diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index fcc0444f8..98304f568 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -88,7 +88,7 @@ jobs: uses: ./.github/workflows/reusable-test.yml with: name: process_monitor - pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 0.21.0 && powershell -file .\bin\process_monitor.Tests\win-x64\Setup-ProcessMonitorTests.ps1 -ArtifactsRoot . + pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 1.0.0-rc1 && powershell -file .\bin\process_monitor.Tests\win-x64\Setup-ProcessMonitorTests.ps1 -ArtifactsRoot . test_command: dotnet test .\bin\process_monitor.Tests\win-x64\process_monitor.Tests.dll build_artifact: Build-x64 environment: windows-2022 @@ -102,7 +102,7 @@ jobs: uses: ./.github/workflows/reusable-test.yml with: name: neteventebpfext unit tests - pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 0.21.0 + pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 1.0.0-rc1 test_command: .\neteventebpfext_unit.exe -d yes build_artifact: Build-x64 environment: windows-2022 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4a74d9eee..f3a6e9c30 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -91,7 +91,7 @@ Do the following once: 1. Open a command prompt as admin 1. `cd ` 1. `cd x64\Debug\bin\process_monitor.Tests\win-x64` -1. `powershell -file .\Install-eBpfForWindows.ps1 0.21.0` +1. `powershell -file .\Install-eBpfForWindows.ps1 1.0.0-rc1` 1. `powershell -file .\Setup-ProcessMonitorTests.ps1` Then do this each time you want to re-run the tests: diff --git a/Directory.Packages.props b/Directory.Packages.props index 47c3aef45..8e0a8caac 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -4,13 +4,13 @@ --> - true + false - + diff --git a/ebpf_extensions/neteventebpfext/sys/packages.config b/ebpf_extensions/neteventebpfext/sys/packages.config index c62f94618..7630b7316 100644 --- a/ebpf_extensions/neteventebpfext/sys/packages.config +++ b/ebpf_extensions/neteventebpfext/sys/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/ebpf_extensions/neteventebpfext/user/packages.config b/ebpf_extensions/neteventebpfext/user/packages.config index c62f94618..7630b7316 100644 --- a/ebpf_extensions/neteventebpfext/user/packages.config +++ b/ebpf_extensions/neteventebpfext/user/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/ebpf_extensions/ntosebpfext/sys/packages.config b/ebpf_extensions/ntosebpfext/sys/packages.config index c62f94618..7630b7316 100644 --- a/ebpf_extensions/ntosebpfext/sys/packages.config +++ b/ebpf_extensions/ntosebpfext/sys/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/ebpf_extensions/ntosebpfext/user/packages.config b/ebpf_extensions/ntosebpfext/user/packages.config index c62f94618..7630b7316 100644 --- a/ebpf_extensions/ntosebpfext/user/packages.config +++ b/ebpf_extensions/ntosebpfext/user/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/ntosebpfext.props b/ntosebpfext.props index ff052ca2e..2ba7046c3 100644 --- a/ntosebpfext.props +++ b/ntosebpfext.props @@ -1,7 +1,11 @@ + - 0.21.0 + 1.0.0-rc1 $(SolutionDir)packages\eBPF-for-Windows.x64.$(eBPFForWindowsVersion) diff --git a/resource/ebpf_ext_version.h b/resource/ebpf_ext_version.h index 06ecf57f8..740fd0a47 100644 --- a/resource/ebpf_ext_version.h +++ b/resource/ebpf_ext_version.h @@ -2,7 +2,7 @@ // SPDX-License-Identifier: MIT #define EBPF_VERSION_MAJOR 0 -#define EBPF_VERSION_MINOR 5 +#define EBPF_VERSION_MINOR 6 #define EBPF_VERSION_REVISION 0 #define QUOTE(str) #str diff --git a/scripts/initialize_repo.ps1 b/scripts/initialize_repo.ps1 index 2bd441d38..60b9bf187 100644 --- a/scripts/initialize_repo.ps1 +++ b/scripts/initialize_repo.ps1 @@ -12,7 +12,7 @@ $commands = @( "git submodule update --init --recursive", "cmake -G 'Visual Studio 17 2022' -S external\catch2 -B external\catch2\build -DBUILD_TESTING=OFF", "nuget restore ntosebpfext.sln", - ".\packages\eBPF-for-Windows.x64.0.21.0\build\native\bin\export_program_info.exe" + ".\packages\eBPF-for-Windows.x64.1.0.0-rc1\build\native\bin\export_program_info.exe" ) # Loop through each command and run them sequentially without opening a new window diff --git a/scripts/setup_build/packages.config b/scripts/setup_build/packages.config index 0d78f8cba..5ca7b32d4 100644 --- a/scripts/setup_build/packages.config +++ b/scripts/setup_build/packages.config @@ -1,6 +1,6 @@  - + diff --git a/scripts/update-product-version.ps1 b/scripts/update-product-version.ps1 index c2e2522d4..8f652d858 100644 --- a/scripts/update-product-version.ps1 +++ b/scripts/update-product-version.ps1 @@ -28,6 +28,17 @@ if ("$majorVersion.$minorVersion.$revisionNumber" -match '^\d+\.\d+\.\d+$') { $newcontent | Set-Content $ntosebpfext_version_file -NoNewline Write-Host -ForegroundColor DarkGreen "Version number updated to '$majorVersion.$minorVersion.$revisionNumber' in $ntosebpfext_version_file" + # Set the new version number in the version.json file. + $version_json_file = "$PSScriptRoot\..\version.json" + Write-Host -ForegroundColor DarkGreen "Updating the version number in the '$version_json_file' file..." + $versionJson = [ordered]@{ + major = [int]$majorVersion + minor = [int]$minorVersion + patch = [int]$revisionNumber + } + $versionJson | ConvertTo-Json | Set-Content $version_json_file -Encoding UTF8 + Write-Host -ForegroundColor DarkGreen "Version number updated to '$majorVersion.$minorVersion.$revisionNumber' in $version_json_file" + } else { Write-Host -ForegroundColor Red "'ntosebpfext.sln' not found in the current path." Write-Host -ForegroundColor DarkYellow "Please run this script from the root directory of the repository, within a Developer Poweshell for VS 2022." diff --git a/tests/neteventebpfext/netevent_sim/packages.config b/tests/neteventebpfext/netevent_sim/packages.config index c62f94618..7630b7316 100644 --- a/tests/neteventebpfext/netevent_sim/packages.config +++ b/tests/neteventebpfext/netevent_sim/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/tests/neteventebpfext/neteventebpfext_unit/netevent_ebpfext_unit.cpp b/tests/neteventebpfext/neteventebpfext_unit/netevent_ebpfext_unit.cpp index 6405416eb..3b0245ba9 100644 --- a/tests/neteventebpfext/neteventebpfext_unit/netevent_ebpfext_unit.cpp +++ b/tests/neteventebpfext/neteventebpfext_unit/netevent_ebpfext_unit.cpp @@ -145,13 +145,14 @@ TEST_CASE("netevent_attach_opt_simulation", "[neteventebpfext]") // Attach to the eBPF perf buffer event map. bpf_map* netevent_events_map = bpf_object__find_map_by_name(object, "netevent_events_map"); REQUIRE(netevent_events_map != nullptr); - auto netevent_perf_buff = perf_buffer__new( + ebpf_perf_buffer_opts perf_opts = {.sz = sizeof(ebpf_perf_buffer_opts), .flags = EBPF_PERFBUF_FLAG_AUTO_CALLBACK}; + auto netevent_perf_buff = ebpf_perf_buffer__new( bpf_map__fd(netevent_events_map), 0, netevent_monitor_event_callback, netevent_monitor_lost_event_callback, nullptr, - nullptr); + &perf_opts); REQUIRE(netevent_perf_buff != nullptr); // Test attach with no attach params - this should fail. @@ -276,13 +277,14 @@ TEST_CASE("netevent_drivers_load_unload_stress", "[neteventebpfext]") // Attach to the eBPF perf buffer event map. bpf_map* netevent_events_map = bpf_object__find_map_by_name(object, "netevent_events_map"); REQUIRE(netevent_events_map != nullptr); - auto netevent_perf_buff = perf_buffer__new( + ebpf_perf_buffer_opts perf_opts = {.sz = sizeof(ebpf_perf_buffer_opts), .flags = EBPF_PERFBUF_FLAG_AUTO_CALLBACK}; + auto netevent_perf_buff = ebpf_perf_buffer__new( bpf_map__fd(netevent_events_map), 0, netevent_monitor_event_callback, netevent_monitor_lost_event_callback, nullptr, - nullptr); + &perf_opts); REQUIRE(netevent_perf_buff != nullptr); std::cout << "\n\n********** Test netevent_sim provider load/unload while the extension is running. **********" @@ -392,13 +394,14 @@ TEST_CASE("netevent_bpf_prog_run_test", "[neteventebpfext]") // Attach to the eBPF perf buffer event map. bpf_map* netevent_events_map = bpf_object__find_map_by_name(object, "netevent_events_map"); REQUIRE(netevent_events_map != nullptr); - auto netevent_perf_buff = perf_buffer__new( + ebpf_perf_buffer_opts perf_opts = {.sz = sizeof(ebpf_perf_buffer_opts), .flags = EBPF_PERFBUF_FLAG_AUTO_CALLBACK}; + auto netevent_perf_buff = ebpf_perf_buffer__new( bpf_map__fd(netevent_events_map), 0, netevent_monitor_event_callback, netevent_monitor_lost_event_callback, nullptr, - nullptr); + &perf_opts); REQUIRE(netevent_perf_buff != nullptr); // Initialize structures required for bpf_prog_test_run_opts diff --git a/tests/neteventebpfext/neteventebpfext_unit/packages.config b/tests/neteventebpfext/neteventebpfext_unit/packages.config index c62f94618..7630b7316 100644 --- a/tests/neteventebpfext/neteventebpfext_unit/packages.config +++ b/tests/neteventebpfext/neteventebpfext_unit/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/tests/ntosebpfext/ntosebpfext_unit/packages.config b/tests/ntosebpfext/ntosebpfext_unit/packages.config index c62f94618..7630b7316 100644 --- a/tests/ntosebpfext/ntosebpfext_unit/packages.config +++ b/tests/ntosebpfext/ntosebpfext_unit/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/tests/process_monitor.Tests/process_monitor.Tests.csproj b/tests/process_monitor.Tests/process_monitor.Tests.csproj index 77922472e..4dfaaaafb 100644 --- a/tests/process_monitor.Tests/process_monitor.Tests.csproj +++ b/tests/process_monitor.Tests/process_monitor.Tests.csproj @@ -19,11 +19,13 @@ - - - - - + + + + + + + diff --git a/tools/netevent_ebpf_ext_export_program_info/packages.config b/tools/netevent_ebpf_ext_export_program_info/packages.config index c62f94618..7630b7316 100644 --- a/tools/netevent_ebpf_ext_export_program_info/packages.config +++ b/tools/netevent_ebpf_ext_export_program_info/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/tools/netevent_monitor/packages.config b/tools/netevent_monitor/packages.config index c62f94618..7630b7316 100644 --- a/tools/netevent_monitor/packages.config +++ b/tools/netevent_monitor/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/tools/ntos_ebpf_ext_export_program_info/packages.config b/tools/ntos_ebpf_ext_export_program_info/packages.config index c62f94618..7630b7316 100644 --- a/tools/ntos_ebpf_ext_export_program_info/packages.config +++ b/tools/ntos_ebpf_ext_export_program_info/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/tools/process_monitor.Library/PInvokes.cs b/tools/process_monitor.Library/PInvokes.cs index caac45e44..a88704585 100644 --- a/tools/process_monitor.Library/PInvokes.cs +++ b/tools/process_monitor.Library/PInvokes.cs @@ -28,7 +28,7 @@ internal static class PInvokes internal static extern IntPtr bpf_program__attach(IntPtr bpf_program); [DllImport(ebpfApiDll, CharSet = CharSet.Ansi, PreserveSig = true, CallingConvention = CallingConvention.Cdecl)] - internal static extern unsafe IntPtr ring_buffer__new(int map_fd, delegate* unmanaged[Cdecl] sample_cb, IntPtr ctx, IntPtr opts); + internal static extern unsafe IntPtr ebpf_ring_buffer__new(int map_fd, delegate* unmanaged[Cdecl] sample_cb, IntPtr ctx, ref process_monitor.Library.ProcessMonitorBPFLoader.ebpf_ring_buffer_opts opts); [DllImport(ebpfApiDll, CharSet = CharSet.Ansi, PreserveSig = true, CallingConvention = CallingConvention.Cdecl)] internal static extern void ring_buffer__free(IntPtr ring_buffer); diff --git a/tools/process_monitor.Library/ProcessMonitorBPFLoader.cs b/tools/process_monitor.Library/ProcessMonitorBPFLoader.cs index 3889182c8..f9184ebb9 100644 --- a/tools/process_monitor.Library/ProcessMonitorBPFLoader.cs +++ b/tools/process_monitor.Library/ProcessMonitorBPFLoader.cs @@ -38,6 +38,17 @@ internal readonly struct process_info_t internal readonly byte operation; } + [StructLayout(LayoutKind.Sequential)] +#pragma warning disable IDE1006 // Naming Styles - this matches the native definition's name + internal struct ebpf_ring_buffer_opts +#pragma warning restore IDE1006 // Naming Styles + { + internal nuint sz; // size_t - native unsigned integer + internal UInt64 flags; // uint64_t + } + + private const UInt64 EBPF_RINGBUF_FLAG_AUTO_CALLBACK = 1; + internal static void Subscribe(ProcessMonitor pm, ILogger logger) { lock (_lock) @@ -113,14 +124,21 @@ private static void Initialize(ILogger logger) // Attach to ring buffer (_, var process_ringbuf_map_fd) = LoadMapByName("process_ringbuf", logger); - process_ringbuf = PInvokes.ring_buffer__new(process_ringbuf_map_fd, &ProcessMonitor_history_callback, IntPtr.Zero, IntPtr.Zero); + + var ring_opts = new ebpf_ring_buffer_opts + { + sz = (nuint)Marshal.SizeOf(), + flags = EBPF_RINGBUF_FLAG_AUTO_CALLBACK + }; + + process_ringbuf = PInvokes.ebpf_ring_buffer__new(process_ringbuf_map_fd, &ProcessMonitor_history_callback, IntPtr.Zero, ref ring_opts); if (process_ringbuf == IntPtr.Zero) { - throw new InvalidOperationException("ring_buffer__new(process_ringbuf) failed!"); + throw new InvalidOperationException("ebpf_ring_buffer__new(process_ringbuf) failed!"); } else { - logger.LogDebug("SUCCESS: ring_buffer__new(process_ringbuf) succeeded!"); + logger.LogDebug("SUCCESS: ebpf_ring_buffer__new(process_ringbuf) succeeded!"); } } } diff --git a/tools/process_monitor.Library/process_monitor.Library.csproj b/tools/process_monitor.Library/process_monitor.Library.csproj index cb153229e..7263e10dd 100644 --- a/tools/process_monitor.Library/process_monitor.Library.csproj +++ b/tools/process_monitor.Library/process_monitor.Library.csproj @@ -10,7 +10,9 @@ - + + + diff --git a/tools/process_monitor_bpf/packages.config b/tools/process_monitor_bpf/packages.config index c62f94618..7630b7316 100644 --- a/tools/process_monitor_bpf/packages.config +++ b/tools/process_monitor_bpf/packages.config @@ -1,4 +1,4 @@  - + \ No newline at end of file diff --git a/version.json b/version.json new file mode 100644 index 000000000..b017f67f2 --- /dev/null +++ b/version.json @@ -0,0 +1,5 @@ +{ + "major": 0, + "minor": 6, + "patch": 0 +}