feat: dae trace (#435)

Co-authored-by: Sumire (菫) <[email protected]>

.gitignore

@@ -9,3 +9,4 @@ outline.json
 go-mod/
 node_modules/
 *.log
+.build_tags

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "control/kern/headers"]
 	path = control/kern/headers
 	url = https://github.com/daeuniverse/dae_bpf_headers
+[submodule "trace/kern/headers"]
+	path = trace/kern/headers
+	url = https://github.com/daeuniverse/dae_bpf_headers

.gitmodules.d.mk

@@ -1 +1,2 @@
 submodule_paths=control/kern/headers
+submodule_paths=trace/kern/headers

Makefile

@@ -15,6 +15,7 @@ MAX_MATCH_SET_LEN ?= 64
 CFLAGS := -DMAX_MATCH_SET_LEN=$(MAX_MATCH_SET_LEN) $(CFLAGS)
 NOSTRIP ?= n
 STRIP_PATH := $(shell command -v $(STRIP) 2>/dev/null)
+BUILD_TAGS_FILE := .build_tags
 ifeq ($(strip $(NOSTRIP)),y)
 	STRIP_FLAG := -no-strip
 else ifeq ($(wildcard $(STRIP_PATH)),)
@@ -47,7 +48,7 @@ dae: export CGO_ENABLED=0
 endif
 dae: ebpf
 	@echo $(CFLAGS)
-	go build -o $(OUTPUT) $(BUILD_ARGS) .
+	go build -tags=$(shell cat $(BUILD_TAGS_FILE)) -o $(OUTPUT) $(BUILD_ARGS) .
 ## End Dae Build
 
 ## Begin Git Submodules
@@ -74,6 +75,8 @@ submodule submodules: $(submodule_paths)
 clean-ebpf:
 	@rm -f control/bpf_bpf*.go && \
 		rm -f control/bpf_bpf*.o
+	@rm -f trace/bpf_bpf*.go && \
+		rm -f trace/bpf_bpf*.o
 fmt:
 	go fmt ./...
 
@@ -82,10 +85,13 @@ ebpf: export BPF_CLANG := $(CLANG)
 ebpf: export BPF_STRIP_FLAG := $(STRIP_FLAG)
 ebpf: export BPF_CFLAGS := $(CFLAGS)
 ebpf: export BPF_TARGET := $(TARGET)
+ebpf: export BPF_TRACE_TARGET := $(GOARCH)
 ebpf: submodule clean-ebpf
 	@unset GOOS && \
     unset GOARCH && \
     unset GOARM && \
     echo $(STRIP_FLAG) && \
-    go generate ./control/control.go
+    go generate ./control/control.go && \
+    go generate ./trace/trace.go && echo trace > $(BUILD_TAGS_FILE) || echo > $(BUILD_TAGS_FILE)
+
 ## End Ebpf

cmd/trace.go

@@ -0,0 +1,72 @@
+//go:build trace
+// +build trace
+
+/*
+ * SPDX-License-Identifier: AGPL-3.0-only
+ * Copyright (c) 2022-2024, daeuniverse Organization <[email protected]>
+ */
+
+package cmd
+
+import (
+	"context"
+	"os/signal"
+	"syscall"
+
+	"github.com/daeuniverse/dae/cmd/internal"
+	"github.com/daeuniverse/dae/trace"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+var (
+	IPv4, IPv6 bool
+	L4Proto    string
+	Port       int
+	OutputFile string
+)
+
+func init() {
+	traceCmd := &cobra.Command{
+		Use:   "trace",
+		Short: "To trace traffic",
+		Run: func(cmd *cobra.Command, args []string) {
+			internal.AutoSu()
+
+			if IPv4 && IPv6 {
+				logrus.Fatalln("IPv4 and IPv6 cannot be set at the same time")
+			}
+			if !IPv4 && !IPv6 {
+				IPv4 = true
+			}
+			IPVersion := 4
+			if IPv6 {
+				IPVersion = 6
+			}
+
+			var L4ProtoNo uint16
+			switch L4Proto {
+			case "tcp":
+				L4ProtoNo = syscall.IPPROTO_TCP
+			case "udp":
+				L4ProtoNo = syscall.IPPROTO_UDP
+			default:
+				logrus.Fatalf("Unknown L4 protocol: %s\n", L4Proto)
+			}
+
+			ctx, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
+			defer cancel()
+			if err := trace.StartTrace(ctx, IPVersion, L4ProtoNo, Port, OutputFile); err != nil {
+				logrus.Fatalln(err)
+			}
+		},
+	}
+
+	traceCmd.PersistentFlags().BoolVarP(&IPv4, "ipv4", "4", false, "Capture IPv4 traffic")
+	traceCmd.PersistentFlags().BoolVarP(&IPv6, "ipv6", "6", false, "Capture IPv6 traffic")
+	traceCmd.PersistentFlags().StringVarP(&L4Proto, "l4-proto", "p", "tcp", "Layer 4 protocol")
+	traceCmd.PersistentFlags().IntVarP(&Port, "port", "P", 80, "Port")
+	traceCmd.PersistentFlags().StringVarP(&OutputFile, "output", "o", "/dev/stdout", "Output file")
+
+	rootCmd.AddCommand(traceCmd)
+}

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/adrg/xdg v0.4.0
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df
 	github.com/bits-and-blooms/bloom/v3 v3.5.0
-	github.com/cilium/ebpf v0.11.0
+	github.com/cilium/ebpf v0.12.3
 	github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d
 	github.com/daeuniverse/outbound v0.0.0-20240101085641-7932e7df927d
 	github.com/daeuniverse/softwind v0.0.0-20231230065827-eed67f20d2c1
@@ -24,7 +24,7 @@ require (
 	github.com/x-cray/logrus-prefixed-formatter v0.5.2
 	golang.org/x/crypto v0.12.0
 	golang.org/x/exp v0.0.0-20230728194245-b0cb94b80691
-	golang.org/x/sys v0.11.0
+	golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c
 	google.golang.org/protobuf v1.31.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 )

go.sum

@@ -10,6 +10,8 @@ github.com/bits-and-blooms/bloom/v3 v3.5.0 h1:AKDvi1V3xJCmSR6QhcBfHbCN4Vf8FfxeWk
 github.com/bits-and-blooms/bloom/v3 v3.5.0/go.mod h1:Y8vrn7nk1tPIlmLtW2ZPV+W7StdVMor6bC1xgpjMZFs=
 github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y=
 github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs=
+github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4=
+github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d h1:hnC39MjR7xt5kZjrKlef7DXKFDkiX8MIcDXYC/6Jf9Q=
 github.com/daeuniverse/dae-config-dist/go/dae_config v0.0.0-20230604120805-1c27619b592d/go.mod h1:VGWGgv7pCP5WGyHGUyb9+nq/gW0yBm+i/GfCNATOJ1M=
@@ -200,6 +202,8 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c h1:3kC/TjQ+xzIblQv39bCOyRk8fbEeJcDHwbyxPUU2BpA=
+golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
 golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

trace/kallsyms.go

@@ -0,0 +1,71 @@
+/*
+ * SPDX-License-Identifier: AGPL-3.0-only
+ * Copyright (c) 2022-2024, daeuniverse Organization <[email protected]>
+ */
+
+package trace
+
+import (
+	"bufio"
+	"os"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/sirupsen/logrus"
+	"golang.org/x/exp/slices"
+)
+
+type Symbol struct {
+	Type string
+	Name string
+	Addr uint64
+}
+
+var kallsyms []Symbol
+var kallsymsByName map[string]Symbol = make(map[string]Symbol)
+var kallsymsByAddr map[uint64]Symbol = make(map[uint64]Symbol)
+
+func init() {
+	readKallsyms()
+}
+
+func readKallsyms() {
+	file, err := os.Open("/proc/kallsyms")
+	if err != nil {
+		logrus.Fatalf("failed to open /proc/kallsyms: %v", err)
+	}
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		line := scanner.Text()
+		parts := strings.Fields(line)
+		if len(parts) < 3 {
+			continue
+		}
+		addr, err := strconv.ParseUint(parts[0], 16, 64)
+		if err != nil {
+			continue
+		}
+		typ, name := parts[1], parts[2]
+		kallsyms = append(kallsyms, Symbol{typ, name, addr})
+		kallsymsByName[name] = Symbol{typ, name, addr}
+		kallsymsByAddr[addr] = Symbol{typ, name, addr}
+	}
+	sort.Slice(kallsyms, func(i, j int) bool {
+		return kallsyms[i].Addr < kallsyms[j].Addr
+	})
+}
+
+func NearestSymbol(addr uint64) Symbol {
+	idx, _ := slices.BinarySearchFunc(kallsyms, addr, func(x Symbol, addr uint64) int { return int(x.Addr - addr) })
+	if idx == len(kallsyms) {
+		return kallsyms[idx-1]
+	}
+	if kallsyms[idx].Addr == addr {
+		return kallsyms[idx]
+	}
+	if idx == 0 {
+		return kallsyms[0]
+	}
+	return kallsyms[idx-1]
+}