Merge pull request #74 from pythonbpf/fix-vmlinux-ir-gen

Fix some issues with vmlinux struct usage in syntax TODO: THIS DOES NOT FIX the XDP example. The issue with the XDP example here is that the range is not being tracked due to multiple loads from stack which is making the verifier lose track of the range on that value.
2025-12-31 21:06:25 +00:00 · 2025-11-27 23:03:45 +05:30
parent 127852ee9f de8c486461
commit 0ca835079d
11 changed files with 513 additions and 23 deletions
--- a/tests/c-form/disksnoop.bpf.c
+++ b/tests/c-form/disksnoop.bpf.c
@ -0,0 +1,66 @@
+// disksnoop.bpf.c
+// eBPF program (compile with: clang -O2 -g -target bpf -c disksnoop.bpf.c -o disksnoop.bpf.o)
+
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_core_read.h>
+
+char LICENSE[] SEC("license") = "GPL";
+
+struct {
+    __uint(type, BPF_MAP_TYPE_HASH);
+    __type(key, __u64);
+    __type(value, __u64);
+    __uint(max_entries, 10240);
+} start_map SEC(".maps");
+
+/* kprobe: record start timestamp keyed by request pointer */
+SEC("kprobe/blk_mq_start_request")
+int trace_start(struct pt_regs *ctx)
+{
+    /* request * is first arg */
+    __u64 reqp = (__u64)(ctx->di);
+    __u64 ts = bpf_ktime_get_ns();
+
+    bpf_map_update_elem(&start_map, &reqp, &ts, BPF_ANY);
+
+//  /* optional debug:
+    bpf_printk("start: req=%llu ts=%llu\n", reqp, ts);
+//  */
+    return 0;
+}
+
+/* completion: compute latency and print data_len, cmd_flags, latency_us */
+SEC("kprobe/blk_mq_end_request")
+int trace_completion(struct pt_regs *ctx)
+{
+    __u64 reqp = (__u64)(ctx->di);
+    __u64 *tsp;
+    __u64 now_ns;
+    __u64 delta_ns;
+    __u64 delta_us = 0;
+    bpf_printk("%lld", reqp);
+    tsp = bpf_map_lookup_elem(&start_map, &reqp);
+    if (!tsp)
+        return 0;
+
+    now_ns = bpf_ktime_get_ns();
+    delta_ns = now_ns - *tsp;
+    delta_us = delta_ns / 1000;
+
+    /* read request fields using CO-RE; needs vmlinux.h/BTF */
+    __u32 data_len = 0;
+    __u32 cmd_flags = 0;
+
+    /* __data_len is usually a 32/64-bit; use CORE read to be safe */
+    data_len = ( __u32 ) BPF_CORE_READ((struct request *)reqp, __data_len);
+    cmd_flags = ( __u32 ) BPF_CORE_READ((struct request *)reqp, cmd_flags);
+
+    /* print: "<bytes> <flags_hex> <latency_us>" */
+    bpf_printk("%u %x %llu\n", data_len, cmd_flags, delta_us);
+
+    /* remove from map */
+    bpf_map_delete_elem(&start_map, &reqp);
+
+    return 0;
+}
--- a/tests/c-form/xdp_test.bpf.c
+++ b/tests/c-form/xdp_test.bpf.c
@ -0,0 +1,36 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <linux/bpf.h>
+#include <linux/if_ether.h>
+#include <linux/ip.h>
+
+struct fake_iphdr {
+  unsigned short useless;
+  unsigned short tot_len;
+  unsigned short id;
+  unsigned short frag_off;
+  unsigned char ttl;
+  unsigned char protocol;
+  unsigned short check;
+  unsigned int saddr;
+  unsigned int daddr;
+};
+
+SEC("xdp")
+int xdp_prog(struct xdp_md *ctx) {
+  unsigned long data = ctx->data;
+  unsigned long data_end = ctx->data_end;
+
+  if (data + sizeof(struct ethhdr) + sizeof(struct fake_iphdr) <= data_end) {
+    struct fake_iphdr *iph = (void *)data + sizeof(struct ethhdr);
+
+    bpf_printk("%d", iph->saddr);
+
+    return XDP_PASS;
+  } else {
+    return XDP_ABORTED;
+  }
+  struct task_struct * a = btf_bpf_get_current_task_btf();
+}
+
+char _license[] SEC("license") = "GPL";
--- a/tests/failing_tests/xdp/xdp_test_1.py
+++ b/tests/failing_tests/xdp/xdp_test_1.py
@ -0,0 +1,46 @@
+from vmlinux import XDP_PASS, XDP_ABORTED
+from vmlinux import (
+    struct_xdp_md,
+)
+from pythonbpf import bpf, section, bpfglobal, compile, compile_to_ir, struct
+from ctypes import c_int64, c_ubyte, c_ushort, c_uint32, c_void_p
+
+
+@bpf
+@struct
+class iphdr:
+    useless: c_ushort
+    tot_len: c_ushort
+    id: c_ushort
+    frag_off: c_ushort
+    ttl: c_ubyte
+    protocol: c_ubyte
+    check: c_ushort
+    saddr: c_uint32
+    daddr: c_uint32
+
+
+@bpf
+@section("xdp")
+def ip_detector(ctx: struct_xdp_md) -> c_int64:
+    data = c_void_p(ctx.data)
+    data_end = c_void_p(ctx.data_end)
+    if data + 34 < data_end:
+        hdr = data + 14
+        iph = iphdr(hdr)
+        addr = iph.saddr
+        print(f"ipaddress: {addr}")
+    else:
+        return c_int64(XDP_ABORTED)
+
+    return c_int64(XDP_PASS)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("xdp_test_1.py", "xdp_test_1.ll")
+compile()
--- a/tests/passing_tests/assign/ptr_to_char_array.py
+++ b/tests/passing_tests/assign/ptr_to_char_array.py
@ -1,4 +1,4 @@
-from pythonbpf import bpf, struct, section, bpfglobal
+from pythonbpf import bpf, struct, section, bpfglobal, compile
 from pythonbpf.helper import comm

 from ctypes import c_void_p, c_int64
@ -26,3 +26,6 @@ def hello(ctx: c_void_p) -> c_int64:
@bpfglobal
 def LICENSE() -> str:
    return "GPL"
+
+
+compile()