Build and verify eBPF programs for the ebpf-for-windows project. Use this skill when asked to compile a .c BPF source to .o, verify a .o ELF file with bpf2c, or diagnose verification failures. Covers the full clang→bpf2c pipeline.
apm install @microsoft/verify-bpf
[](https://apm-p1ls2dz87-atlamors-projects.vercel.app/packages/@microsoft/verify-bpf)---
name: verify-bpf
description: >
Build and verify eBPF programs for the ebpf-for-windows project.
Use this skill when asked to compile a .c BPF source to .o, verify a .o ELF file
with bpf2c, or diagnose verification failures. Covers the full clang→bpf2c pipeline.
---
# Build & Verify eBPF Programs (ebpf-for-windows)
Compile eBPF C source to ELF bytecode with clang, then verify (and optionally generate
native code) with bpf2c. On verification failure, diagnose using the PREVAIL reference.
## When to Use
- User asks to compile/build a `.c` eBPF program to `.o`
- User asks to verify a `.o` ELF file or check if it passes the verifier
- User asks to debug or fix a verification failure from bpf2c output
- User mentions bpf2c, clang+bpf, or PREVAIL verification in the ebpf-for-windows context
## Prerequisites
- **clang.exe** — find the first existing path (highest priority first):
`packages\llvm.tools\clang.exe`, `"$env:ProgramFiles\LLVM\bin\clang.exe"`,
`"$(& "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -property installationPath)\VC\Tools\Llvm\bin\clang.exe"`
- **bpf2c.exe** — if `x64\Debug\bpf2c.exe` is missing, build it:
`msbuild ebpf-for-windows.sln /m /p:Configuration=Debug /p:Platform=x64 /t:tools\bpf2c`
## Quick Reference
### 1. Compile: C → ELF (.o)
Run from the **solution root directory** (use the clang path found above):
```powershell
# Standard sample programs
& '<clang-path>' -g -target bpf -O2 -Werror `
-Iinclude -Iexternal\bpftool `
-Itests\xdp -Itests\socket `
-Itests\sample\ext\inc -Itests\include `
-c <SOURCE>.c -o <OUTPUT>.o
```
For **undocked** programs (`tests\sample\undocked\*.c`), also add:
- `-Itests\sample`
- `-Iundocked\tests\sample\ext\inc`
### 2. Verify: ELF (.o) → native C (via bpf2c)
```powershell
.\x64\Debug\bpf2c.exe --bpf <FILE>.o --sys <OUTPUT_DIR>\<name>_driver.c
```
Add **`--verbose`** to get detailed verifier output (pre/post invariants at each instruction)
on failure.
### bpf2c Options
| Flag | Purpose |
|------|---------|
| `--bpf <file>` | Input ELF file containing BPF bytecode |
| `--sys <file>` | Generate Windows kernel driver C wrapper |
| `--dll <file>` | Generate Windows DLL C wrapper |
| `--raw <file>` | Generate C code without platform wrapper |
| `--verbose` | Show detailed verifier failure info (invariants) |
| `--type <str>` | Override eBPF program type string |
| `--hash <alg>` | Algorithm used to hash ELF file |
## Workflow
### Step 1: Identify the Source
Determine the `.c` source file and where the `.o` should go. Common patterns:
| Source Location | Include Flags |
|----------------|---------------|
| `tests\sample\*.c` | `-Iinclude -Iexternal\bpftool -Itests\xdp -Itests\socket -Itests\sample\ext\inc -Itests\include` |
| `tests\sample\undocked\*.c` | Same as above, plus `-Itests\sample -Iundocked\tests\sample\ext\inc` |
| User-provided file | Start with the standard sample flags; add more `-I` paths as needed |
### Step 2: Compile with Clang
Run clang. If it fails, fix compiler errors in the C source (standard C/clang diagnostics).
### Step 3: Verify with bpf2c
Run bpf2c with `--sys` (or `--dll`/`--raw`). Two outcomes:
- **Success** → bpf2c generates the output C file. Verification passed.
- **Failure** → bpf2c prints verifier errors. Proceed to diagnosis.
### Step 4: Diagnose Failures
On verification failure:
1. **Re-run with `--verbose`** if not already used, to get full invariant output.
2. **Read `external/ebpf-verifier/docs/llm-context.md`** — the authoritative PREVAIL diagnostic reference.
3. Follow the diagnosis protocol in that document (identify error → check pre-invariant →
trace root cause → recommend fix).
## Example: Full Pipeline
```powershell
# Compile (undocked program — needs full include paths)
& '<clang-path>' -g -target bpf -O2 -Werror `
-Iinclude -Iexternal\bpftool `
-Itests\xdp -Itests\socket -Itests\sample\ext\inc -Itests\include `
-Itests\sample -Iundocked\tests\sample\ext\inc `
-c tests\sample\undocked\perf_event_burst.c `
-o x64\Debug\perf_event_burst.o
# Verify + generate driver
.\x64\Debug\bpf2c.exe --bpf x64\Debug\perf_event_burst.o `
--sys .\x64\Debug\perf_event_burst_km\perf_event_burst_driver.c
# If verification fails, re-run with --verbose for diagnosis
.\x64\Debug\bpf2c.exe --bpf x64\Debug\perf_event_burst.o `
--sys .\x64\Debug\perf_event_burst_km\perf_event_burst_driver.c `
--verbose
```