Conversation
Signed-off-by: Antoine Tenart <atenart@redhat.com>
Add a common context to probes to allow retrieving information later on in either the probes or their hooks. This is required as each probe type comes with its own context and an abstraction layer is need. Signed-off-by: Antoine Tenart <atenart@redhat.com>
Using kallsyms and BTF we can retrieve information about the targets at runtime, which is then used when attaching probes as they are as generic as possible and need some inputs. Signed-off-by: Antoine Tenart <atenart@redhat.com>
This adds hook definitions and the logic to call them from the BPF probes. The hooks will be replaced at runtime, before the BPF programs are loaded. We are supporting 10 hooks for now. Signed-off-by: Antoine Tenart <atenart@redhat.com>
Add an API for registering hooks in kernel probes. The logic to replace the hooks in the BPF object is also added. For now hooks registered through this API will be attached to all loaded programs and will run unconditionally. [libbpfs_rs logic to replace functions in loaded objects] Co-developed-by: Paolo Valerio <pvalerio@redhat.com> Signed-off-by: Antoine Tenart <atenart@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
When running tests we need to use a known one so we can look up addresses and symbols and be sure we'll find them and we'll find a fixed value. To achieve this a different kallsyms file is used when running tests. The issue with the current implementation is tests using the module can't work if the kernel_symbols tests didn't run first, because then the kassyms singleton would not have been initialized with the test data. To fix this move to a kallsyms file conditional definition directly in the implementation. This is a build time choice. This allows running tests which would have failed otherwise, such as: $ cargo test core::probe::kernel running 5 tests test core::probe::kernel::kprobe::tests::init_and_attach ... ignored test core::probe::kernel::raw_tracepoint::tests::init_and_attach ... ignored test core::probe::kernel::tests::reuse_map ... ok test core::probe::kernel::tests::add_probe ... ok test core::probe::kernel::tests::register_hooks ... ok Signed-off-by: Antoine Tenart <atenart@redhat.com>
…gets Signed-off-by: Antoine Tenart <atenart@redhat.com>
Initial collector & kernel probes support
Initial hooks support
Signed-off-by: Antoine Tenart <atenart@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
This adds automatic inspection for some types (struct sk_buff, enum skb_drop_reason, struct net_device, struct net) and configures the probes so they can easily retrieve matching arguments, if any. An helper is also added to check if a function has a given parameter as an argument, given its type. This can be used by collectors as well to dynamically inspect the kernel and/or configure their hooks. The probe configuration part (config_map creation and use) is protected by #[cfg(not(test))] so that it does not run when starting unit tests. This should be OK for now, if this becomes a burden to maintain we can move to a runtime solution. Signed-off-by: Antoine Tenart <atenart@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
…sets Extend probe runtime inspection and provide parameter offsets
Rename modules mod.rs -> <module>.rs + re-export in mod.rs
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
build.rs: Silence clippy::explicit_auto_deref warning
Add a Hook object to embed all hook related data in the same object, rather than manipulating the raw BPF program and extra data as separate variables. Signed-off-by: Antoine Tenart <atenart@redhat.com>
This allows hook to reuse specific maps so modules registering them can have a hook-specific configuration or information exchange maps. Signed-off-by: Antoine Tenart <atenart@redhat.com>
This module runs CLI parsing twice leaving time for modules to dynamically register arguments to the subcommand that was actually run. The CLI is composed of the following elements: - ThinCli: Performs the first round (a.k.a "thin") parsing. - FullCli: Performs the full CLI parsing. - SubCommand trait: Defines the behavior of subcommands. - DynamicCommand: Handles dynamic registration of arguments. This commit only adds the basic scheleton which will be implemented in follow up commits. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Implement basic DynamicCommand registration and section retrieval. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Implement two-fold cli parsing. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
cmd subdirectory is used to split common cli infastructure from specific commands. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
A comma-separated list of collectors can be specified. Both the default value and the possible values is dynamically determined based on the registered collectors. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
A new method is introduced to have collectors register their own cli arguments. At initialization time, collectors are given a reference to the CliConfig so they can read the user-provided configuration and modify their behavior accordingly.
Allow registration of modules without arguments. Their own presence might be queried (through modules()) and decisions might be made based on that. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Register skb collector in main CLI. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
collect argument has an option to enable collectors. Make the collector group honor it. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
PIE executables are loaded at arbitrary addresses (same as shared libraries). Only in such case, we must offset the symbol address based on the exec's start_addr. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
The execute action is actually the main event in the OVS module since it happens (hopefully) much more often than the upcall. Add skb filtering to it. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Antoine Tenart <atenart@redhat.com>
Since kfree_skb_reason was introduced in Linux commit c504e5c2f964
("net: skb: introduce kfree_skb_reason()"), the skb:kfree_skb tracepoint
has support for reporting the drop reason. Use this instead of a kprobe
on kfree_skb_reason since this is a more stable interface. The slight
difference is kfree_skb_reason can be called with the SKB_CONSUMED
reason which won't make it into the tp, but that is OK as those are not
for dropped packets.
Signed-off-by: Antoine Tenart <atenart@redhat.com>
Since the drop reason retrieval feature is in dedicated module, - Upgrade the info into a warning when we can't retrieve drop reasons. We still might not want to fail here to allow supporting a broader set of kernel versions (in profiles for example). - Return an error if we can't attach our probe as we know the tp exists and has access to drop reasons at this point. Signed-off-by: Antoine Tenart <atenart@redhat.com>
user: resolve usdt symbols in PIE executables
ovs: add skb filtering on execute_action event
Use a text format for drop reasons in events
fix it as this warns with the +nightly and can potentially make clippy fail. Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
remove unneeded mut
…_IBT=y When CONFIG_X86_KERNEL_IBT=y an endbr instruction at the function entry can be added, resulting in IP being +4 further. Use bpf_get_func_ip to get the function IP (ksym), which takes care of the above (& additional checks). Signed-off-by: Antoine Tenart <atenart@redhat.com>
core: probe: kernel: kprobe: fix ksym retrieval for CONFIG_X86_KERNEL_IBT=y
Fix it by removing the unneeded discriminant value previously added for consistency. No functional changes. Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
fix build with rustc 1.65
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Using Cirrus-CI nested virtualization capabilities. For now, only fedora36 VM is supported. More to come. Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
pytest is just used for making use of fixtures Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
amorenoz
force-pushed
the
funtional-tests-testing2
branch
from
2331c80 to
f6ca529
Compare
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
amorenoz
force-pushed
the
funtional-tests-testing2
branch
from
f6ca529 to
0bfec8f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.