1 /*
2 * Copyright (c) 2017 Politecnico di Torino
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <linux/version.h>
18 #include <unistd.h>
19 #include <string>
20
21 #include "BPF.h"
22 #include "catch.hpp"
23
bpf_module_rw_engine_enabled()24 TEST_CASE("test bpf table", ebpf::bpf_module_rw_engine_enabled() ? "[bpf_table]" : "[bpf_table][!mayfail]") {
25 const std::string BPF_PROGRAM = R"(
26 BPF_TABLE("hash", int, int, myhash, 128);
27 )";
28
29 auto bpf = std::make_unique<ebpf::BPF>();
30 ebpf::StatusTuple res(0);
31 std::vector<std::pair<std::string, std::string>> elements;
32 res = bpf->init(BPF_PROGRAM);
33 REQUIRE(res.ok());
34
35 ebpf::BPFTable t = bpf->get_table("myhash");
36
37 // update element
38 std::string value;
39 res = t.update_value("0x07", "0x42");
40 REQUIRE(res.ok());
41 res = t.get_value("0x7", value);
42 REQUIRE(res.ok());
43 REQUIRE(value == "0x42");
44
45 // update another element
46 res = t.update_value("0x11", "0x777");
47 REQUIRE(res.ok());
48 res = t.get_value("0x11", value);
49 REQUIRE(res.ok());
50 REQUIRE(value == "0x777");
51
52 // remove value
53 res = t.remove_value("0x11");
54 REQUIRE(res.ok());
55 res = t.get_value("0x11", value);
56 REQUIRE(!res.ok());
57
58 res = t.update_value("0x15", "0x888");
59 REQUIRE(res.ok());
60 res = t.get_table_offline(elements);
61 REQUIRE(res.ok());
62 REQUIRE(elements.size() == 2);
63
64 // check that elements match what is in the table
65 for (auto &it : elements) {
66 if (it.first == "0x15") {
67 REQUIRE(it.second == "0x888");
68 } else if (it.first == "0x7") {
69 REQUIRE(it.second == "0x42");
70 } else {
71 FAIL("Element " + it.first + " should not be on the table", it.first);
72 }
73 }
74
75 res = t.clear_table_non_atomic();
76 REQUIRE(res.ok());
77 res = t.get_table_offline(elements);
78 REQUIRE(res.ok());
79 REQUIRE(elements.size() == 0);
80
81 // delete bpf_module, call to key/leaf printf/scanf must fail
82 bpf.reset();
83
84 res = t.update_value("0x07", "0x42");
85 REQUIRE(!res.ok());
86
87 res = t.get_value("0x07", value);
88 REQUIRE(!res.ok());
89
90 res = t.remove_value("0x07");
91 REQUIRE(!res.ok());
92 }
93
94 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
bpf_module_rw_engine_enabled()95 TEST_CASE("test bpf percpu tables", ebpf::bpf_module_rw_engine_enabled() ? "[bpf_percpu_table]" : "[bpf_percpu_table][!mayfail]") {
96 const std::string BPF_PROGRAM = R"(
97 BPF_PERCPU_HASH(myhash, int, u64, 128);
98 )";
99
100 ebpf::BPF bpf;
101 ebpf::StatusTuple res(0);
102 res = bpf.init(BPF_PROGRAM);
103 REQUIRE(res.ok());
104
105 ebpf::BPFTable t = bpf.get_table("myhash");
106 size_t ncpus = ebpf::BPFTable::get_possible_cpu_count();
107
108 std::vector<std::string> v1(ncpus);
109 for (size_t i = 0; i < ncpus; i++) {
110 v1.at(i) = std::to_string(42 * i);
111 }
112
113 // update element
114 std::vector<std::string> value;
115 res = t.update_value("0x07", v1);
116 REQUIRE(res.ok());
117 res = t.get_value("0x07", value);
118 REQUIRE(res.ok());
119 for (size_t i = 0; i < ncpus; i++) {
120 REQUIRE(42 * i == std::stoul(value.at(i), nullptr, 16));
121 }
122 }
123 #endif
124
125 TEST_CASE("test bpf hash table", "[bpf_hash_table]") {
126 const std::string BPF_PROGRAM = R"(
127 BPF_HASH(myhash, int, int, 128);
128 )";
129
130 ebpf::BPF bpf;
131 ebpf::StatusTuple res(0);
132 res = bpf.init(BPF_PROGRAM);
133 REQUIRE(res.ok());
134
135 auto t = bpf.get_hash_table<int, int>("myhash");
136
137 int key, value;
138
139 // updaate element
140 key = 0x08;
141 value = 0x43;
142 res = t.update_value(key, value);
143 REQUIRE(res.ok());
144 REQUIRE(t[key] == value);
145
146 // update another element
147 key = 0x12;
148 value = 0x778;
149 res = t.update_value(key, value);
150 REQUIRE(res.ok());
151 key = 0x31;
152 value = 0x123;
153 res = t.update_value(key, value);
154 REQUIRE(res.ok());
155 key = 0x12;
156 value = 0;
157 res = t.get_value(key, value);
158 REQUIRE(res.ok());
159 REQUIRE(value == 0x778);
160
161 // remove value and dump table
162 key = 0x12;
163 res = t.remove_value(key);
164 REQUIRE(res.ok());
165 auto values = t.get_table_offline();
166 REQUIRE(values.size() == 2);
167
168 // clear table
169 res = t.clear_table_non_atomic();
170 REQUIRE(res.ok());
171 values = t.get_table_offline();
172 REQUIRE(values.size() == 0);
173 }
174
175 TEST_CASE("test bpf stack table", "[bpf_stack_table]") {
176 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
177 const std::string BPF_PROGRAM = R"(
178 BPF_HASH(id, int, int, 1);
179 BPF_STACK_TRACE(stack_traces, 8);
180
181 int on_sys_getuid(void *ctx) {
182 int stack_id = stack_traces.get_stackid(ctx, BPF_F_REUSE_STACKID);
183 int zero = 0, *val;
184 val = id.lookup_or_try_init(&zero, &stack_id);
185 if (val) {
186 (*val) = stack_id;
187 }
188
189 return 0;
190 }
191 )";
192
193 ebpf::BPF bpf;
194 ebpf::StatusTuple res(0);
195 res = bpf.init(BPF_PROGRAM);
196 REQUIRE(res.ok());
197 std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
198 res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
199 REQUIRE(res.ok());
200 REQUIRE(getuid() >= 0);
201 res = bpf.detach_kprobe(getuid_fnname);
202 REQUIRE(res.ok());
203
204 auto id = bpf.get_hash_table<int, int>("id");
205 auto stack_traces = bpf.get_stack_table("stack_traces");
206
207 int stack_id = id[0];
208 REQUIRE(stack_id >= 0);
209
210 auto addrs = stack_traces.get_stack_addr(stack_id);
211 auto symbols = stack_traces.get_stack_symbol(stack_id, -1);
212 REQUIRE(addrs.size() > 0);
213 REQUIRE(addrs.size() == symbols.size());
214 bool found = false;
215 for (const auto &symbol : symbols)
216 if (symbol.find("sys_getuid") != std::string::npos) {
217 found = true;
218 break;
219 }
220 REQUIRE(found);
221
222 stack_traces.clear_table_non_atomic();
223 addrs = stack_traces.get_stack_addr(stack_id);
224 REQUIRE(addrs.size() == 0);
225 #endif
226 }
227
228 TEST_CASE("test bpf stack_id table", "[bpf_stack_table]") {
229 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
230 const std::string BPF_PROGRAM = R"(
231 BPF_HASH(id, int, int, 1);
232 BPF_STACK_TRACE_BUILDID(stack_traces, 8);
233
234 int on_sys_getuid(void *ctx) {
235 int stack_id = stack_traces.get_stackid(ctx, BPF_F_USER_STACK);
236 int zero = 0, *val;
237 val = id.lookup_or_try_init(&zero, &stack_id);
238 if (val) {
239 (*val) = stack_id;
240 }
241
242 return 0;
243 }
244 )";
245
246 ebpf::BPF bpf;
247 ebpf::StatusTuple res(0);
248 res = bpf.init(BPF_PROGRAM);
249 REQUIRE(res.ok());
250 std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
251 res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
252 REQUIRE(res.ok());
253 REQUIRE(getuid() >= 0);
254 res = bpf.detach_kprobe(getuid_fnname);
255 REQUIRE(res.ok());
256
257 auto id = bpf.get_hash_table<int, int>("id");
258 auto stack_traces = bpf.get_stackbuildid_table("stack_traces");
259
260 /* libc locations on different distributions are added below*/
261 bpf.add_module("/lib/x86_64-linux-gnu/libc.so.6"); //Location of libc in ubuntu
262 bpf.add_module("/lib64/libc.so.6"); //Location of libc fedora machine
263
264 int stack_id = id[0];
265 REQUIRE(stack_id >= 0);
266
267 auto addrs = stack_traces.get_stack_addr(stack_id);
268 auto symbols = stack_traces.get_stack_symbol(stack_id);
269 REQUIRE(addrs.size() > 0);
270 REQUIRE(addrs.size() == symbols.size());
271 bool found = false;
272 for (const auto &symbol : symbols) {
273 if (symbol.find("getuid") != std::string::npos) {
274 found = true;
275 break;
276 }
277 }
278 REQUIRE(found);
279
280 stack_traces.clear_table_non_atomic();
281 addrs = stack_traces.get_stack_addr(stack_id);
282 REQUIRE(addrs.size()==0);
283 #endif
284 }
285