Bind hook on Windows should more closely resemble the Linux equivalent (BPF_PROG_TYPE_CGROUP_SOCK)

microsoft / ebpf-for-windows

eBPF implementation that runs on top of Windows

MIT License

2.94k stars 236 forks source link

Bind hook on Windows should more closely resemble the Linux equivalent (BPF_PROG_TYPE_CGROUP_SOCK) #333

Open Alan-Jowett opened 3 years ago

Alan-Jowett commented 3 years ago

Hooking bind operations is a relatively platform-agnostic behavior. eBFP-for-Windows bind hook is currently significantly different from the one exposed by Linux.

To allow re-use of eBPF programs between Linux and Windows it would make sense to modify the signature of the bind hook to match that of Linux.

dthaler commented 3 years ago

@dthaler need to paste in here the list of program types covered by this issue

Alan-Jowett commented 3 years ago

It's unclear what the equivalent program types are for Linux.

Alan-Jowett commented 3 years ago

Reached out on Cilium slack channel to see if domain experts know of similar Linux hook.

shankarseal commented 3 years ago

Per bpf.h

attach types are: BPF_CGROUP_INET4_BIND, BPF_CGROUP_INET6_BIND, BPF_CGROUP_INET4_POST_BIND, BPF_CGROUP_INET6_POST_BIND,

And I believe the program type is: BPF_PROG_TYPE_CGROUP_SOCK

Programs of this type are attached using CGroups.