Skip to content

Commit

Permalink
perf: chore: add missing flags to ParseBPFCmd
Browse files Browse the repository at this point in the history 
Add missing flags to ParseBPFCmd:
    BPF_PROG_BIND_MAP, BPF_TOKEN_CREATE

Use slice instead of maps. This allows for direct access to values via
index.

Return string only instead of the Argument type since it's the only
value used.
  • Loading branch information
@geyslan
geyslan committed Oct 17, 2024
1 parent 5358fcd commit 1a9dea4
Show file tree
Hide file tree
Showing 2 changed files with 91 additions and 132 deletions.
2 changes: 1 addition & 1 deletion pkg/events/parse_args_helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ func parseBPFCmd(arg *trace.Argument, cmd uint64) {
arg.Value = ""
return
}
arg.Value = bpfCommandArgument.String()
arg.Value = bpfCommandArgument
}

func parseSocketLevel(arg *trace.Argument, level uint64) {
Expand Down
221 changes: 90 additions & 131 deletions pkg/events/parsers/data_parsers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -628,145 +628,104 @@ func ParsePrctlOption(option uint64) (string, error) {
return "", fmt.Errorf("not a valid prctl option value: %d", option)
}

type BPFCommandArgument uint64

const (
BPF_MAP_CREATE BPFCommandArgument = iota
BPF_MAP_LOOKUP_ELEM
BPF_MAP_UPDATE_ELEM
BPF_MAP_DELETE_ELEM
BPF_MAP_GET_NEXT_KEY
BPF_PROG_LOAD
BPF_OBJ_PIN
BPF_OBJ_GET
BPF_PROG_ATTACH
BPF_PROG_DETACH
BPF_PROG_TEST_RUN
BPF_PROG_GET_NEXT_ID
BPF_MAP_GET_NEXT_ID
BPF_PROG_GET_FD_BY_ID
BPF_MAP_GET_FD_BY_ID
BPF_OBJ_GET_INFO_BY_FD
BPF_PROG_QUERY
BPF_RAW_TRACEPOINT_OPEN
BPF_BTF_LOAD
BPF_BTF_GET_FD_BY_ID
BPF_TASK_FD_QUERY
BPF_MAP_LOOKUP_AND_DELETE_ELEM
BPF_MAP_FREEZE
BPF_BTF_GET_NEXT_ID
BPF_MAP_LOOKUP_BATCH
BPF_MAP_LOOKUP_AND_DELETE_BATCH
BPF_MAP_UPDATE_BATCH
BPF_MAP_DELETE_BATCH
BPF_LINK_CREATE
BPF_LINK_UPDATE
BPF_LINK_GET_FD_BY_ID
BPF_LINK_GET_NEXT_ID
BPF_ENABLE_STATS
BPF_ITER_CREATE
BPF_LINK_DETACH
var (
// from linux/bpf.h
// sequential values starting from 0
BPF_MAP_CREATE = SystemFunctionArgument{rawValue: C.BPF_MAP_CREATE, stringValue: "BPF_MAP_CREATE"}
BPF_MAP_LOOKUP_ELEM = SystemFunctionArgument{rawValue: C.BPF_MAP_LOOKUP_ELEM, stringValue: "BPF_MAP_LOOKUP_ELEM"}
BPF_MAP_UPDATE_ELEM = SystemFunctionArgument{rawValue: C.BPF_MAP_UPDATE_ELEM, stringValue: "BPF_MAP_UPDATE_ELEM"}
BPF_MAP_DELETE_ELEM = SystemFunctionArgument{rawValue: C.BPF_MAP_DELETE_ELEM, stringValue: "BPF_MAP_DELETE_ELEM"}
BPF_MAP_GET_NEXT_KEY = SystemFunctionArgument{rawValue: C.BPF_MAP_GET_NEXT_KEY, stringValue: "BPF_MAP_GET_NEXT_KEY"}
BPF_PROG_LOAD = SystemFunctionArgument{rawValue: C.BPF_PROG_LOAD, stringValue: "BPF_PROG_LOAD"}
BPF_OBJ_PIN = SystemFunctionArgument{rawValue: C.BPF_OBJ_PIN, stringValue: "BPF_OBJ_PIN"}
BPF_OBJ_GET = SystemFunctionArgument{rawValue: C.BPF_OBJ_GET, stringValue: "BPF_OBJ_GET"}
BPF_PROG_ATTACH = SystemFunctionArgument{rawValue: C.BPF_PROG_ATTACH, stringValue: "BPF_PROG_ATTACH"}
BPF_PROG_DETACH = SystemFunctionArgument{rawValue: C.BPF_PROG_DETACH, stringValue: "BPF_PROG_DETACH"}
BPF_PROG_TEST_RUN = SystemFunctionArgument{rawValue: C.BPF_PROG_TEST_RUN, stringValue: "BPF_PROG_TEST_RUN"}
BPF_PROG_GET_NEXT_ID = SystemFunctionArgument{rawValue: C.BPF_PROG_GET_NEXT_ID, stringValue: "BPF_PROG_GET_NEXT_ID"}
BPF_MAP_GET_NEXT_ID = SystemFunctionArgument{rawValue: C.BPF_MAP_GET_NEXT_ID, stringValue: "BPF_MAP_GET_NEXT_ID"}
BPF_PROG_GET_FD_BY_ID = SystemFunctionArgument{rawValue: C.BPF_PROG_GET_FD_BY_ID, stringValue: "BPF_PROG_GET_FD_BY_ID"}
BPF_MAP_GET_FD_BY_ID = SystemFunctionArgument{rawValue: C.BPF_MAP_GET_FD_BY_ID, stringValue: "BPF_MAP_GET_FD_BY_ID"}
BPF_OBJ_GET_INFO_BY_FD = SystemFunctionArgument{rawValue: C.BPF_OBJ_GET_INFO_BY_FD, stringValue: "BPF_OBJ_GET_INFO_BY_FD"}
BPF_PROG_QUERY = SystemFunctionArgument{rawValue: C.BPF_PROG_QUERY, stringValue: "BPF_PROG_QUERY"}
BPF_RAW_TRACEPOINT_OPEN = SystemFunctionArgument{rawValue: C.BPF_RAW_TRACEPOINT_OPEN, stringValue: "BPF_RAW_TRACEPOINT_OPEN"}
BPF_BTF_LOAD = SystemFunctionArgument{rawValue: C.BPF_BTF_LOAD, stringValue: "BPF_BTF_LOAD"}
BPF_BTF_GET_FD_BY_ID = SystemFunctionArgument{rawValue: C.BPF_BTF_GET_FD_BY_ID, stringValue: "BPF_BTF_GET_FD_BY_ID"}
BPF_TASK_FD_QUERY = SystemFunctionArgument{rawValue: C.BPF_TASK_FD_QUERY, stringValue: "BPF_TASK_FD_QUERY"}
BPF_MAP_LOOKUP_AND_DELETE_ELEM = SystemFunctionArgument{rawValue: C.BPF_MAP_LOOKUP_AND_DELETE_ELEM, stringValue: "BPF_MAP_LOOKUP_AND_DELETE_ELEM"}
BPF_MAP_FREEZE = SystemFunctionArgument{rawValue: C.BPF_MAP_FREEZE, stringValue: "BPF_MAP_FREEZE"}
BPF_BTF_GET_NEXT_ID = SystemFunctionArgument{rawValue: C.BPF_BTF_GET_NEXT_ID, stringValue: "BPF_BTF_GET_NEXT_ID"}
BPF_MAP_LOOKUP_BATCH = SystemFunctionArgument{rawValue: C.BPF_MAP_LOOKUP_BATCH, stringValue: "BPF_MAP_LOOKUP_BATCH"}
BPF_MAP_LOOKUP_AND_DELETE_BATCH = SystemFunctionArgument{rawValue: C.BPF_MAP_LOOKUP_AND_DELETE_BATCH, stringValue: "BPF_MAP_LOOKUP_AND_DELETE_BATCH"}
BPF_MAP_UPDATE_BATCH = SystemFunctionArgument{rawValue: C.BPF_MAP_UPDATE_BATCH, stringValue: "BPF_MAP_UPDATE_BATCH"}
BPF_MAP_DELETE_BATCH = SystemFunctionArgument{rawValue: C.BPF_MAP_DELETE_BATCH, stringValue: "BPF_MAP_DELETE_BATCH"}
BPF_LINK_CREATE = SystemFunctionArgument{rawValue: C.BPF_LINK_CREATE, stringValue: "BPF_LINK_CREATE"}
BPF_LINK_UPDATE = SystemFunctionArgument{rawValue: C.BPF_LINK_UPDATE, stringValue: "BPF_LINK_UPDATE"}
BPF_LINK_GET_FD_BY_ID = SystemFunctionArgument{rawValue: C.BPF_LINK_GET_FD_BY_ID, stringValue: "BPF_LINK_GET_FD_BY_ID"}
BPF_LINK_GET_NEXT_ID = SystemFunctionArgument{rawValue: C.BPF_LINK_GET_NEXT_ID, stringValue: "BPF_LINK_GET_NEXT_ID"}
BPF_ENABLE_STATS = SystemFunctionArgument{rawValue: C.BPF_ENABLE_STATS, stringValue: "BPF_ENABLE_STATS"}
BPF_ITER_CREATE = SystemFunctionArgument{rawValue: C.BPF_ITER_CREATE, stringValue: "BPF_ITER_CREATE"}
BPF_LINK_DETACH = SystemFunctionArgument{rawValue: C.BPF_LINK_DETACH, stringValue: "BPF_LINK_DETACH"}
BPF_PROG_BIND_MAP = SystemFunctionArgument{rawValue: C.BPF_PROG_BIND_MAP, stringValue: "BPF_PROG_BIND_MAP"}

// not available in all kernels, so set directly
BPF_TOKEN_CREATE = SystemFunctionArgument{rawValue: 36, stringValue: "BPF_TOKEN_CREATE"}
)

func (b BPFCommandArgument) Value() uint64 { return uint64(b) }

var bpfCmdStringMap = map[BPFCommandArgument]string{
BPF_MAP_CREATE: "BPF_MAP_CREATE",
BPF_MAP_LOOKUP_ELEM: "BPF_MAP_LOOKUP_ELEM",
BPF_MAP_UPDATE_ELEM: "BPF_MAP_UPDATE_ELEM",
BPF_MAP_DELETE_ELEM: "BPF_MAP_DELETE_ELEM",
BPF_MAP_GET_NEXT_KEY: "BPF_MAP_GET_NEXT_KEY",
BPF_PROG_LOAD: "BPF_PROG_LOAD",
BPF_OBJ_PIN: "BPF_OBJ_PIN",
BPF_OBJ_GET: "BPF_OBJ_GET",
BPF_PROG_ATTACH: "BPF_PROG_ATTACH",
BPF_PROG_DETACH: "BPF_PROG_DETACH",
BPF_PROG_TEST_RUN: "BPF_PROG_TEST_RUN",
BPF_PROG_GET_NEXT_ID: "BPF_PROG_GET_NEXT_ID",
BPF_MAP_GET_NEXT_ID: "BPF_MAP_GET_NEXT_ID",
BPF_PROG_GET_FD_BY_ID: "BPF_PROG_GET_FD_BY_ID",
BPF_MAP_GET_FD_BY_ID: "BPF_MAP_GET_FD_BY_ID",
BPF_OBJ_GET_INFO_BY_FD: "BPF_OBJ_GET_INFO_BY_FD",
BPF_PROG_QUERY: "BPF_PROG_QUERY",
BPF_RAW_TRACEPOINT_OPEN: "BPF_RAW_TRACEPOINT_OPEN",
BPF_BTF_LOAD: "BPF_BTF_LOAD",
BPF_BTF_GET_FD_BY_ID: "BPF_BTF_GET_FD_BY_ID",
BPF_TASK_FD_QUERY: "BPF_TASK_FD_QUERY",
BPF_MAP_LOOKUP_AND_DELETE_ELEM: "BPF_MAP_LOOKUP_AND_DELETE_ELEM",
BPF_MAP_FREEZE: "BPF_MAP_FREEZE",
BPF_BTF_GET_NEXT_ID: "BPF_BTF_GET_NEXT_ID",
BPF_MAP_LOOKUP_BATCH: "BPF_MAP_LOOKUP_BATCH",
BPF_MAP_LOOKUP_AND_DELETE_BATCH: "BPF_MAP_LOOKUP_AND_DELETE_BATCH",
BPF_MAP_UPDATE_BATCH: "BPF_MAP_UPDATE_BATCH",
BPF_MAP_DELETE_BATCH: "BPF_MAP_DELETE_BATCH",
BPF_LINK_CREATE: "BPF_LINK_CREATE",
BPF_LINK_UPDATE: "BPF_LINK_UPDATE",
BPF_LINK_GET_FD_BY_ID: "BPF_LINK_GET_FD_BY_ID",
BPF_LINK_GET_NEXT_ID: "BPF_LINK_GET_NEXT_ID",
BPF_ENABLE_STATS: "BPF_ENABLE_STATS",
BPF_ITER_CREATE: "BPF_ITER_CREATE",
BPF_LINK_DETACH: "BPF_LINK_DETACH",
}

// String parses the `cmd` argument of the `bpf` syscall
// https://man7.org/linux/man-pages/man2/bpf.2.html
func (b BPFCommandArgument) String() string {
var res string
if cmdName, ok := bpfCmdStringMap[b]; ok {
res = cmdName
} else {
res = strconv.Itoa(int(b))
}

return res
var bpfCmdValues = []SystemFunctionArgument{
BPF_MAP_CREATE,
BPF_MAP_LOOKUP_ELEM,
BPF_MAP_UPDATE_ELEM,
BPF_MAP_DELETE_ELEM,
BPF_MAP_GET_NEXT_KEY,
BPF_PROG_LOAD,
BPF_OBJ_PIN,
BPF_OBJ_GET,
BPF_PROG_ATTACH,
BPF_PROG_DETACH,
BPF_PROG_TEST_RUN,
BPF_PROG_GET_NEXT_ID,
BPF_MAP_GET_NEXT_ID,
BPF_PROG_GET_FD_BY_ID,
BPF_MAP_GET_FD_BY_ID,
BPF_OBJ_GET_INFO_BY_FD,
BPF_PROG_QUERY,
BPF_RAW_TRACEPOINT_OPEN,
BPF_BTF_LOAD,
BPF_BTF_GET_FD_BY_ID,
BPF_TASK_FD_QUERY,
BPF_MAP_LOOKUP_AND_DELETE_ELEM,
BPF_MAP_FREEZE,
BPF_BTF_GET_NEXT_ID,
BPF_MAP_LOOKUP_BATCH,
BPF_MAP_LOOKUP_AND_DELETE_BATCH,
BPF_MAP_UPDATE_BATCH,
BPF_MAP_DELETE_BATCH,
BPF_LINK_CREATE,
BPF_LINK_UPDATE,
BPF_LINK_GET_FD_BY_ID,
BPF_LINK_GET_NEXT_ID,
BPF_ENABLE_STATS,
BPF_ITER_CREATE,
BPF_LINK_DETACH,
BPF_PROG_BIND_MAP,
BPF_TOKEN_CREATE,
}

var bpfCmdMap = map[uint64]BPFCommandArgument{
BPF_MAP_CREATE.Value(): BPF_MAP_CREATE,
BPF_MAP_LOOKUP_ELEM.Value(): BPF_MAP_LOOKUP_ELEM,
BPF_MAP_UPDATE_ELEM.Value(): BPF_MAP_UPDATE_ELEM,
BPF_MAP_DELETE_ELEM.Value(): BPF_MAP_DELETE_ELEM,
BPF_MAP_GET_NEXT_KEY.Value(): BPF_MAP_GET_NEXT_KEY,
BPF_PROG_LOAD.Value(): BPF_PROG_LOAD,
BPF_OBJ_PIN.Value(): BPF_OBJ_PIN,
BPF_OBJ_GET.Value(): BPF_OBJ_GET,
BPF_PROG_ATTACH.Value(): BPF_PROG_ATTACH,
BPF_PROG_DETACH.Value(): BPF_PROG_DETACH,
BPF_PROG_TEST_RUN.Value(): BPF_PROG_TEST_RUN,
BPF_PROG_GET_NEXT_ID.Value(): BPF_PROG_GET_NEXT_ID,
BPF_MAP_GET_NEXT_ID.Value(): BPF_MAP_GET_NEXT_ID,
BPF_PROG_GET_FD_BY_ID.Value(): BPF_PROG_GET_FD_BY_ID,
BPF_MAP_GET_FD_BY_ID.Value(): BPF_MAP_GET_FD_BY_ID,
BPF_OBJ_GET_INFO_BY_FD.Value(): BPF_OBJ_GET_INFO_BY_FD,
BPF_PROG_QUERY.Value(): BPF_PROG_QUERY,
BPF_RAW_TRACEPOINT_OPEN.Value(): BPF_RAW_TRACEPOINT_OPEN,
BPF_BTF_LOAD.Value(): BPF_BTF_LOAD,
BPF_BTF_GET_FD_BY_ID.Value(): BPF_BTF_GET_FD_BY_ID,
BPF_TASK_FD_QUERY.Value(): BPF_TASK_FD_QUERY,
BPF_MAP_LOOKUP_AND_DELETE_ELEM.Value(): BPF_MAP_LOOKUP_AND_DELETE_ELEM,
BPF_MAP_FREEZE.Value(): BPF_MAP_FREEZE,
BPF_BTF_GET_NEXT_ID.Value(): BPF_BTF_GET_NEXT_ID,
BPF_MAP_LOOKUP_BATCH.Value(): BPF_MAP_LOOKUP_BATCH,
BPF_MAP_LOOKUP_AND_DELETE_BATCH.Value(): BPF_MAP_LOOKUP_AND_DELETE_BATCH,
BPF_MAP_UPDATE_BATCH.Value(): BPF_MAP_UPDATE_BATCH,
BPF_MAP_DELETE_BATCH.Value(): BPF_MAP_DELETE_BATCH,
BPF_LINK_CREATE.Value(): BPF_LINK_CREATE,
BPF_LINK_UPDATE.Value(): BPF_LINK_UPDATE,
BPF_LINK_GET_FD_BY_ID.Value(): BPF_LINK_GET_FD_BY_ID,
BPF_LINK_GET_NEXT_ID.Value(): BPF_LINK_GET_NEXT_ID,
BPF_ENABLE_STATS.Value(): BPF_ENABLE_STATS,
BPF_ITER_CREATE.Value(): BPF_ITER_CREATE,
BPF_LINK_DETACH.Value(): BPF_LINK_DETACH,
}
var (
BPF_FIRST_BPF = BPF_MAP_CREATE.Value()
BPF_LAST_BPF = BPF_TOKEN_CREATE.Value()
)

// ParseBPFCmd parses the raw value of the `cmd` argument of the `bpf` syscall
// https://man7.org/linux/man-pages/man2/bpf.2.html
func ParseBPFCmd(cmd uint64) (BPFCommandArgument, error) {
v, ok := bpfCmdMap[cmd]
if !ok {
return 0, fmt.Errorf("not a valid BPF command argument: %d", cmd)
func ParseBPFCmd(cmd uint64) (string, error) {
if cmd > BPF_LAST_BPF {
return "", fmt.Errorf("not a valid bpf command value: %d", cmd)
}
return v, nil

idx := int(cmd - BPF_FIRST_BPF)
return bpfCmdValues[idx].String(), nil
}

type PtraceRequestArgument uint64
Expand Down

0 comments on commit 1a9dea4

Please sign in to comment.