Skip to content

Commit

Permalink
wip: backward comp
Browse files Browse the repository at this point in the history
  • Loading branch information
guyarb committed Dec 18, 2024
1 parent 7e05a16 commit 335799d
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 11 deletions.
14 changes: 14 additions & 0 deletions pkg/network/ebpf/c/shared-libraries/probes.h
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,20 @@ int tracepoint__syscalls__sys_exit_openat(exit_sys_ctx *args) {
return 0;
}

SEC("tracepoint/syscalls/sys_enter_openat2")
int tracepoint__syscalls__sys_enter_openat2(enter_sys_openat2_ctx *args) {
CHECK_BPF_PROGRAM_BYPASSED()
do_sys_open_helper_enter(args->filename);
return 0;
}

SEC("tracepoint/syscalls/sys_exit_openat2")
int tracepoint__syscalls__sys_exit_openat2(exit_sys_ctx *args) {
CHECK_BPF_PROGRAM_BYPASSED()
do_sys_open_helper_exit(args);
return 0;
}

SEC("fexit/do_sys_openat2")
int BPF_BYPASSABLE_PROG(do_sys_openat2_exit, int dirfd, const char *pathname, void *how, long ret) {
lib_path_t path = { 0 };
Expand Down
13 changes: 13 additions & 0 deletions pkg/network/ebpf/c/shared-libraries/types.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,19 @@ typedef struct {
int mode;
} enter_sys_openat_ctx;

typedef struct {
unsigned short common_type;
unsigned char common_flags;
unsigned char common_preempt_count;
int common_pid;
long __syscall_nr;

int dfd;
const char* filename;
void *how;
size_t usize;
} enter_sys_openat2_ctx;

typedef struct {
unsigned short common_type;
unsigned char common_flags;
Expand Down
22 changes: 11 additions & 11 deletions pkg/network/usm/sharedlibraries/ebpf.go
Original file line number Diff line number Diff line change
Expand Up @@ -549,23 +549,20 @@ func (e *EbpfProgram) initPrebuilt() error {

func sysOpenAt2Supported() bool {
missing, err := ddebpf.VerifyKernelFuncs("do_sys_openat2")
if err == nil && len(missing) == 0 {
return true
}
return err == nil && len(missing) == 0
}

func isFexitSupported() bool {
kversion, err := kernel.HostVersion()

if err != nil {
log.Error("could not determine the current kernel version. fallback to do_sys_open")
return false
}

return kversion >= kernel.VersionCode(5, 6, 0)
return err == nil && kversion >= kernel.VersionCode(5, 5, 0)
}

// getSysOpenHooksIdentifiers returns the enter and exit tracepoints for supported open*
// system calls.
func (e *EbpfProgram) initializedProbes() {
openat2Supported := sysOpenAt2Supported()
fexitSupported := isFexitSupported()

advancedProbes := []manager.ProbeIdentificationPair{
{
EBPFFuncName: fmt.Sprintf("do_sys_%s_exit", openat2SysCall),
Expand All @@ -574,6 +571,9 @@ func (e *EbpfProgram) initializedProbes() {
}

openatProbes := []string{openatSysCall}
if openat2Supported {
openatProbes = append(openatProbes, openat2SysCall)
}
// amd64 has open(2), arm64 doesn't
if runtime.GOARCH == "amd64" {
openatProbes = append(openatProbes, openSysCall)
Expand All @@ -589,7 +589,7 @@ func (e *EbpfProgram) initializedProbes() {
}
}

if sysOpenAt2Supported() {
if fexitSupported && openat2Supported {
e.enabledProbes = advancedProbes
e.disabledProbes = oldProbes
} else {
Expand Down

0 comments on commit 335799d

Please sign in to comment.