search

microsoft / ebpf-for-windows

eBPF implementation that runs on top of Windows
MIT License
2.86k stars 220 forks source link

bpf object load - NMR Attach failing with attach guid all zeroes #3748

Closed H0mTanks closed 1 month ago

H0mTanks commented 1 month ago

Describe the bug

Possible duplicate of #2627.

Hello there, I'm trying to load a simple xdp program compiled with: clang -I ..\..\..\ebpf-for-windows\x64\Debug\undocked\ebpf-for-windows\build\native\include -target bpf -Werror -O2 xdp_driver.c -o xdp_driver.o

//xdp_driver.c
#include "bpf_helpers.h"
#include <stdint.h>

SEC("xdp")
int32_t packet_parse(xdp_md_t* ctx) {
    return XDP_DROP;
}

Program load fails with:

netsh ebpf add program xdp_driver.o
error 22: could not load program

Etl trace: (I can see that the attach guid is all zeros)

[2]1DB4.2288::2024/08/03-10:17:47.737643400 [EbpfForWindowsProvider]{"Entry":"_ebpf_core_protocol_get_program_info","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376434Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737643900 [EbpfForWindowsProvider]{"Entry":"ebpf_program_create","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376439Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737655700 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376557Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737656200 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376562Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737656600 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376566Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737668400 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376684Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737671000 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{8d2a1d3f-9ce6-473d-b48e-17aa5c5581fe}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376710Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737671600 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{ce8ccef8-4241-4975-984d-bb3921dfa73c}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376716Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737671900 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{608c517c-6c52-4a26-b677-bb1c34425adf}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376719Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737672200 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{92ec8e39-aeec-11ec-9a30-18602489beee}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376722Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737672500 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{43fb224d-68f8-46d6-aa3f-c856518cbb32}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376725Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737673300 [EbpfForWindowsProvider]{"Message":"Failed to load program information.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{00000000-0000-0000-0000-000000000000}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376733Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":4,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737674200 [EbpfForWindowsProvider]{"ErrorMessage":"ebpf_program_create returned error","Error":23,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7376742Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737674600 [EbpfForWindowsProvider]{"ErrorMessage":"_ebpf_core_protocol_get_program_info returned error","Error":23,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7376746Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737675300 [EbpfForWindowsProvider]{"Api":"\"ebpf_core_invoke_protocol_handler\"","status":"0xC000026C(NT=Unable to Load Device Driver)","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfApiError","time":"2024-08-03T17:17:47.7376753Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x4"}}
[2]1DB4.2288::2024/08/03-10:17:47.737677800 [EbpfForWindowsProvider]{"Api":"DeviceIoControl","last_error":"2001(WIN=The specified driver is invalid.)","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfApiError","time":"2024-08-03T17:17:47.7376778Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x100"}}
[2]1DB4.2288::2024/08/03-10:17:47.737678400 [EbpfForWindowsProvider]{"ErrorMessage":"invoke_ioctl returned error","Error":2001,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7376784Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737681600 [EbpfForWindowsProvider]{"Entry":"ebpf_duplicate_program_info","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7376816Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737684400 [EbpfForWindowsProvider]{"Message":"ebpf_duplicate_program_info returned success","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfSuccess","time":"2024-08-03T17:17:47.7376844Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737810300 [EbpfForWindowsProvider]{"Message":"load_byte_code returned success","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfSuccess","time":"2024-08-03T17:17:47.7378103Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737811000 [EbpfForWindowsProvider]{"Message":"_initialize_ebpf_object_from_elf returned success","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfSuccess","time":"2024-08-03T17:17:47.7378110Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737811400 [EbpfForWindowsProvider]{"Message":"_initialize_ebpf_object_from_file returned success","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfSuccess","time":"2024-08-03T17:17:47.7378114Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737812300 [EbpfForWindowsProvider]{"Message":"ebpf_object_open returned success","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfSuccess","time":"2024-08-03T17:17:47.7378123Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737814200 [EbpfForWindowsProvider]{"Entry":"ebpf_free_string","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378142Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737815500 [EbpfForWindowsProvider]{"Exit":"ebpf_free_string","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378155Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":2,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737818400 [EbpfForWindowsProvider]{"Entry":"ebpf_program_next","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378184Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737818900 [EbpfForWindowsProvider]{"__FSTREXP __FUNCTION__ \" returned\"":"ebpf_program_next returned","program":"0x264DCA901B0","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfReturn","time":"2024-08-03T17:17:47.7378189Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737819400 [EbpfForWindowsProvider]{"Entry":"ebpf_object_load","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378194Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737820800 [EbpfForWindowsProvider]{"Entry":"_ebpf_object_create_maps","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378208Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737822000 [EbpfForWindowsProvider]{"Message":"_ebpf_object_create_maps returned success","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfSuccess","time":"2024-08-03T17:17:47.7378220Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737822400 [EbpfForWindowsProvider]{"Entry":"_ebpf_object_load_programs","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378224Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737823700 [EbpfForWindowsProvider]{"Entry":"_create_program","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378237Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737827300 [EbpfForWindowsProvider]{"Entry":"_ebpf_core_protocol_create_program","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378273Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737827700 [EbpfForWindowsProvider]{"Entry":"ebpf_program_create_and_initialize","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378277Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737828000 [EbpfForWindowsProvider]{"Entry":"ebpf_program_create","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378280Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":5,"opcode":1,"keywords":"0x1"}}
[2]1DB4.2288::2024/08/03-10:17:47.737832000 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378320Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737832200 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378322Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737832500 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378325Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737832700 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378327Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737833900 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{8d2a1d3f-9ce6-473d-b48e-17aa5c5581fe}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378339Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737834200 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{ce8ccef8-4241-4975-984d-bb3921dfa73c}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378342Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737834400 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{608c517c-6c52-4a26-b677-bb1c34425adf}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378344Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737842500 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{92ec8e39-aeec-11ec-9a30-18602489beee}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378425Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737842900 [EbpfForWindowsProvider]{"Message":"Program information provider module ID mismatch.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{43fb224d-68f8-46d6-aa3f-c856518cbb32}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378429Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737843200 [EbpfForWindowsProvider]{"Message":"Failed to load program information.","*guid1":"{f1832a85-85d5-45b0-98a0-7069d63013b0}","*guid2":"{00000000-0000-0000-0000-000000000000}","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericMessage","time":"2024-08-03T17:17:47.7378432Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":4,"keywords":"0x80"}}
[2]1DB4.2288::2024/08/03-10:17:47.737843500 [EbpfForWindowsProvider]{"ErrorMessage":"ebpf_program_create returned error","Error":23,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7378435Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737843900 [EbpfForWindowsProvider]{"ErrorMessage":"ebpf_program_create_and_initialize returned error","Error":23,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7378439Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737844200 [EbpfForWindowsProvider]{"ErrorMessage":"_ebpf_core_protocol_create_program returned error","Error":23,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7378442Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737844500 [EbpfForWindowsProvider]{"Api":"\"ebpf_core_invoke_protocol_handler\"","status":"0xC000026C(NT=Unable to Load Device Driver)","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfApiError","time":"2024-08-03T17:17:47.7378445Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x4"}}
[2]1DB4.2288::2024/08/03-10:17:47.737846100 [EbpfForWindowsProvider]{"Api":"DeviceIoControl","last_error":"2001(WIN=The specified driver is invalid.)","meta":{"provider":"EbpfForWindowsProvider","event":"EbpfApiError","time":"2024-08-03T17:17:47.7378461Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x100"}}
[2]1DB4.2288::2024/08/03-10:17:47.737846500 [EbpfForWindowsProvider]{"ErrorMessage":"invoke_ioctl returned error","Error":2001,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7378465Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737846900 [EbpfForWindowsProvider]{"ErrorMessage":"_create_program returned error","Error":23,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7378469Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}
[2]1DB4.2288::2024/08/03-10:17:47.737847500 [EbpfForWindowsProvider]{"ErrorMessage":"_ebpf_object_load_programs returned error","Error":23,"meta":{"provider":"EbpfForWindowsProvider","event":"EbpfGenericError","time":"2024-08-03T17:17:47.7378475Z","cpu":2,"pid":7604,"tid":8840,"channel":11,"level":2,"keywords":"0x2"}}

In accordance with the TSG, I've restarted ebpfcore, ebpfsvc, netebpfext. Same issue.

I also tried to load the program myself with bpf_object__load(), Same issue with same traces.

Please let me know if there are any further debugging steps I can take.

OS information

Edition Windows 11 Enterprise Evaluation Version 22H2 Installed on ‎7/‎28/‎2024 OS build 22621.3880 Experience Windows Feature Experience Pack 1000.22700.1020.0

Steps taken to reproduce bug

  1. Install ebpf with built debug .msi or official release .msi. (I tried both)
  2. Compile ebpf source with clang -I <include_dir> -target bpf -Werror -O2 xdp_driver.c -o xdp_driver.o
  3. Copy xdp_driver.o to target vm
  4. Attempt to load xdp program with netsh ebpf add program xdp_driver.o

Expected behavior

The program load should succeed.

Actual outcome

Program load fails with attach guid: 00000000-0000-0000-0000-000000000000 in traces.

Additional details

No response

shankarseal commented 1 month ago

@shpalani - please update documentation as needed to use xdp-test instead of xdp. And add a link to the xdp-for-windows project + msi.

shpalani commented 1 month ago

Thanks for the detailed steps. The problem is the user is not using the xdp-for-windows release package for the program type 'xdp'. Hence the xdp program failed to load and attach. ebpf-for-windows repo has replaced its support of xdp functionality with the xdp-for-windows extension.

Please use xdp-for-windows msi, instead of ebpf-for-windows's netebpfext xdp test extension xdp_test.

Download the latest xdp-for-windows release: https://github.com/microsoft/xdp-for-windows/releases/tag/v1.1.0%2Bbed474a Note: Certificate is in bin_Release_x64\amd64fre\xdp.cer

Instructions: (in a nutshell)

  1. Install ebpf-for-windows.msi
  2. Install xdp-for-windows:xdp-for-windows.msi, add Registry to enable and restart. 2.1 C:\windows\system32\certutil.exe -addstore Root .\xdp.cer 2.2 C:\windows\system32\certutil.exe -addstore TrustedPublisher .\xdp.cer 2.3 install xdp-for-windows msi 2.4 reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\xdp\Parameters /v XdpEbpfEnabled /d 1 /t REG_DWORD /f
    2.5 net stop xdp 2.6 net start xdp 2.7 sc.exe query xdp

Note: Please use the above latest version packages (ebpf-for-windows v0.18.0, xdp-for-windows v1.1.0%2Bbed474a ) stated to avoid a mismatch of versions (as some releases do not have backward compatibility in between them)

After the installations, Please check the program type for 'xdp' (and not xdp_test) Sample:

netsh ebpf add program xdp_driver.o interface=\<pick an interface ifindex> netsh ebpf show programs

    ID  Pins  Links  Mode       Type           Name
======  ====  =====  =========  =============  ====================
 65568     1      1  JIT        xdp               xdp_driver

Note: XDP programs attach to the XDP hooks for an interface. Please make sure to attach the program to the appropriate active interface. Use get-netadapter to get the ifindex.

Usage: netsh ebpf add program 
                   [filename=]<string>
                   [[type=]<string>]
                   [[pinpath=]<string>]
                   [[interface=]<string>]
                   [[pinned=]none|first|all]
                   [[execution=]jit|interpret]
                   [[compartment=]<integer>

Information: https://github.com/microsoft/ebpf-for-windows/blob/main/docs/GettingStarted.md If you still want to use the non-recommended program type 'xdp_test' test extension (no support) from ebpf-for-windows msi, then you need to specify the type with xdp_test: netsh ebpf add program xdp_driver.o xdp_test

I will update the documentation as needed.