rbbcc 0.11.1 → 0.11.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6795c09c9054d789de4ce10626404bc7f6e5f7cdb12296e2344b270f2a7fa2a7
-  data.tar.gz: e898c4bc91fcc3b7dff968a2daf44d667faf68c5ee9eef29b1eba4f14dc2d123
+  metadata.gz: e8d3afe6e07e84fee531b06fe921712104cf98af1df9181629aa50ce3eb610af
+  data.tar.gz: c044abba2b01c4e01307225ef2bc683bf8bee3f1718a8ea2420a7162675996b1
 SHA512:
-  metadata.gz: d40bb0cc232b51f25cc6970580c00bcb52c13cf7423f5082f3bbb447b9ea5d5a59acb958a68df4b3a3639bf86ac8ee72a673313d009cdb18be9eec52dc3176a9
-  data.tar.gz: e9af3796aa61f7f76b0122e13b2ec6c0958c8d33edeb6c0d34a5813e0f38e7f1cbd46eb267290a3935b381d94815cb7b4479d5adfeee428c709124b7456e3fa4
+  metadata.gz: bca1df23f844dce3d2389ad0d2d2986b49606c401b72257ddd8032140961ab2e88bb408492a311c892ecf26cdcca1eecfe4752ec092202d0910470f4943e4c54
+  data.tar.gz: 030abb5a6166a753919961b19028c391db09f7fdb9044e5039b1330f67cd8047d6738b84c07a1ea03a78952bd2958a3f97a77df58b9b16648a8ddd5055631a3c

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rbbcc (0.11.1)
+    rbbcc (0.11.3)
       fiddle
 
 GEM

data/examples/lsm_sockblock.rb

@@ -20,7 +20,6 @@ require 'rbbcc'
 include RbBCC
 
 PROGRAM = <<~CLANG
-  #include <linux/lsm_hooks.h>
   #include <linux/socket.h>
   #include <uapi/asm-generic/errno-base.h>
 

data/examples/pin_maps_a.rb

@@ -0,0 +1,88 @@
+#!/usr/bin/env ruby
+#
+# pin_maps_a.rb
+# Program A: create HashMap/ArrayMap, hook execve, count up, and pin maps.
+#
+# Usage (root):
+#   sudo ruby examples/pin_maps_a.rb --pin-dir /sys/fs/bpf/rbbcc_pin_demo
+
+require 'rbbcc'
+require 'optparse'
+require 'fileutils'
+
+include RbBCC
+
+BPF_TEXT = <<~CLANG
+  BPF_HASH(pin_hash_map, u32, u64, 1024);
+  BPF_ARRAY(pin_array_map, u64, 1);
+
+  int trace_execve(void *ctx) {
+    u64 zero = 0;
+    u32 pid = bpf_get_current_pid_tgid();
+    u32 idx = 0;
+    u64 *hval;
+    u64 *aval;
+
+    hval = pin_hash_map.lookup_or_try_init(&pid, &zero);
+    if (hval) {
+      __sync_fetch_and_add(hval, 1);
+    }
+
+    aval = pin_array_map.lookup(&idx);
+    if (aval) {
+      __sync_fetch_and_add(aval, 1);
+    }
+
+    return 0;
+  }
+CLANG
+
+options = {
+  pin_dir: '/sys/fs/bpf/rbbcc_pin_demo'
+}
+
+OptionParser.new do |opts|
+  opts.banner = 'Usage: pin_maps_a.rb [options]'
+
+  opts.on('--pin-dir DIR', 'Pin directory under bpffs') do |v|
+    options[:pin_dir] = v
+  end
+end.parse!
+
+b = BCC.new(text: BPF_TEXT)
+b.attach_kprobe(
+  event: b.get_syscall_fnname('execve'),
+  fn_name: 'trace_execve'
+)
+
+hash_map = b['pin_hash_map']
+array_map = b['pin_array_map']
+
+# Initialize global counter slot.
+array_map[0] = 0
+
+FileUtils.mkdir_p(options[:pin_dir])
+hash_path = File.join(options[:pin_dir], 'pin_hash_map')
+array_path = File.join(options[:pin_dir], 'pin_array_map')
+
+File.unlink(hash_path) if File.exist?(hash_path)
+File.unlink(array_path) if File.exist?(array_path)
+
+BCC.pin!(hash_map.map_fd, hash_path)
+BCC.pin!(array_map.map_fd, array_path)
+
+puts 'Pinned maps created.'
+puts "  hash map:  #{hash_path}"
+puts "  array map: #{array_path}"
+puts 'kprobe attached to execve. Run some commands in another terminal.'
+puts 'Press Ctrl-C to stop Program A.'
+
+begin
+  loop do
+    sleep 1
+    total = array_map[0]&.to_bcc_value || 0
+    puts "execve total count: #{total}"
+  end
+rescue Interrupt
+  puts '\nStopping Program A...'
+end

data/examples/pin_maps_b.rb

@@ -0,0 +1,71 @@
+#!/usr/bin/env ruby
+#
+# pin_maps_b.rb
+# Program B: open pinned HashMap/ArrayMap with from_pin and read/update values.
+#
+# Usage (root):
+#   sudo ruby examples/pin_maps_b.rb --pin-dir /sys/fs/bpf/rbbcc_pin_demo
+
+require 'rbbcc'
+require 'optparse'
+
+include RbBCC
+
+options = {
+  pin_dir: '/sys/fs/bpf/rbbcc_pin_demo'
+}
+
+OptionParser.new do |opts|
+  opts.banner = 'Usage: pin_maps_b.rb [options]'
+
+  opts.on('--pin-dir DIR', 'Pin directory under bpffs') do |v|
+    options[:pin_dir] = v
+  end
+end.parse!
+
+hash_path = File.join(options[:pin_dir], 'pin_hash_map')
+array_path = File.join(options[:pin_dir], 'pin_array_map')
+
+unless File.exist?(hash_path) && File.exist?(array_path)
+  abort("Pinned map files are missing. Run pin_maps_a.rb first: #{options[:pin_dir]}")
+end
+
+# Explicitly pass key/leaf type and size; no type detection is performed.
+hash_map = HashTable.from_pin(
+  hash_path,
+  'unsigned int',
+  'unsigned long long',
+  keysize: 4,
+  leafsize: 8
+)
+array_map = ArrayTable.from_pin(
+  array_path,
+  'unsigned int',
+  'unsigned long long',
+  keysize: 4,
+  leafsize: 8
+)
+
+puts 'Loaded pinned maps.'
+puts "  hash map fd:  #{hash_map.map_fd}"
+puts "  array map fd: #{array_map.map_fd}"
+puts "  hash ttype:   #{hash_map.ttype}"
+puts "  array ttype:  #{array_map.ttype}"
+
+puts 'Read existing values:'
+puts "  hash[1] = #{hash_map[1]&.to_bcc_value.inspect}"
+puts "  hash[2] = #{hash_map[2]&.to_bcc_value.inspect}"
+puts "  array[0] = #{array_map[0]&.to_bcc_value.inspect}"
+puts "  array[1] = #{array_map[1]&.to_bcc_value.inspect}"
+
+hash_map[3] = 1
+array_map[0] = (array_map[0]&.to_bcc_value || 0) + 1
+
+puts 'Updated values:'
+puts "  hash[3] = #{hash_map[3]&.to_bcc_value.inspect}"
+puts "  array[0] = #{array_map[0]&.to_bcc_value.inspect}"
+
+puts 'Iterate hash entries:'
+hash_map.each_pair do |k, v|
+  puts "  #{k.to_bcc_value} => #{v.to_bcc_value}"
+end

data/lib/rbbcc/clib.rb

@@ -194,6 +194,7 @@ module RbBCC
     extern 'int bpf_open_raw_sock(const char *name)'
     extern 'int bpf_attach_socket(int sockfd, int progfd)'
     extern 'int bpf_obj_pin(int fd, const char *pathname)'
+    extern 'int bpf_obj_get(const char *pathname)'
   end
 end
 

data/lib/rbbcc/table.rb

@@ -115,13 +115,36 @@ module RbBCC
     include CPUHelper
     include Enumerable
 
-    def initialize(bpf, map_id, map_fd, keytype, leaftype, name: nil)
+    class << self
+      def from_pin(path, keytype, leaftype, keysize: nil, leafsize: nil, **kwargs)
+        map_fd = Clib.bpf_obj_get(path)
+        if map_fd < 0
+          raise SystemCallError.new("Could not open pinned map", Fiddle.last_error)
+        end
+
+        new(nil, nil, map_fd, keytype, leaftype,
+            keysize: keysize, leafsize: leafsize, **kwargs)
+      end
+    end
+
+    def initialize(bpf, map_id, map_fd, keytype, leaftype, name: nil, keysize: nil, leafsize: nil)
       @bpf, @map_id, @map_fd, @keysize, @leafsize = \
-                                        bpf, map_id, map_fd, sizeof(keytype), sizeof(leaftype)
+                                        bpf, map_id, map_fd,
+                                        keysize || sizeof(keytype),
+                                        leafsize || sizeof(leaftype)
       @keytype = keytype
       @leaftype = leaftype
-      @ttype = Clib.bpf_table_type_id(self.bpf.module, self.map_id)
-      @flags = Clib.bpf_table_flags_id(self.bpf.module, self.map_id)
+      if @bpf
+        @ttype = Clib.bpf_table_type_id(self.bpf.module, self.map_id)
+        @flags = Clib.bpf_table_flags_id(self.bpf.module, self.map_id)
+      else
+        @ttype = case self
+                 when HashTable
+                   Table::BPF_MAP_TYPE_HASH
+                 when ArrayTable
+                   Table::BPF_MAP_TYPE_ARRAY
+                 end
+      end
       @name = name
     end
     attr_reader :bpf, :map_id, :map_fd, :keysize, :keytype, :leafsize, :leaftype, :ttype, :flags, :name
@@ -275,7 +298,7 @@ module RbBCC
         leaf.bcc_value_type = leaftype
         leaf
       when Integer
-        ret = byref(leaf, keysize)
+        ret = byref(leaf, leafsize)
         ret.bcc_value_type = leaftype
         ret
       else
@@ -285,8 +308,10 @@ module RbBCC
 
     def byref(value, size=sizeof("int"))
       pack_fmt = case size
+                 when sizeof("char"); "c"
                  when sizeof("int") ; "i!"
                  when sizeof("long"); "l!"
+                 when sizeof("long long"); "q!"
                  else               ; "Z*"
                  end
       ptr = Fiddle::Pointer.malloc(size)
@@ -300,9 +325,9 @@ module RbBCC
   end
 
   class ArrayTable < TableBase
-    def initialize(bpf, map_id, map_fd, keytype, leaftype, name: nil)
+    def initialize(bpf, map_id, map_fd, keytype, leaftype, name: nil, keysize: nil, leafsize: nil)
       super
-      @max_entries = Clib.bpf_table_max_entries_id(bpf.module, map_id)
+      @max_entries = Clib.bpf_table_max_entries_id(bpf.module, map_id) if bpf
     end
 
     # We now emulate the Array class of Ruby

data/lib/rbbcc/version.rb

@@ -1,3 +1,3 @@
 module RbBCC
-  VERSION = "0.11.1"
+  VERSION = "0.11.3"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rbbcc
 version: !ruby/object:Gem::Version
-  version: 0.11.1
+  version: 0.11.3
 platform: ruby
 authors:
 - Uchio Kondo
@@ -96,6 +96,8 @@ files:
 - examples/mallocstack.rb
 - examples/networking/http_filter/http-parse-simple.c
 - examples/networking/http_filter/http-parse-simple.rb
+- examples/pin_maps_a.rb
+- examples/pin_maps_b.rb
 - examples/py-orig/sockblock.py
 - examples/ruby_usdt.rb
 - examples/sbrk_trace.rb