ebpf: non non-core. building files. #3015

rafaeldtinoco · 2023-04-24T17:29:16Z

I want to split the eBPF code into multiple eBPF objects and include the logic to load them depending on the events being traced, for example. But I think as an initial step we should drop non CORE, clean up the code a bit for readability and styling, and do that soon/later.

I'll try to enforce a code styling through some formatter (as we have many developers and each one seems to be doing a different style currently, even with clang-format trying to enforce some rules).

I have removed all NON CORE related code (AFAICT) and changed Makefiles, Dockerfiles and Workflows appropriately. Let's test here and then with our internal E2E tests to see how things go.

NOTE: I'll have to test the "snapshot" process after this is merged (I don't think there will be a problem) AND the "release" process during the next release.

This PR might impact other PRs touching eBPF code, but, still, easy to rebase as there are no logic changes, just positional/styling changes mostly.

commit 829adfe (HEAD -> drop-noncore, rafaeldtinoco/drop-noncore)
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Wed Apr 26 01:02:57 2023

ebpf: re-organize headers and styling

After dropping the non CORE eBPF code, there is finally an opportunity
for a few things to finally happen:

1. Adjust headers recursion so clangd is capable of parsing types.

2. Adjust code styling and comments to something closer to kernel style:

  - Line wrapping at col 80. Accept up to col 102 for a few logics.
  - Not so descriptive variable names (although encouraged/accepted).

  > Styling should be enforced by a formatter (like clang-format) but
  > it does not take care of all peculiarities. To be done soon.

3. Split headers (for now) into:

  - kernel related headers (types, macros, constants)
  - tracee related headers (ebpf macros, internal type/structs, ...)

  > Just a trigger for splitting the code into multiple eBPF objects
  > with multiple header files, per object, and a logic to load
  > eBPF objects on demand (and depending on events being traced).

commit 239768b (test)
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Tue Apr 25 23:24:11 2023

ebpf: non non-core. remove non-core ebpf code.

commit 380a1e1
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Mon Apr 24 17:41:39 2023

ebpf: non non-core. workflows.

commit f7da045
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Mon Apr 24 11:40:10 2023

ebpf: non non-co
8000
re. building files.

commit 467da62
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Mon Apr 24 18:28:51 2023

packaging: update releases

docs/contributing/building/containers.md

docs/contributing/building/macosx.md

builder/Makefile.tracee-container

yanivagman

Let's avoid renaming files in this PR (done in the last commit).
I disagree with some of these renamings (e.g. common->include and splitting kernel and tracee), yet I think we should merge the other commits.
We can discuss further changes in the next milestone.

builder/Dockerfile.alpine-tracee-container

pkg/ebpf/c/common/common.h

pkg/ebpf/c/common/kconfig.h

pkg/cmd/initialize/bpfobject.go

pkg/ebpf/c/include/tracee/arch.h

pkg/ebpf/c/include/tracee/consts.h

pkg/ebpf/c/include/tracee/context.h

pkg/ebpf/c/include/tracee/filtering.h

yanivagman · 2023-04-27T09:28:47Z

Please, let's defer the last commit to another PR

rafaeldtinoco · 2023-04-27T17:44:24Z

Okay I think this is "ready" to be merged IMO (unless there are other issues to be addressed that I couldn't spot). Let me know WYT. Thank you.

8000

yanivagman

Mostly header inclusion doubts.
I believe we can merge after these nit fixes

pkg/cmd/initialize/bpfobject.go

pkg/ebpf/c/common/arguments.h

pkg/ebpf/c/vmlinux.h

pkg/ebpf/c/common/common.h

pkg/ebpf/c/common/binprm.h

pkg/ebpf/c/common/memory.h

pkg/ebpf/c/common/namespaces.h

pkg/ebpf/c/common/probes.h

pkg/ebpf/c/maps.h

pkg/ebpf/c/types.h

squash with ebpf

- keep external BTF file logic

Current eBPF source headers have several problems: - some of them use local headers "", some the search path <> - clangd wasn't able to index headers correctly Follow: #2359 for TODOs NO CHANGES BUT POSITIONAL AND INCLUDE FIXES.

yanivagman

LGTM!
Bye bye non-core! You served us well

github-actions bot assigned rafaeldtinoco Apr 24, 2023

github-actions bot added area/build area/UX kind/documentation labels Apr 24, 2023

rafaeldtinoco linked an issue Apr 24, 2023 that may be closed by this pull request

eBPF CO-RE improvements: remove non CO-RE source code #1651

Closed

yanivagman reviewed Apr 24, 2023

View reviewed changes

github-actions bot added area/testing area/ebpf labels Apr 24, 2023

This comment was marked as outdated.

Sign in to view

rafaeldtinoco marked this pull request as ready for review April 26, 2023 22:23

yanivagman requested changes Apr 27, 2023

View reviewed changes

builder/Dockerfile.alpine-tracee-container Outdated Show resolved Hide resolved

pkg/ebpf/c/common/common.h Outdated Show resolved Hide resolved

pkg/ebpf/c/common/kconfig.h Show resolved Hide resolved

pkg/cmd/initialize/bpfobject.go Show resolved Hide resolved