From cb67a132bf10f96cdee2af943571c6ffa15113df Mon Sep 17 00:00:00 2001 From: Guy Arbitman Date: Wed, 11 Dec 2024 12:23:24 +0200 Subject: [PATCH] wip: bypass --- pkg/ebpf/c/bpf_bypass.h | 15 +++++++++++++++ pkg/network/ebpf/c/shared-libraries/probes.h | 3 +-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/pkg/ebpf/c/bpf_bypass.h b/pkg/ebpf/c/bpf_bypass.h index 6ab05047d22649..a1d181d37cb1d6 100644 --- a/pkg/ebpf/c/bpf_bypass.h +++ b/pkg/ebpf/c/bpf_bypass.h @@ -48,4 +48,19 @@ static __always_inline typeof(name(0)) ____##name(struct pt_regs *ctx, ##args) #define BPF_BYPASSABLE_UPROBE(name, args...) BPF_BYPASSABLE_KPROBE(name, ##args) #define BPF_BYPASSABLE_URETPROBE(name, args...) BPF_BYPASSABLE_KRETPROBE(name, ##args) +#define BPF_BYPASSABLE_PROG(name, args...) \ +name(unsigned long long *ctx); \ +static __always_inline typeof(name(0)) \ +____##name(unsigned long long *ctx, ##args); \ +typeof(name(0)) name(unsigned long long *ctx) \ +{ \ + CHECK_BPF_PROGRAM_BYPASSED() \ + _Pragma("GCC diagnostic push") \ + _Pragma("GCC diagnostic ignored \"-Wint-conversion\"") \ + return ____##name(___bpf_ctx_cast(args)); \ + _Pragma("GCC diagnostic pop") \ +} \ +static __always_inline typeof(name(0)) \ +____##name(unsigned long long *ctx, ##args) + #endif diff --git a/pkg/network/ebpf/c/shared-libraries/probes.h b/pkg/network/ebpf/c/shared-libraries/probes.h index fcdd8db8f0fd71..6c28101dc5b832 100644 --- a/pkg/network/ebpf/c/shared-libraries/probes.h +++ b/pkg/network/ebpf/c/shared-libraries/probes.h @@ -132,8 +132,7 @@ int tracepoint__syscalls__sys_exit_openat(exit_sys_ctx *args) { } SEC("fexit/do_sys_openat2") -int BPF_PROG(do_sys_openat2_exit, int dirfd, const char *pathname, void *how, long ret) { - CHECK_BPF_PROGRAM_BYPASSED() +int BPF_BYPASSABLE_PROG(do_sys_openat2_exit, int dirfd, const char *pathname, void *how, long ret) { lib_path_t path = { 0 }; if (fill_lib_path(&path, pathname)) { push_event_if_relevant(ctx, &path, ret);