moved basic ebpf definitions to its own file

BPF_MAP_TYPE_PERCPU_ARRAY was introduced in kernel version 4.6, so with
latest changes to intercept processes we lost support for older kernels
< 4.6.

Now we work again for example on kernels 4.4.

ebpf_prog/common.h

@@ -1,12 +1,7 @@
 #ifndef OPENSNITCH_COMMON_H
 #define OPENSNITCH_COMMON_H
 
-#include <linux/sched.h>
-#include <linux/ptrace.h>
-#include <uapi/linux/bpf.h>
-#include <bpf/bpf_helpers.h>
-#include <bpf/bpf_tracing.h> 
-#include <bpf/bpf_core_read.h> 
+#include "common_defs.h"
 
 //https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/limits.h#L13
 #ifndef MAX_PATH_LEN
@@ -25,40 +20,12 @@
 #define COMPLETE_ARGS 0
 #define INCOMPLETE_ARGS 1
 
-#define MAPSIZE 12000
-
 #ifndef TASK_COMM_LEN
  #define TASK_COMM_LEN 16
 #endif
 
 #define BUF_SIZE_MAP_NS 256
 #define GLOBAL_MAP_NS "256"
-
-//-------------------------------map definitions 
-// which github.com/iovisor/gobpf/elf expects
-
-typedef struct bpf_map_def {
-	unsigned int type;
-	unsigned int key_size;
-	unsigned int value_size;
-	unsigned int max_entries;
-	unsigned int map_flags;
-	unsigned int pinning;
-	char namespace[BUF_SIZE_MAP_NS];
-} bpf_map_def;
-
-enum bpf_pin_type {
-	PIN_NONE = 0,
-	PIN_OBJECT_NS,
-	PIN_GLOBAL_NS,
-	PIN_CUSTOM_NS,
-};
-//-----------------------------------
-
-// even though we only need 32 bits of pid, on x86_32 ebpf verifier complained when pid type was set to u32
-typedef u64 pid_size_t;
-typedef u64 uid_size_t; 
-
 enum events_type {
     EVENT_NONE = 0,
     EVENT_EXEC,
@@ -67,6 +34,7 @@ enum events_type {
     EVENT_SCHED_EXIT,
 };
 
+
 struct data_t {
     u64 type;
     u64 pid;  // PID as in the userspace term (i.e. task->tgid in kernel)

ebpf_prog/common_defs.h

@@ -0,0 +1,40 @@
+#ifndef OPENSNITCH_COMMON_DEFS_H
+#define OPENSNITCH_COMMON_DEFS_H
+
+#include <linux/sched.h>
+#include <linux/ptrace.h>
+#include <uapi/linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h> 
+#include <bpf/bpf_core_read.h> 
+
+#define BUF_SIZE_MAP_NS 256
+#define MAPSIZE 12000
+
+// even though we only need 32 bits of pid, on x86_32 ebpf verifier complained when pid type was set to u32
+typedef u64 pid_size_t;
+typedef u64 uid_size_t; 
+
+
+//-------------------------------map definitions 
+// which github.com/iovisor/gobpf/elf expects
+typedef struct bpf_map_def {
+	unsigned int type;
+	unsigned int key_size;
+	unsigned int value_size;
+	unsigned int max_entries;
+	unsigned int map_flags;
+	unsigned int pinning;
+	char namespace[BUF_SIZE_MAP_NS];
+} bpf_map_def;
+
+enum bpf_pin_type {
+	PIN_NONE = 0,
+	PIN_OBJECT_NS,
+	PIN_GLOBAL_NS,
+	PIN_CUSTOM_NS,
+};
+//-----------------------------------
+
+#endif
+

ebpf_prog/opensnitch.c

@@ -1,13 +1,12 @@
 #define KBUILD_MODNAME "dummy"
 
-#include "common.h"
+#include "common_defs.h"
 #include <linux/version.h>
 #include <uapi/linux/tcp.h>
 #include <net/sock.h>
 #include <net/udp_tunnel.h>
 #include <net/inet_sock.h>
 
-
 struct tcp_key_t {
 	u16 sport;
 	u32 daddr;