-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add function SetKprobeForSection to change section name in module #1
Conversation
elf/module_test.go
Outdated
"testing" | ||
) | ||
|
||
func TestUpdateKprobeSecName(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think what we want to test is the side effect of this, not the Name
field.
So basically we want to have a Kprobe handler under an arbitrary name SEC("foobar")
, attach that handler to Kprobe by doing something like
m.UpdateKprobeSecName("foobar,"kprobe/whatever")
m.EnableKprobe("foobar")
and finally verify that your handler was executed when whatever
ran.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking about the same thing, but the direct result of calling EnableKprobe()
is not easy to check(requires mount of debug, etc), that's why the overall tests in elf is lacking.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about adding a new function EnableKProbeForFunction(secName string, funcName string, isRetProbe bool, string maxactive)
that doesn't tie the function to the name of the entry in b.probes
? You could implement EnableKProbe
in terms of EnableKProbeForFunction
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@leeavital there are other ways that EnableKprobe
is used(https://github.com/DataDog/gobpf/blob/master/elf/module.go#L373), if you don't change the actual kprobe name, you might ended up with surprises for the inconsistencies. Does that make sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Won't EnableKrpobes
break anyway? If there is a kprobe named kprobe/udp_sendmsg/rhel
, the it will try to attach that kprobe to a function named udp_sendmsg/rhel
which won't exist.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It won't break if you call "update" first, but it's hard to call both EnableKprobe
and EnableKProbeForFunction
in a for loop in EnableKprobes
if you want to enable certain kprobe differently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at your other PR I'm starting to think that a cleaner way to do this would be not changing the API of the package at all and establishing another convention like:
SEC("kprobe/tcp_sendmsg/arbitrary_sufix")
which would generate a handler that will get attached kprobe/tcp_sendmsg
. We would simply dismiss everything after the second /
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a couple of nits, but I think this is fine to merge.
elf/module.go
Outdated
|
||
// UpdateKprobeNameForHandler takes a handler and try to find the corresponding kprobe from a previously loaded mapping, | ||
// if found then update the kprobe name to the value of newKprobeName | ||
func (b *Module) UpdateKprobeNameForHandler(handler, newKprobeName string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should make it explicit in the function name and documentation that handler
is a section name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
UpdateKprobeNameForSecHandler
? It cannot be any longer 🤣
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about SetKprobeForSection
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK that could work. Although given that they mix all terms together, nothing seems to be able remove the confusion completely.
Currently gobpf uses the name defined in
SEC()
header of each function to bind to the right eBPF API. This creates some inflexibility when we need two implementations of a certain API. For example:In kernels later than v4.1.0,
tcp_sendmsg
is defined asIn kernels earlier than v4.1.0, the definition is
With the change in this pull request we could override the names in any mappings that are stored in module. This means that we can have a custom name in
SEC()
header but still map the implementation to an API that we want. For instance,SEC("kprobe/tcp_sendmsg_v2")
can map tokprobe/tcp_sendmsg
if we callSetKprobeForSection("tcp_sendmsg_v2", "tcp_sendmsg")
.When we enable the kprobe later on, just do
and underlying probe would bind to
tcp_sendmsg
API correctly.