Ebpf randomize udp streams

.github/workflows/devshell.yml

@@ -46,6 +46,7 @@ jobs:
             --enable-all-modules
             --disable-java
             --disable-java-modules
+            --enable-ebpf
             --with-python=3
             `[ $CC = clang ] && echo '--enable-force-gnu99' || true`
           "
@@ -58,6 +59,10 @@ jobs:
           gh_export COREFILES_DIR PYTHONUSERBASE CC SYSLOG_NG_INSTALL_DIR CONFIGURE_FLAGS CMAKE_FLAGS
           gh_path "${PYTHONUSERBASE}"
 
+      - name: Install BPF tools
+        run: |
+          apt-get install libbpf-dev bpftool clang
+
       - name: autogen.sh
         if: matrix.build-tool == 'autotools'
         run: ./autogen.sh

cmake/Modules/FindLIBBPF.cmake

@@ -0,0 +1,38 @@
+#############################################################################
+# Copyright (c) 2023 Attila Szakacs
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+# As an additional exemption you are allowed to compile & link against the
+# OpenSSL libraries as published by the OpenSSL project. See the file
+# COPYING for details.
+#
+#############################################################################
+
+find_package(PkgConfig)
+pkg_check_modules(LIBBPF QUIET libbpf>=1.1.0)
+
+if (LIBBPF_FOUND)
+  find_program(BPF_CC clang)
+  find_program(BPFTOOL bpftool)
+
+  if ((NOT BPF_CC) OR (NOT BPFTOOL))
+    set(LIBBPF_FOUND FALSE)
+  else ()
+    execute_process(COMMAND ${BPF_CC} -print-file-name=include OUTPUT_VARIABLE CLANG_INCLUDES OUTPUT_STRIP_TRAILING_WHITESPACE)
+    pkg_get_variable(LIBBPF_INCLUDE_DIRS_RAW libbpf includedir)
+    set(BPF_CFLAGS -nostdinc -isystem ${CLANG_INCLUDES} -target bpf -I${CMAKE_CURRENT_BINARY_DIR} -I${LIBBPF_INCLUDE_DIRS_RAW} -fPIC -O2 -g)
+  endif ()
+endif ()

configure.ac

@@ -247,6 +247,10 @@ AC_ARG_ENABLE(linux-caps,
               [  --enable-linux-caps     Enable support for managing Linux capabilities (default: auto)]
               ,,enable_linux_caps="auto")
 
+AC_ARG_ENABLE(ebpf,
+              [  --enable-ebpf           Enable support for loading of eBPF programs (default: no)]
+              ,,enable_ebpf="no")
+
 AC_ARG_ENABLE(gcov,
               [  --enable-gcov           Enable coverage profiling (default: no)]
               ,,enable_gcov="no")
@@ -1760,6 +1764,28 @@ if test "x$enable_systemd" = "xyes"; then
         fi
 fi
 
+if test "x$enable_ebpf" = "xyes"; then
+	AC_PATH_PROG(BPFTOOL, bpftool)
+	AC_SUBST(BPFTOOL)
+
+	AC_PATH_PROG(BPF_CC, [clang])
+	AC_SUBST(BPF_CC)
+
+	if test "x$BPFTOOL" = "x"; then
+		AC_MSG_ERROR([Detecting bpftool for eBPF support failed])
+	elif test "x$BPF_CC" = "x"; then
+		AC_MSG_ERROR([Detecting clang for eBPF support failed])
+	fi
+
+	PKG_CHECK_MODULES(LIBBPF, libbpf >= "1.1.0")
+
+	# we are using a distinct C compiler for compiling BPF code and
+	# pkg-config removes builtin paths from its output.  Reference it
+	# directly.
+
+	LIBBPF_INCLUDE=`$PKG_CONFIG --variable includedir libbpf`
+fi
+
 dnl ***************************************************************************
 dnl check if we have timezone variable in <time.h>
 dnl ***************************************************************************
@@ -1943,6 +1969,7 @@ AC_DEFINE_UNQUOTED(ENABLE_SPOOF_SOURCE, `enable_value $enable_spoof_source`, [En
 AC_DEFINE_UNQUOTED(ENABLE_IPV6, `enable_value $enable_ipv6`, [Enable IPv6 support])
 AC_DEFINE_UNQUOTED(ENABLE_TCP_WRAPPER, `enable_value $enable_tcp_wrapper`, [Enable TCP wrapper support])
 AC_DEFINE_UNQUOTED(ENABLE_LINUX_CAPS, `enable_value $enable_linux_caps`, [Enable Linux capability management support])
+AC_DEFINE_UNQUOTED(ENABLE_EBPF, `enable_value $enable_ebpf`, [Enable Linux eBPF support])
 AC_DEFINE_UNQUOTED(ENABLE_ENV_WRAPPER, `enable_value $enable_env_wrapper`, [Enable environment wrapper support])
 AC_DEFINE_UNQUOTED(ENABLE_SYSTEMD, `enable_value $enable_systemd`, [Enable systemd support])
 AC_DEFINE_UNQUOTED(ENABLE_KAFKA, `enable_value $enable_kafka`, [Enable kafka support])
@@ -1956,6 +1983,7 @@ AM_CONDITIONAL(ENABLE_SYSTEMD_UNIT_INSTALL, [test "$systemdsystemunitdir" != ""]
 AM_CONDITIONAL(ENABLE_SQL, [test "$enable_sql" = "yes"])
 AM_CONDITIONAL(ENABLE_SUN_STREAMS, [test "$enable_sun_streams" = "yes"])
 AM_CONDITIONAL(ENABLE_OPENBSD_SYSTEM_SOURCE, [test "$enable_openbsd_system_source" = "yes"])
+AM_CONDITIONAL(ENABLE_EBPF, [test "$enable_ebpf" = "yes"])
 AM_CONDITIONAL(ENABLE_PACCT, [test "$enable_pacct" = "yes"])
 AM_CONDITIONAL(ENABLE_MONGODB, [test "$enable_mongodb" = "yes"])
 AM_CONDITIONAL(ENABLE_SMTP, [test "$enable_smtp" = "yes"])
@@ -2042,6 +2070,7 @@ AC_SUBST(JSON_CFLAGS)
 AC_SUBST(JSON_DEPENDENCY)
 AC_SUBST(IVYKIS_SUBDIRS)
 AC_SUBST(RESOLV_LIBS)
+AC_SUBST(LIBBPF_INCLUDE)
 
 AC_SUBST(CURRDATE)
 AC_SUBST(RELEASE_TAG)
@@ -2122,4 +2151,5 @@ echo "  Python modules              : ${enable_python_modules:=no}"
 echo "  Java                        : ${enable_java:=no}"
 echo "  Java modules                : ${enable_java_modules:=no}"
 echo "  afsnmp module               : ${enable_afsnmp:=no}"
+echo "  eBPF module                 : ${enable_ebpf:=no}"
 echo "  native bindings             : ${enable_native:=no}"

dbld/packages.manifest

@@ -40,6 +40,13 @@ make                            [centos, fedora]
 rpm-build                       [centos, fedora]
 which				[fedora]
 
+#############################################################################
+# eBPF related tools
+#############################################################################
+clang				[tarball]
+libbpf-dev			[tarball]
+bpftool				[tarball]
+
 #############################################################################
 # Tarball related tools
 #############################################################################

lib/signal-slot-connector/signal-slot-connector.c

@@ -113,7 +113,7 @@ signal_slot_connect(SignalSlotConnector *self, Signal signal, Slot slot, gpointe
 
   if (_slot_lookup(slots, slot, object))
     {
-      msg_debug("SignalSlotConnector::connect",
+      msg_trace("SignalSlotConnector::connect",
                 evt_tag_printf("already_connected",
                                "connect(connector=%p,signal=%s,slot=%p, object=%p)",
                                self, signal, slot, object));
@@ -127,7 +127,7 @@ signal_slot_connect(SignalSlotConnector *self, Signal signal, Slot slot, gpointe
       g_hash_table_insert(self->connections, (gpointer)signal, new_slots);
     }
 
-  msg_debug("SignalSlotConnector::connect",
+  msg_trace("SignalSlotConnector::connect",
             evt_tag_printf("new connection registered",
                            "connect(connector=%p,signal=%s,slot=%p,object=%p)",
                            self, signal, slot, object));
@@ -156,7 +156,7 @@ signal_slot_disconnect(SignalSlotConnector *self, Signal signal, Slot slot, gpoi
   if (!slots)
     goto exit_;
 
-  msg_debug("SignalSlotConnector::disconnect",
+  msg_trace("SignalSlotConnector::disconnect",
             evt_tag_printf("connector", "%p", self),
             evt_tag_str("signal", signal),
             evt_tag_printf("slot", "%p", slot),
@@ -171,7 +171,7 @@ signal_slot_disconnect(SignalSlotConnector *self, Signal signal, Slot slot, gpoi
   GList *slotfunctor_node = g_list_find_custom(slots, &slotfunctor, _slot_functor_cmp);
   if (!slotfunctor_node)
     {
-      msg_debug("SignalSlotConnector::disconnect slot object not found",
+      msg_trace("SignalSlotConnector::disconnect slot object not found",
                 evt_tag_printf("connector", "%p", self),
                 evt_tag_str("signal", signal),
                 evt_tag_printf("slot", "%p", slot),
@@ -184,7 +184,7 @@ signal_slot_disconnect(SignalSlotConnector *self, Signal signal, Slot slot, gpoi
   if (!new_slots)
     {
       g_hash_table_remove(self->connections, signal);
-      msg_debug("SignalSlotConnector::disconnect last slot is disconnected, unregister signal",
+      msg_trace("SignalSlotConnector::disconnect last slot is disconnected, unregister signal",
                 evt_tag_printf("connector", "%p", self),
                 evt_tag_str("signal", signal),
                 evt_tag_printf("slot", "%p", slot),
@@ -217,7 +217,7 @@ signal_slot_emit(SignalSlotConnector *self, Signal signal, gpointer user_data)
 {
   g_assert(signal != NULL);
 
-  msg_debug("SignalSlotConnector::emit",
+  msg_trace("SignalSlotConnector::emit",
             evt_tag_printf("connector", "%p", self),
             evt_tag_str("signal", signal),
             evt_tag_printf("user_data", "%p", user_data));
@@ -226,7 +226,7 @@ signal_slot_emit(SignalSlotConnector *self, Signal signal, gpointer user_data)
 
   if (!slots)
     {
-      msg_debug("SignalSlotConnector: unregistered signal emitted",
+      msg_trace("SignalSlotConnector: unregistered signal emitted",
                 evt_tag_printf("connector", "%p", self),
                 evt_tag_str("signal", signal));
       return;

modules/CMakeLists.txt

@@ -19,6 +19,7 @@ add_subdirectory(csvparser)
 add_subdirectory(correlation)
 add_subdirectory(diskq)
 add_subdirectory(examples)
+add_subdirectory(ebpf)
 add_subdirectory(geoip2)
 add_subdirectory(getent)
 add_subdirectory(graphite)

modules/Makefile.am

@@ -20,6 +20,7 @@ include modules/timestamp/Makefile.am
 include modules/correlation/Makefile.am
 include modules/diskq/Makefile.am
 include modules/examples/Makefile.am
+include modules/ebpf/Makefile.am
 include modules/geoip2/Makefile.am
 include modules/getent/Makefile.am
 include modules/graphite/Makefile.am

modules/afsocket/CMakeLists.txt

@@ -5,6 +5,7 @@ set(AFSOCKET_SOURCES
     afsocket-source.h
     afsocket-dest.c
     afsocket-dest.h
+    afsocket-signals.h
     socket-options.c
     socket-options.h
     transport-mapper.c

modules/afsocket/Makefile.am

@@ -5,6 +5,7 @@ modules_afsocket_libafsocket_la_SOURCES	=	\
 	modules/afsocket/afsocket-source.h		\
 	modules/afsocket/afsocket-dest.c		\
 	modules/afsocket/afsocket-dest.h		\
+	modules/afsocket/afsocket-signals.h		\
 	modules/afsocket/socket-options.c        	\
 	modules/afsocket/socket-options.h		\
 	modules/afsocket/transport-mapper.c		\

modules/afsocket/afsocket-signals.h

@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2023 Balazs Scheidler <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * As an additional exemption you are allowed to compile & link against the
+ * OpenSSL libraries as published by the OpenSSL project. See the file
+ * COPYING for details.
+ *
+ */
+
+#ifndef AFSOCKET_SIGNALS_H_INCLUDED
+#define AFSOCKET_SIGNALS_H_INCLUDED
+
+#include "signal-slot-connector/signal-slot-connector.h"
+
+typedef struct _AFSocketSetupSocketSignalData
+{
+  gint sock;
+  /* initialized to FALSE by the caller, must be set to TRUE in order to
+   * fail the initialization */
+  gboolean failure;
+} AFSocketSetupSocketSignalData;
+
+#define signal_afsocket_setup_socket SIGNAL(afsocket, setup_socket, AFSocketSetupSocketSignalData *)
+
+#endif

modules/afsocket/afsocket-source.c

@@ -30,6 +30,7 @@
 #include "mainloop.h"
 #include "poll-fd-events.h"
 #include "timeutils/misc.h"
+#include "afsocket-signals.h"
 
 #include <string.h>
 #include <sys/types.h>
@@ -838,6 +839,20 @@ _finalize_init(gpointer arg)
   return TRUE;
 }
 
+static gboolean
+afsocket_sd_open_socket(AFSocketSourceDriver *self, gint *sock)
+{
+  if (!transport_mapper_open_socket(self->transport_mapper, self->socket_options, self->bind_addr,
+                                    self->bind_addr, AFSOCKET_DIR_RECV, sock))
+    return FALSE;
+
+  AFSocketSetupSocketSignalData signal_data = {0};
+
+  signal_data.sock = *sock;
+  EMIT(self->super.super.super.signal_slot_connector, signal_afsocket_setup_socket, &signal_data);
+  return !signal_data.failure;
+}
+
 static gboolean
 _sd_open_stream(AFSocketSourceDriver *self)
 {
@@ -856,9 +871,7 @@ _sd_open_stream(AFSocketSourceDriver *self)
     {
       if (!afsocket_sd_acquire_socket(self, &sock))
         return self->super.super.optional;
-      if (sock == -1
-          && !transport_mapper_open_socket(self->transport_mapper, self->socket_options, self->bind_addr,
-                                           self->bind_addr, AFSOCKET_DIR_RECV, &sock))
+      if (sock == -1 && !afsocket_sd_open_socket(self, &sock))
         return self->super.super.optional;
     }
   self->fd = sock;
@@ -873,9 +886,7 @@ _sd_open_dgram(AFSocketSourceDriver *self)
     {
       if (!afsocket_sd_acquire_socket(self, &sock))
         return self->super.super.optional;
-      if (sock == -1
-          && !transport_mapper_open_socket(self->transport_mapper, self->socket_options, self->bind_addr,
-                                           self->bind_addr, AFSOCKET_DIR_RECV, &sock))
+      if (sock == -1 && !afsocket_sd_open_socket(self, &sock))
         return self->super.super.optional;
     }
   self->fd = -1;

modules/ebpf/CMakeLists.txt

@@ -0,0 +1,36 @@
+find_package(LIBBPF)
+
+module_switch(ENABLE_EBPF "Enable ebpf module (requires ebpf toolchain)" LIBBPF_FOUND)
+
+if (NOT ENABLE_EBPF)
+  return()
+endif()
+
+add_custom_command(OUTPUT vmlinux.h
+                   COMMAND ${BPFTOOL} btf dump file /sys/kernel/btf/vmlinux format c >vmlinux.h)
+
+add_custom_command(OUTPUT random.skel.c
+                   COMMAND ${BPFTOOL} gen skeleton random.kern.o > random.skel.c
+                   DEPENDS random.kern.o)
+
+add_custom_command(OUTPUT random.kern.o
+                   COMMAND ${BPF_CC} ${BPF_CFLAGS} -c ${CMAKE_CURRENT_SOURCE_DIR}/random.kern.c -o random.kern.o
+                   DEPENDS random.kern.c vmlinux.h)
+
+set_source_files_properties(${CMAKE_CURRENT_BINARY_DIR}/random.skel.c PROPERTIES COMPILE_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function")
+
+set(EBPF_SOURCES
+    ebpf-parser.h
+    ebpf-reuseport.h
+    ebpf-reuseport.c
+    ebpf-plugin.c
+    ebpf-parser.c
+    random.skel.c
+)
+
+add_module(
+  TARGET ebpf
+  GRAMMAR ebpf-grammar
+  INCLUDES ${PROJECT_SOURCE_DIR}
+  SOURCES ${EBPF_SOURCES}
+)