diff --git a/bpf/bpf.go b/bpf/bpf.go index f17d9a36..1488b310 100644 --- a/bpf/bpf.go +++ b/bpf/bpf.go @@ -294,19 +294,49 @@ func (b *BPF) AttachKprobes() error { lk, err = link.Kretprobe("__dev_get_by_index", b.objs.KretprobeDevGetByIndex, &link.KprobeOptions{}) if err != nil { - return fmt.Errorf("attach kretprobe/__dev_get_by_index: %w", err) + log.Infof("%+v", err) + // TODO: use errors.Is(xxx) or == + if strings.Contains(err.Error(), "no such file or directory") { + lk, err = link.Kretprobe("dev_get_by_index", + b.objs.KretprobeDevGetByIndexLegacy, &link.KprobeOptions{}) + if err != nil { + return fmt.Errorf("attach kretprobe/dev_get_by_index: %w", err) + } + } else { + return fmt.Errorf("attach kretprobe/__dev_get_by_index: %w", err) + } } b.links = append(b.links, lk) lk, err = link.Kprobe("__dev_change_net_namespace", b.objs.KprobeDevChangeNetNamespace, &link.KprobeOptions{}) if err != nil { - return fmt.Errorf("attach kprobe/__dev_change_net_namespace: %w", err) + log.Infof("%+v", err) + // TODO: use errors.Is(xxx) or == + if strings.Contains(err.Error(), "no such file or directory") { + lk, err = link.Kprobe("dev_change_net_namespace", + b.objs.KprobeDevChangeNetNamespaceLegacy, &link.KprobeOptions{}) + if err != nil { + return fmt.Errorf("attach kprobe/dev_change_net_namespace: %w", err) + } + } else { + return fmt.Errorf("attach kprobe/__dev_change_net_namespace: %w", err) + } } b.links = append(b.links, lk) lk, err = link.Kretprobe("__dev_change_net_namespace", b.objs.KretprobeDevChangeNetNamespace, &link.KprobeOptions{}) if err != nil { - return fmt.Errorf("attach kretprobe/__dev_change_net_namespace: %w", err) + log.Infof("%+v", err) + // TODO: use errors.Is(xxx) or == + if strings.Contains(err.Error(), "no such file or directory") { + lk, err = link.Kretprobe("dev_change_net_namespace", + b.objs.KretprobeDevChangeNetNamespaceLegacy, &link.KprobeOptions{}) + if err != nil { + return fmt.Errorf("attach kretprobe/dev_change_net_namespace: %w", err) + } + } else { + return fmt.Errorf("attach kretprobe/__dev_change_net_namespace: %w", err) + } } b.links = append(b.links, lk) } diff --git a/bpf/bpf_arm64_bpfel.go b/bpf/bpf_arm64_bpfel.go index 3848f73c..3ae7e5a4 100644 --- a/bpf/bpf_arm64_bpfel.go +++ b/bpf/bpf_arm64_bpfel.go @@ -158,28 +158,31 @@ type BpfSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type BpfProgramSpecs struct { - CgroupSockCreate *ebpf.ProgramSpec `ebpf:"cgroup__sock_create"` - CgroupSockRelease *ebpf.ProgramSpec `ebpf:"cgroup__sock_release"` - KprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace"` - KprobeNfNatManipPkt *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_packet"` - KprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kprobe__register_netdevice"` - KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendSkb *ebpf.ProgramSpec `ebpf:"kprobe__udp_send_skb"` - KprobeUdpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__udp_sendmsg"` - KretprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index"` - KretprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kretprobe__register_netdevice"` - RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"` - TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"` - TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"` - TracepointSyscallsSysEnterMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_exit_mount"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + CgroupSockCreate *ebpf.ProgramSpec `ebpf:"cgroup__sock_create"` + CgroupSockRelease *ebpf.ProgramSpec `ebpf:"cgroup__sock_release"` + KprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.ProgramSpec `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"` + TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` } // BpfMapSpecs contains maps before they are loaded into the kernel. @@ -287,28 +290,31 @@ func (m *BpfMaps) Close() error { // // It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type BpfPrograms struct { - CgroupSockCreate *ebpf.Program `ebpf:"cgroup__sock_create"` - CgroupSockRelease *ebpf.Program `ebpf:"cgroup__sock_release"` - KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` - KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` - KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` - KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` - KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` - KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` - KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` - RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` - TcEgress *ebpf.Program `ebpf:"tc_egress"` - TcIngress *ebpf.Program `ebpf:"tc_ingress"` - TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + CgroupSockCreate *ebpf.Program `ebpf:"cgroup__sock_create"` + CgroupSockRelease *ebpf.Program `ebpf:"cgroup__sock_release"` + KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.Program `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.Program `ebpf:"tc_egress"` + TcIngress *ebpf.Program `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` } func (p *BpfPrograms) Close() error { @@ -316,6 +322,7 @@ func (p *BpfPrograms) Close() error { p.CgroupSockCreate, p.CgroupSockRelease, p.KprobeDevChangeNetNamespace, + p.KprobeDevChangeNetNamespaceLegacy, p.KprobeNfNatManipPkt, p.KprobeNfNatPacket, p.KprobeRegisterNetdevice, @@ -324,7 +331,9 @@ func (p *BpfPrograms) Close() error { p.KprobeUdpSendSkb, p.KprobeUdpSendmsg, p.KretprobeDevChangeNetNamespace, + p.KretprobeDevChangeNetNamespaceLegacy, p.KretprobeDevGetByIndex, + p.KretprobeDevGetByIndexLegacy, p.KretprobeRegisterNetdevice, p.RawTracepointSchedProcessExec, p.RawTracepointSchedProcessExit, diff --git a/bpf/bpf_arm64_bpfel.o b/bpf/bpf_arm64_bpfel.o index 5c466392..65e508e5 100644 Binary files a/bpf/bpf_arm64_bpfel.o and b/bpf/bpf_arm64_bpfel.o differ diff --git a/bpf/bpf_legacy.go b/bpf/bpf_legacy.go index 3811302d..9b2c4b6f 100644 --- a/bpf/bpf_legacy.go +++ b/bpf/bpf_legacy.go @@ -14,26 +14,31 @@ import ( //go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang -no-strip -no-global-types -target $TARGET bpf_legacy ./ptcpdump.c -- -I./headers -I./headers/$TARGET -I. -Wall -DLEGACY_KERNEL type BpfObjectsForLegacyKernel struct { - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` - KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` - KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` - KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` - RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` - KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` - KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` - KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` - KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` - TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` - TcEgress *ebpf.Program `ebpf:"tc_egress"` - TcIngress *ebpf.Program `ebpf:"tc_ingress"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + CgroupSockCreate *ebpf.Program `ebpf:"cgroup__sock_create"` + CgroupSockRelease *ebpf.Program `ebpf:"cgroup__sock_release"` + KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.Program `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.Program `ebpf:"tc_egress"` + TcIngress *ebpf.Program `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` BpfMaps } @@ -51,8 +56,11 @@ func (b *BpfObjects) FromLegacy(o *BpfObjectsForLegacyKernel) { b.KprobeRegisterNetdevice = o.KprobeRegisterNetdevice b.KretprobeRegisterNetdevice = o.KretprobeRegisterNetdevice b.KprobeDevChangeNetNamespace = o.KprobeDevChangeNetNamespace + b.KprobeDevChangeNetNamespaceLegacy = o.KprobeDevChangeNetNamespaceLegacy b.KretprobeDevChangeNetNamespace = o.KretprobeDevChangeNetNamespace + b.KretprobeDevChangeNetNamespaceLegacy = o.KretprobeDevChangeNetNamespaceLegacy b.KretprobeDevGetByIndex = o.KretprobeDevGetByIndex + b.KretprobeDevGetByIndexLegacy = o.KretprobeDevGetByIndexLegacy b.TracepointSyscallsSysEnterMount = o.TracepointSyscallsSysEnterMount b.TracepointSyscallsSysExitMount = o.TracepointSyscallsSysExitMount b.TcEgress = o.TcEgress diff --git a/bpf/bpf_legacy_arm64_bpfel.go b/bpf/bpf_legacy_arm64_bpfel.go index 72ee7d07..954f38be 100644 --- a/bpf/bpf_legacy_arm64_bpfel.go +++ b/bpf/bpf_legacy_arm64_bpfel.go @@ -53,26 +53,29 @@ type bpf_legacySpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_legacyProgramSpecs struct { - KprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace"` - KprobeNfNatManipPkt *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_packet"` - KprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kprobe__register_netdevice"` - KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendSkb *ebpf.ProgramSpec `ebpf:"kprobe__udp_send_skb"` - KprobeUdpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__udp_sendmsg"` - KretprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index"` - KretprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kretprobe__register_netdevice"` - RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"` - TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"` - TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"` - TracepointSyscallsSysEnterMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_exit_mount"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + KprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.ProgramSpec `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"` + TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` } // bpf_legacyMapSpecs contains maps before they are loaded into the kernel. @@ -180,31 +183,35 @@ func (m *bpf_legacyMaps) Close() error { // // It can be passed to loadBpf_legacyObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_legacyPrograms struct { - KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` - KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` - KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` - KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` - KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` - KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` - KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` - RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` - TcEgress *ebpf.Program `ebpf:"tc_egress"` - TcIngress *ebpf.Program `ebpf:"tc_ingress"` - TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.Program `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.Program `ebpf:"tc_egress"` + TcIngress *ebpf.Program `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` } func (p *bpf_legacyPrograms) Close() error { return _Bpf_legacyClose( p.KprobeDevChangeNetNamespace, + p.KprobeDevChangeNetNamespaceLegacy, p.KprobeNfNatManipPkt, p.KprobeNfNatPacket, p.KprobeRegisterNetdevice, @@ -213,7 +220,9 @@ func (p *bpf_legacyPrograms) Close() error { p.KprobeUdpSendSkb, p.KprobeUdpSendmsg, p.KretprobeDevChangeNetNamespace, + p.KretprobeDevChangeNetNamespaceLegacy, p.KretprobeDevGetByIndex, + p.KretprobeDevGetByIndexLegacy, p.KretprobeRegisterNetdevice, p.RawTracepointSchedProcessExec, p.RawTracepointSchedProcessExit, diff --git a/bpf/bpf_legacy_arm64_bpfel.o b/bpf/bpf_legacy_arm64_bpfel.o index b6838134..68d73703 100644 Binary files a/bpf/bpf_legacy_arm64_bpfel.o and b/bpf/bpf_legacy_arm64_bpfel.o differ diff --git a/bpf/bpf_legacy_x86_bpfel.go b/bpf/bpf_legacy_x86_bpfel.go index 4ddfdc43..775398f4 100644 --- a/bpf/bpf_legacy_x86_bpfel.go +++ b/bpf/bpf_legacy_x86_bpfel.go @@ -53,26 +53,29 @@ type bpf_legacySpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_legacyProgramSpecs struct { - KprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace"` - KprobeNfNatManipPkt *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_packet"` - KprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kprobe__register_netdevice"` - KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendSkb *ebpf.ProgramSpec `ebpf:"kprobe__udp_send_skb"` - KprobeUdpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__udp_sendmsg"` - KretprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index"` - KretprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kretprobe__register_netdevice"` - RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"` - TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"` - TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"` - TracepointSyscallsSysEnterMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_exit_mount"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + KprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.ProgramSpec `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"` + TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` } // bpf_legacyMapSpecs contains maps before they are loaded into the kernel. @@ -180,31 +183,35 @@ func (m *bpf_legacyMaps) Close() error { // // It can be passed to loadBpf_legacyObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_legacyPrograms struct { - KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` - KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` - KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` - KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` - KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` - KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` - KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` - RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` - TcEgress *ebpf.Program `ebpf:"tc_egress"` - TcIngress *ebpf.Program `ebpf:"tc_ingress"` - TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.Program `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.Program `ebpf:"tc_egress"` + TcIngress *ebpf.Program `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` } func (p *bpf_legacyPrograms) Close() error { return _Bpf_legacyClose( p.KprobeDevChangeNetNamespace, + p.KprobeDevChangeNetNamespaceLegacy, p.KprobeNfNatManipPkt, p.KprobeNfNatPacket, p.KprobeRegisterNetdevice, @@ -213,7 +220,9 @@ func (p *bpf_legacyPrograms) Close() error { p.KprobeUdpSendSkb, p.KprobeUdpSendmsg, p.KretprobeDevChangeNetNamespace, + p.KretprobeDevChangeNetNamespaceLegacy, p.KretprobeDevGetByIndex, + p.KretprobeDevGetByIndexLegacy, p.KretprobeRegisterNetdevice, p.RawTracepointSchedProcessExec, p.RawTracepointSchedProcessExit, diff --git a/bpf/bpf_legacy_x86_bpfel.o b/bpf/bpf_legacy_x86_bpfel.o index 208574e2..ae885519 100644 Binary files a/bpf/bpf_legacy_x86_bpfel.o and b/bpf/bpf_legacy_x86_bpfel.o differ diff --git a/bpf/bpf_x86_bpfel.go b/bpf/bpf_x86_bpfel.go index 88cb8958..60650226 100644 --- a/bpf/bpf_x86_bpfel.go +++ b/bpf/bpf_x86_bpfel.go @@ -158,28 +158,31 @@ type BpfSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type BpfProgramSpecs struct { - CgroupSockCreate *ebpf.ProgramSpec `ebpf:"cgroup__sock_create"` - CgroupSockRelease *ebpf.ProgramSpec `ebpf:"cgroup__sock_release"` - KprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace"` - KprobeNfNatManipPkt *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_packet"` - KprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kprobe__register_netdevice"` - KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendSkb *ebpf.ProgramSpec `ebpf:"kprobe__udp_send_skb"` - KprobeUdpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__udp_sendmsg"` - KretprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index"` - KretprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kretprobe__register_netdevice"` - RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"` - TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"` - TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"` - TracepointSyscallsSysEnterMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_exit_mount"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + CgroupSockCreate *ebpf.ProgramSpec `ebpf:"cgroup__sock_create"` + CgroupSockRelease *ebpf.ProgramSpec `ebpf:"cgroup__sock_release"` + KprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.ProgramSpec `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.ProgramSpec `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.ProgramSpec `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.ProgramSpec `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.ProgramSpec `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.ProgramSpec `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.ProgramSpec `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.ProgramSpec `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.ProgramSpec `ebpf:"tc_egress"` + TcIngress *ebpf.ProgramSpec `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.ProgramSpec `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.ProgramSpec `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` } // BpfMapSpecs contains maps before they are loaded into the kernel. @@ -287,28 +290,31 @@ func (m *BpfMaps) Close() error { // // It can be passed to LoadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type BpfPrograms struct { - CgroupSockCreate *ebpf.Program `ebpf:"cgroup__sock_create"` - CgroupSockRelease *ebpf.Program `ebpf:"cgroup__sock_release"` - KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` - KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` - KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` - KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` - KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` - KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` - KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` - KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` - KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` - KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` - RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` - RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` - RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` - TcEgress *ebpf.Program `ebpf:"tc_egress"` - TcIngress *ebpf.Program `ebpf:"tc_ingress"` - TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` - TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` - UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` - UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` + CgroupSockCreate *ebpf.Program `ebpf:"cgroup__sock_create"` + CgroupSockRelease *ebpf.Program `ebpf:"cgroup__sock_release"` + KprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace"` + KprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kprobe__dev_change_net_namespace_legacy"` + KprobeNfNatManipPkt *ebpf.Program `ebpf:"kprobe__nf_nat_manip_pkt"` + KprobeNfNatPacket *ebpf.Program `ebpf:"kprobe__nf_nat_packet"` + KprobeRegisterNetdevice *ebpf.Program `ebpf:"kprobe__register_netdevice"` + KprobeSecuritySkClassifyFlow *ebpf.Program `ebpf:"kprobe__security_sk_classify_flow"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe__tcp_sendmsg"` + KprobeUdpSendSkb *ebpf.Program `ebpf:"kprobe__udp_send_skb"` + KprobeUdpSendmsg *ebpf.Program `ebpf:"kprobe__udp_sendmsg"` + KretprobeDevChangeNetNamespace *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace"` + KretprobeDevChangeNetNamespaceLegacy *ebpf.Program `ebpf:"kretprobe__dev_change_net_namespace_legacy"` + KretprobeDevGetByIndex *ebpf.Program `ebpf:"kretprobe__dev_get_by_index"` + KretprobeDevGetByIndexLegacy *ebpf.Program `ebpf:"kretprobe__dev_get_by_index_legacy"` + KretprobeRegisterNetdevice *ebpf.Program `ebpf:"kretprobe__register_netdevice"` + RawTracepointSchedProcessExec *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exec"` + RawTracepointSchedProcessExit *ebpf.Program `ebpf:"raw_tracepoint__sched_process_exit"` + RawTracepointSchedProcessFork *ebpf.Program `ebpf:"raw_tracepoint__sched_process_fork"` + TcEgress *ebpf.Program `ebpf:"tc_egress"` + TcIngress *ebpf.Program `ebpf:"tc_ingress"` + TracepointSyscallsSysEnterMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_enter_mount"` + TracepointSyscallsSysExitMount *ebpf.Program `ebpf:"tracepoint__syscalls__sys_exit_mount"` + UprobeGoBuiltinTlsWriteKeyLog *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log"` + UprobeGoBuiltinTlsWriteKeyLogRet *ebpf.Program `ebpf:"uprobe__go_builtin__tls__write_key_log__ret"` } func (p *BpfPrograms) Close() error { @@ -316,6 +322,7 @@ func (p *BpfPrograms) Close() error { p.CgroupSockCreate, p.CgroupSockRelease, p.KprobeDevChangeNetNamespace, + p.KprobeDevChangeNetNamespaceLegacy, p.KprobeNfNatManipPkt, p.KprobeNfNatPacket, p.KprobeRegisterNetdevice, @@ -324,7 +331,9 @@ func (p *BpfPrograms) Close() error { p.KprobeUdpSendSkb, p.KprobeUdpSendmsg, p.KretprobeDevChangeNetNamespace, + p.KretprobeDevChangeNetNamespaceLegacy, p.KretprobeDevGetByIndex, + p.KretprobeDevGetByIndexLegacy, p.KretprobeRegisterNetdevice, p.RawTracepointSchedProcessExec, p.RawTracepointSchedProcessExit, diff --git a/bpf/bpf_x86_bpfel.o b/bpf/bpf_x86_bpfel.o index d232b7e7..85c9b60d 100644 Binary files a/bpf/bpf_x86_bpfel.o and b/bpf/bpf_x86_bpfel.o differ diff --git a/bpf/net_dev.h b/bpf/net_dev.h index 182e3aa8..8a6c84e2 100644 --- a/bpf/net_dev.h +++ b/bpf/net_dev.h @@ -189,29 +189,55 @@ int BPF_KRETPROBE(kretprobe__register_netdevice, long ret) { return 0; } +static __always_inline void handle_dev_get_by_index_ret(struct net_device *dev) { + u64 tid = bpf_get_current_pid_tgid(); + struct netdevice_t device = {0}; + parse_net_device(dev, &device); + bpf_map_update_elem(&tid_netdevice_map, &tid, &device, BPF_ANY); + // debug_log("get device: ifindex: %d, name: %s, netns_id: %lu\n", device.ifindex, device.name, device.netns_id); +} + +SEC("kretprobe/dev_get_by_index") +int BPF_KRETPROBE(kretprobe__dev_get_by_index_legacy, struct net_device *dev) { + if (!dev) { + goto out; + } + + handle_dev_get_by_index_ret(dev); + +out: + return 0; +} + SEC("kretprobe/__dev_get_by_index") int BPF_KRETPROBE(kretprobe__dev_get_by_index, struct net_device *dev) { if (!dev) { goto out; } - u64 tid = bpf_get_current_pid_tgid(); - struct netdevice_t device = {0}; - parse_net_device(dev, &device); - bpf_map_update_elem(&tid_netdevice_map, &tid, &device, BPF_ANY); - // debug_log("get device: ifindex: %d, name: %s, netns_id: %lu\n", device.ifindex, device.name, device.netns_id); + handle_dev_get_by_index_ret(dev); out: return 0; } -SEC("kprobe/__dev_change_net_namespace") -int BPF_KPROBE(kprobe__dev_change_net_namespace, struct net_device *dev, struct net *net) { +static __always_inline void handle_dev_change_net_namespace(struct net_device *dev, struct net *net) { u64 tid = bpf_get_current_pid_tgid(); struct netdevice_buf_t buf = {0}; buf.dev = (u64)dev; buf.net = (u64)net; bpf_map_update_elem(&netdevice_bufs, &tid, &buf, BPF_ANY); +} + +SEC("kprobe/dev_change_net_namespace") +int BPF_KPROBE(kprobe__dev_change_net_namespace_legacy, struct net_device *dev, struct net *net) { + handle_dev_change_net_namespace(dev, net); + return 0; +} + +SEC("kprobe/__dev_change_net_namespace") +int BPF_KPROBE(kprobe__dev_change_net_namespace, struct net_device *dev, struct net *net) { + handle_dev_change_net_namespace(dev, net); return 0; } @@ -221,12 +247,7 @@ static __always_inline void clone_netdevice(struct netdevice_t *origin, struct n __builtin_memcpy(&target->name, &origin->name, sizeof(origin->name)); } -SEC("kretprobe/__dev_change_net_namespace") -int BPF_KRETPROBE(kretprobe__dev_change_net_namespace, long ret) { - if (ret != 0) { - goto out; - } - +static __always_inline void handle_dev_change_net_namespace_ret(void *ctx) { u64 tid = bpf_get_current_pid_tgid(); struct netdevice_buf_t *buf; buf = bpf_map_lookup_elem(&netdevice_bufs, &tid); @@ -259,6 +280,30 @@ int BPF_KRETPROBE(kretprobe__dev_change_net_namespace, long ret) { debug_log("[ptcpdump] bpf_perf_event_output netdevice_change_events failed: %d\n", event_ret); } +out: + return; +} + +SEC("kretprobe/dev_change_net_namespace") +int BPF_KRETPROBE(kretprobe__dev_change_net_namespace_legacy, long ret) { + if (ret != 0) { + goto out; + } + + handle_dev_change_net_namespace_ret(ctx); + +out: + return 0; +} + +SEC("kretprobe/__dev_change_net_namespace") +int BPF_KRETPROBE(kretprobe__dev_change_net_namespace, long ret) { + if (ret != 0) { + goto out; + } + + handle_dev_change_net_namespace_ret(ctx); + out: return 0; }