[WIP] Testing framework shared between all the drivers

.github/workflows/ci.yml

@@ -162,8 +162,9 @@ jobs:
             KERNELDIR=/lib/modules/$(ls /lib/modules)/build make -j4
             make run-unit-tests
 
-  build-and-test-modern-bpf-x86:
-    name: build-and-test-modern-bpf-x86 😇 (bundled_deps)
+  # This job checks that we correctly run `scap-open` for all the 3 drivers.
+  test-scap-open-x86:
+    name: test-scap-open-x86 😆 (bundled_deps)
     runs-on: ubuntu-22.04
     needs: paths-filter
     if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
@@ -177,31 +178,80 @@ jobs:
       - name: Install deps ⛓️
         run: |
           sudo apt update
-          sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev
+          sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev linux-headers-$(uname -r) 
+          sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
+          sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
+          sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90
 
-      - name: Build scap-open 🏗️
+      - name: Build scap-open and drivers 🏗️
         run: |
           mkdir -p build
-          cd build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
+          cd build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_LIBSCAP_GVISOR=OFF -DBUILD_BPF=True -DCREATE_TEST_TARGETS=Off ../
           make scap-open
+          make driver bpf
 
-      - name: Run scap-open 🏎️
+      - name: Run scap-open with modern bpf 🏎️
         run: |
           cd build
           sudo ./libscap/examples/01-open/scap-open --modern_bpf --num_events 0
 
-      - name: Build bpf_test 🏗️
+      - name: Run scap-open with bpf 🏎️
         run: |
           cd build
-          make bpf_test
+          sudo ./libscap/examples/01-open/scap-open --bpf ./driver/bpf/probe.o --num_events 0
 
-      - name: Running tests 🧪
+      - name: Run scap-open with kmod 🏎️
         run: |
           cd build
-          sudo ./test/modern_bpf/bpf_test --verbose
+          sudo insmod ./driver/scap.ko
+          sudo ./libscap/examples/01-open/scap-open --kmod --num_events 0
+          sudo rmmod scap
 
-  build-modern-bpf-arm64:
-    name: build-modern-bpf-arm64 🙃 (system_deps)
+  # This job matrix run tests for all the 3 drivers on 2 machines: ubuntu-22.04, ubuntu 20-04
+  test-drivers-x86:
+    name: test-drivers-x86 😇 (bundled_deps)
+    runs-on: ubuntu-22.04
+    needs: paths-filter
+    if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
+    steps:
+
+      - name: Checkout Libs ⤵️
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Install deps ⛓️
+        run: |
+          sudo apt update
+          sudo apt install -y --no-install-recommends ca-certificates cmake build-essential git pkg-config autoconf automake libelf-dev libcap-dev linux-headers-$(uname -r) clang-14 llvm-14 libtool
+          sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
+          sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
+          sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90
+
+      - name: Build drivers tests 🏗️
+        run: |
+          mkdir -p build
+          cd build && cmake -DUSE_BUNDLED_DEPS=ON -DENABLE_DRIVERS_TESTS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_BPF=True -DBUILD_LIBSCAP_GVISOR=OFF ../
+          make drivers_test
+          make driver bpf
+
+      - name: Run drivers_test with modern bpf 🏎️
+        run: |
+          cd build
+          sudo ./test/drivers/drivers_test -m
+
+      - name: Run drivers_test with bpf 🏎️
+        run: |
+          cd build
+          sudo ./test/drivers/drivers_test -b
+
+      - name: Run drivers_test with kmod 🏎️
+        run: |
+          cd build
+          sudo ./test/drivers/drivers_test -k
+
+  build-only-test-drivers-arm64:
+    name: build-only-test-drivers-arm64 🙃 (system_deps)
     runs-on: ubuntu-22.04
     needs: paths-filter
     if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
@@ -227,12 +277,11 @@ jobs:
             git config --global --add safe.directory ${{ github.workspace }}
             .github/install-deps.sh
             mkdir -p build
-            cd build && cmake -DUSE_BUNDLED_DEPS=OFF -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
-            make scap-open
-            make bpf_test
+            cd build && cmake -DUSE_BUNDLED_DEPS=OFF -DENABLE_DRIVERS_TESTS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
+            make drivers_test
 
-  build-modern-bpf-s390x:
-    name: build-modern-bpf-s390x 😁 (system_deps)
+  build-only-test-drivers-s390x:
+    name: build-only-test-drivers-s390x 😁 (system_deps)
     runs-on: ubuntu-22.04
     needs: paths-filter
     if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
@@ -258,9 +307,8 @@ jobs:
             git config --global --add safe.directory ${{ github.workspace }}
             .github/install-deps.sh
             mkdir -p build
-            cd build && cmake -DUSE_BUNDLED_DEPS=OFF -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_MODERN_BPF_TEST=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
-            make scap-open
-            make bpf_test
+            cd build && cmake -DUSE_BUNDLED_DEPS=OFF -DENABLE_DRIVERS_TESTS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_LIBSCAP_GVISOR=OFF ../
+            make drivers_test
 
   build-libs-driverkit:
     name: build-libs-driverkit

CMakeLists.txt

@@ -38,6 +38,7 @@ option(USE_BUNDLED_DEPS "Enable bundled dependencies instead of using the system
 option(MINIMAL_BUILD "Produce a minimal build with only the essential features (no eBPF probe driver, no kubernetes, no mesos, no marathon and no container metadata)" OFF)
 option(MUSL_OPTIMIZED_BUILD "Enable if you want a musl optimized build" OFF)
 option(USE_BUNDLED_DRIVER "Use the driver/ subdirectory in the build process (only available in Linux)" ON)
+option(ENABLE_DRIVERS_TESTS "Enable driver tests (bpf, kernel module, modern bpf)" OFF)
 
 include(GNUInstallDirs)
 
@@ -94,4 +95,8 @@ if(CREATE_TEST_TARGETS AND NOT WIN32)
 	)
 
 	add_subdirectory(test/e2e)
+
+	if(ENABLE_DRIVERS_TESTS)
+		add_subdirectory(test/drivers)
+	endif()
 endif()

driver/bpf/filler_helpers.h

@@ -595,6 +595,7 @@ static __always_inline long bpf_fd_to_socktuple(struct filler_data *data,
 	struct socket *sock;
 	struct sock *sk;
 	long size = 0;
+	struct in6_addr in6 = {0};
 
 	sock = bpf_sockfd_lookup(data, fd);
 	if (!sock)
@@ -643,8 +644,14 @@ static __always_inline long bpf_fd_to_socktuple(struct filler_data *data,
 			struct sockaddr_in *usrsockaddr_in = (struct sockaddr_in *)usrsockaddr;
 
 			if (is_inbound) {
-				sip = usrsockaddr_in->sin_addr.s_addr;
-				sport = ntohs(usrsockaddr_in->sin_port);
+				/* To take inbound info we cannot use the `src_addr` obtained from the syscall
+				 * it could be empty!
+				 * From kernel 3.13 we can take both ipv4 and ipv6 info from here
+				 * https://elixir.bootlin.com/linux/v3.13/source/include/net/sock.h#L164
+				 */
+				bpf_probe_read(&sip, sizeof(sip), &sk->__sk_common.skc_daddr);
+				bpf_probe_read(&sport, sizeof(sport), &sk->__sk_common.skc_dport);
+				sport = ntohs(sport);
 				dip = ((struct sockaddr_in *)sock_address)->sin_addr.s_addr;
 				dport = ntohs(((struct sockaddr_in *)sock_address)->sin_port);
 			} else {
@@ -699,8 +706,10 @@ static __always_inline long bpf_fd_to_socktuple(struct filler_data *data,
 			struct sockaddr_in6 *usrsockaddr_in6 = (struct sockaddr_in6 *)usrsockaddr;
 
 			if (is_inbound) {
-				sip6 = usrsockaddr_in6->sin6_addr.s6_addr;
-				sport = ntohs(usrsockaddr_in6->sin6_port);
+				bpf_probe_read(&in6, sizeof(in6), &sk->__sk_common.skc_v6_daddr);
+				sip6 = in6.in6_u.u6_addr8;
+				bpf_probe_read(&sport, sizeof(sport), &sk->__sk_common.skc_dport);
+				sport = ntohs(sport);
 				dip6 = ((struct sockaddr_in6 *)sock_address)->sin6_addr.s6_addr;
 				dport = ntohs(((struct sockaddr_in6 *)sock_address)->sin6_port);
 			} else {
@@ -941,15 +950,24 @@ static __always_inline int __bpf_val_to_ring(struct filler_data *data,
 	case PT_SOCKADDR:
 	case PT_SOCKTUPLE:
 	case PT_FDLIST:
-		if (!data->curarg_already_on_frame) {
-			bpf_printk("expected arg already on frame: evt_type %d, curarg %d, type %d\n",
-				   data->state->tail_ctx.evt_type,
-				   data->state->tail_ctx.curarg, type);
-			return PPM_FAILURE_BUG;
+		if(data->curarg_already_on_frame)
+		{
+			len = val_len;
+			break;
 		}
+		/* Cases in which we don't have the tuple and
+		 * we want to send an empty param.
+		 */
+		else if(val==0)
+		{
+			len = 0;
+			break;
+		}
+		bpf_printk("expected arg already on frame: evt_type %d, curarg %d, type %d\n",
+				data->state->tail_ctx.evt_type,
+				data->state->tail_ctx.curarg, type);
+		return PPM_FAILURE_BUG;
 
-		len = val_len;
-		break;
 	case PT_FLAGS8:
 	case PT_ENUMFLAGS8:
 	case PT_UINT8:
@@ -1020,6 +1038,23 @@ static __always_inline int __bpf_val_to_ring(struct filler_data *data,
 	return PPM_SUCCESS;
 }
 
+static __always_inline int bpf_push_empty_param(struct filler_data *data)
+{
+	/* This is not so necessary but just keep it for compliance with other helpers */
+	if (data->state->tail_ctx.curarg >= PPM_MAX_EVENT_PARAMS) {
+		bpf_printk("invalid curarg: %d\n", data->state->tail_ctx.curarg);
+		return PPM_FAILURE_BUG;
+	}
+
+	/* We push 0 in the length array */
+	fixup_evt_arg_len(data->buf, data->state->tail_ctx.curarg, 0);
+	data->curarg_already_on_frame = false;
+
+	/* We increment the current argument */
+	++data->state->tail_ctx.curarg;
+	return PPM_SUCCESS;
+}
+
 static __always_inline int bpf_val_to_ring(struct filler_data *data,
 					   unsigned long val)
 {