Add new neteventebpfext eBPF extension for processing network events.
#28
Conversation
gtrevi
changed the title
pktmonebpfext eBPF extension for processing Packet Monitor (pktmon) events.pktmonebpfext eBPF extension for processing Packet Monitor (pktmon) events.
gtrevi
changed the title
pktmonebpfext eBPF extension for processing Packet Monitor (pktmon) events.pktmonebpfext eBPF extension for processing Packet Monitor (pktmon) events.
|
As a general comment, this PR contains significant code re-org. While this re-org is certainly worthwhile, it seems orthogonal to the actual extension code payload. 'As-is', reverting this PR (for any reason) will cause all that re-org to be reverted as well. Is it possible to separate out the code re-org into a separate PR? |
This repo was designed to offer a library of boilerplate code to accelerate the development of eBPF extensions, and host multiple other extensions that build on top of that. Happens that upon adding the second extension, the structure and other minor refactoring had to be adapted to have the repo comply to its design intent in the first place, which was missing. |
ebpf_extensions/neteventebpfext/netevent_ebpf_ext_program_info.h
Outdated
Show resolved
Hide resolved
gtrevi
requested review from
shankarseal,
dv-msft,
matthewige,
Austin-Lamb and
mikeagun
Description
This PR:
neteventebpfexteBPF extension for capturing network events.netevent_simkernel driver, which simulates an event provider for testing purposes.netevent_monitoreBPF program that will be invoked by theneteventebpfextextension upon receiving "special" events (actual or simulator), which will store the events in a ring-buffer map.netevent_simkernel driver, flowing from theneteventebpfexteBPF extension, into thenetevent_monitoreBPF program, into the ring-buffer map and ultimately into a UM app (i.e. the unit test) being called back upon every event insertion.store_helperlibrary files, already implemented in EbpfApi.dll.Testing
Local, CICD.
Documentation
README.mddocs\neteventebpfext.mdInstallation
n.a.