elastic · stanek-michal · Aug 24, 2022 · Aug 25, 2022 · Aug 25, 2022 · stanek-michal
@@ -666,7 +666,7 @@ int main(int argc, char **argv)
     if (g_features_autodetect)
         ebpf_detect_system_features(&opts.features);
 
-    err = ebpf_event_ctx__new(&ctx, event_ctx_callback, opts);
+    err = ebpf_event_ctx__new(&ctx, event_ctx_callback, opts, /* dry_run= */ false);
 
     if (err < 0) {
         fprintf(stderr, "Could not create event context: %d %s\n", err, strerror(-err));

@@ -405,7 +405,8 @@ int ebpf_set_verbose_logging()
 
 int ebpf_event_ctx__new(struct ebpf_event_ctx **ctx,
                         ebpf_event_handler_fn cb,
-                        struct ebpf_event_ctx_opts opts)
+                        struct ebpf_event_ctx_opts opts,
+                        bool dry_run)
 {
     struct EventProbe_bpf *probe = NULL;
     struct btf *btf              = NULL;
@@ -469,8 +470,15 @@ int ebpf_event_ctx__new(struct ebpf_event_ctx **ctx,
     if (err != 0)
         goto out_destroy_probe;
 
-    if (!ctx)
+    if (dry_run) {
+        err = 0;
+        goto out_destroy_probe;
+    }
+
+    if (!ctx) {
+        err = -ENOENT;
         goto out_destroy_probe;
+    }
 
     *ctx = calloc(1, sizeof(struct ebpf_event_ctx));
     if (*ctx == NULL) {

@@ -36,16 +36,17 @@ int ebpf_detect_system_features(uint64_t *features);
 
 /* Allocates a new context based on requested events and capabilities.
  *
- * If ctx is NULL, the function returns right after loading and attaching the
- * libbpf skeleton.
+ * If dry_run is true, the function only tests load and attach to
+ * verify host compatibility.
  *
  * Returns a positive int that represents an fd, which can be used with epoll
- * on success. Returns an error on failure. If ctx is NULL,
+ * on success. Returns an error on failure. If dry_run is true,
  * returns 0 on success or less than 0 on failure.
  */
 int ebpf_event_ctx__new(struct ebpf_event_ctx **ctx,
                         ebpf_event_handler_fn cb,
-                        struct ebpf_event_ctx_opts opts);
+                        struct ebpf_event_ctx_opts opts,
+                        bool dry_run);
 
 /* Consumes as many events as possible from the event context and returns the
  * number consumed.

@@ -473,22 +473,35 @@ int netlink_filter_add_begin(struct netlink_ctx *ctx, const char *ifname)
 int netlink_filter_add_end(int fd, struct netlink_ctx *ctx, const char *ebpf_obj_filename)
 {
     struct nlmsghdr *nl = NULL;
+    struct bpf_prog_info info = {};
+    unsigned int info_len = sizeof(info);
     char buf[128];
     int rv  = -1;
     int len = 0;
 
-    if (!ctx || !ebpf_obj_filename) {
+    if (!ctx) {
         ebpf_log("netlink_filter_add_end error: NULL parameter\n");
         rv = -1;
         goto out;
     }
 
+    rv = bpf_obj_get_info_by_fd(fd, &info, &info_len);
+    if (rv < 0) {
+        ebpf_log("netlink_filter_add_end error: failed to get info by fd\n");
+        goto out;
+    }
+
     nl = &ctx->msg.n;
     memset(buf, 0, sizeof(buf));
 
-    len = snprintf(buf, sizeof(buf), "%s:[.text]", ebpf_obj_filename);
+    if (ebpf_obj_filename) {
+        len = snprintf(buf, sizeof(buf), "%s:[.text]", ebpf_obj_filename);
+    } else {
+        len = snprintf(buf, sizeof(buf), "%s:[%u]", info.name, info.id);
+    }
+
     if (len < 0 || len >= sizeof(buf)) {
-        ebpf_log("netlink_filter_add_end error: filename too long\n");
+        ebpf_log("netlink_filter_add_end error: name too long\n");
         rv = -1;
         goto out;
     }

@@ -77,7 +77,7 @@ int netlink_filter_add_begin(struct netlink_ctx *ctx, const char *ifname);
  * @param[in] fd eBPF program file descriptor
  * @param[in] ctx Context containing netlink state (from previous add_begin()
  * call) - passed by caller
- * @param[in] ebpf_obj_filename eBPF object filename
+ * @param[in] ebpf_obj_filename eBPF object filename (NULL if using skeleton header)
  * @return Error value (0 for success)
  */
 int netlink_filter_add_end(int fd, struct netlink_ctx *ctx, const char *ebpf_obj_filename);