Remove JIT and interpreter code from NativeOnly builds

[dthaler]

Description

Remove JIT and interpreter code from NativeOnly builds

Fixes #2030 (security cleanup)
Fixes #2488 (bug)

Also fixes version number typo in GettingStarted.md

Testing

Updated CI/CD

Note that issue #2281 only updated kernel tests to use sys files, it did not update the user-mode tests in tests/unit/libbpf_test.cpp and tests/end_to_end/end_to_end.cpp, so in this PR the relevant ones are commented out. Issue #1121 covers updating the relevant ones to use dlls, and also covers updating port_quota.exe.

Documentation

Updated docs

[codecov]

Codecov Report

Merging #2475 (f981580) into main (d6bcf19) will decrease coverage by 0.03%.
The diff coverage is 75.00%.

@@            Coverage Diff             @@
##             main    #2475      +/-   ##
==========================================
- Coverage   83.99%   83.96%   -0.03%     
==========================================
  Files         157      157              
  Lines       29116    29119       +3     
==========================================
- Hits        24456    24450       -6     
- Misses       4660     4669       +9     

Impacted Files	Coverage Δ
libs/execution_context/ebpf_native.c	91.60% <ø> (ø)
...ution_context/unit/execution_context_unit_test.cpp	98.88% <ø> (ø)
libs/thunk/mock/mock.cpp	100.00% <ø> (ø)
tests/bpf2c_tests/raw_bpf.cpp	96.14% <ø> (ø)
tests/end_to_end/end_to_end.cpp	97.71% <ø> (ø)
tests/sample/ext/app/sample_ext_app.cpp	98.61% <ø> (ø)
tests/unit/libbpf_test.cpp	99.94% <ø> (ø)
libs/api/libbpf_program.cpp	83.24% <33.33%> (-0.47%)	⬇️
libs/api/ebpf_api.cpp	87.49% <100.00%> (-0.05%)	⬇️
libs/execution_context/ebpf_core.c	91.83% <100.00%> (ø)
... and 1 more

... and 5 files with indirect coverage changes

[saxena-anurag]

nit: why do we want to block this at API layer also if it is already blocked in ebpfcore? Anyone can modify and recompile this dll to override this.

[saxena-anurag]

Will having the checks in user mode block us to test the ebpfcore code where it fails the jit and interpret IOCTL calls for native_only case?

[dthaler]

nit: why do we want to block this at API layer also if it is already blocked in ebpfcore? Anyone can modify and recompile this dll to override this.

footprint reduction, and also changes the error return from "invalid value" to the more specific "not supported" meaning.

[dthaler]

Will having the checks in user mode block us to test the ebpfcore code where it fails the jit and interpret IOCTL calls for native_only case?

The UM unit tests test that code path.

[saxena-anurag]

nit: instead of removing these tests from native build, we could possibly use native_module_helper_t helper to get an appropriate file name (.sys or .o) based on whether JIT is enabled or disabled.

[dthaler]

Yes that's what #1121 already covers.

[saxena-anurag]

If JIT is enabled but INTERPRET is disabled (which is the case of Regular/Release build), do we still want to disable this API?

[dthaler]

no. I think you're saying the && should be || and I think you're right

[saxena-anurag]

yes I meant to say that only -- that it should be || instead of &&

[dthaler]

Done

[saxena-anurag]

nit: removing the operation ids from the middle will cause the value of the other ids to change. So the same operation ID will have different value in native-only vs. regular build. Not sure if this can cause any issues.

[dthaler]

Since the IDs are not used in apps (they should be calling libbpf) it's ok to have breaking changes in my view