draios · fntlnz · Jan 26, 2021 · Jan 29, 2021 · Jan 29, 2021 · Jan 29, 2021
@@ -0,0 +1,16 @@
+---
+Language: Cpp
+BasedOnStyle: LLVM
+AccessModifierOffset: -8
+BreakBeforeBraces: Allman
+BreakConstructorInitializers: AfterColon
+ColumnLimit: 0
+ConstructorInitializerIndentWidth: 8
+ContinuationIndentWidth: 8
+DerivePointerAlignment: true
+IndentWidth: 8
+SortIncludes: false
+SpaceAfterTemplateKeyword: false
+SpaceBeforeCtorInitializerColon: false
+SpaceBeforeParens: Never
+UseTab: Always
@@ -71,6 +71,7 @@ if(MUSL_OPTIMIZED_BUILD)
 	set(SYSDIG_MUSL_FLAGS "-static -Os")
 endif()
 
+include(ExternalProject)
 if(NOT WIN32)
 
 	set(SYSDIG_DEBUG_FLAGS "-D_DEBUG")
@@ -108,6 +109,7 @@ if(NOT WIN32)
 			set(PROBE_DEVICE_NAME "sysdig")
 		endif()
 
+		include(libbpf)
 		add_subdirectory(driver)
 		add_definitions(-DHAS_CAPTURE)
 	endif()

@@ -0,0 +1,47 @@
+#
+# Copyright (C) 2013-2021 Sysdig Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+#
+
+option(USE_BUNDLED_LIBBPF "Enable building of the bundled libbpf"
+  ${USE_BUNDLED_DEPS})
+
+if (CMAKE_SYSTEM_NAME MATCHES "Linux")
+  if (NOT USE_BUNDLED_LIBBPF)
+    find_path(LIBBPF_INCLUDE bpf/libbpf.h)
+    find_library(LIBBPF_LIB NAMES bpf)
+    if (LIBBPF_INCLUDE AND LIBBPF_LIB)
+      message(
+        STATUS "Found libbpf: include: ${LIBBPF_INCLUDE}, lib: ${LIBBPF_LIB}")
+    else ()
+      message(FATAL_ERROR "Couldn't find system libbpf")
+    endif ()
+  else ()
+
+    set(LIBBPF_SRC "${CMAKE_CURRENT_BINARY_DIR}/libbpf-prefix/src")
+    set(LIBBPF_BUILD_DIR "${LIBBPF_SRC}/libbpf-build")
+    set(LIBBPF_INCLUDE "${LIBBPF_BUILD_DIR}/root/usr/include")
+    set(LIBBPF_LIB "${LIBBPF_BUILD_DIR}/root/usr/lib64/libbpf.a")
+    ExternalProject_Add(
+      libbpf
+      URL "https://github.com/libbpf/libbpf/archive/a199b854156ccac574eb031d464d8fd1a5523ce2.tar.gz"
+      URL_HASH
+      "SHA256=9519fb0df06db85484ce934adf7a4b0ea9363c9496a2b427acdd03a0a9d9348d"
+      CONFIGURE_COMMAND mkdir -p build root
+      BUILD_COMMAND BUILD_STATIC_ONLY=y OBJDIR=${LIBBPF_BUILD_DIR}/build DESTDIR=${LIBBPF_BUILD_DIR}/root make -C ${LIBBPF_SRC}/libbpf/src install
+      INSTALL_COMMAND "")
+
+    message(STATUS "Using bundled libbpf: include'${LIBBPF_INCLUDE}', lib: ${LIBBPF_LIB}")
+  endif ()
+endif ()
@@ -1 +1,2 @@
 built-in.a
+*.tmp
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2018 Draios Inc. dba Sysdig.
+# Copyright (c) 2013-2021 Sysdig Inc.
 #
 # This file is dual licensed under either the MIT or GPL 2. See
 # MIT.txt or GPL.txt for full copies of the license.
@@ -9,24 +9,41 @@ configure_file(../driver_config.h.in ${CMAKE_CURRENT_SOURCE_DIR}/../driver_confi
 
 option(BUILD_BPF "Build the BPF driver on Linux" OFF)
 
-if(BUILD_BPF)
-	add_custom_target(bpf ALL
-		COMMAND make
-		COMMAND "${CMAKE_COMMAND}" -E copy_if_different probe.o "${CMAKE_CURRENT_BINARY_DIR}"
-		WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
-		VERBATIM)
-endif()
+if (BUILD_BPF)
+  add_custom_target(bpf ALL
+    COMMAND make LIBBPF_INCLUDE=-I${LIBBPF_INCLUDE}
+    COMMAND "${CMAKE_COMMAND}" -E copy_if_different probe.o "${CMAKE_CURRENT_BINARY_DIR}"
+    WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+    VERBATIM)
+  add_custom_target(bpf-btf ALL
+    COMMAND make LIBBPF_INCLUDE=-I${LIBBPF_INCLUDE} btf-probe.o
+    COMMAND "${CMAKE_COMMAND}" -E copy_if_different btf-probe.o "${CMAKE_CURRENT_BINARY_DIR}"
+    WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+    VERBATIM)
+  add_custom_target(bpf-btf-core ALL
+    COMMAND make LIBBPF_INCLUDE=-I${LIBBPF_INCLUDE} btf-core-probe.o
+    COMMAND "${CMAKE_COMMAND}" -E copy_if_different btf-core-probe.o "${CMAKE_CURRENT_BINARY_DIR}"
+    WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+    VERBATIM)
+
+  if (USE_BUNDLED_LIBBPF)
+    add_dependencies(bpf libbpf)
+    add_dependencies(bpf-btf libbpf)
+    add_dependencies(bpf-btf-core libbpf)
+  endif ()
+endif ()
 
 install(FILES
-	bpf_helpers.h
-	filler_helpers.h
-	fillers.h
-	Makefile
-	maps.h
-	plumbing_helpers.h
-	probe.c
-	quirks.h
-	ring_helpers.h
-	types.h
-	DESTINATION "src/${PACKAGE_NAME}-${PROBE_VERSION}/bpf"
-	COMPONENT agent-kmodule)
+  filler_helpers.h
+  fillers.h
+  Makefile
+  maps.h
+  plumbing_helpers.h
+  probe.c
+  quirks.h
+  ring_helpers.h
+  types.h
+  DESTINATION "src/${PACKAGE_NAME}-${PROBE_VERSION}/bpf"
+  COMPONENT agent-kmodule)
+
+add_subdirectory(test)
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2013-2018 Draios Inc. dba Sysdig.
+# Copyright (c) 2013-2021 Draios Inc. dba Sysdig.
 #
 # This file is dual licensed under either the MIT or GPL 2. See
 # MIT.txt or GPL.txt for full copies of the license.
@@ -9,6 +9,9 @@ always += probe.o
 
 LLC ?= llc
 CLANG ?= clang
+LLVM_STRIP ?= llvm-strip
+
+BPFTOOL ?= bpftool
 
 KERNELDIR ?= /lib/modules/$(shell uname -r)/build
 
@@ -20,9 +23,28 @@ all:
 clean:
 	$(MAKE) -C $(KERNELDIR) M=$$PWD clean
 	@rm -f *~
+	# rm -f btf-probe.h
+
+# Get Clang's default includes on this system. We'll explicitly add these dirs
+# to the includes list when compiling with `-target bpf` because otherwise some
+# architecture-specific dirs will be "missing" on some architectures/distros -
+# headers such as asm/types.h, asm/byteorder.h, asm/socket.h, asm/sockios.h,
+# sys/cdefs.h etc. might be missing.
+#
+# Use '-idirafter': Don't interfere with include mechanics except where the
+# build would have failed anyways.
+# This approach comes from libbpf-bootstrap
+# https://github.com/libbpf/libbpf-bootstrap/blob/eb6709ae72f37e7af89b8527c3f8923b1721a6d5/src/Makefile#L14
+CLANG_BPF_SYS_INCLUDES = $(shell $(CLANG) -v -E - </dev/null 2>&1 \
+	| sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }')
 
+# compiles a bpf probe called probe.o
+# using libbpf for the helpers and the kernel headers
+# for all the other macro definitions
+# - requires the kernel headers
+# - compatible with 4.x kernels and newer
+# - requires clang >= 7
 $(obj)/probe.o: $(src)/probe.c \
-		$(src)/bpf_helpers.h \
 		$(src)/filler_helpers.h \
 		$(src)/fillers.h \
 		$(src)/maps.h \
@@ -34,6 +56,7 @@ $(obj)/probe.o: $(src)/probe.c \
 		$(KBUILD_CPPFLAGS) \
 		$(KBUILD_EXTRA_CPPFLAGS) \
 		$(DEBUG) \
+		$(LIBBPF_INCLUDE) \
 		-D__KERNEL__ \
 		-D__BPF_TRACING__ \
 		-Wno-gnu-variable-sized-type-not-at-end \
@@ -43,3 +66,67 @@ $(obj)/probe.o: $(src)/probe.c \
 		-Wno-tautological-compare \
 		-O2 -g -emit-llvm -c $< -o $(patsubst %.o,%.ll,$@)
 	$(LLC) -march=bpf -filetype=obj -o $@ $(patsubst %.o,%.ll,$@)
+
+# compiles a bpf probe called btf-probe.o
+# using libbpf for the helpers and a vmlinux.h
+# generated with bpftool from /sys/kernel/btf/vmlinux
+# - the probe contains BTF type information
+# - DOES NOT require the kernel headers.
+# - requires a kernel compiled with CONFIG_DEBUG_INFO_BTF
+# - requires clang >= 10.0.0
+btf-probe.o: probe.c \
+		filler_helpers.h \
+		fillers.h \
+		maps.h \
+		plumbing_helpers.h \
+		quirks.h \
+		ring_helpers.h \
+		types.h \
+		kernel_flags.h \
+		vmlinux.h
+	$(CLANG) \
+		$(DEBUG) \
+		$(CLANG_BPF_SYS_INCLUDES) \
+		$(LIBBPF_INCLUDE) \
+		-D__KERNEL__ \
+		-D__SYSDIG_BTF_BUILD__ \
+		-D__BPF_TRACING__ \
+		-D__TARGET_ARCH_X86__ \
+		-O2 -target bpf -g  -c $< -o $@
+	$(LLVM_STRIP) -g $@
+
+# compiles a bpf probe called btf-core-probe.o
+# using libbpf for the helpers and a vmlinux.h
+# generated with bpftool from /sys/kernel/btf/vmlinux
+# - the probe contains BTF type information
+# - the probe uses CO-RE to access internal kernel data structures and supports fields relocation
+# - DOES NOT require the kernel headers.
+# - requires a kernel compiled with CONFIG_DEBUG_INFO_BTF
+# - requires clang >= 10.0.0
+btf-core-probe.o: probe.c \
+		filler_helpers.h \
+		fillers.h \
+		maps.h \
+		plumbing_helpers.h \
+		quirks.h \
+		ring_helpers.h \
+		types.h \
+		kernel_flags.h \
+		vmlinux.h
+	$(CLANG) \
+		$(DEBUG) \
+		$(CLANG_BPF_SYS_INCLUDES) \
+		$(LIBBPF_INCLUDE) \
+		-D__KERNEL__ \
+		-D__SYSDIG_BTF_BUILD__ \
+		-D__SYSDIG_BTF_CORE_BUILD__ \
+		-D__BPF_TRACING__ \
+		-D__TARGET_ARCH_X86__ \
+		-O2 -target bpf -g  -c $< -o $@
+	$(LLVM_STRIP) -g $@
+
+vmlinux.h:
+	$(BPFTOOL) btf dump file /sys/kernel/btf/vmlinux format c > $@
+
+# btf-probe.h: btf-probe.o
+# 	$(BPFTOOL) gen skeleton $(patsubst %.h,%.o,$@) > $@