aws · jayanthvn · Aug 8, 2023 · Jul 28, 2023 · Aug 8, 2023 · Aug 8, 2023
@@ -2,7 +2,7 @@ package constants
 
 type EBPFMapType uint32
 
-//Currently synced with 5.10.188 - https://elixir.bootlin.com/linux/v5.10.188/source/include/uapi/linux/bpf.h
+// Currently synced with 5.10.188 - https://elixir.bootlin.com/linux/v5.10.188/source/include/uapi/linux/bpf.h
 const (
 	// BPF map type constants. Must match enum bpf_map_type from linux/bpf.h
 	BPF_MAP_TYPE_UNSPEC EBPFMapType = iota

@@ -30,9 +30,9 @@ import (
 var log = logger.Get()
 
 /*
- p[:[GRP/]EVENT] [MOD:]SYM[+offs]|MEMADDR [FETCHARGS]  : Set a probe
- r[MAXACTIVE][:[GRP/]EVENT] [MOD:]SYM[+0] [FETCHARGS]  : Set a return probe
- -:[GRP/]EVENT
+p[:[GRP/]EVENT] [MOD:]SYM[+offs]|MEMADDR [FETCHARGS]  : Set a probe
+r[MAXACTIVE][:[GRP/]EVENT] [MOD:]SYM[+0] [FETCHARGS]  : Set a return probe
+-:[GRP/]EVENT
 */
 func KprobeAttach(progFD int, eventName string, funcName string) error {
 
@@ -109,14 +109,14 @@ func KprobeAttach(progFD int, eventName string, funcName string) error {
 }
 
 /*
- p[:[GRP/]EVENT] [MOD:]SYM[+offs]|MEMADDR [FETCHARGS]  : Set a probe
- r[MAXACTIVE][:[GRP/]EVENT] [MOD:]SYM[+0] [FETCHARGS]  : Set a return probe
- -:[GRP/]EVENT
+	p[:[GRP/]EVENT] [MOD:]SYM[+offs]|MEMADDR [FETCHARGS]  : Set a probe
+	r[MAXACTIVE][:[GRP/]EVENT] [MOD:]SYM[+0] [FETCHARGS]  : Set a return probe
+	-:[GRP/]EVENT
 
 MAXACTIVE      : Maximum number of instances of the specified function that
-                 can be probed simultaneously, or 0 for the default value
-                 as defined in Documentation/kprobes.txt section 1.3.1.
 
+	can be probed simultaneously, or 0 for the default value
+	as defined in Documentation/kprobes.txt section 1.3.1.
 */
 func KretprobeAttach(progFD int, eventName string, funcName string) error {
 

@@ -4,7 +4,7 @@
 // not use this file except in compliance with the License. A copy of the
 // License is located at
 //
-//     http://aws.amazon.com/apache2.0/
+//	http://aws.amazon.com/apache2.0/
 //
 // or in the "license" file accompanying this file. This file is distributed
 // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either

@@ -4,7 +4,7 @@
 // not use this file except in compliance with the License. A copy of the
 // License is located at
 //
-//     http://aws.amazon.com/apache2.0/
+//	http://aws.amazon.com/apache2.0/
 //
 // or in the "license" file accompanying this file. This file is distributed
 // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either

@@ -0,0 +1,39 @@
+.PHONY: all build-test build-test-bpf 
+
+export GOPROXY = direct
+
+UNAME_ARCH = $(shell uname -m)
+ARCH = $(lastword $(subst :, ,$(filter $(UNAME_ARCH):%,x86_64:x86 aarch64:arm64)))
+
+BUILD_MODE ?= -buildmode=pie
+build-test: BUILD_FLAGS = $(BUILD_MODE) -ldflags '-s -w'
+build-test:    ## Build the VPC CNI plugin agent using the host's Go toolchain.
+	go build $(BUILD_FLAGS) -o main main.go
+
+# Build BPF
+CLANG := clang
+CLANG_INCLUDE := -I../../..
+CFLAGS := -g -O2 -Wall -fpie -target bpf -DCORE -D__BPF_TRACING__ -march=bpf -D__TARGET_ARCH_$(ARCH)
+SRCDIR := c
+TARGETS := $(patsubst %.c, %.elf, $(shell find $(SRCDIR) -type f -name "*.c"))
+
+build-test-bpf: ## Build BPF
+build-test-bpf: vmlinuxh
+build-test-bpf: $(TARGETS)
+
+%.elf: %.c
+	$(CLANG) $(CLANG_INCLUDE) $(CFLAGS) -c $< -o $@
+
+
+vmlinuxh:
+	bpftool btf dump file /sys/kernel/btf/vmlinux format c > $(abspath c/vmlinux.h)
+
+
+##@ Run Tests
+# Run tests
+run-test: vmlinuxh
+run-test: build-test-bpf
+run-test: build-test
+run-test: export AWS_EBPF_SDK_LOG_FILE=stdout
+run-test:    ## Run unit tests
+	./main
@@ -0,0 +1,33 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+
+#define BPF_F_NO_PREALLOC 1
+#define PIN_GLOBAL_NS 2
+
+struct bpf_map_def_pvt {
+	__u32 type;
+	__u32 key_size;
+	__u32 value_size;
+	__u32 max_entries;
+	__u32 map_flags;
+	__u32 pinning;
+	__u32 inner_map_fd;
+};
+
+struct lpm_trie_key {
+    __u32 prefixlen;
+    __u32 ip;
+};
+
+struct bpf_map_def_pvt SEC("maps") ingress_map = {
+	.type = BPF_MAP_TYPE_LPM_TRIE,
+	.key_size =sizeof(struct lpm_trie_key),
+	.value_size = sizeof(int),
+	.max_entries = 65536,
+	.map_flags = BPF_F_NO_PREALLOC,
+	.pinning = PIN_GLOBAL_NS,
+};
+
+char _license[] SEC("license") = "GPL";
@@ -0,0 +1,20 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+
+struct sched_process_fork_t {
+    unsigned short common_type;
+    unsigned char common_flags;
+    unsigned char common_preempt_count;
+    int common_pid;
+    char parent_comm[16];
+    u32 parent_pid;
+    char child_comm[16];
+    u32 child_pid;
+};
+
+SEC("tracepoint/sched/sched_process_fork")
+int sched_process_fork(struct sched_process_fork_t *ctx) {
+    return 0;
+}
@@ -0,0 +1,123 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+
+#define BPF_F_NO_PREALLOC 1
+#define ETH_HLEN 14
+#define BPF_MAP_ID_INGRESS_MAP 2
+#define MAX_RULES 256
+#define MIN_RULES 128
+#define PIN_GLOBAL_NS 2
+#define RESERVED_IP_PROTOCOL 255
+#define ANY_IP_PROTOCOL 254
+#define ANY_PORT 0
+
+struct bpf_map_def_pvt {
+	__u32 type;
+	__u32 key_size;
+	__u32 value_size;
+	__u32 max_entries;
+	__u32 map_flags;
+	__u32 pinning;
+	__u32 inner_map_fd;
+};
+
+struct keystruct
+{
+  __u32 prefix_len;
+  __u8  ip[4];
+};
+
+struct lpm_trie_key {
+    __u32 prefixlen;
+    __u32 ip;
+};
+
+struct lpm_trie_val {
+	__u32 protocol;
+	__u32 start_port;
+	__u32 end_port;
+};
+
+struct bpf_map_def_pvt SEC("maps") ingress_map = {
+	.type = BPF_MAP_TYPE_LPM_TRIE,
+	.key_size =sizeof(struct lpm_trie_key),
+	.value_size = sizeof(struct lpm_trie_val[8]),
+	.max_entries = 65536,
+	.map_flags = BPF_F_NO_PREALLOC,
+	.pinning = PIN_GLOBAL_NS,
+};
+
+
+SEC("tc_cls")
+int handle_ingress(struct __sk_buff *skb)
+{
+	struct keystruct trie_key;
+	struct lpm_trie_val *trie_val;
+	__u32 l4_src_port = 0;
+	__u32 l4_dst_port = 0;
+	void *data_end = (void *)(long)skb->data_end;
+	void *data = (void *)(long)skb->data;
+
+	struct ethhdr *ether = data;
+	if (data + sizeof(*ether) > data_end) {
+		return BPF_OK;
+	}
+
+	if (ether->h_proto == 0x08U) {  // htons(ETH_P_IP) -> 0x08U
+		data += sizeof(*ether);
+		struct iphdr *ip = data;
+		struct tcphdr *l4_tcp_hdr = data + sizeof(struct iphdr);
+		struct udphdr *l4_udp_hdr = data + sizeof(struct iphdr);
+		struct sctphdr *l4_sctp_hdr = data + sizeof(struct iphdr);
+
+		if (data + sizeof(*ip) > data_end) {
+			return BPF_OK;
+		}
+		if (ip->version != 4) {
+			return BPF_OK;
+		}
+
+		switch (ip->protocol) {
+			case IPPROTO_TCP:
+				if (data + sizeof(*ip) + sizeof(*l4_tcp_hdr) > data_end) {
+					return BPF_OK;
+				}
+				l4_src_port = (((((unsigned short)(l4_tcp_hdr->source) & 0xFF)) << 8) | (((unsigned short)(l4_tcp_hdr->source) & 0xFF00) >> 8));
+				l4_dst_port = (((((unsigned short)(l4_tcp_hdr->dest) & 0xFF)) << 8) | (((unsigned short)(l4_tcp_hdr->dest) & 0xFF00) >> 8));
+				break;
+			case IPPROTO_UDP:
+				if (data + sizeof(*ip) + sizeof(*l4_udp_hdr) > data_end) {
+					return BPF_OK;
+				}
+				l4_src_port = (((((unsigned short)(l4_udp_hdr->source) & 0xFF)) << 8) | (((unsigned short)(l4_udp_hdr->source) & 0xFF00) >> 8));
+				l4_dst_port = (((((unsigned short)(l4_udp_hdr->dest) & 0xFF)) << 8) | (((unsigned short)(l4_udp_hdr->dest) & 0xFF00) >> 8));
+				break;
+			case IPPROTO_SCTP:
+				if (data + sizeof(*ip) + sizeof(*l4_sctp_hdr) > data_end) {
+					return BPF_OK;
+				}
+				l4_src_port = (((((unsigned short)(l4_sctp_hdr->source) & 0xFF)) << 8) | (((unsigned short)(l4_sctp_hdr->source) & 0xFF00) >> 8));
+				l4_dst_port = (((((unsigned short)(l4_sctp_hdr->dest) & 0xFF)) << 8) | (((unsigned short)(l4_sctp_hdr->dest) & 0xFF00) >> 8));
+				break;
+		}
+
+		trie_key.prefix_len = 32;
+		trie_key.ip[0] = ip->saddr & 0xff;
+		trie_key.ip[1] = (ip->saddr >> 8) & 0xff;
+		trie_key.ip[2] = (ip->saddr >> 16) & 0xff;
+		trie_key.ip[3] = (ip->saddr >> 24) & 0xff;
+
+		trie_val = bpf_map_lookup_elem(&ingress_map, &trie_key);
+		if (trie_val == NULL) {
+			return BPF_DROP;
+		}
+
+		return BPF_OK;
+
+	}
+	return BPF_DROP;
+}
+
+char _license[] SEC("license") = "GPL";
@@ -0,0 +1,20 @@
+module github.com/jayanthvn/pure-gobpf/test
+
+go 1.19
+
+require github.com/aws/aws-ebpf-sdk-go v0.0.0-20230616053809-009e64b9692e
+
+require (
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/vishvananda/netlink v1.1.0 // indirect
+	github.com/vishvananda/netns v0.0.4 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.24.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+)
+
+replace github.com/aws/aws-ebpf-sdk-go => ../
@@ -0,0 +1,29 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
+github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
+github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
+github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
+github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
+go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=