Merge branch 'master' into fix

gojue · Oct 8, 2024 · 6e27831 · 6e27831
2 parents eed7042 + 69074a7
commit 6e27831
Show file tree

Hide file tree

Showing 29 changed files with 317 additions and 512 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -49,19 +49,15 @@ jobs:
       - name: Install Compilers
         run: |
           sudo apt-get update
-          kernel_ver=`uname -r | cut -d'-' -f 1`
-          sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-12 clang-12 linux-tools-common linux-tools-generic flex bison gcc-aarch64-linux-gnu libssl-dev linux-source-${kernel_ver}
-          for tool in "clang" "llc" "llvm-strip"
-          do
-            sudo rm -f /usr/bin/$tool
-            sudo ln -s /usr/bin/$tool-12 /usr/bin/$tool
-          done
+          sudo apt-get install --yes build-essential pkgconf libelf-dev llvm clang linux-tools-common linux-tools-generic flex bison gcc-aarch64-linux-gnu libssl-dev linux-source
           cd /usr/src
-          sudo tar -xf linux-source-${kernel_ver}.tar.bz2
-          cd /usr/src/linux-source-${kernel_ver}
+          source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
+          source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')  
+          sudo tar -xf $source_file
+          cd $source_dir
           test -f .config || sudo make oldconfig
           sudo make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- prepare V=0
-          ls -al /usr/src/linux-source-${kernel_ver}
+          ls -al /usr/src/$source_dir
         shell: bash
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

diff --git a/.github/workflows/go-c-cpp.yml b/.github/workflows/go-c-cpp.yml
@@ -59,19 +59,20 @@ jobs:
       - name: Install Compilers
         run: |
           sudo apt-get update
-          kernel_ver=`uname -r | cut -d'-' -f 1`
-          sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-14 clang-14 flex bison linux-tools-common linux-tools-generic gcc gcc-aarch64-linux-gnu libssl-dev linux-source-${kernel_ver}
+          sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-14 clang-14 flex bison linux-tools-common linux-tools-generic gcc gcc-aarch64-linux-gnu libssl-dev linux-source
           for tool in "clang" "llc" "llvm-strip"
           do
             sudo rm -f /usr/bin/$tool
             sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
           done
           cd /usr/src
-          sudo tar -xf linux-source-${kernel_ver}.tar.bz2
-          cd /usr/src/linux-source-${kernel_ver}
+          source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
+          source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')  
+          sudo tar -xf $source_file
+          cd $source_dir
           test -f .config || sudo make oldconfig
           sudo make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- prepare V=0
-          ls -al /usr/src/linux-source-${kernel_ver}
+          ls -al /usr/src/$source_dir
         shell: bash
       - uses: actions/checkout@v4
         with:
@@ -170,18 +171,19 @@ jobs:
           install: |
             uname -a
             apt-get update
-            kernel_ver=`uname -r | cut -d'-' -f 1`
-            apt-get install --yes wget git build-essential pkgconf libelf-dev llvm-12 clang-12 linux-tools-generic linux-tools-common flex bison file gcc-x86-64-linux-gnu libssl-dev bc linux-source-${kernel_ver}
+            apt-get install --yes wget git build-essential pkgconf libelf-dev llvm-12 clang-12 linux-tools-generic linux-tools-common flex bison file gcc-x86-64-linux-gnu libssl-dev bc linux-source
             wget https://go.dev/dl/go1.21.0.linux-arm64.tar.gz
             rm -rf /usr/local/go
             tar -C /usr/local -xzf go1.21.0.linux-arm64.tar.gz
             cd /usr/src
-            tar -xf linux-source-${kernel_ver}.tar.bz2
-            cd /usr/src/linux-source-${kernel_ver}
+            source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
+            source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
+            tar -xf $source_file
+            cd $source_dir
             test -f .config || make oldconfig > /dev/null
             make ARCH=x86 CROSS_COMPILE=x86_64-linux-gnu- prepare V=0 > /dev/null
             make prepare V=0 > /dev/null
-            ls -al /usr/src/linux-source-${kernel_ver}
+            ls -al /usr/src/$source_dir
           # Produce a binary artifact and place it in the mounted volume
           run: |
             uname -a
@@ -199,18 +201,20 @@ jobs:
             cat /proc/1/cgroup
             echo "cat /proc/1/sched:"
             cat /proc/1/sched
+            cd /usr/src
+            source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
+            source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')
             git config --global --add safe.directory /source_code
             cd /source_code
-            kernel_ver=`uname -r | cut -d'-' -f 1`
             echo "-------------------start: Build CO-RE Linux (include non-CO-RE)-------------------"
-            KERN_HEADERS=/usr/src/linux-source-${kernel_ver} make env
+            KERN_HEADERS=/usr/src/$source_dir make env
             make clean
-            KERN_HEADERS=/usr/src/linux-source-${kernel_ver} make
+            KERN_HEADERS=/usr/src/$source_dir make
             bin/ecapture -v
             echo "-------------------start: Build non-CO-RE (Cross-Compilation) Linux -------------------"
             make clean
-            KERN_HEADERS=/usr/src/linux-source-${kernel_ver} CROSS_ARCH=amd64 make env
-            KERN_HEADERS=/usr/src/linux-source-${kernel_ver} CROSS_ARCH=amd64 make nocore -j8
+            KERN_HEADERS=/usr/src/$source_dir CROSS_ARCH=amd64 make env
+            KERN_HEADERS=/usr/src/$source_dir CROSS_ARCH=amd64 make nocore -j8
             file bin/ecapture
       - name: Show the artifact
         # Items placed in /artifacts in the container will be in

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -16,19 +16,20 @@ jobs:
       - name: Install Compilers
         run: |
           sudo apt-get update
-          kernel_ver=`uname -r | cut -d'-' -f 1`
-          sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-14 clang-14 linux-tools-common linux-tools-generic gcc gcc-aarch64-linux-gnu linux-source-${kernel_ver}
+          sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-14 clang-14 linux-tools-common linux-tools-generic gcc gcc-aarch64-linux-gnu linux-source
           for tool in "clang" "llc" "llvm-strip"
           do
             sudo rm -f /usr/bin/$tool
             sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
           done
           cd /usr/src
-          sudo tar -xf linux-source-${kernel_ver}.tar.bz2
-          cd /usr/src/linux-source-${kernel_ver}
+          source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
+          source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')  
+          sudo tar -xf $source_file
+          cd $source_dir
           test -f .config || sudo make oldconfig
           sudo make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- prepare V=0
-          ls -al /usr/src/linux-source-${kernel_ver}
+          ls -al /usr/src/$source_dir
         shell: bash
       - uses: actions/checkout@v4
         with:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,28 @@
+# v0.8.7 (2024-10-07)
+
+## What's Changed
+
+**Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.6...v0.8.7
+<hr>
+
 # v0.8.6 (2024-09-06)
 ## What's Changed
 
+* GitHub action codecov by @cfc4n in https://github.com/gojue/ecapture/pull/594
+* fix: fix undeclared identifier error when make in debug mode by @yuweizzz
+  in https://github.com/gojue/ecapture/pull/593
+* user: adjusted the timing of the display of the kernel version is too low by @cfc4n
+  in https://github.com/gojue/ecapture/pull/607
+* kern: support uid/pid filter in ebpf TC hook. by @cfc4n in https://github.com/gojue/ecapture/pull/606
+* fix: fallback to default version with warn by @xxxxxliil in https://github.com/gojue/ecapture/pull/613
+* chore: Use `-tags 'netgo'` in bulding process to avoid SIGSEGV because of the different version of glibc in dfferent
+  Linux distros by @Zheaoli in https://github.com/gojue/ecapture/pull/616
+
+## New Contributors
+
+* @xxxxxliil made their first contribution in https://github.com/gojue/ecapture/pull/613
+* @Zheaoli made their first contribution in https://github.com/gojue/ecapture/pull/616
+
 **Full Changelog**: https://github.com/gojue/ecapture/compare/v0.8.5...v0.8.6
 <hr>
 

diff --git a/COMPILATION.md b/COMPILATION.md
@@ -85,11 +85,12 @@ To cross-compile the eCapture tool, you need to install the kernel header files
 install the `linux-source` package.
 
 ```shell
-kernel_ver=`uname -r | cut -d'-' -f 1`
-sudo apt-get install -y linux-source-$kernel_ver
+sudo apt-get install -y linux-source
 cd /usr/src
-sudo tar -xf linux-source-${kernel_ver}.tar.bz2
-cd /usr/src/linux-source-${kernel_ver}
+source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
+source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')  
+sudo tar -xf $source_file
+cd $source_dir
 test -f .config || yes "" | sudo make oldconfig
 ```
 

diff --git a/COMPILATION_CN.md b/COMPILATION_CN.md
@@ -102,8 +102,10 @@ bin/ecapture
 kernel_ver=`uname -r | cut -d'-' -f 1`
 sudo apt-get install -y linux-source-$kernel_ver
 cd /usr/src
-sudo tar -xf linux-source-${kernel_ver}.tar.bz2
-cd /usr/src/linux-source-${kernel_ver}
+source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
+source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')  
+sudo tar -xf $source_file
+cd $source_dir
 test -f .config || yes "" | sudo make oldconfig
 ```
 

diff --git a/README_JA.md b/README_JA.md
@@ -200,8 +200,10 @@ bin/ecapture --help
 kernel_ver=`uname -r | cut -d'-' -f 1`
 sudo apt-get install -y linux-source-$kernel_ver
 cd /usr/src
-sudo tar -xf linux-source-${kernel_ver}.tar.bz2
-cd /usr/src/linux-source-${kernel_ver}
+source_file=$(find . -maxdepth 1 -name "*linux-source*.tar.bz2")
+source_dir=$(echo "$source_file" | sed 's/\.tar\.bz2//g')  
+sudo tar -xf $source_file
+cd $source_dir
 test -f .config || yes "" | sudo make oldconfig
 ```
 

diff --git a/builder/init_env.sh b/builder/init_env.sh
@@ -9,27 +9,28 @@ if [ $? -ne 0 ]; then
   exit
 fi
 
-CLANG_NUM=12
+CLANG_NUM=-12
 # shellcheck disable=SC2209
 MAKE_ECAPTURE=make
 if [ ${release_num} == "20.04" ]; then
-  CLANG_NUM=9
+  CLANG_NUM=-9
   MAKE_ECAPTURE="make nocore"
   elif [ ${release_num} == "20.10" ]; then
-  CLANG_NUM=10
+  CLANG_NUM=-10
   MAKE_ECAPTURE="make nocore"
   elif [ ${release_num} == "21.04" ]; then
-  CLANG_NUM=11
+  CLANG_NUM=-11
   elif [ ${release_num} == "21.10" ]; then
-  CLANG_NUM=12
+  CLANG_NUM=-12
   elif [ ${release_num} == "22.04" ]; then
-  CLANG_NUM=12
+  CLANG_NUM=-12
   elif [ ${release_num} == "22.10" ]; then
-  CLANG_NUM=12
+  CLANG_NUM=-12
   elif [ ${release_num} == "23.04" ];then
-  CLANG_NUM=15
+  CLANG_NUM=-15
   else
-    echo "unsupported release version ${release_num}" && exit
+    echo "used default CLANG Version"
+    CLANG_NUM=
 fi
 
 echo "CLANG_NUM=${CLANG_NUM}"
@@ -52,22 +53,21 @@ cd ~
 
 uname -a
 sudo apt-get update
-kernel_ver=`uname -r | cut -d'-' -f 1`
 # 环境安装
-sudo apt-get install --yes build-essential pkgconf libelf-dev llvm-${CLANG_NUM} clang-${CLANG_NUM} linux-tools-common linux-tools-generic gcc-aarch64-linux-gnu libssl-dev flex bison linux-source-${kernel_ver}
+sudo apt-get install --yes build-essential pkgconf libelf-dev llvm${CLANG_NUM} clang${CLANG_NUM} linux-tools-common linux-tools-generic gcc-aarch64-linux-gnu libssl-dev flex bison linux-source
 for tool in "clang" "llc" "llvm-strip"
 do
   sudo rm -f /usr/bin/$tool
-  sudo ln -s /usr/bin/$tool-${CLANG_NUM} /usr/bin/$tool
+  sudo ln -s /usr/bin/$tool${CLANG_NUM} /usr/bin/$tool
 done
 
 cd /usr/src
-sudo tar -xf linux-source-${kernel_ver}.tar.bz2
-cd /usr/src/linux-source-${kernel_ver}
+sudo tar -xf linux-source.tar.bz2
+cd /usr/src/linux-source
 test -f .config || yes "" | sudo make oldconfig
 yes "" | sudo make ARCH=${ARCH} CROSS_COMPILE=aarch64-linux-gnu- prepare V=0 > /dev/null
 yes "" | sudo make prepare V=0 > /dev/null
-ls -al /usr/src/linux-source-${kernel_ver}
+ls -al /usr/src/linux-source
 
 clang --version
 cd ~

diff --git a/kern/bash_kern.c b/kern/bash_kern.c
@@ -61,12 +61,10 @@ int uretprobe_bash_readline(struct pt_regs *ctx) {
     event.uid = uid;
     event.type = BASH_EVENT_TYPE_READLINE;
     // bpf_printk("!! uretprobe_bash_readline pid:%d",target_pid );
-    bpf_probe_read_user(&event.line, sizeof(event.line),
-                        (void *)PT_REGS_RC(ctx));
+    bpf_probe_read_user(&event.line, sizeof(event.line), (void *)PT_REGS_RC(ctx));
     bpf_get_current_comm(&event.comm, sizeof(event.comm));
     bpf_map_update_elem(&events_t, &pid, &event, BPF_ANY);
-    bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event,
-                          sizeof(struct event));
+    bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event, sizeof(struct event));
 
     return 0;
 }
@@ -93,12 +91,10 @@ int uretprobe_bash_retval(struct pt_regs *ctx) {
 #ifndef KERNEL_LESS_5_2
     // if target_errno is 128 then we target all
     if (target_errno != BASH_ERRNO_DEFAULT && target_errno != retval) {
-        if (event_p)
-        {   
+        if (event_p) {
             event_p->retval = BASH_ERRNO_DEFAULT;
             event_p->type = BASH_EVENT_TYPE_RETVAL;
-            bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, event_p,
-                                  sizeof(struct event));
+            bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, event_p, sizeof(struct event));
             bpf_map_delete_elem(&events_t, &pid);
         }
         return 0;
@@ -110,13 +106,12 @@ int uretprobe_bash_retval(struct pt_regs *ctx) {
         event_p->type = BASH_EVENT_TYPE_RETVAL;
         //        bpf_map_update_elem(&events_t, &pid, event_p, BPF_ANY);
         bpf_map_delete_elem(&events_t, &pid);
-        bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, event_p,
-                              sizeof(struct event));
+        bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, event_p, sizeof(struct event));
     }
     return 0;
 }
 
-static __always_inline int send_bash_exit_event(struct pt_regs *ctx){
+static __always_inline int send_bash_exit_event(struct pt_regs *ctx) {
     u64 pid_tgid = bpf_get_current_pid_tgid();
     u32 pid = pid_tgid >> 32;
     u64 current_uid_gid = bpf_get_current_uid_gid();
@@ -127,17 +122,12 @@ static __always_inline int send_bash_exit_event(struct pt_regs *ctx){
         .uid = uid,
     };
     bpf_get_current_comm(&event.comm, sizeof(event.comm));
-    bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event,
-                          sizeof(struct event));
+    bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event, sizeof(struct event));
     return 0;
 }
 
 SEC("uprobe/exec_builtin")
-int uprobe_exec_builtin(struct pt_regs *ctx){
-    return send_bash_exit_event(ctx);
-}
+int uprobe_exec_builtin(struct pt_regs *ctx) { return send_bash_exit_event(ctx); }
 
 SEC("uprobe/exit_builtin")
-int uprobe_exit_builtin(struct pt_regs *ctx){
-    return send_bash_exit_event(ctx);
-}
+int uprobe_exit_builtin(struct pt_regs *ctx) { return send_bash_exit_event(ctx); }