Windows support¶
The library has preliminary support for the eBPF for Windows runtime, allowing you to build Go applications for Windows using the same APIs as on Linux.
Feature parity
efW doesn't have feature parity with Linux. Many APIs in
the library will return ErrNotSupported in this case.
Binary compatibility
efW is not binary compatible with Linux. It is not possible to compile an eBPF program for Linux and use it on Windows.
Platform specific constants¶
efW only provides source compatibility with Linux. While certain Linux map or program types have an equivalent on Windows, they don't always behave the same.
For this reason, the various type enumerations have completely distinct values
on Windows, for example WindowsHashMap is the equivalent of HashMap.
Attempting to create a HashMap on Windows will return an error, and vice versa.
Platform specific ELFs¶
Loading Windows ELFs is not supported yet.
ELFs compiled against Linux and Windows headers are not binary compatible. Add the following to ELFs targeting Windows until there is an official way to declare the platform:
Working with signed programs¶
The runtime will most likely require all eBPF programs to be signed by
Microsoft. Signing programs relies on packaging eBPF .c files as drivers using
the native code pipeline, converting bytecode into a .sys file.
The interface to load such drivers does not allow modifying the bytecode or map
definitions, therefore you can't interact with them via CollectionSpec, etc.
Instead you must load them via LoadCollection:
The returned Collection contains Maps and Programs which you can interact with as usual.
Authored by