Support for 6.10+ kernels and Optional Host ID from config

Signed-off-by: Krishna <35102612+kvdevel@users.noreply.github.com>

common/gy_sslhash.h

@@ -0,0 +1,99 @@
+//  SPDX-FileCopyrightText: 2022 Exact Solutions, Inc.
+//  SPDX-License-Identifier: GPL-3.0-or-later
+
+#pragma			once
+
+#include 		"gy_common_inc.h"
+
+#include 		<openssl/evp.h>
+
+namespace gyeeta {
+
+enum GY_HASH_ALGO_E : uint8_t
+{
+	GY_HASH_MD5		= 0,
+	GY_HASH_SHA1,
+	GY_HASH_SHA224,
+	GY_HASH_SHA256,
+	GY_HASH_SHA512,
+};
+
+/*
+ * Returns size of the outbuf updated or -1 on error with errbuf updated with error string.
+ * maxoutlen should be EVP_MAX_MD_SIZE (64 bytes)
+ */
+static int gy_get_ssl_hash(std::string_view input, uint8_t *outbuf, uint32_t maxoutlen, char (&errbuf)[256], GY_HASH_ALGO_E hash_algo = GY_HASH_SHA256) noexcept
+{
+	EVP_MD_CTX 			*pctx = EVP_MD_CTX_new();
+
+	if (pctx == nullptr) {
+		GY_STRNCPY(errbuf, "Failed to create SSL Hash context", sizeof(errbuf));
+		return -1;
+	}
+
+	GY_SCOPE_EXIT {
+		EVP_MD_CTX_free(pctx);
+	};	
+
+	const EVP_MD			*pmd;
+	uint32_t			output_len = 0;
+
+	switch (hash_algo) {
+
+	case GY_HASH_MD5	: 	pmd = EVP_md5(); break;
+	case GY_HASH_SHA1	:	pmd = EVP_sha1(); break;
+	case GY_HASH_SHA224	:	pmd = EVP_sha224(); break;
+	case GY_HASH_SHA256	:	pmd = EVP_sha256(); break;
+	case GY_HASH_SHA512	:	pmd = EVP_sha512(); break;
+
+	default			:	GY_STRNCPY(errbuf, "Invalid SSL Hash Algo specified", sizeof(errbuf)); return -1;	
+	}
+
+	if (maxoutlen < (size_t)EVP_MD_size(pmd)) {
+		snprintf(errbuf, sizeof(errbuf), "SSL Digest Output Buffer length %u too small", maxoutlen);
+		return -1;
+	}
+
+	if (1 != EVP_DigestInit_ex(pctx, pmd, nullptr)) {
+		GY_STRNCPY(errbuf, "SSL Digest initialization failed", sizeof(errbuf));
+		return -1;
+	}
+
+	if (1 != EVP_DigestUpdate(pctx, input.data(), input.size())) {
+		GY_STRNCPY(errbuf, "SSL Digest update failed", sizeof(errbuf));
+		return -1;
+	}
+
+	if (1 != EVP_DigestFinal_ex(pctx, outbuf, &output_len)) {
+		GY_STRNCPY(errbuf, "SSL Digest finalization failed", sizeof(errbuf));
+		return -1;
+	}
+
+	if (output_len != (size_t)EVP_MD_size(pmd)) {
+		snprintf(errbuf, sizeof(errbuf), "SSL Digest Output length %u invalid", output_len);
+		return -1;
+	}
+
+	return (int)output_len;
+}	
+
+static BIN_BUFFER<EVP_MAX_MD_SIZE> gy_get_ssl_hash(std::string_view input, GY_HASH_ALGO_E hash_algo = GY_HASH_SHA256)
+{
+	BIN_BUFFER<EVP_MAX_MD_SIZE>	obuf;
+	char 				errbuf[256];
+	int				olen;
+
+	olen = gy_get_ssl_hash(input, obuf.get(), obuf.maxsz(), errbuf, hash_algo);
+
+	if (olen <= 0) {
+		GY_THROW_EXPRESSION("%s", errbuf);
+	}
+
+	obuf.set_len_external(olen);
+
+	return obuf;
+}	
+
+
+} // namespace gyeeta
+

common/gy_sys_hardware.cc

@@ -1606,7 +1606,7 @@ SYS_HARDWARE * SYS_HARDWARE::get_singleton() noexcept
 	return pgsys_hardware;
 }
 
-int SYS_HARDWARE::init_singleton(bool ignore_min_kern, bool need_root_priv, bool error_on_no_host_ns)
+int SYS_HARDWARE::init_singleton(bool ignore_min_kern, bool need_root_priv, bool error_on_no_host_ns, std::string_view hostid_string)
 {
 	int				texp = 0, tdes = 1;
 	static std::atomic<int>		is_init_done(0);
@@ -1634,7 +1634,7 @@ int SYS_HARDWARE::init_singleton(bool ignore_min_kern, bool need_root_priv, bool
 	}	
 
 	try {
-		pgsys_hardware = new SYS_HARDWARE(ignore_min_kern, pmountshr->get_sysfs_dir_fd(), pmountshr->get_proc_dir_fd(), error_on_no_host_ns, need_root_priv);
+		pgsys_hardware = new SYS_HARDWARE(ignore_min_kern, pmountshr->get_sysfs_dir_fd(), pmountshr->get_proc_dir_fd(), error_on_no_host_ns, need_root_priv, hostid_string);
 
 		/*
 		 * Schedule a periodic 30 sec check for CPU/Memory changes

common/gy_sys_hardware.h

@@ -109,7 +109,7 @@ public :
 
 		ret = get_host_id(sysfs_dir_fd, machine_id_str, sizeof(machine_id_str));
 		if (ret != 0) {
-			GY_THROW_EXCEPTION("Could not get machine ID from DMI info");
+			GY_THROW_EXCEPTION("Could not get machine ID from DMI info : Please specify HostID manually at startup using config or cli option");
 		}	
 
 		set_from_string(machine_id_str, strlen(machine_id_str));
@@ -523,7 +523,7 @@ public :
 	bool					is_uts_namespace	{false};
 	bool					is_cgroup_namespace	{false};
 
-	SYS_HARDWARE(bool ignore_min_kern = false, int sysfs_dir_fd_in = -1, int procfs_dir_fd_in = -1, bool error_on_no_host_ns = true, bool need_root_priv = false)
+	SYS_HARDWARE(bool ignore_min_kern = false, int sysfs_dir_fd_in = -1, int procfs_dir_fd_in = -1, bool error_on_no_host_ns = true, bool need_root_priv = false, std::string_view hostid_string = {})
 		: sysfs_dir_fd(sysfs_dir_fd_in), procfs_dir_fd(procfs_dir_fd_in), close_sysfs_fd(false), close_procfs_fd(false)
 	{
 		int			ret;
@@ -580,7 +580,13 @@ public :
 		os_info	 	= std::make_unique <OS_INFO> (ignore_min_kern, is_mount_namespace, is_uts_namespace);
 		net_info 	= std::make_unique <NET_IF_HDLR> (procfs_dir_fd, sysfs_dir_fd, rootns_inodes.get_ns_inode(NS_TYPE_NET), true /* is_root_ns */);
 
-		if (is_perm_issue == false && need_root_priv) {
+		if (hostid_string.size()) {
+			NOTEPRINTCOLOR(GY_COLOR_YELLOW, "Host ID String specified. Machine ID will be set as per Host ID String \'%s\' : Machine ID will be unique only if the Host ID is unique...", 
+					hostid_string.data());
+
+			machine_id_128.set_from_string(hostid_string.data(), hostid_string.size());
+		}
+		else if (is_perm_issue == false && need_root_priv) {
 			machine_id_128.populate_machineid(sysfs_dir_fd);
 		}
 	}
@@ -642,7 +648,7 @@ public :
 
 	void print_system_info() noexcept;
 
-	static int			init_singleton(bool ignore_min_kern = false, bool need_root_priv = false, bool error_on_no_host_ns = true);
+	static int			init_singleton(bool ignore_min_kern = false, bool need_root_priv = false, bool error_on_no_host_ns = true, std::string_view hostid_string = {});
 
 	static SYS_HARDWARE *		get_singleton() noexcept;
 };	

partha/gy_ebpf_bpf.cc

@@ -107,6 +107,7 @@ GY_EBPF::~GY_EBPF()
 GY_EBPF_BASE::GY_EBPF_BASE()
 {
 	int			ret;
+	auto 			pos = OS_INFO::get_singleton();
 
 	if (fentry_can_attach("inet6_csk_xmit", nullptr)) {
 
@@ -127,6 +128,20 @@ GY_EBPF_BASE::GY_EBPF_BASE()
 			GY_THROW_SYS_EXCEPTION("Failed to attach fentry bpf probe for inet6_csk_xmit");
 		}	
 
+		if (pos) {
+			/*
+			 * We check if kernel version is >= 6.10.0 as inet_csk_accept() param changed
+			 */
+			auto			kern_version_num = pos->get_kernel_version(); 
+
+			if (kern_version_num >= 0x060A00) {
+				bpf_program__set_autoload(obj_.get()->progs.fexit_trace_accept_pre610_return, false);
+			}	
+			else {
+				bpf_program__set_autoload(obj_.get()->progs.fexit_trace_accept_return, false);
+			}	
+		}
+
 		bpf_program__set_autoload(obj_.get()->progs.trace_connect_v4_entry, false);
 		bpf_program__set_autoload(obj_.get()->progs.trace_connect_v4_return, false);
 		bpf_program__set_autoload(obj_.get()->progs.trace_connect_v6_entry, false);
@@ -142,6 +157,7 @@ GY_EBPF_BASE::GY_EBPF_BASE()
 		bpf_program__set_autoload(obj_.get()->progs.fexit_trace_connect_v6_return, false);
 		bpf_program__set_autoload(obj_.get()->progs.fentry_trace_tcp_set_state_entry, false);
 		bpf_program__set_autoload(obj_.get()->progs.fentry_trace_close_entry, false);
+		bpf_program__set_autoload(obj_.get()->progs.fexit_trace_accept_pre610_return, false);
 		bpf_program__set_autoload(obj_.get()->progs.fexit_trace_accept_return, false);
 		bpf_program__set_autoload(obj_.get()->progs.fentry_trace_ipv4_xmit, false);
 		bpf_program__set_autoload(obj_.get()->progs.fentry_trace_ipv6_xmit, false);

partha/gy_ebpf_kernel.bpf.c

@@ -698,7 +698,13 @@ int BPF_KRETPROBE(trace_accept_return, struct sock *newsk)
 
 
 SEC("fexit/inet_csk_accept")
-int BPF_PROG(fexit_trace_accept_return, struct sock *sk, int flags, int *err, bool kern, struct sock *newsk)
+int BPF_PROG(fexit_trace_accept_pre610_return, struct sock *sk, int flags, int *err, bool kern, struct sock *newsk)
+{
+	return do_trace_accept_return(ctx, newsk);
+}	
+
+SEC("fexit/inet_csk_accept")
+int BPF_PROG(fexit_trace_accept_return, struct sock *sk, void *arg, struct sock *newsk)
 {
 	return do_trace_accept_return(ctx, newsk);
 }