(Aug 9, 2022)
What's Changed

add --type option to bpf2c tool by @saxena-anurag in https://github.com/microsoft/ebpf-for-windows/pull/1283

Add support for ifindex and ifalias in bpftool attach command on Windows by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1280

Add support for new libbpf APIs by @dthaler in https://github.com/microsoft/ebpf-for-windows/pull/1288

Implement bpf_prog_detach and bpf_prog_detach2 APIs. by @shankarseal in https://github.com/microsoft/ebpf-for-windows/pull/1311

Full Changelog: https://github.com/microsoft/ebpf-for-windows/compare/v0.2.0...v0.3.0
Source code(tar.gz)
Source code(zip)
ebpf-for-windows-0.3.0.msi(10.91 MB)
eBPF-for-Windows.0.3.0.nupkg(800.90 KB)
v0.2.0(Jul 9, 2022)

Initial MSI release. This version does not use signed binaries, and so can only be installed on a machine enabled for test signing. See https://github.com/microsoft/ebpf-for-windows/blob/main/docs/GettingStarted.md#installing-ebpf-for-windows
Source code(tar.gz)
Source code(zip)
ebpf-for-windows-0.2.0.msi(10.87 MB)
eBPF-for-Windows.0.2.0.nupkg(803.08 KB)

eBPF implementation that runs on top of Windows

Related tags

Overview

eBPF for Windows

New to eBPF?

Architectural Overview

Getting Started

Frequently Asked Questions

1. Is this a fork of eBPF?

2. Does this provide app compatibility with eBPF programs written for Linux?

3. Will eBPF work with HyperVisor-enforced Code Integrity (HVCI)?

Comments

Describe the bug

OS information

Steps taken to reproduce bug

Expected behavior

Actual outcome

Additional details

Description

Documentation

Description

Testing

Documentation

Describe the bug

OS information

Steps taken to reproduce bug

Expected behavior

Actual outcome

Additional details

Description

v1.1.1

What's Changed

v1.1.0

Main changes

New Contributors

v1.0.4

Summary

What's Changed

New Contributors

Description

Testing

Documentation

Describe the bug

OS information

Steps taken to reproduce bug

Expected behavior

Actual outcome

Additional details

v3.0.2

v3.3.0

What's Changed

New Contributors

Releases(v0.5.0)

v0.5.0(Oct 3, 2022)

What's Changed

v0.4.0(Sep 15, 2022)

What's Changed

v0.3.0(Aug 9, 2022)

What's Changed

v0.2.0(Jul 9, 2022)

Owner

Microsoft

libsinsp, libscap, the kernel module driver, and the eBPF driver sources

Linux Application Level Firewall based on eBPF and NFQUEUE.

eBPF bytecode assembler and compiler

Example how to run eBPF probes without a usermode process using fentry

A Rust crate that simplifies the integration of Rust and eBPF programs written in C.

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

A very basic eBPF Load Balancer in a few lines of C

skbtracer on ebpf

some experiments with ebpf

Small utility that leverages eBPF to dump the traffic of a unix domain socket

Tool for Preventing Data Exfiltration with eBPF

The Beginner's Guide to eBPF Programming for Networking

pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities.

Dectect syscall hooking using eBPF

A collection of eBPF programs demonstrating bad behavior

bpflock - eBPF driven security for locking and auditing Linux machines

A list of network measurement sketch algorithms implemented in eBPF

A Linux Host-based Intrusion Detection System based on eBPF.