cilium · jrfastab · Jan 17, 2024 · Dec 20, 2023 · Dec 23, 2023
@@ -4,6 +4,8 @@
 package generate
 
 import (
+	"debug/elf"
+	"errors"
 	"log"
 	"os"
 
@@ -124,13 +126,64 @@ func New() *cobra.Command {
 	ftraceFlags := ftraceList.Flags()
 	ftraceFlags.StringVarP(&ftraceRegex, "regex", "r", "", "Use regex to limit the generated symbols")
 
+	var uprobesBinary string
+	uprobes := &cobra.Command{
+		Use:   "uprobes",
+		Short: "all binary symbols",
+		Run: func(cmd *cobra.Command, _ []string) {
+			if uprobesBinary == "" {
+				log.Fatalf("binary is not specified, please use --binary option")
+			}
+
+			file, err := elf.Open(uprobesBinary)
+			if err != nil {
+				log.Fatalf("failed to open '%s': %v", uprobesBinary, err)
+			}
+
+			syms, err := file.Symbols()
+			if err != nil && !errors.Is(err, elf.ErrNoSymbols) {
+				log.Fatalf("failed to get symtab for open '%s': %v", uprobesBinary, err)
+			}
+
+			dynsyms, err := file.DynamicSymbols()
+			if err != nil && !errors.Is(err, elf.ErrNoSymbols) {
+				log.Fatalf("failed to get dynsym for open '%s': %v", uprobesBinary, err)
+			}
+
+			syms = append(syms, dynsyms...)
+
+			tp := generate.NewTracingPolicy("uprobes")
+			uprobe := generate.AddUprobe(tp)
+
+			for _, sym := range syms {
+				if elf.ST_TYPE(sym.Info) != elf.STT_FUNC {
+					continue
+				}
+				if sym.Value == 0 {
+					continue
+				}
+				uprobe.Symbols = append(uprobe.Symbols, sym.Name)
+			}
+
+			uprobe.Path = uprobesBinary
+			b, err := yaml.Marshal(tp)
+			if err != nil {
+				log.Fatal(err)
+			}
+			os.Stdout.Write(b)
+		},
+	}
+
+	uprobesFlags := uprobes.Flags()
+	uprobesFlags.StringVarP(&uprobesBinary, "binary", "b", "", "Binary path")
+
 	cmd := &cobra.Command{
 		Use:   "generate",
 		Short: "generate tracing policies",
 	}
 	pflags := cmd.PersistentFlags()
 	pflags.StringVarP(&matchBinary, "match-binary", "m", "", "Add binary to matchBinaries selector")
 
-	cmd.AddCommand(empty, allSyscalls, allSyscallsList, ftraceList)
+	cmd.AddCommand(empty, allSyscalls, allSyscallsList, ftraceList, uprobes)
 	return cmd
 }
@@ -5,7 +5,8 @@ metadata:
 spec:
   uprobes:
   - path: "/lib64/libc.so.6"
-    symbol: "malloc"
+    symbols:
+    - "malloc"
     selectors:
     - matchBinaries:
       - operator: "In"

@@ -5,4 +5,5 @@ metadata:
 spec:
   uprobes:
   - path: "/procRoot/1/root/usr/bin/bash"
-    symbol: "_start"
+    symbols:
+    - "_start"
@@ -5,7 +5,8 @@ metadata:
 spec:
   uprobes:
   - path: "/bin/bash"
-    symbol: "readline"
+    symbols:
+    - "readline"
     selectors:
     - matchPIDs:
       - operator: In

@@ -5,4 +5,6 @@ metadata:
 spec:
   uprobes:
   - path: "/bin/bash"
-    symbol: "readline"
+    symbols:
+    - "readline"
+    - "main"
@@ -1781,12 +1781,14 @@ spec:
                             type: array
                         type: object
                       type: array
-                    symbol:
-                      description: Name of the traced symbol
-                      type: string
+                    symbols:
+                      description: List of the traced symbols
+                      items:
+                        type: string
+                      type: array
                   required:
                   - path
-                  - symbol
+                  - symbols
                   type: object
                 type: array
             type: object

@@ -1781,12 +1781,14 @@ spec:
                             type: array
                         type: object
                       type: array
-                    symbol:
-                      description: Name of the traced symbol
-                      type: string
+                    symbols:
+                      description: List of the traced symbols
+                      items:
+                        type: string
+                      type: array
                   required:
                   - path
-                  - symbol
+                  - symbols
                   type: object
                 type: array
             type: object

@@ -253,8 +253,8 @@ type TracepointSpec struct {
 type UProbeSpec struct {
 	// Name of the traced binary
 	Path string `json:"path"`
-	// Name of the traced symbol
-	Symbol string `json:"symbol"`
+	// List of the traced symbols
+	Symbols []string `json:"symbols"`
 	// +kubebuilder:validation:Optional
 	// A short message of 256 characters max that will be included
 	// in the event output to inform users what is going on.

@@ -176,10 +176,7 @@ func createGenericUprobeSensor(
 		loadProgName = "bpf_generic_uprobe_v53.o"
 	}
 
-	for i := range uprobes {
-		spec := &uprobes[i]
-		config := &api.EventConfig{}
-
+	for _, spec := range uprobes {
 		var args []v1alpha1.KProbeArg
 
 		if err := isValidUprobeSelectors(spec.Selectors); err != nil {
@@ -199,46 +196,50 @@ func createGenericUprobeSensor(
 			logger.GetLogger().WithField("policy-name", policyName).Warnf("TracingPolicy 'message' field too long, truncated to %d characters", TpMaxMessageLen)
 		}
 
-		uprobeEntry := &genericUprobe{
-			tableId:    idtable.UninitializedEntryID,
-			config:     config,
-			path:       spec.Path,
-			symbol:     spec.Symbol,
-			selectors:  uprobeSelectorState,
-			policyName: policyName,
-			message:    msgField,
+		for _, sym := range spec.Symbols {
+			config := &api.EventConfig{}
+
+			uprobeEntry := &genericUprobe{
+				tableId:    idtable.UninitializedEntryID,
+				config:     config,
+				path:       spec.Path,
+				symbol:     sym,
+				selectors:  uprobeSelectorState,
+				policyName: policyName,
+				message:    msgField,
+			}
+
+			uprobeTable.AddEntry(uprobeEntry)
+			id := uprobeEntry.tableId.ID
+
+			uprobeEntry.pinPathPrefix = sensors.PathJoin(sensorPath, fmt.Sprintf("%d", id))
+			config.FuncId = uint32(id)
+
+			pinPath := uprobeEntry.pinPathPrefix
+			pinProg := sensors.PathJoin(pinPath, "prog")
+
+			attachData := &program.UprobeAttachData{
+				Path:   spec.Path,
+				Symbol: sym,
+			}
+
+			load := program.Builder(
+				path.Join(option.Config.HubbleLib, loadProgName),
+				"",
+				"uprobe/generic_uprobe",
+				pinProg,
+				"generic_uprobe").
+				SetAttachData(attachData).
+				SetLoaderData(uprobeEntry)
+
+			progs = append(progs, load)
+
+			configMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load)
+			tailCalls := program.MapBuilderPin("uprobe_calls", sensors.PathJoin(pinPath, "up_calls"), load)
+			filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load)
+			selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load)
+			maps = append(maps, configMap, tailCalls, filterMap, selMatchBinariesMap)
 		}
-
-		uprobeTable.AddEntry(uprobeEntry)
-		id := uprobeEntry.tableId.ID
-
-		uprobeEntry.pinPathPrefix = sensors.PathJoin(sensorPath, fmt.Sprintf("%d", id))
-		config.FuncId = uint32(id)
-
-		pinPath := uprobeEntry.pinPathPrefix
-		pinProg := sensors.PathJoin(pinPath, "prog")
-
-		attachData := &program.UprobeAttachData{
-			Path:   spec.Path,
-			Symbol: spec.Symbol,
-		}
-
-		load := program.Builder(
-			path.Join(option.Config.HubbleLib, loadProgName),
-			"",
-			"uprobe/generic_uprobe",
-			pinProg,
-			"generic_uprobe").
-			SetAttachData(attachData).
-			SetLoaderData(uprobeEntry)
-
-		progs = append(progs, load)
-
-		configMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load)
-		tailCalls := program.MapBuilderPin("uprobe_calls", sensors.PathJoin(pinPath, "up_calls"), load)
-		filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load)
-		selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load)
-		maps = append(maps, configMap, tailCalls, filterMap, selMatchBinariesMap)
 	}
 
 	return &sensors.Sensor{

@@ -67,7 +67,8 @@ metadata:
 spec:
   uprobes:
   - path: "/bin/bash"
-    symbol: "main"
+    symbols:
+    - "main"
 `
 
 	var sens []*sensors.Sensor
@@ -98,7 +99,8 @@ metadata:
 spec:
   uprobes:
   - path: "` + testNop + `"
-    symbol: "main"
+    symbols:
+    - "main"
 `
 
 	nopConfigHook := []byte(nopHook)
@@ -148,7 +150,8 @@ metadata:
 spec:
   uprobes:
   - path: "` + path + `"
-    symbol: "uprobe_test_func"
+    symbols:
+    - "uprobe_test_func"
     selectors:
     - matchPIDs:
       - operator: In
@@ -209,7 +212,8 @@ metadata:
 spec:
   uprobes:
   - path: "` + libUprobe + `"
-    symbol: "uprobe_test_lib"
+    symbols:
+    - "uprobe_test_lib"
     selectors:
     - matchBinaries:
       - operator: "In"
@@ -280,8 +284,9 @@ metadata:
 spec:
   uprobes:
   - path: "` + testBin + `"
-    symbol: "do_uprobe"
     message: "Uprobe test"
+    symbols:
+    - "do_uprobe"
     selectors:
     - matchBinaries:
       - operator: "In"

@@ -12,7 +12,8 @@ import (
 func NewTracingPolicy(name string) *v1alpha1.TracingPolicy {
 	ret := v1alpha1.TracingPolicy{
 		TypeMeta: metav1.TypeMeta{
-			Kind: "TracingPolicy",
+			Kind:       "TracingPolicy",
+			APIVersion: "cilium.io/v1alpha1",
 		},
 		ObjectMeta: metav1.ObjectMeta{
 			Name: name,
@@ -31,3 +32,9 @@ func AddKprobe(tp *v1alpha1.TracingPolicy) *v1alpha1.KProbeSpec {
 	tp.Spec.KProbes = append(tp.Spec.KProbes, v1alpha1.KProbeSpec{})
 	return &tp.Spec.KProbes[idx]
 }
+
+func AddUprobe(tp *v1alpha1.TracingPolicy) *v1alpha1.UProbeSpec {
+	idx := len(tp.Spec.UProbes)
+	tp.Spec.UProbes = append(tp.Spec.UProbes, v1alpha1.UProbeSpec{})
+	return &tp.Spec.UProbes[idx]
+}