cleanup(modern_bpf): use a regular map for shared ebpf settings

LucaGuerra · poiana · commit c1806ae29037 · 2025-05-13T11:19:28.000+02:00
Signed-off-by: Luca Guerra &lt;luca@guerra.sh&gt;
diff --git a/driver/modern_bpf/helpers/base/maps_getters.h b/driver/modern_bpf/helpers/base/maps_getters.h
@@ -17,44 +17,99 @@
 
 /*=============================== SETTINGS ===========================*/
 
+static __always_inline struct capture_settings *maps__get_capture_settings() {
+	uint32_t key = 0;
+	return bpf_map_lookup_elem(&capture_settings, &key);
+}
+
 static __always_inline uint64_t maps__get_boot_time() {
-	return g_settings.boot_time;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->boot_time;
 }
 
 static __always_inline uint32_t maps__get_snaplen() {
-	return g_settings.snaplen;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->snaplen;
 }
 
 static __always_inline bool maps__get_dropping_mode() {
-	return g_settings.dropping_mode;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->dropping_mode;
 }
 
 static __always_inline uint32_t maps__get_sampling_ratio() {
-	return g_settings.sampling_ratio;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->sampling_ratio;
 }
 
 static __always_inline bool maps__get_drop_failed() {
-	return g_settings.drop_failed;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->drop_failed;
 }
 
 static __always_inline bool maps__get_do_dynamic_snaplen() {
-	return g_settings.do_dynamic_snaplen;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->do_dynamic_snaplen;
 }
 
 static __always_inline uint16_t maps__get_fullcapture_port_range_start() {
-	return g_settings.fullcapture_port_range_start;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->fullcapture_port_range_start;
 }
 
 static __always_inline uint16_t maps__get_fullcapture_port_range_end() {
-	return g_settings.fullcapture_port_range_end;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->fullcapture_port_range_end;
 }
 
 static __always_inline uint16_t maps__get_statsd_port() {
-	return g_settings.statsd_port;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->statsd_port;
 }
 
 static __always_inline int32_t maps__get_scap_tid() {
-	return g_settings.scap_tid;
+	struct capture_settings *settings = maps__get_capture_settings();
+	if(settings == NULL) {
+		return 0;
+	}
+
+	return settings->scap_tid;
 }
 
 /*=============================== SETTINGS ===========================*/
diff --git a/driver/modern_bpf/maps/maps.h b/driver/modern_bpf/maps/maps.h
@@ -65,12 +65,6 @@ __weak const volatile uint32_t g_ia32_to_64_table[SYSCALL_TABLE_SIZE];
 
 /*=============================== BPF GLOBAL VARIABLES ===============================*/
 
-/**
- * @brief Global capture settings shared between userspace and
- * bpf programs.
- */
-__weak struct capture_settings g_settings;
-
 /**
  * @brief Variable used only kernel side to understand when we need to send
  * `DROP_E` and `DROP_X` events
@@ -138,6 +132,17 @@ struct {
 	__type(value, bool);
 } interesting_syscalls_table_64bit __weak SEC(".maps");
 
+/**
+ * @brief Global capture settings shared between userspace and
+ * bpf programs.
+ */
+struct {
+	__uint(type, BPF_MAP_TYPE_ARRAY);
+	__uint(max_entries, 1);
+	__type(key, uint32_t);
+	__type(value, struct capture_settings);
+} capture_settings __weak SEC(".maps");
+
 /* These maps have one entry for each CPU.
  *
  * PLEASE NOTE:
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c
@@ -76,7 +76,7 @@ int BPF_PROG(socket_x, struct pt_regs *regs, long ret) {
 	/* Just called once by our scap process */
 	if(ret >= 0 && maps__get_socket_file_ops() == NULL) {
 		struct task_struct *task = get_current_task();
-		/* Please note that in `g_settings.scap_tid` scap will put its virtual tid
+		/* Please note that in `settings.scap_tid` scap will put its virtual tid
 		 * if it is running inside a container. If we want to extract the same information
 		 * in the kernel we need to extract the virtual tid of the task.
 		 */
diff --git a/userspace/libpman/src/maps.c b/userspace/libpman/src/maps.c
@@ -75,41 +75,106 @@ uint64_t pman_get_probe_schema_ver() {
 
 /*=============================== BPF GLOBAL VARIABLES ===============================*/
 
+int pman_get_capture_settings(struct capture_settings* settings) {
+	char error_message[MAX_ERROR_MESSAGE_LEN];
+	int ret;
+	uint32_t key = 0;
+	int fd = bpf_map__fd(g_state.skel->maps.capture_settings);
+	if(fd <= 0) {
+		snprintf(error_message, MAX_ERROR_MESSAGE_LEN, "unable to get capture_settings map fd!");
+		pman_print_error((const char*)error_message);
+		return errno;
+	}
+	if((ret = bpf_map_lookup_elem(fd, &key, settings)) != 0) {
+		snprintf(error_message, MAX_ERROR_MESSAGE_LEN, "unable to get capture_settings!");
+		pman_print_error((const char*)error_message);
+	}
+
+	return ret;
+}
+
+int pman_update_capture_settings(struct capture_settings* settings) {
+	char error_message[MAX_ERROR_MESSAGE_LEN];
+	int ret;
+	int fd = bpf_map__fd(g_state.skel->maps.capture_settings);
+	if(fd <= 0) {
+		snprintf(error_message, MAX_ERROR_MESSAGE_LEN, "unable to get capture_settings map fd!");
+		pman_print_error((const char*)error_message);
+		return errno;
+	}
+	uint32_t key = 0;
+	if((ret = bpf_map_update_elem(fd, &key, settings, BPF_ANY)) != 0) {
+		snprintf(error_message,
+		         MAX_ERROR_MESSAGE_LEN,
+		         "unable to initialize capture_settings map!");
+		pman_print_error((const char*)error_message);
+	}
+
+	return ret;
+}
+
 void pman_set_snaplen(uint32_t desired_snaplen) {
-	g_state.skel->bss->g_settings.snaplen = desired_snaplen;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.snaplen = desired_snaplen;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_set_boot_time(uint64_t boot_time) {
-	g_state.skel->bss->g_settings.boot_time = boot_time;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.boot_time = boot_time;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_set_dropping_mode(bool value) {
-	g_state.skel->bss->g_settings.dropping_mode = value;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.dropping_mode = value;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_set_sampling_ratio(uint32_t value) {
-	g_state.skel->bss->g_settings.sampling_ratio = value;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.sampling_ratio = value;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_set_drop_failed(bool drop_failed) {
-	g_state.skel->bss->g_settings.drop_failed = drop_failed;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.drop_failed = drop_failed;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_set_do_dynamic_snaplen(bool do_dynamic_snaplen) {
-	g_state.skel->bss->g_settings.do_dynamic_snaplen = do_dynamic_snaplen;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.do_dynamic_snaplen = do_dynamic_snaplen;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_set_fullcapture_port_range(uint16_t range_start, uint16_t range_end) {
-	g_state.skel->bss->g_settings.fullcapture_port_range_start = range_start;
-	g_state.skel->bss->g_settings.fullcapture_port_range_end = range_end;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.fullcapture_port_range_start = range_start;
+	settings.fullcapture_port_range_end = range_end;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_set_statsd_port(uint16_t statsd_port) {
-	g_state.skel->bss->g_settings.statsd_port = statsd_port;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.statsd_port = statsd_port;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_set_scap_tid(int32_t scap_tid) {
-	g_state.skel->bss->g_settings.scap_tid = scap_tid;
+	struct capture_settings settings;
+	pman_get_capture_settings(&settings);
+	settings.scap_tid = scap_tid;
+	pman_update_capture_settings(&settings);
 }
 
 void pman_fill_syscall_sampling_table() {
@@ -133,6 +198,28 @@ void pman_fill_syscall_sampling_table() {
 	}
 }
 
+int pman_init_settings_map() {
+	char error_message[MAX_ERROR_MESSAGE_LEN];
+	struct capture_settings settings = {};
+	uint32_t key = 0;
+	int fd = bpf_map__fd(g_state.skel->maps.capture_settings);
+	if(fd <= 0) {
+		snprintf(error_message, MAX_ERROR_MESSAGE_LEN, "unable to get capture_settings map!");
+		pman_print_error((const char*)error_message);
+		return errno;
+	}
+
+	if(bpf_map_update_elem(fd, &key, &settings, BPF_ANY)) {
+		snprintf(error_message,
+		         MAX_ERROR_MESSAGE_LEN,
+		         "unable to initialize capture_settings map!");
+		pman_print_error((const char*)error_message);
+		return errno;
+	}
+
+	return 0;
+}
+
 void pman_fill_ia32_to_64_table() {
 	for(int syscall_id = 0; syscall_id < SYSCALL_TABLE_SIZE; syscall_id++) {
 		// Note: we will map all syscalls from the upper limit of the ia32 table
@@ -294,13 +381,14 @@ int pman_fill_syscall_exit_extra_tail_table() {
 int pman_fill_interesting_syscalls_table_64bit() {
 	char error_message[MAX_ERROR_MESSAGE_LEN];
 	int fd = bpf_map__fd(g_state.skel->maps.interesting_syscalls_table_64bit);
-	for (uint32_t i = 0; i < SYSCALL_TABLE_SIZE; i++) {
+	for(uint32_t i = 0; i < SYSCALL_TABLE_SIZE; i++) {
 		const bool interesting = false;
 		if(bpf_map_update_elem(fd, &i, &interesting, BPF_ANY) < 0) {
 			snprintf(error_message,
-					MAX_ERROR_MESSAGE_LEN,
-					"unable to initialize interesting syscall table at index %d!", i);
-			pman_print_error((const char *)error_message);
+			         MAX_ERROR_MESSAGE_LEN,
+			         "unable to initialize interesting syscall table at index %d!",
+			         i);
+			pman_print_error((const char*)error_message);
 			return errno;
 		}
 	}
@@ -312,9 +400,11 @@ int pman_mark_single_64bit_syscall(int syscall_id, bool interesting) {
 	int fd = bpf_map__fd(g_state.skel->maps.interesting_syscalls_table_64bit);
 	if(bpf_map_update_elem(fd, &syscall_id, &interesting, BPF_ANY) < 0) {
 		snprintf(error_message,
-				MAX_ERROR_MESSAGE_LEN,
-				"unable to set interesting syscall at index %d as %d!", syscall_id, interesting);
-		pman_print_error((const char *)error_message);
+		         MAX_ERROR_MESSAGE_LEN,
+		         "unable to set interesting syscall at index %d as %d!",
+		         syscall_id,
+		         interesting);
+		pman_print_error((const char*)error_message);
 		return errno;
 	}
 	return 0;
@@ -362,6 +452,10 @@ int pman_prepare_maps_before_loading() {
 
 int pman_finalize_maps_after_loading() {
 	int err;
+	err = pman_init_settings_map();
+	if(err != 0) {
+		return err;
+	}
 
 	/* set bpf global variables. */
 	pman_set_snaplen(80);
