refactor: move code to cilium/ebpf library

Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
alegrey91 · Jan 19, 2024 · 1698fe2 · 1698fe2
1 parent 5e7756a
commit 1698fe2
Show file tree

Hide file tree

Showing 9 changed files with 520 additions and 83 deletions.
diff --git a/ebpf/ebpf.c b/ebpf/ebpf.c
@@ -1,15 +1,31 @@
-#include <uapi/linux/ptrace.h>
+//go:build ignore
+
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
 #include <linux/string.h>
-#include <linux/tracepoint.h>
+#include <bpf/bpf_tracing.h>
 
-BPF_PERF_OUTPUT(events);
+//BPF_PERF_OUTPUT(events);
+struct {
+ __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+} events SEC(".maps");
 
 // data_t used to store the data received from the event
 struct syscall_data {
  // the syscall number
- u32 syscall_id;
+ __u32 syscall_id;
  // tracing status (1 start, 2 stop)
- u32 tracingStatus;
+ __u32 tracingStatus;
+};
+
+struct sys_enter_info {
+ unsigned short common_type;
+ unsigned char common_flags;
+ unsigned char common_preempt_count;
+ int common_pid;
+
+ long id;
+ unsigned long args[6];
 };
 
 // imlement strncmp function
@@ -30,24 +46,27 @@ __bpf_strncmp(const void *x, const void *y, __u64 len) {
 // enter_function submit the value 1 to advice 
 // the frontend app that the function started its
 // execution
-inline int enter_function(struct pt_regs *ctx) {
+SEC("uprobe/enter_function")
+inline int uprobe_enter_function(struct pt_regs *ctx) {
  struct syscall_data data = {};
  data.tracingStatus = 1;
- events.perf_submit(ctx, &data, sizeof(data));
+ bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data, sizeof(data));
  return 0;
 }
 
 // exit_function submit the value 2 to advice 
 // the frontend app that the function finished its
 // execution
-inline int exit_function(struct pt_regs *ctx) {
+SEC("uprobe/exit_function")
+inline int uprobe_exit_function(struct pt_regs *ctx) {
  struct syscall_data data = {};
  data.tracingStatus = 2;
- events.perf_submit(ctx, &data, sizeof(data));
+ bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data, sizeof(data));
  return 0;
 }
 
-int start_trace(struct tracepoint__raw_syscalls__sys_enter* args) {
+SEC("tp/raw_syscalls/sys_enter")
+int tracepoint_raw_sys_enter(struct sys_enter_info* ctx) {
  struct syscall_data data = {};
 
  char comm[16];
@@ -58,9 +77,10 @@ int start_trace(struct tracepoint__raw_syscalls__sys_enter* args) {
  return 1;
  }
 
- int id = (int)args->id;
+ int id = (int)ctx->id;
  data.syscall_id = id;
- events.perf_submit(args, &data, sizeof(data));
+ bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data, sizeof(data));
  return 0;
 }
 
+char __license[] SEC("license") = "Dual MIT/GPL";
diff --git a/ebpf_bpfeb.go b/ebpf_bpfeb.go
diff --git a/ebpf_bpfeb.o b/ebpf_bpfeb.o
diff --git a/ebpf_bpfel.go b/ebpf_bpfel.go
diff --git a/ebpf_bpfel.o b/ebpf_bpfel.o
diff --git a/go.mod b/go.mod
@@ -1,8 +1,15 @@
-module github.com/alegrey91/harpoon
+module harpoon
 
-go 1.20
+go 1.21.5
 
 require (
- github.com/iovisor/gobpf v0.2.0
+ github.com/cilium/ebpf v0.12.3
  github.com/seccomp/libseccomp-golang v0.10.0
 )
+
+require (
+ github.com/iovisor/gobpf v0.2.0 // indirect
+ golang.org/x/arch v0.7.0
+ golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect
+ golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c // indirect
+)
diff --git a/go.sum b/go.sum
@@ -1,4 +1,22 @@
+github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4=
+github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM=
+github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA=
+github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/iovisor/gobpf v0.2.0 h1:34xkQxft+35GagXBk3n23eqhm0v7q0ejeVirb8sqEOQ=
 github.com/iovisor/gobpf v0.2.0/go.mod h1:WSY9Jj5RhdgC3ci1QaacvbFdQ8cbrEjrpiZbLHLt2s4=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY=
 github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
+golang.org/x/arch v0.7.0 h1:pskyeJh/3AmoQ8CPE95vxHLqp1G1GfGNXTmcl9NEKTc=
+golang.org/x/arch v0.7.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI=
+golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c h1:3kC/TjQ+xzIblQv39bCOyRk8fbEeJcDHwbyxPUU2BpA=
+golang.org/x/sys v0.14.1-0.20231108175955-e4099bfacb8c/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=