-
Notifications
You must be signed in to change notification settings - Fork 104
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
122 changed files
with
652 additions
and
28,713 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -58,3 +58,6 @@ dkms.conf | |
|
|
||
| # Rust | ||
| target | ||
|
|
||
| # Other | ||
| .DS_Store | ||
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # eBPF on Windows | ||
|
|
||
| eBPF samples on Windows. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # eBPF For Windows Demo - Connection Tracking | ||
|
|
||
| This project demonstrates the following features adapted from [eBPF for Windows demo](https://github.com/microsoft/ebpf-for-windows-demo/tree/main/connection_tracker): | ||
|
|
||
| 1) Native eBPF program generation. | ||
| 2) The BPF_PROG_TYPE_SOCK_OPS program type. | ||
| 3) The bpf_printk helper emitting tracing to ETW. | ||
| 4) The BPF_MAP_TYPE_RINGBUF map type. | ||
|
|
||
| The project provides a real-time list of connections that have been completed along with the source, destination, and duration of each connection. | ||
|
|
||
| ## How to run | ||
|
|
||
| ### Build BPF_PROG_TYPE_SOCK_OPS and BPF_MAP_TYPE_RINGBUF demo | ||
|
|
||
| 1) Build the ```ebpf-for-windows-demo``` as outlined in [Getting Started](https://github.com/microsoft/ebpf-for-windows-demo/blob/main/docs/GettingStarted.md). | ||
| 2) [Install eBPF-For-Windows with the msi installer](https://github.com/microsoft/ebpf-for-windows/blob/main/docs/InstallEbpf.md#method-1-install-a-release-with-the-msi-installer) on the target machine. This should start netebpfext, ebpfcore and ebpfsvc services. | ||
| 3) Copy conn_track.sys and conn_tracker.exe to the target machine. | ||
| 4) Launch conn_tracker.exe. | ||
| 5) Launch a browser and navigate to any website. | ||
| 6) Connection tracker will then show the list of connections. | ||
|
|
||
| ## How to view logs | ||
|
|
||
| 1) Start an ETW session and add the eBPF-For-Windows provider: ```tracelog -start MyTrace -guid C:\ebpf-for-windows\ebpf-printk.guid -rt```. | ||
| 2) Start a real-time trace consumer: ```tracefmt -rt MyTrace -displayonly -jsonMeta 0```. | ||
| 3) Launch conn_tracker.exe. | ||
| 4) Launch a browser and navigate to any website. | ||
| 5) The real-time trace consumer will then show all the bpf_printk events being generated by the eBPF program. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| Performing Custom Build Tools | ||
|
|
||
|
|
||
| Directory: C:\Users\aaz\connection_tracker\x64\Debug | ||
|
|
||
|
|
||
| Mode LastWriteTime Length Name | ||
| ---- ------------- ------ ---- | ||
| d----- 10/29/2023 3:42 AM conn_track_km | ||
| MSBuild version 17.7.2+d6990bcfa for .NET Framework | ||
| Build started 10/29/2023 3:42:23 AM. | ||
|
|
||
| Project "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.vcxproj" on node 1 (default targets). | ||
| DriverBuildNotifications: | ||
| Building 'conn_track_km' with toolset 'WindowsKernelModeDriver10.0' and the 'Desktop' target platform. | ||
| Using KMDF 1.15. | ||
| PrepareForBuild: | ||
| Creating directory "x64\Debug\". | ||
| Creating directory "x64\Debug\conn_track_km.tlog\". | ||
| InitializeBuildStatus: | ||
| Creating "x64\Debug\conn_track_km.tlog\unsuccessfulbuild" because "AlwaysCreate" was specified. | ||
| Touching "x64\Debug\conn_track_km.tlog\unsuccessfulbuild". | ||
| PreBuildEvent: | ||
| C:\Users\aaz\connection_tracker\packages\eBPF-for-Windows.0.12.0\build\native\bin\bpf2c --bpf conn_track.o --sys conn_track_driver.c | ||
| :VCEnd | ||
| ClCompile: | ||
| C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\HostX64\x64\CL.exe /c /I"C:\Users\aaz\connection_tracker\packages\eBPF-for-Windows.0.12.0\build\native\include" /Ix64\Debug\ /Zi /nologo /W4 /WX /diagnostics:column /Od /Oi /Oy- /GL /D _WIN64 /D _AMD64_ /D AMD64 /D DEPRECATE_DDK_FUNCTIONS=1 /D MSC_NOOPT /D _WIN32_WINNT=0x0A00 /D WINVER=0x0A00 /D WINNT=1 /D NTDDI_VERSION=0xA00000C /D DBG=1 /GF /Gm- /Zp8 /GS /guard:cf /Gy /fp:precise /Qspectre /Zc:wchar_t- /Zc:forScope /Zc:inline /GR- /Fo"x64\Debug\\" /Fd"x64\Debug\vc143.pdb" /external:W4 /Gz /wd4189 /wd4245 /wd4748 /wd4603 /wd4627 /wd4986 /wd4987 /FI"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\shared\warning.h" /FC /errorReport:queue /kernel -cbstring -d2epilogunwind /d1import_no_registry /d2AllowCompatibleILVersions /d2Zi+ conn_track_driver.c | ||
| conn_track_driver.c | ||
| Link: | ||
| C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\HostX64\x64\link.exe /ERRORREPORT:QUEUE /OUT:"C:\Users\aaz\connection_tracker\x64\Debug\conn_track.sys" /VERSION:"10.0" /INCREMENTAL:NO /NOLOGO /WX /SECTION:"INIT,d" Netio.lib "C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\BufferOverflowFastFailK.lib" "C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\ntoskrnl.lib" "C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\hal.lib" "C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wmilib.lib" /NODEFAULTLIB /MANIFEST:NO /DEBUG /PDB:"C:\Users\aaz\connection_tracker\x64\Debug\conn_track.pdb" /SUBSYSTEM:NATIVE,"10.00" /Driver /OPT:REF /OPT:ICF /LTCG /LTCGOUT:"x64\Debug\conn_track.iobj" /ENTRY:"GsDriverEntry" /RELEASE /IMPLIB:"C:\Users\aaz\connection_tracker\x64\Debug\conn_track.lib" /MERGE:"_TEXT=.text;_PAGE=PAGE" /MACHINE:X64 /PROFILE /guard:cf /kernel /IGNORE:4198,4010,4037,4039,4065,4070,4078,4087,4089,4221,4108,4088,4218,4218,4235 /osversion:10.0 /pdbcompress /debugtype:pdata x64\Debug\conn_track_driver.obj | ||
| Generating code | ||
| Finished generating code | ||
| conn_track.vcxproj -> C:\Users\aaz\connection_tracker\x64\Debug\conn_track.sys | ||
| Project "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.vcxproj" (1) is building "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.vcxproj" (1:2) on node 1 (TestSign target(s)). | ||
| TestSign: | ||
| The driver will be test-signed. Driver signing options can be changed from the project properties. | ||
| Sign Inputs: C:\Users\aaz\connection_tracker\x64\Debug\conn_track.sys | ||
| C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x86\signtool.exe sign /ph /fd "SHA256" /sha1 "15D232012D145C6B3CDE8715C099A372A74A7956" | ||
| Done Adding Additional Store | ||
| Successfully signed: C:\Users\aaz\connection_tracker\x64\Debug\conn_track.sys | ||
|
|
||
| Certificate used for signing: issued to = WDKTestCert aaz,133430227648180584 and thumbprint = 15D232012D145C6B3CDE8715C099A372A74A7956 | ||
| Exported Certificate: C:\Users\aaz\connection_tracker\x64\Debug\conn_track.cer | ||
| Done Building Project "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.vcxproj" (TestSign target(s)). | ||
| DriverPackageTarget: | ||
| Packaging up the following projects for the following configurations: | ||
|
|
||
| Configuration='' Platform='' | ||
|
|
||
|
|
||
| The following files will be packaged: | ||
|
|
||
| File to package: C:\Users\aaz\connection_tracker\x64\Debug\conn_track.sys. | ||
| Location in Package: \conn_track.sys. | ||
| Requested by project: | ||
|
|
||
|
|
||
| Copying file from "C:\Users\aaz\connection_tracker\x64\Debug\conn_track.sys" to "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.sys". | ||
| Inf2Cat: | ||
| Inf2Cat task was skipped as there were no inf files to process | ||
|
|
||
| Project "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.vcxproj" (1) is building "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.vcxproj" (1:3) on node 1 (TestSign target(s)). | ||
| TestSign: | ||
| The driver package will be test-signed. Driver signing options can be changed from the project properties. | ||
| No files to sign, skipping SignTask. | ||
| Done Building Project "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.vcxproj" (TestSign target(s)). | ||
| FinalizeBuildStatus: | ||
| Deleting file "x64\Debug\conn_track_km.tlog\unsuccessfulbuild". | ||
| Touching "x64\Debug\conn_track_km.tlog\conn_track_km.lastbuildstate". | ||
| Done Building Project "C:\Users\aaz\connection_tracker\x64\Debug\conn_track_km\conn_track.vcxproj" (default targets). | ||
|
|
||
| Build succeeded. | ||
| 0 Warning(s) | ||
| 0 Error(s) | ||
|
|
||
| Time Elapsed 00:00:02.20 | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
| <Import Project="..\packages\eBPF-for-Windows.0.12.0\build\native\ebpf-for-windows.props" Condition="Exists('..\packages\eBPF-for-Windows.0.12.0\build\native\ebpf-for-windows.props')" /> | ||
| <ItemGroup Label="ProjectConfigurations"> | ||
| <ProjectConfiguration Include="Debug|Win32"> | ||
| <Configuration>Debug</Configuration> | ||
| <Platform>Win32</Platform> | ||
| </ProjectConfiguration> | ||
| <ProjectConfiguration Include="Release|Win32"> | ||
| <Configuration>Release</Configuration> | ||
| <Platform>Win32</Platform> | ||
| </ProjectConfiguration> | ||
| <ProjectConfiguration Include="Debug|x64"> | ||
| <Configuration>Debug</Configuration> | ||
| <Platform>x64</Platform> | ||
| </ProjectConfiguration> | ||
| <ProjectConfiguration Include="Release|x64"> | ||
| <Configuration>Release</Configuration> | ||
| <Platform>x64</Platform> | ||
| </ProjectConfiguration> | ||
| </ItemGroup> | ||
| <PropertyGroup Label="Globals"> | ||
| <ProjectGuid>{35EE4580-FE14-45AD-9015-153384E3DF73}</ProjectGuid> | ||
| <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion> | ||
| </PropertyGroup> | ||
| <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> | ||
| <ClCompile> | ||
| <LanguageStandard>stdcpp20</LanguageStandard> | ||
| </ClCompile> | ||
| </ItemDefinitionGroup> | ||
| <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> | ||
| <ClCompile> | ||
| <LanguageStandard_C>stdc17</LanguageStandard_C> | ||
| </ClCompile> | ||
| </ItemDefinitionGroup> | ||
| <ItemGroup> | ||
| <CustomBuild Include="conn_track.c"> | ||
| <FileType>CppCode</FileType> | ||
| <Outputs>$(OutDir)conn_track.sys</Outputs> | ||
| <Command> | ||
| clang -g -target bpf -O2 -Werror $(ClangIncludes) -c %(Filename).c -o $(OutDir)%(Filename).o | ||
| pushd $(OutDir) | ||
| powershell -NonInteractive -ExecutionPolicy Unrestricted $(EbpfBinPath)\Convert-BpfToNative.ps1 -FileName %(Filename) -IncludeDir $(EbpfIncludePath) -Platform $(Platform) -Configuration $(Configuration) -KernelMode $true | ||
| popd</Command> | ||
| </CustomBuild> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <None Include="packages.config" /> | ||
| </ItemGroup> | ||
| <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> | ||
| <PropertyGroup Label="Configuration"> | ||
| <ConfigurationType>Utility</ConfigurationType> | ||
| <PlatformToolset>v143</PlatformToolset> | ||
| <CharacterSet>Unicode</CharacterSet> | ||
| </PropertyGroup> | ||
| <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> | ||
| <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> | ||
| <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild"> | ||
| <PropertyGroup> | ||
| <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105.The missing file is {0}.</ErrorText> | ||
| </PropertyGroup> | ||
| <Error Condition="!Exists('..\packages\eBPF-for-Windows.0.12.0\build\native\ebpf-for-windows.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\eBPF-for-Windows.0.12.0\build\native\ebpf-for-windows.props'))" /> | ||
| </Target> | ||
| </Project> |
52 changes: 24 additions & 28 deletions
52
windows/xdpdrop/xdpdrop.filters → ...onnection_tracker/bpf/bpf.vcxproj.filters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,29 +1,25 @@ | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <!-- | ||
| Copyright (c) Microsoft Corporation | ||
| SPDX-License-Identifier: MIT | ||
| --> | ||
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
| <ItemGroup> | ||
| <Filter Include="Source Files"> | ||
| <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> | ||
| <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions> | ||
| </Filter> | ||
| <Filter Include="Header Files"> | ||
| <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> | ||
| <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions> | ||
| </Filter> | ||
| <Filter Include="Resource Files"> | ||
| <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> | ||
| <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> | ||
| </Filter> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <ClCompile Include="xdpdrop_user.cpp"> | ||
| <Filter>Source Files</Filter> | ||
| </ClCompile> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <None Include="packages.config" /> | ||
| </ItemGroup> | ||
| <?xml version="1.0" encoding="utf-8"?> | ||
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | ||
| <ItemGroup> | ||
| <Filter Include="Source Files"> | ||
| <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> | ||
| <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions> | ||
| </Filter> | ||
| <Filter Include="Header Files"> | ||
| <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> | ||
| <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions> | ||
| </Filter> | ||
| <Filter Include="Resource Files"> | ||
| <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> | ||
| <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> | ||
| </Filter> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <CustomBuild Include="conn_track.c"> | ||
| <Filter>Source Files</Filter> | ||
| </CustomBuild> | ||
| </ItemGroup> | ||
| <ItemGroup> | ||
| <None Include="packages.config" /> | ||
| </ItemGroup> | ||
| </Project> |
File renamed without changes.
Oops, something went wrong.