MSI should install drivers and services (microsoft#1271)

* Update release data

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Add NSIS support to generate a setup exe

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* More of the implementation

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Add net start/stop actions to the msi

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Cleanup

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* First step in conversion to common install script

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Convert to common setup script

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Snapshot before cleanup

this version does install the netsh helper
it does not delete the files from system32 on uninstall

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Cleanup

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* More cleanup

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Fix build

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Fix driver test

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

* Drop verifier fuzzer test to 15 mins

Same as the bpf2c fuzzer. This removes 15 mins from the long pole
for CI/CD.

Signed-off-by: Dave Thaler <dthaler@microsoft.com>

.github/workflows/cicd.yml

@@ -187,7 +187,7 @@ jobs:
     uses: ./.github/workflows/reusable-test.yml
     with:
       name: verifier_fuzzer
-      test_command: .\verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=1800 -artifact_prefix=Artifacts\
+      test_command: .\verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=900 -artifact_prefix=Artifacts\
       build_artifact: Build-x64-fuzzer
       environment: windows-2019
       code_coverage: false

.github/workflows/reusable-build.yml

@@ -155,22 +155,22 @@ jobs:
       env:
         SOURCE_DIR: ${{github.workspace}}
       run: |
-        ${{github.workspace}}/scripts/create_package_data.bat
+        ${{github.workspace}}\scripts\create_package_data.bat ${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}
 
     - name: Generate the MSI release package
       if: matrix.configurations == 'Release' && inputs.generate_release_package == true
       working-directory: ${{env.GITHUB_WORKSPACE}}
       run: |
-        cmake -S packaging -B package -DEBPFFORWINDOWS_PROGRAM_DATA="${{github.workspace}}\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}\package_data" "-DEBPFFORWINDOWS_VERSION=1.0.0" -DCPACK_GENERATOR=WIX
-        cmake --build package --target package
+        cmake -S tools\setup -B build\setup -DEBPFFORWINDOWS_PROGRAM_DATA="${{github.workspace}}\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}\package_data" "-DEBPFFORWINDOWS_VERSION=0.2.0" -DCPACK_GENERATOR=WIX
+        cmake --build build\setup --target package
 
     - name: Locate the packages
       if: matrix.configurations == 'Release' && inputs.generate_release_package == true
       working-directory: ${{env.GITHUB_WORKSPACE}}
       id: packages
       shell: bash
       run: |
-        echo ::set-output name=REL_MSI_PACKAGE_PATH::$(ls package/*.msi)
+        echo ::set-output name=REL_MSI_PACKAGE_PATH::$(ls build/setup/*.msi)
 
     - name: Upload the MSI package
       if: matrix.configurations == 'Release' && inputs.generate_release_package == true

docs/GettingStarted.md

@@ -1,6 +1,11 @@
 # Getting Started
 
-## Prerequisites
+If you just want to install eBPF for Windows on a machine to experiment with,
+jump down to [Installing eBPF for Windows](#installing-ebpf-for-windows).
+
+## Building eBPF for Windows
+
+### Prerequisites
 
 The following must be installed in order to build this project:
 1. Git (e.g., [Git for Windows 64-bit](https://git-scm.com/download/win))
@@ -25,14 +30,14 @@ if ((get-filehash $env:TEMP\Setup-DeveEnv.ps1).Hash -eq '4000D4B2478A5CE9A779140
 ```
 3. Launch Visual Studio Installer and select "MSVC v142 - VS 2019 C++ x64/x86 Spectre-mitigated libs (latest)"
 
-## How to clone and build the project using Visual Studio
+### How to clone and build the project using Visual Studio
 This section outlines the steps to build, prepare and build the eBPF-For-Windows project.
 
-### Cloning the project
+#### Cloning the project
 1. ```git clone --recurse-submodules https://github.com/microsoft/ebpf-for-windows.git```.
 By default this will clone the project under the `ebpf-for-windows` directory.
 
-### Prepare for first build
+#### Prepare for first build
 The following steps need to be executed _once_ before the first build on a new clone.
 1. Launch `Developer Command Prompt for VS 2019` by running `"C:\Program Files (x86)\Microsoft Visual Studio\2019\BuildTools\Common7\Tools\VsDevCmd.bat"`.
 2. Change directory to where the project is cloned, e.g. ```cd ebpf-for-windows```.
@@ -41,21 +46,21 @@ The following steps need to be executed _once_ before the first build on a new c
 5. ```nuget restore ebpf-for-windows.sln```
 6. ```del external\ebpf-verifier\build\obj\project.assets.json```
 
-### Building using Developer Command Prompt for VS 2019
+#### Building using Developer Command Prompt for VS 2019
 1. Launch `Developer Command Prompt for VS 2019`.
 2. Change directory to where the project is cloned, e.g. ```cd ebpf-for-windows```.
 3. ```msbuild /m /p:Configuration=Debug /p:Platform=x64 ebpf-for-windows.sln```
 
-#### Setting compile time options when building from Developer Command Prompt
+##### Setting compile time options when building from Developer Command Prompt
 To build with specific compile time options, append ```/p:DefineConstants=<option_name>```. Options available include:
 1. ```CONFIG_BPF_JIT_ALWAYS_ON``` - Compile eBPF Execution Context without support for eBPF interpreter.
 
-### Building using Visual Studio IDE
+#### Building using Visual Studio IDE
 1. Open `ebpf-for-windows.sln`
 2. Switch to debug / x64
 3. Build solution
 
-#### Setting compile time options when building from Visual Studio IDE
+##### Setting compile time options when building from Visual Studio IDE
 To build with specific compile time options:
 1. Select the project to modify from the Solution Explorer.
 2. Navigate to "C/C++" -> "Preprocessor" -> "Preprocessor Definitions"
@@ -92,28 +97,28 @@ and a few binaries just used for demo'ing eBPF functionality, as in the demo wal
 * `port_quota.exe`: A sample utility to illustrate using eBPF to manage port quotas to defend against `port_leak.exe`
                   and similar "buggy" apps.
 
-## How to clone and build the project using CMake
+### How to clone and build the project using CMake
 
-### Cloning the project
+#### Cloning the project
 ```bash
 git clone --recurse-submodules https://github.com/microsoft/ebpf-for-windows.git
 ```
 
-### Configuring the project
+#### Configuring the project
 
 ```bash
 cmake -S ebpf-for-windows -B build
 ```
 
-### Building the project
+#### Building the project
 
 Configuration: It is advised to use the Debug configuration for now.
 
 ```bash
 cmake --build build --config <Configuration>
 ```
 
-### Running the tests
+#### Running the tests
 
 Configure with the `EBPFFORWINDOWS_ENABLE_TESTS` option (enabled by default)
 
@@ -141,7 +146,7 @@ Windows requires that one of the following criteria be met prior to loading a dr
 2. The OS is booted with a kernel debugger attached.
 3. The OS is running in [test-signing mode](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option), the [driver is test signed](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/test-signing-a-driver-through-an-embedded-signature) and the [test certificate is installed](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/installing-test-certificates).
 
-Since the binaries built above are not signed by Microsoft, they will only work on a machine with
+Since the eBPF for Wndows binaries are not yet signed by Microsoft, they will only work on a machine with
 a kernel debugger (KD) attached and running, or test signing is enabled. (It is expected that official
 releases of eBPF for Windows will eventually be production signed at some point in the future after
 security hardening is completed.)
@@ -245,7 +250,7 @@ Other useful options include:
 ### xdp_tests.exe
 This application tests various XDP functionalities. It has the following tests:
 1. Reflection Test: This tests the XDP_TX functionality. The following steps show how to run the test:
-   1. On the system under test, install eBPF binaries (`install-ebpf.bat`).
+   1. On the system under test, install eBPF binaries (`.\scripts\setup-ebpf.ps1`).
    2. Load the test eBPF program by running the following commands: `netsh`, `ebpf`, `add program reflect_packet.o xdp` and note the ID.
    3. From a remote host, run xdp_tests.exe and in `--remote-ip` parameter pass an IPv4 or IPv6 address of an Ethernet-like interface on the system under test in string format.
    4. Unload the program from system under test by running `delete program <id>` on the netsh prompt, where <id> is the ID noted above.

docs/InstallEbpf.md

@@ -13,10 +13,10 @@ has already built the binaries for x64/Debug or x64/Release.
 2. From within the VM, install the binaries as follows:
     1. Start an admin command shell (cmd.exe).
     2. Do 'cd C:\temp'.
-    3. Do 'install-ebpf.bat'.
+    3. Do 'powershell -ExecutionPolicy Bypass .\scripts\setup-ebpf.ps1'.
 
 ### Method 2
-Copy the build output to the host of the test VM and run the following.
+Copy the build output to the host of the test VM and run the following in powershell.
 1. `Checkpoint-VM -Name <test-vm-name> -CheckpointName baseline` -- Creates a snapshot of the test VM named **baseline**.
 2. Store the VM administrator credential:
    1) `Install-Module CredentialManager -force`
@@ -54,4 +54,4 @@ Start an admin Powershell on the Windows Host and run `.\images\build-images.ps1
 4. Update `manifests/Kubernetes/ebpf-for-windows-daemonset.yaml` with the container image pointing to your image path. Run the following command:
 ```
 kubectl apply -f manifests/Kubernetes/ebpf-for-windows-daemonset.yaml
-```
+```

ebpfsvc/svcmain.cpp

@@ -92,7 +92,7 @@ service_install()
         path,                          // path to service's binary
         nullptr,                       // no load ordering group
         nullptr,                       // no tag identifier
-        nullptr,                       // no dependencies
+        L"EbpfCore\0",                 // null-separated dependencies
         L"NT AUTHORITY\\LocalService", // LocalService account
         nullptr);                      // no password
 

scripts/config_test_vm.psm1

@@ -292,7 +292,7 @@ function Install-eBPFComponentsOnVM
         Import-Module $WorkingDirectory\common.psm1 -ArgumentList ($LogFileName) -Force -WarningAction SilentlyContinue
         Import-Module $WorkingDirectory\install_ebpf.psm1 -ArgumentList ($WorkingDirectory, $LogFileName) -Force -WarningAction SilentlyContinue
 
-        Install-eBPFComponents
+        Install-eBPFComponents -Tracing $true
     } -ArgumentList ("eBPF", $LogFileName) -ErrorAction Stop
     Write-Log "eBPF components installed on $VMName" -ForegroundColor Green
 }

scripts/create_package_data.bat

@@ -1,11 +1,17 @@
-# Copyright (c) Microsoft Corporation
-# SPDX-License-Identifier: MIT
+rem Copyright (c) Microsoft Corporation
+rem SPDX-License-Identifier: MIT
 @echo off
 
+set SCRIPTS_DIR=%~dp0
+set SOURCE_DIR=%SCRIPTS_DIR%\..
+pushd %SOURCE_DIR%\%1
+dir
+
 mkdir package_data
 copy bpftool.exe package_data
 copy bpf2c.exe package_data
 copy ebpfsvc.exe package_data
+copy export_program_info.exe package_data
 copy EbpfApi.dll package_data
 copy ebpfnetsh.dll package_data
 copy ebpf-all.guid package_data
@@ -24,51 +30,50 @@ copy EbpfCore\EbpfCore.sys package_data\drivers
 copy EbpfCore\EbpfCore.inf package_data\drivers
 
 mkdir package_data\scripts
-copy %SOURCE_DIR%\scripts\install-ebpf.bat package_data\scripts
-copy %SOURCE_DIR%\scripts\uninstall-ebpf.bat package_data\scripts
+copy %SOURCE_DIR%\scripts\common.psm1 package_data\scripts
+copy %SOURCE_DIR%\scripts\install_ebpf.psm1 package_data\scripts
+copy %SOURCE_DIR%\scripts\setup-ebpf.ps1 package_data\scripts
 
 mkdir package_data\testing
-copy api_test.exe testing
-copy api_test.pdb testing
-copy bindmonitor.o testing
-copy bindmonitor_ringbuf.o testing
-copy bindmonitor_tailcall.o testing
-copy bpf.o testing
-copy bpf_call.o testing
-copy bpftool.pdb testing
-copy cgroup_sock_addr.o testing
-copy decap_permit_packet.o testing
-copy divide_by_zero.o testing
-copy droppacket.o testing
-copy droppacket_um.dll testing
-copy droppacket_um.pdb testing
-copy droppacket_unsafe.o testing
-copy ebpf_client.exe testing
-copy ebpf_client.pdb testing
-copy EbpfApi.pdb testing
-copy ebpfnetsh.pdb testing
-copy encap_reflect_packet.o testing
-copy map.o testing
-copy map_in_map.o testing
-copy map_in_map_v2.o testing
-copy map_reuse.o testing
-copy map_reuse_2.o testing
-copy pidtgid.o testing
-copy printk.o testing
-copy printk_unsafe.o testing
-copy reflect_packet.o testing
-copy run_tests.bat testing
-copy sample_ebpf_ext.sys testing
-copy sample_ext_app.exe testing
-copy sample_ext_app.pdb testing
-copy tail_call.o testing
-copy tail_call_bad.o testing
-copy tail_call_map.o testing
-copy tail_call_multiple.o testing
-copy test_sample_ebpf.o testing
-copy test_utility_helpers.o testing
-copy unit_tests.exe testing
-copy unit_tests.pdb testing
+copy api_test.exe package_data\testing
+copy api_test.pdb package_data\testing
+copy bindmonitor.o package_data\testing
+copy bindmonitor_ringbuf.o package_data\testing
+copy bindmonitor_tailcall.o package_data\testing
+copy bpf.o package_data\testing
+copy bpf_call.o package_data\testing
+copy bpftool.pdb package_data\testing
+copy cgroup_sock_addr.o package_data\testing
+copy decap_permit_packet.o package_data\testing
+copy divide_by_zero.o package_data\testing
+copy droppacket.o package_data\testing
+copy droppacket_um.dll package_data\testing
+copy droppacket_um.pdb package_data\testing
+copy droppacket_unsafe.o package_data\testing
+copy EbpfApi.pdb package_data\testing
+copy ebpfnetsh.pdb package_data\testing
+copy encap_reflect_packet.o package_data\testing
+copy map.o package_data\testing
+copy map_in_map.o package_data\testing
+copy map_in_map_v2.o package_data\testing
+copy map_reuse.o package_data\testing
+copy map_reuse_2.o package_data\testing
+copy pidtgid.o package_data\testing
+copy printk.o package_data\testing
+copy printk_unsafe.o package_data\testing
+copy reflect_packet.o package_data\testing
+copy run_tests.bat package_data\testing
+copy sample_ebpf_ext.sys package_data\testing
+copy sample_ext_app.exe package_data\testing
+copy sample_ext_app.pdb package_data\testing
+copy tail_call.o package_data\testing
+copy tail_call_bad.o package_data\testing
+copy tail_call_map.o package_data\testing
+copy tail_call_multiple.o package_data\testing
+copy test_sample_ebpf.o package_data\testing
+copy test_utility_helpers.o package_data\testing
+copy unit_tests.exe package_data\testing
+copy unit_tests.pdb package_data\testing
 
 robocopy /E /IS %SOURCE_DIR%\include package_data\include
 
@@ -77,4 +82,6 @@ robocopy /E /IS %SOURCE_DIR%\external\bpftool\libbpf\include\asm package_data\in
 robocopy /E /IS %SOURCE_DIR%\external\bpftool\libbpf\include\linux package_data\include\libbpf\linux
 robocopy /E /IS %SOURCE_DIR%\external\bpftool\libbpf\include\uapi package_data\include\libbpf\uapi
 
+popd
+
 exit /b 0