[DRAFT] ebpf plugin + parser + component tests (1st Checkin)

[vpidatala94]

Description

[DRAFT] - This is a first check in for retina isolated component tests for [ebp-for-windows plugin + retinaebpfapi.dll]
[SCOPE] - 5 tuple validation only

Checklist

• I have correctly attributed the author(s) of the code.
• I have tested the changes locally.
• I have followed the project's style guidelines.
• I have added tests, if applicable.

Additional Notes

The Product flow

1. Test executable loads a XDP bpf program and pins mock cilium maps to intercept ingress traffic on the wire using eventwriter.dll
2. Setup and starts the ebpfforwindows plugin
3. Hook and listen onto enricher ring for incoming events.
4. Sets up a filter for bpf program to ignore all incoming traffic but from aka.ms
5. Performs a curl to aka.ms
6. The BPF program gets triggered, creates a trace event and appends packet payload
7. Additionally, the BPF program parses the packet and stores 5 tuple information in a map
8. Retinaebpi.dll gets triggered for data in the ring buffer (events map) rendering a callback to retina plugin.
9. Retina uses the hubble cilium parser to parse the data to create a flow object and writer to the enricher ring.
10. The enricher ring gets triggered and here we validate the flow object with previously captured 5 tuple information.

Expectations

1. Test code expects retinaebpf.dll and event_writer.dll to be present in the same directory as the test executable

---

Screenshots (if applicable) or Testing Completed

C:\binaries>.\WindowsEbpfPluginTest.exe
/ebpf/global/cilium_events -pinned map found at pin_map
/ebpf/global/cilium_metrics -pinned map found at pin_map
/ebpf/global/five_tuple_map -pinned map found at pin_map
/ebpf/global/filter_map -pinned map found at pin_map
ts=2025-02-06T09:39:17.313-0800 level=info caller=ebpfwindows/ebpf_windows_test.go:213 msg="Event_writer attached to interface" Ifindex=2
attach_program_to_interface - failed to attach to interface with ifindex 1
ts=2025-02-06T09:39:17.329-0800 level=error caller=ebpfwindows/ebpf_windows_test.go:211 msg="SetupEventWriter - failed to attach event_writer" Interface=1 error="The specified driver is invalid."
ts=2025-02-06T09:39:17.333-0800 level=info caller=metrics/metrics.go:162 msg="Metrics initialized"
ts=2025-02-06T09:39:17.335-0800 level=info caller=ebpfwindows/ebpf_windows.go:172 msg="Stop ebpfWindows plugin..."
ts=2025-02-06T09:39:17.346-0800 level=info caller=ebpfwindows/ebpf_windows.go:93 msg="Start ebpfWindows plugin..."
ts=2025-02-06T09:39:17.560-0800 level=info caller=ebpfwindows/ebpf_windows_test.go:145 msg=UDP FlowType=L3_L4 srcIP=10.216.118.81 dstIP=255.255.255.255 srcP=68 dstP=67
ts=2025-02-06T09:39:17.566-0800 level=info caller=ebpfwindows/ebpf_windows_test.go:162 msg="Match found!"
ts=2025-02-06T09:39:17.594-0800 level=info caller=ebpfwindows/ebpf_windows_test.go:145 msg=UDP FlowType=L3_L4 srcIP=10.216.118.81 dstIP=255.255.255.255 srcP=68 dstP=67
ts=2025-02-06T09:39:17.614-0800 level=info caller=ebpfwindows/ebpf_windows_test.go:162 msg="Match found!"
ts=2025-02-06T09:39:17.789-0800 level=info caller=ebpfwindows/ebpf_windows.go:172 msg="Stop ebpfWindows plugin..."
Please add any relevant screenshots or GIFs to showcase the changes made.

Please refer to the CONTRIBUTING.md file for more information on how to contribute to this project.