diff --git a/Makefile b/Makefile index 0f4d3864e..0a1201076 100644 --- a/Makefile +++ b/Makefile @@ -102,10 +102,12 @@ testdata/loader-%-eb.elf: testdata/loader.c $(CLANG) $(CFLAGS) -target bpfeb -c $< -o $@ $(STRIP) -g $@ -.PHONY: generate-btf -generate-btf: KERNEL_VERSION?=6.6 -generate-btf: +.PHONY: update-kernel-deps +update-kernel-deps: KERNEL_VERSION?=6.6 +update-kernel-deps: $(eval TMP := $(shell mktemp -d)) + curl -fL https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/tools/lib/bpf/libbpf.c?h=v$(KERNEL_VERSION) -o "$(TMP)/libbpf.c" + "$(CURDIR)/internal/cmd/gensections.awk" "$(TMP)/libbpf.c" | gofmt > "$(CURDIR)/elf_sections.go" curl -fL "$(CI_KERNEL_URL)/linux-$(KERNEL_VERSION)-amd64.tgz" -o "$(TMP)/linux.tgz" tar xvf "$(TMP)/linux.tgz" -C "$(TMP)" --strip-components=2 ./boot/vmlinuz ./lib/modules /lib/modules/$(shell uname -r)/build/scripts/extract-vmlinux "$(TMP)/vmlinuz" > "$(TMP)/vmlinux" diff --git a/attachtype_string.go b/attachtype_string.go index add2a3b5c..7e3caed32 100644 --- a/attachtype_string.go +++ b/attachtype_string.go @@ -52,11 +52,17 @@ func _() { _ = x[AttachSkReuseportSelectOrMigrate-40] _ = x[AttachPerfEvent-41] _ = x[AttachTraceKprobeMulti-42] + _ = x[AttachLSMCgroup-43] + _ = x[AttachStructOps-44] + _ = x[AttachNetfilter-45] + _ = x[AttachTCXIngress-46] + _ = x[AttachTCXEgress-47] + _ = x[AttachTraceUprobeMulti-48] } -const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEventTraceKprobeMulti" +const _AttachType_name = "NoneCGroupInetEgressCGroupInetSockCreateCGroupSockOpsSkSKBStreamParserSkSKBStreamVerdictCGroupDeviceSkMsgVerdictCGroupInet4BindCGroupInet6BindCGroupInet4ConnectCGroupInet6ConnectCGroupInet4PostBindCGroupInet6PostBindCGroupUDP4SendmsgCGroupUDP6SendmsgLircMode2FlowDissectorCGroupSysctlCGroupUDP4RecvmsgCGroupUDP6RecvmsgCGroupGetsockoptCGroupSetsockoptTraceRawTpTraceFEntryTraceFExitModifyReturnLSMMacTraceIterCgroupInet4GetPeernameCgroupInet6GetPeernameCgroupInet4GetSocknameCgroupInet6GetSocknameXDPDevMapCgroupInetSockReleaseXDPCPUMapSkLookupXDPSkSKBVerdictSkReuseportSelectSkReuseportSelectOrMigratePerfEventTraceKprobeMultiLSMCgroupStructOpsNetfilterTCXIngressTCXEgressTraceUprobeMulti" -var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610, 626} +var _AttachType_index = [...]uint16{0, 4, 20, 40, 53, 70, 88, 100, 112, 127, 142, 160, 178, 197, 216, 233, 250, 259, 272, 284, 301, 318, 334, 350, 360, 371, 381, 393, 399, 408, 430, 452, 474, 496, 505, 526, 535, 543, 546, 558, 575, 601, 610, 626, 635, 644, 653, 663, 672, 688} func (i AttachType) String() string { if i >= AttachType(len(_AttachType_index)-1) { diff --git a/btf/core_test.go b/btf/core_test.go index 75420ddca..be76eb853 100644 --- a/btf/core_test.go +++ b/btf/core_test.go @@ -583,7 +583,7 @@ func TestCORERelocation(t *testing.T) { } for section := range extInfos.funcInfos { - name := strings.TrimPrefix(section, "socket_filter/") + name := strings.TrimPrefix(section, "socket/") t.Run(name, func(t *testing.T) { var relos []*CORERelocation for _, reloInfo := range extInfos.relocationInfos[section].infos { diff --git a/btf/testdata/relocs-eb.elf b/btf/testdata/relocs-eb.elf index 7af281b30..3d1447b50 100644 Binary files a/btf/testdata/relocs-eb.elf and b/btf/testdata/relocs-eb.elf differ diff --git a/btf/testdata/relocs-el.elf b/btf/testdata/relocs-el.elf index 6983abbee..88b011c2e 100644 Binary files a/btf/testdata/relocs-el.elf and b/btf/testdata/relocs-el.elf differ diff --git a/btf/testdata/relocs.c b/btf/testdata/relocs.c index 766dc8158..2077d3a1e 100644 --- a/btf/testdata/relocs.c +++ b/btf/testdata/relocs.c @@ -50,7 +50,7 @@ typedef union u u_t; } \ }) -__section("socket_filter/type_ids") int type_ids() { +__section("socket/type_ids") int type_ids() { local_id_not_zero(int); local_id_not_zero(struct { int frob; }); local_id_not_zero(enum {FRAP}); @@ -100,7 +100,7 @@ __section("socket_filter/type_ids") int type_ids() { } \ }) -__section("socket_filter/types") int types() { +__section("socket/types") int types() { type_exists(struct s); type_exists(s_t); type_exists(const s_t); @@ -145,7 +145,7 @@ __section("socket_filter/types") int types() { } \ }) -__section("socket_filter/enums") int enums() { +__section("socket/enums") int enums() { enum_value_exists(enum e, ONE); enum_value_exists(volatile enum e, ONE); enum_value_exists(const enum e, ONE); @@ -198,7 +198,7 @@ __section("socket_filter/enums") int enums() { } \ }) -__section("socket_filter/fields") int fields() { +__section("socket/fields") int fields() { field_exists((struct s){}._1); field_exists((s_t){}._2); field_exists((union u){}._1); @@ -265,10 +265,10 @@ struct ambiguous___flavour { int _2; }; -__section("socket_filter/err_ambiguous") int err_ambiguous() { +__section("socket/err_ambiguous") int err_ambiguous() { return bpf_core_type_id_kernel(struct ambiguous); } -__section("socket_filter/err_ambiguous_flavour") int err_ambiguous_flavour() { +__section("socket/err_ambiguous_flavour") int err_ambiguous_flavour() { return bpf_core_type_id_kernel(struct ambiguous___flavour); } diff --git a/elf_reader.go b/elf_reader.go index 9cc462df8..0d32c2f4d 100644 --- a/elf_reader.go +++ b/elf_reader.go @@ -15,6 +15,7 @@ import ( "github.com/cilium/ebpf/asm" "github.com/cilium/ebpf/btf" "github.com/cilium/ebpf/internal" + "github.com/cilium/ebpf/internal/sys" "github.com/cilium/ebpf/internal/unix" ) @@ -1181,109 +1182,109 @@ func (ec *elfCode) loadKsymsSection() error { return nil } +type libbpfElfSectionDef struct { + pattern string + programType sys.ProgType + attachType sys.AttachType + flags libbpfElfSectionFlag +} + +type libbpfElfSectionFlag uint32 + +// The values correspond to enum sec_def_flags in libbpf. +const ( + _SEC_NONE libbpfElfSectionFlag = 0 + + _SEC_EXP_ATTACH_OPT libbpfElfSectionFlag = 1 << (iota - 1) + _SEC_ATTACHABLE + _SEC_ATTACH_BTF + _SEC_SLEEPABLE + _SEC_XDP_FRAGS + _SEC_USDT + + // Ignore any present extra in order to preserve backwards compatibility + // with earlier versions of the library. + ignoreExtra + + _SEC_ATTACHABLE_OPT = _SEC_ATTACHABLE | _SEC_EXP_ATTACH_OPT +) + +func init() { + elfSectionDefs = append(elfSectionDefs, []libbpfElfSectionDef{ + // This has been in the library since the beginning of time. Not sure + // where it came from. + {"seccomp", sys.BPF_PROG_TYPE_SOCKET_FILTER, 0, _SEC_NONE}, + // Deprecated in 450b167fb9be ("libbpf: clean up SEC() handling") + {"socket/", sys.BPF_PROG_TYPE_SOCKET_FILTER, 0, ignoreExtra}, + {"sk_lookup/", sys.BPF_PROG_TYPE_SK_LOOKUP, sys.BPF_SK_LOOKUP, _SEC_NONE}, + {"xdp/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP, _SEC_ATTACHABLE_OPT | ignoreExtra}, + {"xdp.frags/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP, _SEC_XDP_FRAGS | ignoreExtra}, + {"xdp.frags_devmap/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_DEVMAP, _SEC_XDP_FRAGS}, + {"xdp_devmap/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_DEVMAP, 0}, + {"xdp.frags_cpumap/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_CPUMAP, _SEC_XDP_FRAGS}, + {"xdp_cpumap/", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_CPUMAP, 0}, + {"sk_skb/stream_verdict/", sys.BPF_PROG_TYPE_SK_SKB, sys.BPF_SK_SKB_STREAM_VERDICT, _SEC_ATTACHABLE_OPT | ignoreExtra}, + {"sk_skb/", sys.BPF_PROG_TYPE_SK_SKB, 0, ignoreExtra}, + }...) +} + func getProgType(sectionName string) (ProgramType, AttachType, uint32, string) { - types := []struct { - prefix string - progType ProgramType - attachType AttachType - progFlags uint32 - }{ - // Please update the types from libbpf.c and follow the order of it. - // https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/libbpf.c - {"socket", SocketFilter, AttachNone, 0}, - {"sk_reuseport/migrate", SkReuseport, AttachSkReuseportSelectOrMigrate, 0}, - {"sk_reuseport", SkReuseport, AttachSkReuseportSelect, 0}, - {"kprobe/", Kprobe, AttachNone, 0}, - {"uprobe/", Kprobe, AttachNone, 0}, - {"kretprobe/", Kprobe, AttachNone, 0}, - {"uretprobe/", Kprobe, AttachNone, 0}, - {"tc", SchedCLS, AttachNone, 0}, - {"classifier", SchedCLS, AttachNone, 0}, - {"action", SchedACT, AttachNone, 0}, - {"tracepoint/", TracePoint, AttachNone, 0}, - {"tp/", TracePoint, AttachNone, 0}, - {"raw_tracepoint/", RawTracepoint, AttachNone, 0}, - {"raw_tp/", RawTracepoint, AttachNone, 0}, - {"raw_tracepoint.w/", RawTracepointWritable, AttachNone, 0}, - {"raw_tp.w/", RawTracepointWritable, AttachNone, 0}, - {"tp_btf/", Tracing, AttachTraceRawTp, 0}, - {"fentry/", Tracing, AttachTraceFEntry, 0}, - {"fmod_ret/", Tracing, AttachModifyReturn, 0}, - {"fexit/", Tracing, AttachTraceFExit, 0}, - {"fentry.s/", Tracing, AttachTraceFEntry, unix.BPF_F_SLEEPABLE}, - {"fmod_ret.s/", Tracing, AttachModifyReturn, unix.BPF_F_SLEEPABLE}, - {"fexit.s/", Tracing, AttachTraceFExit, unix.BPF_F_SLEEPABLE}, - {"freplace/", Extension, AttachNone, 0}, - {"lsm/", LSM, AttachLSMMac, 0}, - {"lsm.s/", LSM, AttachLSMMac, unix.BPF_F_SLEEPABLE}, - {"iter/", Tracing, AttachTraceIter, 0}, - {"iter.s/", Tracing, AttachTraceIter, unix.BPF_F_SLEEPABLE}, - {"syscall", Syscall, AttachNone, 0}, - {"xdp.frags_devmap/", XDP, AttachXDPDevMap, unix.BPF_F_XDP_HAS_FRAGS}, - {"xdp_devmap/", XDP, AttachXDPDevMap, 0}, - {"xdp.frags_cpumap/", XDP, AttachXDPCPUMap, unix.BPF_F_XDP_HAS_FRAGS}, - {"xdp_cpumap/", XDP, AttachXDPCPUMap, 0}, - {"xdp.frags", XDP, AttachNone, unix.BPF_F_XDP_HAS_FRAGS}, - {"xdp", XDP, AttachNone, 0}, - {"perf_event", PerfEvent, AttachNone, 0}, - {"lwt_in", LWTIn, AttachNone, 0}, - {"lwt_out", LWTOut, AttachNone, 0}, - {"lwt_xmit", LWTXmit, AttachNone, 0}, - {"lwt_seg6local", LWTSeg6Local, AttachNone, 0}, - {"cgroup_skb/ingress", CGroupSKB, AttachCGroupInetIngress, 0}, - {"cgroup_skb/egress", CGroupSKB, AttachCGroupInetEgress, 0}, - {"cgroup/skb", CGroupSKB, AttachNone, 0}, - {"cgroup/sock_create", CGroupSock, AttachCGroupInetSockCreate, 0}, - {"cgroup/sock_release", CGroupSock, AttachCgroupInetSockRelease, 0}, - {"cgroup/sock", CGroupSock, AttachCGroupInetSockCreate, 0}, - {"cgroup/post_bind4", CGroupSock, AttachCGroupInet4PostBind, 0}, - {"cgroup/post_bind6", CGroupSock, AttachCGroupInet6PostBind, 0}, - {"cgroup/dev", CGroupDevice, AttachCGroupDevice, 0}, - {"sockops", SockOps, AttachCGroupSockOps, 0}, - {"sk_skb/stream_parser", SkSKB, AttachSkSKBStreamParser, 0}, - {"sk_skb/stream_verdict", SkSKB, AttachSkSKBStreamVerdict, 0}, - {"sk_skb", SkSKB, AttachNone, 0}, - {"sk_msg", SkMsg, AttachSkMsgVerdict, 0}, - {"lirc_mode2", LircMode2, AttachLircMode2, 0}, - {"flow_dissector", FlowDissector, AttachFlowDissector, 0}, - {"cgroup/bind4", CGroupSockAddr, AttachCGroupInet4Bind, 0}, - {"cgroup/bind6", CGroupSockAddr, AttachCGroupInet6Bind, 0}, - {"cgroup/connect4", CGroupSockAddr, AttachCGroupInet4Connect, 0}, - {"cgroup/connect6", CGroupSockAddr, AttachCGroupInet6Connect, 0}, - {"cgroup/sendmsg4", CGroupSockAddr, AttachCGroupUDP4Sendmsg, 0}, - {"cgroup/sendmsg6", CGroupSockAddr, AttachCGroupUDP6Sendmsg, 0}, - {"cgroup/recvmsg4", CGroupSockAddr, AttachCGroupUDP4Recvmsg, 0}, - {"cgroup/recvmsg6", CGroupSockAddr, AttachCGroupUDP6Recvmsg, 0}, - {"cgroup/getpeername4", CGroupSockAddr, AttachCgroupInet4GetPeername, 0}, - {"cgroup/getpeername6", CGroupSockAddr, AttachCgroupInet6GetPeername, 0}, - {"cgroup/getsockname4", CGroupSockAddr, AttachCgroupInet4GetSockname, 0}, - {"cgroup/getsockname6", CGroupSockAddr, AttachCgroupInet6GetSockname, 0}, - {"cgroup/sysctl", CGroupSysctl, AttachCGroupSysctl, 0}, - {"cgroup/getsockopt", CGroupSockopt, AttachCGroupGetsockopt, 0}, - {"cgroup/setsockopt", CGroupSockopt, AttachCGroupSetsockopt, 0}, - {"struct_ops+", StructOps, AttachNone, 0}, - {"sk_lookup/", SkLookup, AttachSkLookup, 0}, - {"seccomp", SocketFilter, AttachNone, 0}, - {"kprobe.multi", Kprobe, AttachTraceKprobeMulti, 0}, - {"kretprobe.multi", Kprobe, AttachTraceKprobeMulti, 0}, - // Document all prefixes in docs/ebpf/concepts/elf-sections.md. - } + // Skip optional program marking for now. + sectionName = strings.TrimPrefix(sectionName, "?") - for _, t := range types { - if !strings.HasPrefix(sectionName, t.prefix) { + for _, t := range elfSectionDefs { + extra, ok := matchSectionName(sectionName, t.pattern) + if !ok { continue } - if !strings.HasSuffix(t.prefix, "/") { - return t.progType, t.attachType, t.progFlags, "" + programType := ProgramType(t.programType) + attachType := AttachType(t.attachType) + + var flags uint32 + if t.flags&_SEC_SLEEPABLE > 0 { + flags |= unix.BPF_F_SLEEPABLE + } + if t.flags&_SEC_XDP_FRAGS > 0 { + flags |= unix.BPF_F_XDP_HAS_FRAGS + } + if t.flags&_SEC_EXP_ATTACH_OPT > 0 { + if programType == XDP { + // The library doesn't yet have code to fallback to not specifying + // attach type. Only do this for XDP since we've enforced correct + // attach type for all other program types. + attachType = AttachNone + } + } + if t.flags&ignoreExtra > 0 { + extra = "" } - return t.progType, t.attachType, t.progFlags, sectionName[len(t.prefix):] + return programType, attachType, flags, extra } return UnspecifiedProgram, AttachNone, 0, "" } +// matchSectionName checks a section name against a pattern. +// +// It's behaviour mirrors that of libbpf's sec_def_matches. +func matchSectionName(sectionName, pattern string) (extra string, found bool) { + have, extra, found := strings.Cut(sectionName, "/") + want := strings.TrimRight(pattern, "+/") + + if strings.HasSuffix(pattern, "/") { + // Section name must have a slash and extra may be empty. + return extra, have == want && found + } else if strings.HasSuffix(pattern, "+") { + // Section name may have a slash and extra may be empty. + return extra, have == want + } + + // Section name must have a prefix. extra is ignored. + return "", strings.HasPrefix(sectionName, pattern) +} + func (ec *elfCode) loadSectionRelocations(sec *elf.Section, symbols []elf.Symbol) (map[uint64]elf.Symbol, error) { rels := make(map[uint64]elf.Symbol) diff --git a/elf_reader_test.go b/elf_reader_test.go index 7436247c7..17beea9f2 100644 --- a/elf_reader_test.go +++ b/elf_reader_test.go @@ -955,16 +955,6 @@ func TestLibBPFCompat(t *testing.T) { // to OOM kills. opts.Programs.LogDisabled = true - for name, p := range spec.Programs { - if p.Type != Extension { - continue - } - - targetProg, targetColl := loadTargetProgram(t, name, opts) - defer targetColl.Close() - p.AttachTarget = targetProg - } - coll, err := NewCollectionWithOptions(spec, opts) testutils.SkipIfNotSupported(t, err) var errno syscall.Errno @@ -1025,7 +1015,10 @@ func TestLibBPFCompat(t *testing.T) { t.Skip("Skipping since weak relocations are not supported") case "bloom_filter_map", "bloom_filter_bench": t.Skip("Skipping due to missing MapExtra field in MapSpec") - case "netif_receive_skb", "local_kptr_stash", "local_kptr_stash_fail": + case "netif_receive_skb", + "local_kptr_stash", + "local_kptr_stash_fail", + "type_cast": t.Skip("Skipping due to possible bug in upstream CO-RE generation") case "test_usdt", "test_urandom_usdt", "test_usdt_multispec": t.Skip("Skipping due to missing support for usdt.bpf.h") @@ -1054,6 +1047,28 @@ func TestLibBPFCompat(t *testing.T) { } m.Extra = nil } + + case "fexit_bpf2bpf", + "freplace_get_constant", + "freplace_global_func": + loadTargetProgram(t, spec, "test_pkt_access.bpf.o", "test_pkt_access") + + case "freplace_cls_redirect": + loadTargetProgram(t, spec, "test_cls_redirect.bpf.o", "cls_redirect") + + case "test_trace_ext": + loadTargetProgram(t, spec, "test_pkt_md_access.bpf.o", "test_pkt_md_access") + + case "freplace_progmap": + loadTargetProgram(t, spec, "xdp_dummy.bpf.o", "xdp_dummy_prog") + + if prog := spec.Programs["xdp_cpumap_prog"]; prog.AttachTo == "" { + prog.AttachTo = "xdp_dummy_prog" + } + + case "freplace_attach_probe": + // Looks like the test should have a target, but 6.6 selftests don't + // seem to be using it. } var opts CollectionOptions @@ -1126,44 +1141,42 @@ func TestLibBPFCompat(t *testing.T) { }) } -func loadTargetProgram(tb testing.TB, name string, opts CollectionOptions) (*Program, *Collection) { - file := "test_pkt_access.bpf.o" - program := "test_pkt_access" - switch name { - case "new_connect_v4_prog": - file = "connect4_prog.bpf.o" - program = "connect_v4_prog" - case "new_do_bind": - file = "connect4_prog.bpf.o" - program = "connect_v4_prog" - case "freplace_cls_redirect_test": - file = "test_cls_redirect.bpf.o" - program = "cls_redirect" - case "new_handle_kprobe": - file = "test_attach_probe.bpf.o" - program = "handle_kprobe" - case "test_pkt_md_access_new": - file = "test_pkt_md_access.bpf.o" - program = "test_pkt_md_access" - default: - } - - spec, err := LoadCollectionSpec(filepath.Join(*elfPath, file)) +func loadTargetProgram(tb testing.TB, spec *CollectionSpec, file, program string) { + targetSpec, err := LoadCollectionSpec(filepath.Join(*elfPath, file)) if errors.Is(err, os.ErrNotExist) && strings.HasSuffix(file, ".bpf.o") { // Prior to v6.1 BPF ELF used a plain .o suffix. file = strings.TrimSuffix(file, ".bpf.o") + ".o" - spec, err = LoadCollectionSpec(filepath.Join(*elfPath, file)) + targetSpec, err = LoadCollectionSpec(filepath.Join(*elfPath, file)) } if err != nil { tb.Fatalf("Can't read %s: %s", file, err) } - coll, err := NewCollectionWithOptions(spec, opts) + qt.Assert(tb, targetSpec.Programs[program], qt.IsNotNil) + + coll, err := NewCollectionWithOptions(targetSpec, CollectionOptions{ + Programs: ProgramOptions{LogDisabled: true}, + }) if err != nil { tb.Fatalf("Can't load target: %s", err) } + tb.Cleanup(func() { coll.Close() }) + + target := coll.Programs[program] + for _, prog := range spec.Programs { + if prog.Type == Extension && prog.AttachType == AttachNone { + prog.AttachTarget = target + continue + } - return coll.Programs[program], coll + if prog.Type == Tracing { + switch prog.AttachType { + case AttachTraceFEntry, AttachTraceFExit, AttachModifyReturn: + prog.AttachTarget = target + continue + } + } + } } func sourceOfBTF(tb testing.TB, path string) []string { @@ -1184,86 +1197,143 @@ func sourceOfBTF(tb testing.TB, path string) []string { return testutils.Glob(tb, filepath.Join(dir, btfPrefix+base+"*.o")) } -func TestGetProgType(t *testing.T) { - type progTypeTestData struct { - Pt ProgramType - At AttachType - Fl uint32 - To string +func TestELFSectionProgramTypes(t *testing.T) { + type testcase struct { + Section string + ProgramType ProgramType + AttachType AttachType + Flags uint32 + Extra string } - testcases := map[string]progTypeTestData{ - "socket/garbage": { - Pt: SocketFilter, - At: AttachNone, - To: "", - }, - "kprobe/func": { - Pt: Kprobe, - At: AttachNone, - To: "func", - }, - "xdp/foo": { - Pt: XDP, - At: AttachNone, - To: "", - }, - "xdp.frags/foo": { - Pt: XDP, - At: AttachNone, - To: "", - Fl: unix.BPF_F_XDP_HAS_FRAGS, - }, - "xdp_devmap/foo": { - Pt: XDP, - At: AttachXDPDevMap, - To: "foo", - }, - "xdp.frags_devmap/foo": { - Pt: XDP, - At: AttachXDPDevMap, - To: "foo", - Fl: unix.BPF_F_XDP_HAS_FRAGS, - }, - "cgroup_skb/ingress": { - Pt: CGroupSKB, - At: AttachCGroupInetIngress, - To: "", - }, - "iter/bpf_map": { - Pt: Tracing, - At: AttachTraceIter, - To: "bpf_map", - }, - "lsm.s/file_ioctl_sleepable": { - Pt: LSM, - At: AttachLSMMac, - To: "file_ioctl_sleepable", - Fl: unix.BPF_F_SLEEPABLE, - }, - "lsm/file_ioctl": { - Pt: LSM, - At: AttachLSMMac, - To: "file_ioctl", - }, - "sk_skb/stream_verdict/foo": { - Pt: SkSKB, - At: AttachSkSKBStreamVerdict, - To: "", - }, - "sk_skb/bar": { - Pt: SkSKB, - At: AttachNone, - To: "", - }, + testcases := []testcase{ + {"socket", SocketFilter, AttachNone, 0, ""}, + {"socket/garbage", SocketFilter, AttachNone, 0, ""}, + {"sk_reuseport/migrate", SkReuseport, AttachSkReuseportSelectOrMigrate, 0, ""}, + {"sk_reuseport", SkReuseport, AttachSkReuseportSelect, 0, ""}, + {"kprobe/", Kprobe, AttachNone, 0, ""}, + {"kprobe/func", Kprobe, AttachNone, 0, "func"}, + {"uprobe/", Kprobe, AttachNone, 0, ""}, + {"kretprobe/", Kprobe, AttachNone, 0, ""}, + {"uretprobe/", Kprobe, AttachNone, 0, ""}, + {"tc", SchedCLS, AttachNone, 0, ""}, + {"classifier", SchedCLS, AttachNone, 0, ""}, + {"action", SchedACT, AttachNone, 0, ""}, + {"tracepoint/", TracePoint, AttachNone, 0, ""}, + {"tp/", TracePoint, AttachNone, 0, ""}, + {"raw_tracepoint/", RawTracepoint, AttachNone, 0, ""}, + {"raw_tp/", RawTracepoint, AttachNone, 0, ""}, + {"raw_tracepoint.w/", RawTracepointWritable, AttachNone, 0, ""}, + {"raw_tp.w/", RawTracepointWritable, AttachNone, 0, ""}, + {"tp_btf/", Tracing, AttachTraceRawTp, 0, ""}, + {"fentry/", Tracing, AttachTraceFEntry, 0, ""}, + {"fmod_ret/", Tracing, AttachModifyReturn, 0, ""}, + {"fexit/", Tracing, AttachTraceFExit, 0, ""}, + {"fentry.s/", Tracing, AttachTraceFEntry, unix.BPF_F_SLEEPABLE, ""}, + {"fmod_ret.s/", Tracing, AttachModifyReturn, unix.BPF_F_SLEEPABLE, ""}, + {"fexit.s/", Tracing, AttachTraceFExit, unix.BPF_F_SLEEPABLE, ""}, + {"freplace/", Extension, AttachNone, 0, ""}, + {"lsm/foo", LSM, AttachLSMMac, 0, "foo"}, + {"lsm.s/foo", LSM, AttachLSMMac, unix.BPF_F_SLEEPABLE, "foo"}, + {"iter/bpf_map", Tracing, AttachTraceIter, 0, "bpf_map"}, + {"iter.s/", Tracing, AttachTraceIter, unix.BPF_F_SLEEPABLE, ""}, + // Was missing sleepable. + {"syscall", Syscall, AttachNone, unix.BPF_F_SLEEPABLE, ""}, + {"xdp.frags_devmap/foo", XDP, AttachXDPDevMap, unix.BPF_F_XDP_HAS_FRAGS, "foo"}, + {"xdp_devmap/foo", XDP, AttachXDPDevMap, 0, "foo"}, + {"xdp.frags_cpumap/", XDP, AttachXDPCPUMap, unix.BPF_F_XDP_HAS_FRAGS, ""}, + {"xdp_cpumap/", XDP, AttachXDPCPUMap, 0, ""}, + // Used incorrect attach type. + {"xdp.frags/foo", XDP, AttachXDP, unix.BPF_F_XDP_HAS_FRAGS, ""}, + {"xdp/foo", XDP, AttachNone, 0, ""}, + {"perf_event", PerfEvent, AttachNone, 0, ""}, + {"lwt_in", LWTIn, AttachNone, 0, ""}, + {"lwt_out", LWTOut, AttachNone, 0, ""}, + {"lwt_xmit", LWTXmit, AttachNone, 0, ""}, + {"lwt_seg6local", LWTSeg6Local, AttachNone, 0, ""}, + {"cgroup_skb/ingress", CGroupSKB, AttachCGroupInetIngress, 0, ""}, + {"cgroup_skb/egress", CGroupSKB, AttachCGroupInetEgress, 0, ""}, + {"cgroup/skb", CGroupSKB, AttachNone, 0, ""}, + {"cgroup/sock_create", CGroupSock, AttachCGroupInetSockCreate, 0, ""}, + {"cgroup/sock_release", CGroupSock, AttachCgroupInetSockRelease, 0, ""}, + {"cgroup/sock", CGroupSock, AttachCGroupInetSockCreate, 0, ""}, + {"cgroup/post_bind4", CGroupSock, AttachCGroupInet4PostBind, 0, ""}, + {"cgroup/post_bind6", CGroupSock, AttachCGroupInet6PostBind, 0, ""}, + {"cgroup/dev", CGroupDevice, AttachCGroupDevice, 0, ""}, + {"sockops", SockOps, AttachCGroupSockOps, 0, ""}, + {"sk_skb/stream_parser", SkSKB, AttachSkSKBStreamParser, 0, ""}, + {"sk_skb/stream_verdict", SkSKB, AttachSkSKBStreamVerdict, 0, ""}, + {"sk_skb/stream_verdict/foo", SkSKB, AttachSkSKBStreamVerdict, 0, ""}, + {"sk_skb", SkSKB, AttachNone, 0, ""}, + {"sk_skb/bar", SkSKB, AttachNone, 0, ""}, + {"sk_msg", SkMsg, AttachSkMsgVerdict, 0, ""}, + {"lirc_mode2", LircMode2, AttachLircMode2, 0, ""}, + {"flow_dissector", FlowDissector, AttachFlowDissector, 0, ""}, + {"cgroup/bind4", CGroupSockAddr, AttachCGroupInet4Bind, 0, ""}, + {"cgroup/bind6", CGroupSockAddr, AttachCGroupInet6Bind, 0, ""}, + {"cgroup/connect4", CGroupSockAddr, AttachCGroupInet4Connect, 0, ""}, + {"cgroup/connect6", CGroupSockAddr, AttachCGroupInet6Connect, 0, ""}, + {"cgroup/sendmsg4", CGroupSockAddr, AttachCGroupUDP4Sendmsg, 0, ""}, + {"cgroup/sendmsg6", CGroupSockAddr, AttachCGroupUDP6Sendmsg, 0, ""}, + {"cgroup/recvmsg4", CGroupSockAddr, AttachCGroupUDP4Recvmsg, 0, ""}, + {"cgroup/recvmsg6", CGroupSockAddr, AttachCGroupUDP6Recvmsg, 0, ""}, + {"cgroup/getpeername4", CGroupSockAddr, AttachCgroupInet4GetPeername, 0, ""}, + {"cgroup/getpeername6", CGroupSockAddr, AttachCgroupInet6GetPeername, 0, ""}, + {"cgroup/getsockname4", CGroupSockAddr, AttachCgroupInet4GetSockname, 0, ""}, + {"cgroup/getsockname6", CGroupSockAddr, AttachCgroupInet6GetSockname, 0, ""}, + {"cgroup/sysctl", CGroupSysctl, AttachCGroupSysctl, 0, ""}, + {"cgroup/getsockopt", CGroupSockopt, AttachCGroupGetsockopt, 0, ""}, + {"cgroup/setsockopt", CGroupSockopt, AttachCGroupSetsockopt, 0, ""}, + // Bogus pattern means it never matched anything. + // {"struct_ops+", StructOps, AttachNone, 0, ""}, + {"sk_lookup/", SkLookup, AttachSkLookup, 0, ""}, + {"seccomp", SocketFilter, AttachNone, 0, ""}, + {"kprobe.multi", Kprobe, AttachTraceKprobeMulti, 0, ""}, + {"kretprobe.multi", Kprobe, AttachTraceKprobeMulti, 0, ""}, } - for section, want := range testcases { - pt, at, fl, to := getProgType(section) + for _, tc := range testcases { + t.Run(tc.Section, func(t *testing.T) { + pt, at, fl, extra := getProgType(tc.Section) + have := testcase{tc.Section, pt, at, fl, extra} + qt.Assert(t, have, qt.DeepEquals, tc) + }) + } +} - if diff := cmp.Diff(want, progTypeTestData{Pt: pt, At: at, Fl: fl, To: to}); diff != "" { - t.Errorf("getProgType mismatch (-want +got):\n%s", diff) - } +func TestMatchSectionName(t *testing.T) { + for _, testcase := range []struct { + pattern string + input string + matches bool + extra string + }{ + {"prefix/", "prefix/", true, ""}, + {"prefix/", "prefix/a", true, "a"}, + {"prefix/", "prefix/b", true, "b"}, + {"prefix/", "prefix", false, ""}, + {"prefix/", "junk", false, ""}, + + {"prefix+", "prefix/", true, ""}, + {"prefix+", "prefix/a", true, "a"}, + {"prefix+", "prefix/b", true, "b"}, + {"prefix+", "prefix", true, ""}, + {"prefix+", "junk", false, ""}, + + {"exact", "exact", true, ""}, + {"exact", "exact/", true, ""}, + {"exact", "exact/a", true, ""}, + {"exact", "exactement", true, ""}, + {"exact", "junk", false, ""}, + } { + name := fmt.Sprintf("%s:%s", testcase.pattern, testcase.input) + t.Run(name, func(t *testing.T) { + extra, matches := matchSectionName(testcase.input, testcase.pattern) + qt.Assert(t, matches, qt.Equals, testcase.matches) + if testcase.matches { + qt.Assert(t, extra, qt.Equals, testcase.extra) + } + }) } } diff --git a/elf_sections.go b/elf_sections.go new file mode 100644 index 000000000..1cfbd6bba --- /dev/null +++ b/elf_sections.go @@ -0,0 +1,102 @@ +// Code generated by internal/cmd/gensections.awk; DO NOT EDIT. + +package ebpf + +// Code in this file is derived from libbpf, available under BSD-2-Clause. + +import "github.com/cilium/ebpf/internal/sys" + +var elfSectionDefs = []libbpfElfSectionDef{ + {"socket", sys.BPF_PROG_TYPE_SOCKET_FILTER, 0, _SEC_NONE}, + {"sk_reuseport/migrate", sys.BPF_PROG_TYPE_SK_REUSEPORT, sys.BPF_SK_REUSEPORT_SELECT_OR_MIGRATE, _SEC_ATTACHABLE}, + {"sk_reuseport", sys.BPF_PROG_TYPE_SK_REUSEPORT, sys.BPF_SK_REUSEPORT_SELECT, _SEC_ATTACHABLE}, + {"kprobe+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"uprobe+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"uprobe.s+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_SLEEPABLE}, + {"kretprobe+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"uretprobe+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"uretprobe.s+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_SLEEPABLE}, + {"kprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_KPROBE_MULTI, _SEC_NONE}, + {"kretprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_KPROBE_MULTI, _SEC_NONE}, + {"uprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_NONE}, + {"uretprobe.multi+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_NONE}, + {"uprobe.multi.s+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_SLEEPABLE}, + {"uretprobe.multi.s+", sys.BPF_PROG_TYPE_KPROBE, sys.BPF_TRACE_UPROBE_MULTI, _SEC_SLEEPABLE}, + {"ksyscall+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"kretsyscall+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_NONE}, + {"usdt+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_USDT}, + {"usdt.s+", sys.BPF_PROG_TYPE_KPROBE, 0, _SEC_USDT | _SEC_SLEEPABLE}, + {"tc/ingress", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_TCX_INGRESS, _SEC_NONE}, + {"tc/egress", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_TCX_EGRESS, _SEC_NONE}, + {"tcx/ingress", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_TCX_INGRESS, _SEC_NONE}, + {"tcx/egress", sys.BPF_PROG_TYPE_SCHED_CLS, sys.BPF_TCX_EGRESS, _SEC_NONE}, + {"tc", sys.BPF_PROG_TYPE_SCHED_CLS, 0, _SEC_NONE}, + {"classifier", sys.BPF_PROG_TYPE_SCHED_CLS, 0, _SEC_NONE}, + {"action", sys.BPF_PROG_TYPE_SCHED_ACT, 0, _SEC_NONE}, + {"tracepoint+", sys.BPF_PROG_TYPE_TRACEPOINT, 0, _SEC_NONE}, + {"tp+", sys.BPF_PROG_TYPE_TRACEPOINT, 0, _SEC_NONE}, + {"raw_tracepoint+", sys.BPF_PROG_TYPE_RAW_TRACEPOINT, 0, _SEC_NONE}, + {"raw_tp+", sys.BPF_PROG_TYPE_RAW_TRACEPOINT, 0, _SEC_NONE}, + {"raw_tracepoint.w+", sys.BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, 0, _SEC_NONE}, + {"raw_tp.w+", sys.BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, 0, _SEC_NONE}, + {"tp_btf+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_RAW_TP, _SEC_ATTACH_BTF}, + {"fentry+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_FENTRY, _SEC_ATTACH_BTF}, + {"fmod_ret+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_MODIFY_RETURN, _SEC_ATTACH_BTF}, + {"fexit+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_FEXIT, _SEC_ATTACH_BTF}, + {"fentry.s+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_FENTRY, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"fmod_ret.s+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_MODIFY_RETURN, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"fexit.s+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_FEXIT, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"freplace+", sys.BPF_PROG_TYPE_EXT, 0, _SEC_ATTACH_BTF}, + {"lsm+", sys.BPF_PROG_TYPE_LSM, sys.BPF_LSM_MAC, _SEC_ATTACH_BTF}, + {"lsm.s+", sys.BPF_PROG_TYPE_LSM, sys.BPF_LSM_MAC, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"lsm_cgroup+", sys.BPF_PROG_TYPE_LSM, sys.BPF_LSM_CGROUP, _SEC_ATTACH_BTF}, + {"iter+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_ITER, _SEC_ATTACH_BTF}, + {"iter.s+", sys.BPF_PROG_TYPE_TRACING, sys.BPF_TRACE_ITER, _SEC_ATTACH_BTF | _SEC_SLEEPABLE}, + {"syscall", sys.BPF_PROG_TYPE_SYSCALL, 0, _SEC_SLEEPABLE}, + {"xdp.frags/devmap", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_DEVMAP, _SEC_XDP_FRAGS}, + {"xdp/devmap", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_DEVMAP, _SEC_ATTACHABLE}, + {"xdp.frags/cpumap", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_CPUMAP, _SEC_XDP_FRAGS}, + {"xdp/cpumap", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP_CPUMAP, _SEC_ATTACHABLE}, + {"xdp.frags", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP, _SEC_XDP_FRAGS}, + {"xdp", sys.BPF_PROG_TYPE_XDP, sys.BPF_XDP, _SEC_ATTACHABLE_OPT}, + {"perf_event", sys.BPF_PROG_TYPE_PERF_EVENT, 0, _SEC_NONE}, + {"lwt_in", sys.BPF_PROG_TYPE_LWT_IN, 0, _SEC_NONE}, + {"lwt_out", sys.BPF_PROG_TYPE_LWT_OUT, 0, _SEC_NONE}, + {"lwt_xmit", sys.BPF_PROG_TYPE_LWT_XMIT, 0, _SEC_NONE}, + {"lwt_seg6local", sys.BPF_PROG_TYPE_LWT_SEG6LOCAL, 0, _SEC_NONE}, + {"sockops", sys.BPF_PROG_TYPE_SOCK_OPS, sys.BPF_CGROUP_SOCK_OPS, _SEC_ATTACHABLE_OPT}, + {"sk_skb/stream_parser", sys.BPF_PROG_TYPE_SK_SKB, sys.BPF_SK_SKB_STREAM_PARSER, _SEC_ATTACHABLE_OPT}, + {"sk_skb/stream_verdict", sys.BPF_PROG_TYPE_SK_SKB, sys.BPF_SK_SKB_STREAM_VERDICT, _SEC_ATTACHABLE_OPT}, + {"sk_skb", sys.BPF_PROG_TYPE_SK_SKB, 0, _SEC_NONE}, + {"sk_msg", sys.BPF_PROG_TYPE_SK_MSG, sys.BPF_SK_MSG_VERDICT, _SEC_ATTACHABLE_OPT}, + {"lirc_mode2", sys.BPF_PROG_TYPE_LIRC_MODE2, sys.BPF_LIRC_MODE2, _SEC_ATTACHABLE_OPT}, + {"flow_dissector", sys.BPF_PROG_TYPE_FLOW_DISSECTOR, sys.BPF_FLOW_DISSECTOR, _SEC_ATTACHABLE_OPT}, + {"cgroup_skb/ingress", sys.BPF_PROG_TYPE_CGROUP_SKB, sys.BPF_CGROUP_INET_INGRESS, _SEC_ATTACHABLE_OPT}, + {"cgroup_skb/egress", sys.BPF_PROG_TYPE_CGROUP_SKB, sys.BPF_CGROUP_INET_EGRESS, _SEC_ATTACHABLE_OPT}, + {"cgroup/skb", sys.BPF_PROG_TYPE_CGROUP_SKB, 0, _SEC_NONE}, + {"cgroup/sock_create", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET_SOCK_CREATE, _SEC_ATTACHABLE}, + {"cgroup/sock_release", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET_SOCK_RELEASE, _SEC_ATTACHABLE}, + {"cgroup/sock", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET_SOCK_CREATE, _SEC_ATTACHABLE_OPT}, + {"cgroup/post_bind4", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET4_POST_BIND, _SEC_ATTACHABLE}, + {"cgroup/post_bind6", sys.BPF_PROG_TYPE_CGROUP_SOCK, sys.BPF_CGROUP_INET6_POST_BIND, _SEC_ATTACHABLE}, + {"cgroup/bind4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET4_BIND, _SEC_ATTACHABLE}, + {"cgroup/bind6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET6_BIND, _SEC_ATTACHABLE}, + {"cgroup/connect4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET4_CONNECT, _SEC_ATTACHABLE}, + {"cgroup/connect6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET6_CONNECT, _SEC_ATTACHABLE}, + {"cgroup/sendmsg4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UDP4_SENDMSG, _SEC_ATTACHABLE}, + {"cgroup/sendmsg6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UDP6_SENDMSG, _SEC_ATTACHABLE}, + {"cgroup/recvmsg4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UDP4_RECVMSG, _SEC_ATTACHABLE}, + {"cgroup/recvmsg6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_UDP6_RECVMSG, _SEC_ATTACHABLE}, + {"cgroup/getpeername4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET4_GETPEERNAME, _SEC_ATTACHABLE}, + {"cgroup/getpeername6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET6_GETPEERNAME, _SEC_ATTACHABLE}, + {"cgroup/getsockname4", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET4_GETSOCKNAME, _SEC_ATTACHABLE}, + {"cgroup/getsockname6", sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR, sys.BPF_CGROUP_INET6_GETSOCKNAME, _SEC_ATTACHABLE}, + {"cgroup/sysctl", sys.BPF_PROG_TYPE_CGROUP_SYSCTL, sys.BPF_CGROUP_SYSCTL, _SEC_ATTACHABLE}, + {"cgroup/getsockopt", sys.BPF_PROG_TYPE_CGROUP_SOCKOPT, sys.BPF_CGROUP_GETSOCKOPT, _SEC_ATTACHABLE}, + {"cgroup/setsockopt", sys.BPF_PROG_TYPE_CGROUP_SOCKOPT, sys.BPF_CGROUP_SETSOCKOPT, _SEC_ATTACHABLE}, + {"cgroup/dev", sys.BPF_PROG_TYPE_CGROUP_DEVICE, sys.BPF_CGROUP_DEVICE, _SEC_ATTACHABLE_OPT}, + {"struct_ops+", sys.BPF_PROG_TYPE_STRUCT_OPS, 0, _SEC_NONE}, + {"struct_ops.s+", sys.BPF_PROG_TYPE_STRUCT_OPS, 0, _SEC_SLEEPABLE}, + {"sk_lookup", sys.BPF_PROG_TYPE_SK_LOOKUP, sys.BPF_SK_LOOKUP, _SEC_ATTACHABLE}, + {"netfilter", sys.BPF_PROG_TYPE_NETFILTER, sys.BPF_NETFILTER, _SEC_NONE}, +} diff --git a/internal/cmd/gensections.awk b/internal/cmd/gensections.awk new file mode 100755 index 000000000..b05950fb9 --- /dev/null +++ b/internal/cmd/gensections.awk @@ -0,0 +1,36 @@ +#!/usr/bin/gawk -f +# This script expects tools/lib/bpf/libbpf.c as input. + +function trim(str, left, right) { + str = gensub("^[\t ]*" left, "", "g", str) + return gensub(right "$", "", "g", str) +} + +BEGIN { + print "// Code generated by internal/cmd/gensections.awk; DO NOT EDIT." + print "" + print "package ebpf" + print "" + print "// Code in this file is derived from libbpf, available under BSD-2-Clause." + print "" + print "import \"github.com/cilium/ebpf/internal/sys\"" + print "" + print "var elfSectionDefs = []libbpfElfSectionDef{" + + FS="," +} + +/\tSEC_DEF/ { + pattern = trim(substr($1, 10)) + prog_type = "sys.BPF_PROG_TYPE_" trim($2) + attach_type = trim($3) + attach_type = attach_type == "0" ? "0" : "sys." attach_type + flags = trim($4, "", ")") + flags = gensub("SEC_", "_SEC_", "g", flags) + printf "\t{%s, %s, %s, %s},\n", pattern, prog_type, attach_type, flags; +} + +END { + print "}" + print "" +} diff --git a/types.go b/types.go index e9215519a..5146721c8 100644 --- a/types.go +++ b/types.go @@ -125,38 +125,39 @@ type ProgramType uint32 // eBPF program types const ( - UnspecifiedProgram ProgramType = iota - SocketFilter - Kprobe - SchedCLS - SchedACT - TracePoint - XDP - PerfEvent - CGroupSKB - CGroupSock - LWTIn - LWTOut - LWTXmit - SockOps - SkSKB - CGroupDevice - SkMsg - RawTracepoint - CGroupSockAddr - LWTSeg6Local - LircMode2 - SkReuseport - FlowDissector - CGroupSysctl - RawTracepointWritable - CGroupSockopt - Tracing - StructOps - Extension - LSM - SkLookup - Syscall + UnspecifiedProgram = ProgramType(sys.BPF_PROG_TYPE_UNSPEC) + SocketFilter = ProgramType(sys.BPF_PROG_TYPE_SOCKET_FILTER) + Kprobe = ProgramType(sys.BPF_PROG_TYPE_KPROBE) + SchedCLS = ProgramType(sys.BPF_PROG_TYPE_SCHED_CLS) + SchedACT = ProgramType(sys.BPF_PROG_TYPE_SCHED_ACT) + TracePoint = ProgramType(sys.BPF_PROG_TYPE_TRACEPOINT) + XDP = ProgramType(sys.BPF_PROG_TYPE_XDP) + PerfEvent = ProgramType(sys.BPF_PROG_TYPE_PERF_EVENT) + CGroupSKB = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SKB) + CGroupSock = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SOCK) + LWTIn = ProgramType(sys.BPF_PROG_TYPE_LWT_IN) + LWTOut = ProgramType(sys.BPF_PROG_TYPE_LWT_OUT) + LWTXmit = ProgramType(sys.BPF_PROG_TYPE_LWT_XMIT) + SockOps = ProgramType(sys.BPF_PROG_TYPE_SOCK_OPS) + SkSKB = ProgramType(sys.BPF_PROG_TYPE_SK_SKB) + CGroupDevice = ProgramType(sys.BPF_PROG_TYPE_CGROUP_DEVICE) + SkMsg = ProgramType(sys.BPF_PROG_TYPE_SK_MSG) + RawTracepoint = ProgramType(sys.BPF_PROG_TYPE_RAW_TRACEPOINT) + CGroupSockAddr = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SOCK_ADDR) + LWTSeg6Local = ProgramType(sys.BPF_PROG_TYPE_LWT_SEG6LOCAL) + LircMode2 = ProgramType(sys.BPF_PROG_TYPE_LIRC_MODE2) + SkReuseport = ProgramType(sys.BPF_PROG_TYPE_SK_REUSEPORT) + FlowDissector = ProgramType(sys.BPF_PROG_TYPE_FLOW_DISSECTOR) + CGroupSysctl = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SYSCTL) + RawTracepointWritable = ProgramType(sys.BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE) + CGroupSockopt = ProgramType(sys.BPF_PROG_TYPE_CGROUP_SOCKOPT) + Tracing = ProgramType(sys.BPF_PROG_TYPE_TRACING) + StructOps = ProgramType(sys.BPF_PROG_TYPE_STRUCT_OPS) + Extension = ProgramType(sys.BPF_PROG_TYPE_EXT) + LSM = ProgramType(sys.BPF_PROG_TYPE_LSM) + SkLookup = ProgramType(sys.BPF_PROG_TYPE_SK_LOOKUP) + Syscall = ProgramType(sys.BPF_PROG_TYPE_SYSCALL) + Netfilter = ProgramType(sys.BPF_PROG_TYPE_NETFILTER) ) // AttachType of the eBPF program, needed to differentiate allowed context accesses in @@ -170,49 +171,55 @@ type AttachType uint32 const AttachNone AttachType = 0 const ( - AttachCGroupInetIngress AttachType = iota - AttachCGroupInetEgress - AttachCGroupInetSockCreate - AttachCGroupSockOps - AttachSkSKBStreamParser - AttachSkSKBStreamVerdict - AttachCGroupDevice - AttachSkMsgVerdict - AttachCGroupInet4Bind - AttachCGroupInet6Bind - AttachCGroupInet4Connect - AttachCGroupInet6Connect - AttachCGroupInet4PostBind - AttachCGroupInet6PostBind - AttachCGroupUDP4Sendmsg - AttachCGroupUDP6Sendmsg - AttachLircMode2 - AttachFlowDissector - AttachCGroupSysctl - AttachCGroupUDP4Recvmsg - AttachCGroupUDP6Recvmsg - AttachCGroupGetsockopt - AttachCGroupSetsockopt - AttachTraceRawTp - AttachTraceFEntry - AttachTraceFExit - AttachModifyReturn - AttachLSMMac - AttachTraceIter - AttachCgroupInet4GetPeername - AttachCgroupInet6GetPeername - AttachCgroupInet4GetSockname - AttachCgroupInet6GetSockname - AttachXDPDevMap - AttachCgroupInetSockRelease - AttachXDPCPUMap - AttachSkLookup - AttachXDP - AttachSkSKBVerdict - AttachSkReuseportSelect - AttachSkReuseportSelectOrMigrate - AttachPerfEvent - AttachTraceKprobeMulti + AttachCGroupInetIngress = AttachType(sys.BPF_CGROUP_INET_INGRESS) + AttachCGroupInetEgress = AttachType(sys.BPF_CGROUP_INET_EGRESS) + AttachCGroupInetSockCreate = AttachType(sys.BPF_CGROUP_INET_SOCK_CREATE) + AttachCGroupSockOps = AttachType(sys.BPF_CGROUP_SOCK_OPS) + AttachSkSKBStreamParser = AttachType(sys.BPF_SK_SKB_STREAM_PARSER) + AttachSkSKBStreamVerdict = AttachType(sys.BPF_SK_SKB_STREAM_VERDICT) + AttachCGroupDevice = AttachType(sys.BPF_CGROUP_DEVICE) + AttachSkMsgVerdict = AttachType(sys.BPF_SK_MSG_VERDICT) + AttachCGroupInet4Bind = AttachType(sys.BPF_CGROUP_INET4_BIND) + AttachCGroupInet6Bind = AttachType(sys.BPF_CGROUP_INET6_BIND) + AttachCGroupInet4Connect = AttachType(sys.BPF_CGROUP_INET4_CONNECT) + AttachCGroupInet6Connect = AttachType(sys.BPF_CGROUP_INET6_CONNECT) + AttachCGroupInet4PostBind = AttachType(sys.BPF_CGROUP_INET4_POST_BIND) + AttachCGroupInet6PostBind = AttachType(sys.BPF_CGROUP_INET6_POST_BIND) + AttachCGroupUDP4Sendmsg = AttachType(sys.BPF_CGROUP_UDP4_SENDMSG) + AttachCGroupUDP6Sendmsg = AttachType(sys.BPF_CGROUP_UDP6_SENDMSG) + AttachLircMode2 = AttachType(sys.BPF_LIRC_MODE2) + AttachFlowDissector = AttachType(sys.BPF_FLOW_DISSECTOR) + AttachCGroupSysctl = AttachType(sys.BPF_CGROUP_SYSCTL) + AttachCGroupUDP4Recvmsg = AttachType(sys.BPF_CGROUP_UDP4_RECVMSG) + AttachCGroupUDP6Recvmsg = AttachType(sys.BPF_CGROUP_UDP6_RECVMSG) + AttachCGroupGetsockopt = AttachType(sys.BPF_CGROUP_GETSOCKOPT) + AttachCGroupSetsockopt = AttachType(sys.BPF_CGROUP_SETSOCKOPT) + AttachTraceRawTp = AttachType(sys.BPF_TRACE_RAW_TP) + AttachTraceFEntry = AttachType(sys.BPF_TRACE_FENTRY) + AttachTraceFExit = AttachType(sys.BPF_TRACE_FEXIT) + AttachModifyReturn = AttachType(sys.BPF_MODIFY_RETURN) + AttachLSMMac = AttachType(sys.BPF_LSM_MAC) + AttachTraceIter = AttachType(sys.BPF_TRACE_ITER) + AttachCgroupInet4GetPeername = AttachType(sys.BPF_CGROUP_INET4_GETPEERNAME) + AttachCgroupInet6GetPeername = AttachType(sys.BPF_CGROUP_INET6_GETPEERNAME) + AttachCgroupInet4GetSockname = AttachType(sys.BPF_CGROUP_INET4_GETSOCKNAME) + AttachCgroupInet6GetSockname = AttachType(sys.BPF_CGROUP_INET6_GETSOCKNAME) + AttachXDPDevMap = AttachType(sys.BPF_XDP_DEVMAP) + AttachCgroupInetSockRelease = AttachType(sys.BPF_CGROUP_INET_SOCK_RELEASE) + AttachXDPCPUMap = AttachType(sys.BPF_XDP_CPUMAP) + AttachSkLookup = AttachType(sys.BPF_SK_LOOKUP) + AttachXDP = AttachType(sys.BPF_XDP) + AttachSkSKBVerdict = AttachType(sys.BPF_SK_SKB_VERDICT) + AttachSkReuseportSelect = AttachType(sys.BPF_SK_REUSEPORT_SELECT) + AttachSkReuseportSelectOrMigrate = AttachType(sys.BPF_SK_REUSEPORT_SELECT_OR_MIGRATE) + AttachPerfEvent = AttachType(sys.BPF_PERF_EVENT) + AttachTraceKprobeMulti = AttachType(sys.BPF_TRACE_KPROBE_MULTI) + AttachLSMCgroup = AttachType(sys.BPF_LSM_CGROUP) + AttachStructOps = AttachType(sys.BPF_STRUCT_OPS) + AttachNetfilter = AttachType(sys.BPF_NETFILTER) + AttachTCXIngress = AttachType(sys.BPF_TCX_INGRESS) + AttachTCXEgress = AttachType(sys.BPF_TCX_EGRESS) + AttachTraceUprobeMulti = AttachType(sys.BPF_TRACE_UPROBE_MULTI) ) // AttachFlags of the eBPF program used in BPF_PROG_ATTACH command diff --git a/types_string.go b/types_string.go index e20c37aa4..ee60b5be5 100644 --- a/types_string.go +++ b/types_string.go @@ -86,11 +86,12 @@ func _() { _ = x[LSM-29] _ = x[SkLookup-30] _ = x[Syscall-31] + _ = x[Netfilter-32] } -const _ProgramType_name = "UnspecifiedProgramSocketFilterKprobeSchedCLSSchedACTTracePointXDPPerfEventCGroupSKBCGroupSockLWTInLWTOutLWTXmitSockOpsSkSKBCGroupDeviceSkMsgRawTracepointCGroupSockAddrLWTSeg6LocalLircMode2SkReuseportFlowDissectorCGroupSysctlRawTracepointWritableCGroupSockoptTracingStructOpsExtensionLSMSkLookupSyscall" +const _ProgramType_name = "UnspecifiedProgramSocketFilterKprobeSchedCLSSchedACTTracePointXDPPerfEventCGroupSKBCGroupSockLWTInLWTOutLWTXmitSockOpsSkSKBCGroupDeviceSkMsgRawTracepointCGroupSockAddrLWTSeg6LocalLircMode2SkReuseportFlowDissectorCGroupSysctlRawTracepointWritableCGroupSockoptTracingStructOpsExtensionLSMSkLookupSyscallNetfilter" -var _ProgramType_index = [...]uint16{0, 18, 30, 36, 44, 52, 62, 65, 74, 83, 93, 98, 104, 111, 118, 123, 135, 140, 153, 167, 179, 188, 199, 212, 224, 245, 258, 265, 274, 283, 286, 294, 301} +var _ProgramType_index = [...]uint16{0, 18, 30, 36, 44, 52, 62, 65, 74, 83, 93, 98, 104, 111, 118, 123, 135, 140, 153, 167, 179, 188, 199, 212, 224, 245, 258, 265, 274, 283, 286, 294, 301, 310} func (i ProgramType) String() string { if i >= ProgramType(len(_ProgramType_index)-1) {