runtime: reconstruct bpf_attach_ctx (#44)

* Update

* Update

* Update two unit tests

* Update by & for tests

* Do some update

* Update

* Update

* Update

* Update

* Update

* Update

* Update visibility

* Update with working sslsniff

* Update

* Update

* Remove useless thing

CMakeLists.txt

@@ -78,12 +78,11 @@ endif()
 # spdlog
 add_subdirectory(third_party/spdlog)
 
-set(SPDLOG_INCLUDE {CMAKE_CURRENT_SOURCE_DIR}/third_party/spdlog/include)
+set(SPDLOG_INCLUDE ${CMAKE_CURRENT_SOURCE_DIR}/third_party/spdlog/include)
 
 # main library
 add_subdirectory(vm)
 add_subdirectory(runtime)
-add_subdirectory(tools)
 
 # benchmark that requires bpftime libraries
 add_subdirectory(benchmark)

cmake/libbpf.cmake

@@ -19,10 +19,7 @@ ExternalProject_Add(libbpf
 set(LIBBPF_INCLUDE_DIRS ${CMAKE_CURRENT_BINARY_DIR}/libbpf)
 set(LIBBPF_LIBRARIES ${CMAKE_CURRENT_BINARY_DIR}/libbpf/libbpf.a)
 
-#
-add_custom_target(copy_headers ALL
-  COMMENT "Copying headers"
-)
+set(header_output_list)
 
 function(copy_header TARGET SRC_DIR TARGET_DIR)
   file(GLOB_RECURSE FILES RELATIVE "${SRC_DIR}" "${SRC_DIR}/*")
@@ -31,21 +28,28 @@ function(copy_header TARGET SRC_DIR TARGET_DIR)
   foreach(file ${FILES})
     get_filename_component(PARENT_DIR "${TARGET_DIR}/${file}" DIRECTORY)
     add_custom_command(
-      TARGET ${TARGET}
       PRE_BUILD
       COMMAND ${CMAKE_COMMAND} -E make_directory ${PARENT_DIR}
       COMMAND ${CMAKE_COMMAND} -E copy
       ${SRC_DIR}/${file}
       ${TARGET_DIR}/${file}
       COMMENT "Copying file ${HEADER_DIRS}/${file} to ${TARGET_DIR}/${file}"
       BYPRODUCTS ${TARGET_DIR}/${file}
+      OUTPUT ${TARGET_DIR}/${file}
+      DEPENDS ${SRC_DIR}/${file}
     )
+    list(APPEND header_output_list ${TARGET_DIR}/${file})
   endforeach()
 endfunction()
 
 copy_header(copy_headers "${LIBBPF_DIR}/include/linux" "${LIBBPF_INCLUDE_DIRS}/linux")
 copy_header(copy_headers "${LIBBPF_DIR}/include/uapi/linux" "${LIBBPF_INCLUDE_DIRS}/linux")
 
+add_custom_target(copy_headers ALL
+  COMMENT "Copying headers"
+  DEPENDS ${header_output_list}
+)
+
 set(HEADER_FILES relo_core.h hashmap.h nlattr.h libbpf_internal.h)
 
 foreach(file ${HEADER_FILES})
@@ -76,13 +80,14 @@ ExternalProject_Add(bpftool
 )
 
 function(add_bpf_skel_generating_target target_name bpf_program output_skel)
-  add_custom_target(${target_name} ALL
+  add_custom_command(
+    OUTPUT ${output_skel}
     COMMAND "${BPFTOOL_INSTALL_DIR}/bpftool" "gen" "skeleton" "${bpf_program}" > "${output_skel}"
-    BYPRODUCTS ${output_skel}
-    SOURCES ${bpf_program}
-    DEPENDS bpftool
-
-    )
+    DEPENDS bpftool ${bpf_program}
+  )
+  add_custom_target(${target_name}
+    DEPENDS ${output_skel}
+  )
 endfunction()
 
 # Define a helper function
@@ -99,10 +104,13 @@ function(add_ebpf_program_target target_name source_file output_file)
     COMMAND_ERROR_IS_FATAL ANY
   )
   string(STRIP ${UNAME_ARCH} UNAME_ARCH_STRIPPED)
-  add_custom_target(${target_name} ALL
+  add_custom_command(
+    OUTPUT ${output_file}
     COMMAND clang -O2 -target bpf -c -g -D__TARGET_ARCH_${UNAME_ARCH_STRIPPED} -I${CMAKE_SOURCE_DIR}/third_party/vmlinux/${UNAME_ARCH_STRIPPED} -I${LIBBPF_INCLUDE_DIRS}/uapi -I${LIBBPF_INCLUDE_DIRS} ${source_file} -o ${output_file}
-    BYPRODUCTS ${output_file}
-    SOURCES ${source_file}
+    DEPENDS ${source_file}
+  )
+  add_custom_target(${target_name}
+    DEPENDS ${output_file}
   )
   add_dependencies(${target_name} copy_headers)
 endfunction()

example/sslsniff/sslsniff.bpf.c

@@ -63,7 +63,7 @@ int BPF_UPROBE(probe_SSL_rw_enter, void *ssl, void *buf, int num) {
     return 0;
 }
 
-static int SSL_exit(struct pt_regs *ctx, int rw) {
+static __always_inline int SSL_exit(struct pt_regs *ctx, int rw) {
     int ret = 0;
     u32 zero = 0;
     u64 pid_tgid = bpf_get_current_pid_tgid();

runtime/CMakeLists.txt

@@ -52,8 +52,9 @@ set(sources
 
   src/ffi.cpp
   src/bpf_helper.cpp
-  src/attach/attach_internal.cpp
   src/attach/bpf_attach_ctx.cpp
+  src/attach/attach_manager/base_attach_manager.cpp
+  src/attach/attach_manager/frida_attach_manager.cpp
   src/handler/handler_manager.cpp
   src/handler/map_handler.cpp
   src/handler/perf_event_handler.cpp
@@ -89,12 +90,15 @@ add_library(
   ${sources}
 )
 set_property(TARGET ${PROJECT_NAME} PROPERTY CXX_STANDARD 20)
-add_custom_target(
-  syscall_id_table
+add_custom_command(
+  OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/syscall_id_list.h
   COMMAND /bin/bash ${CMAKE_CURRENT_SOURCE_DIR}/generate_syscall_id_table.sh "${CMAKE_CURRENT_BINARY_DIR}/syscall_id_list.h"
-  BYPRODUCTS ${CMAKE_CURRENT_BINARY_DIR}/syscall_id_list.h
   USES_TERMINAL
 )
+add_custom_target(
+  syscall_id_table
+  DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/syscall_id_list.h
+)
 
 target_include_directories(${PROJECT_NAME}
   PUBLIC

runtime/include/bpf_attach_ctx.hpp

@@ -1,11 +1,11 @@
 #ifndef _BPF_ATTACH_CTX
 #define _BPF_ATTACH_CTX
+#include "attach/attach_manager/base_attach_manager.hpp"
 #include <cinttypes>
 #include <common/bpftime_config.hpp>
 #include <map>
 #include <vector>
 #include <memory>
-#include "hook_entry.hpp"
 typedef struct _GumInterceptor GumInterceptor;
 typedef struct _GumInvocationListener GumInvocationListener;
 
@@ -28,32 +28,32 @@ class bpf_attach_ctx {
 	// attach to a function in the object. the bpf program will be called
 	// before the
 	// function execution.
-	int create_uprobe(void *function, int id, bool retprobe = false);
+	// int create_uprobe(void *function, int id, bool retprobe = false);
 	// filter the function execution.
-	int create_filter(void *function);
-	int create_filter(void *function, int id);
+	// int create_filter(void *function);
+	// int create_filter(void *function, int id);
 	// hook a function to new_function
-	int create_replace_with_handler(int id, bpftime_hook_entry_type type,
-					void *function, void *handler_func);
+	// int create_replace_with_handler(int id, bpftime_hook_entry_type type,
+	// 				void *function, void *handler_func);
 	// the bpf program will be called instead of the function execution.
-	int create_replace(void *function);
+	// int create_replace(void *function);
 	// create a replace function with an id
-	int create_replace(void *function, int id);
+	// int create_replace(void *function, int id);
 	// Create a syscall tracepoint, recording its corresponding program into
 	// syscall_entry_progs and syscall_exit_progs
 	int create_tracepoint(int tracepoint_id, int perf_fd,
 			      const handler_manager *manager);
-	int destory_attach(int id);
+	// int destory_attach(int id);
 
 	// attach prog to a given attach id
-	int attach_prog(const bpftime_prog *prog, int id);
+	// int attach_prog(const bpftime_prog *prog, int id);
 	// the bpf program will be called instead of the function execution.
-	int detach(const bpftime_prog *prog);
+	// int detach(const bpftime_prog *prog);
 
 	// replace the function for the old program. prog can be nullptr
-	int replace_func(void *new_function, void *target_function, void *data);
-	// revert or recover the function for the old program
-	int revert_func(void *target_function);
+	// int replace_func(void *new_function, void *target_function, void
+	// *data); revert or recover the function for the old program int
+	// revert_func(void *target_function);
 
 	// create bpf_attach_ctx from handler_manager in shared memory
 	int init_attach_ctx_from_handlers(const handler_manager *manager,
@@ -63,16 +63,16 @@ class bpf_attach_ctx {
 	// attach progs with fds to the fds in manager
 	int attach_progs_in_manager(const handler_manager *manager);
 
-	// find the function by name in current process
-	// must be called after init attach_ctx
-	void *find_function_by_name(const char *name);
-	// find module export function by name
-	// must be called after init attach_ctx
-	void *module_find_export_by_name(const char *module_name,
-					 const char *symbol_name);
-	// get the base addr of a module
-	// must be called after init attach_ctx
-	void *module_get_base_addr(const char *module_name);
+	// // find the function by name in current process
+	// // must be called after init attach_ctx
+	// void *find_function_by_name(const char *name);
+	// // find module export function by name
+	// // must be called after init attach_ctx
+	// void *module_find_export_by_name(const char *module_name,
+	// 				 const char *symbol_name);
+	// // get the base addr of a module
+	// // must be called after init attach_ctx
+	// void *module_get_base_addr(const char *module_name);
 
 	// Check whether there is a syscall trace program. Use the global
 	// handler manager
@@ -94,19 +94,23 @@ class bpf_attach_ctx {
 	{
 		orig_syscall = f;
 	}
+	base_attach_manager &get_attach_manager()
+	{
+		return *attach_manager;
+	}
 
     private:
 	// add uprobe listener
-	int add_listener(GumInvocationListener *listener, void *target_function,
-			 void *data);
+	// int add_listener(GumInvocationListener *listener, void
+	// *target_function, 		 void *data);
 	constexpr static int CURRENT_ID_OFFSET = 65536;
 	volatile int current_id = CURRENT_ID_OFFSET;
 	// frida gum interceptor
-	GumInterceptor *interceptor = nullptr;
+	// GumInterceptor *interceptor = nullptr;
 	// map between function and bpf program
-	std::map<void *, hook_entry> hook_entry_table;
+	// std::map<void *, hook_entry> hook_entry_table;
 	// map between fd and function
-	std::map<int, void *> hook_entry_index;
+	// std::map<int, void *> hook_entry_index;
 
 	// save the progs for memory management
 	std::map<int, std::unique_ptr<bpftime_prog> > progs;
@@ -117,6 +121,7 @@ class bpf_attach_ctx {
 	std::vector<const bpftime_prog *> global_sys_exit_progs;
 
 	syscall_hooker_func_t orig_syscall = nullptr;
+	std::unique_ptr<base_attach_manager> attach_manager;
 };
 
 } // namespace bpftime

runtime/include/bpftime.hpp

@@ -4,7 +4,6 @@
 #include <ebpf-vm.h>
 #include <common/bpftime_config.hpp>
 #include "bpf_attach_ctx.hpp"
-#include "hook_entry.hpp"
 #include "bpftime_ffi.hpp"
 #include "bpftime_helper_group.hpp"
 #include "bpftime_prog.hpp"

runtime/include/bpftime_ffi.hpp

@@ -1,5 +1,6 @@
 #ifndef _BPFTIME_FFI_HPP
 #define _BPFTIME_FFI_HPP
+#include "attach/attach_manager/base_attach_manager.hpp"
 #include <cinttypes>
 #include <cstddef>
 #include "bpf_attach_ctx.hpp"
@@ -60,7 +61,7 @@ void bpftime_ffi_register_ffi(uint64_t id, ebpf_ffi_func_info func_info);
 
 // register a ffi for a program base on info.
 // probe ctx will find the function address and fill in the func_info
-int bpftime_ffi_resolve_from_info(bpf_attach_ctx *probe_ctx,
+int bpftime_ffi_resolve_from_info(base_attach_manager *probe_ctx,
 				  ebpf_ffi_func_info func_info);
 
 } // namespace bpftime

runtime/object/CMakeLists.txt

@@ -31,3 +31,4 @@ target_include_directories(bpftime-object PUBLIC
   $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../vm/include>
   ${SPDLOG_INCLUDE}
 )
+set(BPFTIME_OBJECT_INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR} PARENT_SCOPE)

runtime/object/bpf_object.cpp

@@ -3,8 +3,7 @@
 #include <list>
 #include <memory>
 #include <string_view>
-#include "bpftime.hpp"
-#include "bpftime_internal.h"
+#include "bpftime_prog.hpp"
 #include <spdlog/spdlog.h>
 using namespace std;
 using namespace bpftime;

runtime/object/bpftime_object.h → runtime/object/bpftime_object.hpp

@@ -9,8 +9,7 @@ class bpftime_object;
 // open the object elf file and load it into the context
 bpftime_object *bpftime_object_open(const char *obj_path);
 // load btf associate with the host environment
-int bpftime_object_load_relocate_btf(bpftime_object *obj,
-				     const char *btf_path);
+int bpftime_object_load_relocate_btf(bpftime_object *obj, const char *btf_path);
 // close and free the object
 void bpftime_object_close(bpftime_object *obj);