[BUILD FAILING] Checkpoint for backup, added new hook for file system, tweaked makefile for real kernel header files inclusion, still not working. Commiting for periodic backup

src/Makefile

@@ -16,9 +16,16 @@ COMMON_INCLUDES := -I$(abspath ./ebpf/include) -I$(abspath ./user/include)
 # Use our own libbpf API headers and Linux UAPI headers distributed with
 # libbpf to avoid dependency on system-wide headers, which could be missing or
 # outdated
-#INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I$(dir $(VMLINUX))
-INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I/lib/modules/5.11.0-40-generic/build #-I$(dir $(VMLINUX))
-CFLAGS := -g -Wall #-I/lib/modules/5.11.0-40-generic/build/include
+INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi #-I$(dir $(VMLINUX))
+KINCLUDES := -I$(OUTPUT)  \
+			-I./libbpf/include/uapi \
+			-I/lib/modules/5.11.0-41-generic/build/include \
+			-I/lib/modules/$$(uname -r)/build/include/uapi \
+			-I/lib/modules/$$(uname -r)/build/include/generated/uapi \
+			-I/lib/modules/$$(uname -r)/build/arch/x86/include \
+			-I/lib/modules/$$(uname -r)/build/arch/x86/include/uapi \
+			-I/lib/modules/$$(uname -r)/build/arch/x86/include/generated #-I$(dir $(VMLINUX))
+CFLAGS := -g -Wall
 ARCH := $(shell uname -m | sed 's/x86_64/x86/')
 
 APPS = xdp_filter
@@ -55,7 +62,7 @@ clean:
 	$(Q)rm -rf $(OUTPUT) user/$(APPS)
 	$(Q)rm -rf $(OUTPUT) ebpf/$(APPS)
 	$(Q)rm -rf $(OUTPUT) bin/*
-	$(Q)rm $(USER_INCLUDES_OBJ)
+	$(Q)rm -f $(USER_INCLUDES_OBJ)
 
 $(OUTPUT) $(OUTPUT)/libbpf:
 	$(call msg,MKDIR,$@)
@@ -72,7 +79,7 @@ $(LIBBPF_OBJ): $(wildcard $(LIBBPF_SRC)/*.[ch] $(LIBBPF_SRC)/Makefile) | $(OUTPU
 # Build BPF code
 $(OUTPUT)/%.bpf.o: $(EBPF)/%.bpf.c $(LIBBPF_OBJ) $(wildcard $(EBPF)/%.h) | $(OUTPUT)
 	$(call msg,BPF,$@)
-	$(Q)$(CLANG) -g -O2 -fno-builtin -target bpf -D__TARGET_ARCH_$(ARCH) $(INCLUDES) $(COMMON_INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o $@
+	$(Q)$(CLANG) -g -O2 -fno-builtin -target bpf -emit-llvm -D__KERNEL__ -D__ASM_SYSREG_H -D__TARGET_ARCH_$(ARCH) $(KINCLUDES) $(COMMON_INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o - | llc -march=bpf -filetype=obj -o $@
 	$(Q)$(LLVM_STRIP) -g $@ # strip useless DWARF info
 
 # Generate BPF skeletons

src/ebpf/include/bpf/bpf_defs.h

@@ -1,9 +1,9 @@
 #ifndef __BPF_DEFS_H
 #define __BPF_DEFS_H
 
-#define PT_REGS_PARM1(x) ((x)->rdi)
+/*#define PT_REGS_PARM1(x) ((x)->rdi)
 #define PT_REGS_PARM2(x) ((x)->rsi)
 #define PT_REGS_PARM3(x) ((x)->rdx)
-#define PT_REGS_PARM4(x) ((x)->rcx)
+#define PT_REGS_PARM4(x) ((x)->rcx)*/
 
 #endif

src/ebpf/include/bpf/fs.h

@@ -1,13 +1,14 @@
 #ifndef __FS_H
 #define __FS_H
 
+//#include "vmlinux.h"
 #include <stdio.h>
 #include <linux/types.h>
 #include <unistd.h>
 #include <string.h>
 #include <linux/ptrace.h>
+#include <linux/stat.h>
 
-#include <linux/bpf.h>
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>
 #include <bpf/bpf_core_read.h>
@@ -17,27 +18,14 @@
 #include "../data/ring_buffer.h"
 #include "bpf_defs.h"
 
-static __always_inline int kprobe__sys_read(struct pt_regs *ctx ,int fd ,char * buf){
-    bpf_printk("Read a file");
-    return 0;
-}
+#define FS_MAX_SEGMENT_LENGTH 32
 
-SEC("kprobe/compat_sys_read") 
-int __attribute__((always_inline)) kprobe__64_compat_sys_read(struct pt_regs *ctx) {
-    struct pt_regs *rctx = ctx; if (!rctx) return 0; 
-    int fd = (int) PT_REGS_PARM1(ctx); 
-    char * buf = (char *) PT_REGS_PARM2(ctx); 
-    return kprobe__sys_read(ctx ,fd ,buf); 
-}
 
-SEC("kprobe/sys_read") 
-int kprobe__64_sys_read(struct pt_regs *ctx) { 
-    struct pt_regs *rctx = ctx; 
-    if (!rctx) return 0; 
-    int fd = (int) PT_REGS_PARM1(ctx); 
-    char * buf = (char *) PT_REGS_PARM2(ctx); 
-    return kprobe__sys_read(ctx ,fd ,buf); 
-} 
+SEC("kprobe/vfs_open") 
+int kprobe__64_sys_read(struct pt_regs *ctx){
+    //struct path *path = (struct path *)PT_REGS_PARM1(ctx);
+    return 0;//fa_access_path(path);
+}
 
 
 #endif

src/user/include/modules/fs.h

@@ -8,32 +8,16 @@
 #include "xdp_filter.skel.h"
 
 //Connections
-int attach_kprobe__64_compat_sys_read(struct xdp_filter_bpf *skel){
-    skel->links.kprobe__64_compat_sys_read = bpf_program__attach(skel->progs.kprobe__64_compat_sys_read);
-	return libbpf_get_error(skel->links.kprobe__64_compat_sys_read);
-}
-
 int attach_kprobe__64_sys_read(struct xdp_filter_bpf *skel){
     skel->links.kprobe__64_sys_read = bpf_program__attach(skel->progs.kprobe__64_sys_read);
 	return libbpf_get_error(skel->links.kprobe__64_sys_read);
 }
 
 int attach_fs_all(struct xdp_filter_bpf *skel){
-    return attach_kprobe__64_compat_sys_read(skel) |
-        attach_kprobe__64_sys_read(skel);
+    return attach_kprobe__64_sys_read(skel);
 }
 
 
-//Disconnections
-int detach_kprobe__64_compat_sys_read(struct xdp_filter_bpf *skel){
-    int err = detach_link_generic(skel->links.kprobe__64_compat_sys_read);
-    if(err<0){
-        fprintf(stderr, "Failed to detach fs link\n");
-        return -1;
-    }
-    return 0;
-}
-
 int detach_kprobe__64_sys_read(struct xdp_filter_bpf *skel){
     int err = detach_link_generic(skel->links.kprobe__64_sys_read);
     if(err<0){
@@ -44,8 +28,7 @@ int detach_kprobe__64_sys_read(struct xdp_filter_bpf *skel){
 }
 
 int detach_fs_all(struct xdp_filter_bpf *skel){
-    return detach_kprobe__64_compat_sys_read(skel) ||
-        detach_kprobe__64_sys_read(skel);
+    return detach_kprobe__64_sys_read(skel);
 }
 
 #endif

src/user/include/modules/module_manager.c

@@ -56,7 +56,6 @@ int setup_all_modules(){
     if(config.fs_module.all == ON){
         ret = attach_fs_all(attr.skel);
     }else{
-        if(config.fs_module.kprobe__64_compat_sys_read == ON) ret = attach_kprobe__64_compat_sys_read(attr.skel);
         if(config.fs_module.kprobe__64_sys_read == ON) ret = attach_kprobe__64_sys_read(attr.skel);
     }
     if(ret!=0) return -1;