From 84382c3edd5f11f83fcedb6dfa010b1d0558c984 Mon Sep 17 00:00:00 2001 From: Dhiren Vispute Date: Mon, 26 Feb 2024 10:17:02 -0800 Subject: [PATCH] WiP - Add rundown audit trail --- .github/workflows/cicd.yml | 205 +----------------------- netebpfext/net_ebpf_ext.c | 2 +- netebpfext/net_ebpf_ext_bind.c | 8 +- netebpfext/net_ebpf_ext_hook_provider.c | 53 ++++++ netebpfext/net_ebpf_ext_hook_provider.h | 30 ++++ netebpfext/net_ebpf_ext_sock_addr.c | 8 +- netebpfext/net_ebpf_ext_sock_ops.c | 8 +- netebpfext/net_ebpf_ext_xdp.c | 4 +- 8 files changed, 105 insertions(+), 213 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index a7d4fbbc95..9a188ea898 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -68,176 +68,28 @@ jobs: build_nuget: true configurations: '["NativeOnlyDebug", "NativeOnlyRelease"]' - # Run the unit tests in GitHub. - unit_tests_appverif: - # Always run this job. - needs: regular - if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/reusable-test.yml - with: - name: unit_tests - pre_test: appverif -enable Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for unit_tests.exe - # Exclude [processes] test that CodeCoverage can't work with. - test_command: .\unit_tests.exe -d yes ~[processes] - build_artifact: Build-x64 - environment: windows-2022 - code_coverage: true - gather_dumps: true - capture_etw: true - leak_detection: true - # Run the unit tests in GitHub. - unit_tests: - # Always run this job. - needs: regular - if: github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' - uses: ./.github/workflows/reusable-test.yml - with: - name: unit_tests - pre_test: appverif -enable Exceptions Handles Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for unit_tests.exe - # Exclude [processes] test that CodeCoverage can't work with. - test_command: .\unit_tests.exe -d yes ~[processes] - build_artifact: Build-x64 - environment: windows-2022 - code_coverage: true - gather_dumps: true - capture_etw: true - leak_detection: true - # Run the netebpfext unit tests in GitHub. - netebpf_ext_unit_tests: - # Always run this job. - needs: regular - if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/reusable-test.yml - with: - name: netebpf_ext_unit_tests - pre_test: appverif -enable Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for unit_tests.exe - test_command: .\netebpfext_unit.exe -d yes - build_artifact: Build-x64 - environment: windows-2022 - code_coverage: true - gather_dumps: true - capture_etw: true - leak_detection: true - - # Run the bpf2c tests in GitHub. - bpf2c: - # Always run this job. - needs: regular - if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/reusable-test.yml - with: - test_command: .\bpf2c_tests.exe -d yes - name: bpf2c - build_artifact: Build-x64 - environment: windows-2022 - vs_dev: true - code_coverage: true - gather_dumps: true - capture_etw: true - # Run the bpf2c conformance tests in GitHub. - bpf2c_conformance: - # Always run this job. + # Run multi-threaded stress tests with 'restart extension' enabled + # against the kernel mode eBPF sub-system. + aaa_km_mt_stress_tests_restart_extension: needs: regular if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' uses: ./.github/workflows/reusable-test.yml with: - pre_test: Invoke-WebRequest https://github.com/Alan-Jowett/bpf_conformance/releases/download/v0.0.5/bpf_conformance_runner.exe -OutFile bpf_conformance_runner.exe - test_command: .\bpf_conformance_runner.exe --test_file_directory %SOURCE_ROOT%\external\ebpf-verifier\external\bpf_conformance\tests --cpu_version v4 --exclude_regex local --plugin_path bpf2c_plugin.exe --debug true --plugin_options "--include %SOURCE_ROOT%\include" - name: bpf2c_conformance - build_artifact: Build-x64 - environment: windows-2022 - vs_dev: true - code_coverage: true - gather_dumps: true - capture_etw: true - - # Run the driver tests on self-hosted runners. - driver_ws2019: - # Always run this job. - # Only run this on repos that have self-host runners. - needs: regular - if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') - uses: ./.github/workflows/reusable-test.yml - with: - pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" - test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "CI/CD" + name: aaa_km_mt_stress_tests_restart_extension + pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "memory" + test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "Stress" -Options @("RestartExtension") post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true - name: driver_ws2019 build_artifact: Build-x64 environment: ebpf_cicd_tests_ws2019 - # driver test copies dumps to testlog folder. - gather_dumps: false - # driver tests manually gather code coverage code_coverage: false - - # Run the driver tests on self-hosted runners. - driver_ws2022: - # Always run this job. - # Only run this on repos that have self-host runners. - needs: regular - if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') - uses: ./.github/workflows/reusable-test.yml - with: - pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" - test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "CI/CD" - post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true - name: driver_ws2022 - build_artifact: Build-x64 - environment: ebpf_cicd_tests_ws2022 - # driver test copies dumps to testlog folder. + # For this test, we only want kernel mode dumps and not user mode dumps. gather_dumps: false - # driver tests manually gather code coverage - code_coverage: false - # Run the native-only driver tests on self-hosted runners. - driver_native_only_ws2019: - # Always run this job. - # Only run this on repos that have self-host runners. - needs: regular_native-only - if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') - uses: ./.github/workflows/reusable-test.yml - with: - pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" - test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "CI/CD" - post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true - name: driver_native_only_ws2019 - build_artifact: Build-x64-native-only - environment: ebpf_cicd_tests_ws2019 - # driver test copies dumps to testlog folder. - gather_dumps: false - # driver tests manually gather code coverage - code_coverage: false - configurations: '["NativeOnlyDebug", "NativeOnlyRelease"]' - driver_native_only_ws2022: - # Always run this job. - # Only run this on repos that have self-host runners. - needs: regular_native-only - if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') - uses: ./.github/workflows/reusable-test.yml - with: - pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" - test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "CI/CD" - post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true - name: driver_native_only_ws2022 - build_artifact: Build-x64-native-only - environment: ebpf_cicd_tests_ws2022 - # driver test copies dumps to testlog folder. - gather_dumps: false - # driver tests manually gather code coverage - code_coverage: false - configurations: '["NativeOnlyDebug", "NativeOnlyRelease"]' - ossar: - # Always run this job. - needs: regular - if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/ossar-scan.yml - with: - build_artifact: Build-x64 # Additional jobs to run on pull and schedule only (skip push). # --------------------------------------------------------------------------- @@ -262,19 +114,6 @@ jobs: build_artifact: Build-x64-Sanitize build_options: /p:AddressSanitizer='True' - bpf2c_fuzzer: - needs: regular - if: github.event_name == 'pull_request' || github.event_name == 'merge_group' - uses: ./.github/workflows/reusable-test.yml - with: - name: bpf2c_fuzzer - test_command: .\bpf2c_fuzzer.exe bpf2c_fuzzer_corpus -use_value_profile=1 -max_total_time=300 -artifact_prefix=Artifacts\ - build_artifact: Build-x64 - environment: windows-2022 - code_coverage: false - gather_dumps: true - configurations: '["FuzzerDebug"]' - bpf2c_fuzzer_scheduled: needs: regular if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' @@ -359,36 +198,6 @@ jobs: gather_dumps: true configurations: '["FuzzerDebug"]' - # Run Cilium regression tests in GitHub. - cilium_tests: - needs: regular - # Only run on schedule and pull request. - if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/reusable-test.yml - with: - name: cilium_tests - test_command: .\cilium_tests.exe -d yes - build_artifact: Build-x64 - environment: windows-2022 - code_coverage: false - gather_dumps: true - - # Run the quick stress tests in GitHub. - stress: - needs: regular - # Only run on schedule and pull request. - if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/reusable-test.yml - with: - name: stress - # Until there is a dedicated stress test, re-use the perf test. - test_command: .\ebpf_performance.exe -d yes - build_artifact: Build-x64 - environment: windows-2022 - # No code coverage on stress. - code_coverage: false - gather_dumps: true - # Run the unit tests in GitHub with address sanitizer. sanitize_unit_tests: needs: sanitize diff --git a/netebpfext/net_ebpf_ext.c b/netebpfext/net_ebpf_ext.c index a403a0d923..40b22fde35 100644 --- a/netebpfext/net_ebpf_ext.c +++ b/netebpfext/net_ebpf_ext.c @@ -254,7 +254,7 @@ net_ebpf_extension_wfp_filter_context_create( local_filter_context->reference_count = 1; // Initial reference. local_filter_context->client_context = client_context; - if (!net_ebpf_extension_hook_client_enter_rundown( + if (!NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX( (net_ebpf_extension_hook_client_t*)local_filter_context->client_context)) { // We're setting up the filter context here and as this is the very first (and exclusive) attempt to acquire diff --git a/netebpfext/net_ebpf_ext_bind.c b/netebpfext/net_ebpf_ext_bind.c index 1c65c291c2..a84a08fd09 100644 --- a/netebpfext/net_ebpf_ext_bind.c +++ b/netebpfext/net_ebpf_ext_bind.c @@ -273,7 +273,7 @@ net_ebpf_ext_resource_allocation_classify( } attached_client = (net_ebpf_extension_hook_client_t*)filter_context->client_context; - if (!net_ebpf_extension_hook_client_enter_rundown(attached_client)) { + if (!NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX(attached_client)) { NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS( NET_EBPF_EXT_TRACELOG_LEVEL_VERBOSE, NET_EBPF_EXT_TRACELOG_KEYWORD_BIND, @@ -321,7 +321,7 @@ net_ebpf_ext_resource_allocation_classify( Exit: if (attached_client) { - net_ebpf_extension_hook_client_leave_rundown(attached_client); + NET_EBPF_EXTENSION_HOOK_CLIENT_LEAVE_RUNDOWN_EX(attached_client); } return; } @@ -364,7 +364,7 @@ net_ebpf_ext_resource_release_classify( } attached_client = (net_ebpf_extension_hook_client_t*)filter_context->client_context; - if (!net_ebpf_extension_hook_client_enter_rundown(attached_client)) { + if (!NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX(attached_client)) { NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS( NET_EBPF_EXT_TRACELOG_LEVEL_VERBOSE, NET_EBPF_EXT_TRACELOG_KEYWORD_BIND, @@ -399,7 +399,7 @@ net_ebpf_ext_resource_release_classify( Exit: if (attached_client) { - net_ebpf_extension_hook_client_leave_rundown(attached_client); + NET_EBPF_EXTENSION_HOOK_CLIENT_LEAVE_RUNDOWN_EX(attached_client); } return; } diff --git a/netebpfext/net_ebpf_ext_hook_provider.c b/netebpfext/net_ebpf_ext_hook_provider.c index 64dd5e495d..eda9fab50d 100644 --- a/netebpfext/net_ebpf_ext_hook_provider.c +++ b/netebpfext/net_ebpf_ext_hook_provider.c @@ -68,6 +68,22 @@ typedef struct _net_ebpf_extension_hook_provider #define RELEASE_PUSH_LOCK_EXCLUSIVE(lock) _RELEASE_PUSH_LOCK(lock, Exclusive) #define RELEASE_PUSH_LOCK_SHARED(lock) _RELEASE_PUSH_LOCK(lock, Shared) +KSPIN_LOCK _rundown_audit_trail_lock; +uint32_t _rundown_ref_count = 0; +uint32_t _rundown_audit_trail_index = 0; + +typedef struct _rundown_audit_trail_entry +{ + rundown_op_type_t op_type; + uint32_t line_num; + char* calling_func; + net_ebpf_ext_hook_client_rundown_t rundown; + +} rundown_audit_trail_entry_t; + +rundown_audit_trail_entry_t _rundown_audit_trail[0xFFFF]; +uint32_t _rundown_audit_trail_index_max = (sizeof(_rundown_audit_trail) / sizeof(rundown_audit_trail_entry_t)); + /** * @brief Initialize the hook client rundown state. * @@ -170,6 +186,26 @@ net_ebpf_extension_hook_client_enter_rundown(_Inout_ net_ebpf_extension_hook_cli return status; } +bool +net_ebpf_extension_hook_client_enter_rundown_ex( + _Inout_ net_ebpf_extension_hook_client_t* hook_client, char* calling_func, uint32_t line_num) +{ + KIRQL old_irql; + BOOL status; + + // KeAcquireSpinLock(&_rundown_audit_trail_lock, &old_irql); + status = net_ebpf_extension_hook_client_enter_rundown(hook_client); + if (status) { + // _rundown_audit_trail[_rundown_audit_trail_index].op_type = RUNDOWN_OP_TYPE_ENTER; + // _rundown_audit_trail[_rundown_audit_trail_index].line_num = line_num; + // _rundown_audit_trail[_rundown_audit_trail_index].calling_func = calling_func; + // _rundown_audit_trail[_rundown_audit_trail_index].rundown = hook_client->rundown; + // _rundown_audit_trail_index++; + } + // KeReleaseSpinLock(&_rundown_audit_trail_lock, old_irql); + return status; +} + void net_ebpf_extension_hook_client_leave_rundown(_Inout_ net_ebpf_extension_hook_client_t* hook_client) { @@ -177,6 +213,22 @@ net_ebpf_extension_hook_client_leave_rundown(_Inout_ net_ebpf_extension_hook_cli ExReleaseRundownProtection(&rundown->protection); } +void +net_ebpf_extension_hook_client_leave_rundown_ex( + _Inout_ net_ebpf_extension_hook_client_t* hook_client, char* calling_func, uint32_t line_num) +{ + KIRQL old_irql; + + // KeAcquireSpinLock(&_rundown_audit_trail_lock, &old_irql); + net_ebpf_extension_hook_client_leave_rundown(hook_client); + // _rundown_audit_trail[_rundown_audit_trail_index].op_type = RUNDOWN_OP_TYPE_LEAVE; + // _rundown_audit_trail[_rundown_audit_trail_index].line_num = line_num; + // _rundown_audit_trail[_rundown_audit_trail_index].calling_func = calling_func; + // _rundown_audit_trail[_rundown_audit_trail_index].rundown = hook_client->rundown; + // _rundown_audit_trail_index++; + // KeReleaseSpinLock(&_rundown_audit_trail_lock, old_irql); +} + const ebpf_extension_data_t* net_ebpf_extension_hook_client_get_client_data(_In_ const net_ebpf_extension_hook_client_t* hook_client) { @@ -490,6 +542,7 @@ net_ebpf_extension_hook_provider_register( memset(local_provider_context, 0, sizeof(net_ebpf_extension_hook_provider_t)); ExInitializePushLock(&local_provider_context->lock); InitializeListHead(&local_provider_context->attached_clients_list); + KeInitializeSpinLock(&_rundown_audit_trail_lock); characteristics = &local_provider_context->characteristics; characteristics->Length = sizeof(NPI_PROVIDER_CHARACTERISTICS); diff --git a/netebpfext/net_ebpf_ext_hook_provider.h b/netebpfext/net_ebpf_ext_hook_provider.h index 6f02c78227..aaa96b281f 100644 --- a/netebpfext/net_ebpf_ext_hook_provider.h +++ b/netebpfext/net_ebpf_ext_hook_provider.h @@ -190,3 +190,33 @@ net_ebpf_extension_hook_check_attach_parameter( _In_reads_(attach_parameter_size) const void* attach_parameter, _In_reads_(attach_parameter_size) const void* wild_card_attach_parameter, _Inout_ net_ebpf_extension_hook_provider_t* provider_context); + +typedef enum _rundown_op_type_ +{ + RUNDOWN_OP_TYPE_ENTER = 1, + RUNDOWN_OP_TYPE_LEAVE = 2, +} rundown_op_type_t; + +typedef enum +{ + NET_EBPF_EXT_C = 1, + NET_EBPF_EXT_BIND_C = 2, + NET_EBPF_EXT_SOCK_ADDR_C = 3, + NET_EBPF_EXT_SOCK_OPS_C = 4, + NET_EBPF_EXT_SOCK_XDP_C = 5 +} rundown_file_id_t; + +bool +net_ebpf_extension_hook_client_enter_rundown_ex( + _Inout_ net_ebpf_extension_hook_client_t* hook_client, char* calling_func, uint32_t line_num); + +void +net_ebpf_extension_hook_client_leave_rundown_ex( + _Inout_ net_ebpf_extension_hook_client_t* hook_client, char* calling_func, uint32_t line_num); + +// #define NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN(_client_context, file_id) +#define NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX(_client_context) \ + net_ebpf_extension_hook_client_enter_rundown_ex(_client_context, __func__, __LINE__) + +#define NET_EBPF_EXTENSION_HOOK_CLIENT_LEAVE_RUNDOWN_EX(_client_context) \ + net_ebpf_extension_hook_client_leave_rundown_ex(_client_context, __func__, __LINE__) diff --git a/netebpfext/net_ebpf_ext_sock_addr.c b/netebpfext/net_ebpf_ext_sock_addr.c index dbbd1b7c57..734a6ce5bf 100644 --- a/netebpfext/net_ebpf_ext_sock_addr.c +++ b/netebpfext/net_ebpf_ext_sock_addr.c @@ -1178,7 +1178,7 @@ net_ebpf_extension_sock_addr_authorize_recv_accept_classify( } attached_client = (net_ebpf_extension_hook_client_t*)filter_context->base.client_context; - if (!net_ebpf_extension_hook_client_enter_rundown(attached_client)) { + if (!NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX(attached_client)) { NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS( NET_EBPF_EXT_TRACELOG_LEVEL_VERBOSE, NET_EBPF_EXT_TRACELOG_KEYWORD_SOCK_ADDR, @@ -1225,7 +1225,7 @@ net_ebpf_extension_sock_addr_authorize_recv_accept_classify( Exit: if (attached_client) { - net_ebpf_extension_hook_client_leave_rundown(attached_client); + NET_EBPF_EXTENSION_HOOK_CLIENT_LEAVE_RUNDOWN_EX(attached_client); } NET_EBPF_EXT_LOG_EXIT(); @@ -1558,7 +1558,7 @@ net_ebpf_extension_sock_addr_redirect_connection_classify( } attached_client = (net_ebpf_extension_hook_client_t*)filter_context->base.client_context; - if (!net_ebpf_extension_hook_client_enter_rundown(attached_client)) { + if (!NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX(attached_client)) { NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS( NET_EBPF_EXT_TRACELOG_LEVEL_VERBOSE, NET_EBPF_EXT_TRACELOG_KEYWORD_SOCK_ADDR, @@ -1709,7 +1709,7 @@ net_ebpf_extension_sock_addr_redirect_connection_classify( } if (attached_client) { - net_ebpf_extension_hook_client_leave_rundown(attached_client); + NET_EBPF_EXTENSION_HOOK_CLIENT_LEAVE_RUNDOWN_EX(attached_client); } if (net_ebpf_sock_addr_ctx.redirect_context != NULL) { diff --git a/netebpfext/net_ebpf_ext_sock_ops.c b/netebpfext/net_ebpf_ext_sock_ops.c index 12a577399a..af903a4636 100644 --- a/netebpfext/net_ebpf_ext_sock_ops.c +++ b/netebpfext/net_ebpf_ext_sock_ops.c @@ -421,7 +421,7 @@ net_ebpf_extension_sock_ops_flow_established_classify( } attached_client = (net_ebpf_extension_hook_client_t*)filter_context->base.client_context; - if (!net_ebpf_extension_hook_client_enter_rundown(attached_client)) { + if (!NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX(attached_client)) { NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS( NET_EBPF_EXT_TRACELOG_LEVEL_VERBOSE, NET_EBPF_EXT_TRACELOG_KEYWORD_SOCK_OPS, @@ -508,7 +508,7 @@ net_ebpf_extension_sock_ops_flow_established_classify( ExFreePool(local_flow_context); } if (attached_client != NULL) { - net_ebpf_extension_hook_client_leave_rundown(attached_client); + NET_EBPF_EXTENSION_HOOK_CLIENT_LEAVE_RUNDOWN_EX(attached_client); } } @@ -541,7 +541,7 @@ net_ebpf_extension_sock_ops_flow_delete(uint16_t layer_id, uint32_t callout_id, } attached_client = (net_ebpf_extension_hook_client_t*)filter_context->base.client_context; - if (!net_ebpf_extension_hook_client_enter_rundown(attached_client)) { + if (!NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX(attached_client)) { NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS( NET_EBPF_EXT_TRACELOG_LEVEL_VERBOSE, NET_EBPF_EXT_TRACELOG_KEYWORD_SOCK_OPS, @@ -579,7 +579,7 @@ net_ebpf_extension_sock_ops_flow_delete(uint16_t layer_id, uint32_t callout_id, } if (attached_client != NULL) { - net_ebpf_extension_hook_client_leave_rundown(attached_client); + NET_EBPF_EXTENSION_HOOK_CLIENT_LEAVE_RUNDOWN_EX(attached_client); } } diff --git a/netebpfext/net_ebpf_ext_xdp.c b/netebpfext/net_ebpf_ext_xdp.c index a9e68e8389..5e96126bd2 100644 --- a/netebpfext/net_ebpf_ext_xdp.c +++ b/netebpfext/net_ebpf_ext_xdp.c @@ -675,7 +675,7 @@ net_ebpf_ext_layer_2_classify( } attached_client = (net_ebpf_extension_hook_client_t*)filter_context->base.client_context; - if (!net_ebpf_extension_hook_client_enter_rundown(attached_client)) { + if (!NET_EBPF_EXTENSION_HOOK_CLIENT_ENTER_RUNDOWN_EX(attached_client)) { NET_EBPF_EXT_LOG_MESSAGE_NTSTATUS( NET_EBPF_EXT_TRACELOG_LEVEL_VERBOSE, NET_EBPF_EXT_TRACELOG_KEYWORD_XDP, @@ -780,7 +780,7 @@ net_ebpf_ext_layer_2_classify( Exit: if (attached_client) { - net_ebpf_extension_hook_client_leave_rundown(attached_client); + NET_EBPF_EXTENSION_HOOK_CLIENT_LEAVE_RUNDOWN_EX(attached_client); } }