rex: add RawSyscallsEnter tracepoint variant, complete harpoon kernel app

Signed-off-by: MinhPhan8803 <[email protected]>

Author: MinhPhan8803

rex-macros/src/tracepoint.rs

@@ -56,6 +56,7 @@ impl TracePoint {
             "Void" => quote!(tp_type::Void),
             "SyscallsEnterOpen" => quote!(tp_type::SyscallsExitOpen),
             "SyscallsExitOpen" => quote!(tp_type::SyscallsExitOpen),
+            "RawSyscallsEnter" => quote! {tp_type::RawSyscallsEnter},
             _ => panic!("Please provide valid tp_type"),
         };
 

rex/src/tracepoint/binding.rs

@@ -15,3 +15,11 @@ pub struct SyscallsExitOpenArgs {
     pub syscall_nr: i64,
     pub ret: i64,
 }
+
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct RawSyscallsEnterArgs {
+    pub unused: u64,
+    pub id: i64,
+    pub args: [u64; 6],
+}

rex/src/tracepoint/tp_impl.rs

@@ -14,11 +14,13 @@ pub enum tp_type {
     Void,
     SyscallsEnterOpen,
     SyscallsExitOpen,
+    RawSyscallsEnter,
 }
 pub enum tp_ctx {
     Void,
     SyscallsEnterOpen(&'static SyscallsEnterOpenArgs),
     SyscallsExitOpen(&'static SyscallsExitOpenArgs),
+    RawSyscallsEnter(&'static RawSyscallsEnterArgs),
 }
 
 impl tp_ctx {
@@ -31,6 +33,9 @@ impl tp_ctx {
             tp_ctx::SyscallsExitOpen(args) => {
                 *args as *const SyscallsExitOpenArgs as *const ()
             }
+            tp_ctx::RawSyscallsEnter(args) => {
+                *args as *const RawSyscallsEnterArgs as *const ()
+            }
         }
     }
 }
@@ -77,6 +82,9 @@ impl tracepoint {
             tp_type::SyscallsExitOpen => tp_ctx::SyscallsExitOpen(unsafe {
                 &*(ctx as *mut SyscallsExitOpenArgs)
             }),
+            tp_type::RawSyscallsEnter => tp_ctx::RawSyscallsEnter(unsafe {
+                &*(ctx as *mut RawSyscallsEnterArgs)
+            }),
         }
     }
 

rex/src/utils.rs

@@ -279,6 +279,7 @@ pub trait StreamableProgram {
 /// newtype for a cpu for perf event output to ensure
 /// type safety since the cpu must be masked
 /// with BPF_F_INDEX_MASK
+#[derive(Debug, Copy, Clone)]
 pub struct PerfEventMaskedCPU {
     pub(crate) masked_cpu: u64,
 }

samples/harpoon/src/main.rs

@@ -10,6 +10,7 @@ use rex::tracepoint::*;
 use rex::kprobe::kprobe;
 use rex::map::{RexArrayMap, RexHashMap, RexPerfEventArray};
 use rex::pt_regs::PtRegs;
+use rex::utils::PerfEventMaskedCPU;
 use core::ffi::CStr;
 
 #[repr(C)]
@@ -21,7 +22,7 @@ struct Config {
 #[repr(C)]
 #[derive(Clone, Copy, core::Default)]
 struct SyscallData {
-    id: u32,
+    id: i64,
 }
 
 #[repr(C)]
@@ -55,8 +56,8 @@ fn exit_function(obj: &kprobe, ctx: &mut PtRegs) -> Result {
     bpf_printk!(obj, c"Exit function.\n");
 }
 
-#[rex_tracepoint(name = "syscalls/sys_enter_dup", tp_type = "Void")]
-fn rex_prog1(obj: &tracepoint, _: tp_ctx) -> Result {
+#[rex_tracepoint(name = "raw_syscalls/sys_enter", tp_type = "RawSyscallsEnter")]
+fn rex_prog1(obj: &tracepoint, ctx: tp_ctx) -> Result {
     let mut data = SyscallData::new();
     let key_config = 0;
     let key_trace = 0;
@@ -95,5 +96,16 @@ fn rex_prog1(obj: &tracepoint, _: tp_ctx) -> Result {
         return Err(1);
     }
 
+    let id = match ctx {
+        RawSyscallsEnter(args) => args.id,
+        _ => 0,
+    };
+
+    data.id = id;
+
+    EVENTS.output(obj, ctx, data, PerfEventMaskedCPU::current_cpu());
+
+    bpf_printk!(obj, c"Sending syscall id %llu.\n", id as u64);
+
     Ok(0)
 }