opensnitch/ebpf_prog/common_defs.h

#ifndef OPENSNITCH_COMMON_DEFS_H
#define OPENSNITCH_COMMON_DEFS_H

#include <linux/sched.h>
#include <linux/ptrace.h>
#include <uapi/linux/bpf.h>
#include "bpf_headers/bpf_helpers.h"
#include "bpf_headers/bpf_tracing.h"
//#include <bpf/bpf_core_read.h> 

#define BUF_SIZE_MAP_NS 256
#define MAPSIZE 12000

// even though we only need 32 bits of pid, on x86_32 ebpf verifier complained when pid type was set to u32
typedef u64 pid_size_t;
typedef u64 uid_size_t; 


//-------------------------------map definitions 
// which github.com/iovisor/gobpf/elf expects
typedef struct bpf_map_def {
	unsigned int type;
	unsigned int key_size;
	unsigned int value_size;
	unsigned int max_entries;
	unsigned int map_flags;
	unsigned int pinning;
	char namespace[BUF_SIZE_MAP_NS];
} bpf_map_def;

enum bpf_pin_type {
	PIN_NONE = 0,
	PIN_OBJECT_NS,
	PIN_GLOBAL_NS,
	PIN_CUSTOM_NS,
};
//-----------------------------------

#endif
moved basic ebpf definitions to its own file BPF_MAP_TYPE_PERCPU_ARRAY was introduced in kernel version 4.6, so with latest changes to intercept processes we lost support for older kernels < 4.6. Now we work again for example on kernels 4.4. 2022-12-21 21:11:40 +01:00			`#ifndef OPENSNITCH_COMMON_DEFS_H`
			`#define OPENSNITCH_COMMON_DEFS_H`

			`#include <linux/sched.h>`
			`#include <linux/ptrace.h>`
			`#include <uapi/linux/bpf.h>`
ebpf: new way of compiling the modules - Don't rename libbpf's bpf_map_def struct, and distribute the needed bpf headers. The bpf_map_def struct has been deprecated for quite some time now, and it was been removed on >= 6.2 anyway. We still need it, because we use gobpf. - Improved compilation behaviour: - We don't require the kernel sources anymore. We can just use the kernel headers from the distribution. - There's no need to copy the sources to the kernel tree, the modules can be compiled from the ebpf_prog/ dir. - Compiling against kernels 6.x seems to solve the problem we had with VPNs, where connections were not intercepted with modules compiled against 5.8, on kernels >= 5.19. The modules has been tested on kernels 4.17, 5.4, 5.10, 5.15, 6.1 and 6.2 (kernel connections included). Closes: #939 2023-05-17 01:20:53 +02:00			`#include "bpf_headers/bpf_helpers.h"`
			`#include "bpf_headers/bpf_tracing.h"`
			`//#include <bpf/bpf_core_read.h>`
moved basic ebpf definitions to its own file BPF_MAP_TYPE_PERCPU_ARRAY was introduced in kernel version 4.6, so with latest changes to intercept processes we lost support for older kernels < 4.6. Now we work again for example on kernels 4.4. 2022-12-21 21:11:40 +01:00
			`#define BUF_SIZE_MAP_NS 256`
			`#define MAPSIZE 12000`

			`// even though we only need 32 bits of pid, on x86_32 ebpf verifier complained when pid type was set to u32`
			`typedef u64 pid_size_t;`
			`typedef u64 uid_size_t;`


			`//-------------------------------map definitions`
			`// which github.com/iovisor/gobpf/elf expects`
			`typedef struct bpf_map_def {`
			`unsigned int type;`
			`unsigned int key_size;`
			`unsigned int value_size;`
			`unsigned int max_entries;`
			`unsigned int map_flags;`
			`unsigned int pinning;`
			`char namespace[BUF_SIZE_MAP_NS];`
			`} bpf_map_def;`

			`enum bpf_pin_type {`
			`PIN_NONE = 0,`
			`PIN_OBJECT_NS,`
			`PIN_GLOBAL_NS,`
			`PIN_CUSTOM_NS,`
			`};`
			`//-----------------------------------`

			`#endif`