Use jschwinger233/elibpcap to compile and inject libpcap

Makefile

@@ -12,14 +12,16 @@ LIBPCAP_ARCH ?= x86_64-unknown-linux-gnu
 # For compiling libpcap and CGO
 CC ?= gcc
 ARCHS ?= amd64 arm64
+CGO_CFLAGS="-I/pwru/libpcap"
+CGO_LDFLAGS="-L/pwru/libpcap -lpcap -static"
 
 TEST_TIMEOUT ?= 5s
 .DEFAULT_GOAL := pwru
 
 ## Build the GO binary
 pwru: libpcap/libpcap.a
 	TARGET_GOARCH=$(TARGET_GOARCH) $(GO_GENERATE)
-	CC=$(CC) GOARCH=$(TARGET_GOARCH) $(GO_BUILD) $(if $(GO_TAGS),-tags $(GO_TAGS)) \
+	CGO_CFLAGS=$(CGO_CFLAGS) CGO_LDFLAGS=$(CGO_LDFLAGS) CC=$(CC) GOARCH=$(TARGET_GOARCH) $(GO_BUILD) $(if $(GO_TAGS),-tags $(GO_TAGS)) \
 		-ldflags "-w -s \
 		-X 'github.com/cilium/pwru/internal/pwru.Version=${VERSION}'"
 

go.mod

@@ -6,20 +6,20 @@ require (
 	github.com/Asphaltt/mybtf v0.0.0-20250315135407-f9d09086616b
 	github.com/cheggaaa/pb/v3 v3.1.7
 	github.com/cilium/ebpf v0.18.0
-	github.com/cloudflare/cbpfc v0.0.0-20240920015331-ff978e94500b
+	github.com/jschwinger233/elibpcap v1.0.2
 	github.com/jsimonetti/rtnetlink v1.4.2
 	github.com/leonhwangprojects/bice v0.1.2
 	github.com/spf13/pflag v1.0.6
 	github.com/tklauser/ps v0.0.3
 	github.com/vishvananda/netns v0.0.5
 	golang.org/x/arch v0.15.0
-	golang.org/x/net v0.38.0
 	golang.org/x/sync v0.12.0
 	golang.org/x/sys v0.31.0
 )
 
 require (
 	github.com/VividCortex/ewma v1.2.0 // indirect
+	github.com/cloudflare/cbpfc v0.0.0-20240920015331-ff978e94500b // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/josharian/native v1.1.0 // indirect
@@ -31,5 +31,6 @@ require (
 	github.com/mdlayher/socket v0.4.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
+	golang.org/x/net v0.38.0 // indirect
 	rsc.io/c2go v0.0.0-20170620140410-520c22818a08 // indirect
 )

go.sum

@@ -16,6 +16,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
 github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
+github.com/jschwinger233/elibpcap v1.0.2 h1:9VVQi2fZhxxLK6ErLtPZZsC9WuLjp1+XiYAImn78kEk=
+github.com/jschwinger233/elibpcap v1.0.2/go.mod h1:fUmq00C6Pechtr089JDPhvIc6TxrbUHDlZ5QCYc9tJQ=
 github.com/jsimonetti/rtnetlink v1.4.2 h1:Df9w9TZ3npHTyDn0Ev9e1uzmN2odmXd0QX+J5GTEn90=
 github.com/jsimonetti/rtnetlink v1.4.2/go.mod h1:92s6LJdE+1iOrw+F2/RO7LYI2Qd8pPpFNNUYW06gcoM=
 github.com/jsimonetti/rtnetlink/v2 v2.0.2 h1:ZKlbCujrIpp4/u3V2Ka0oxlf4BCkt6ojkvpy3nZoCBY=

internal/libpcap/inject.go

@@ -1,12 +1,10 @@
 package libpcap
 
 import (
-	"errors"
 	"fmt"
 
 	"github.com/cilium/ebpf"
-	"github.com/cilium/ebpf/asm"
-	"github.com/cloudflare/cbpfc"
+	"github.com/jschwinger233/elibpcap"
 )
 
 func InjectL2TunnelFilter(program *ebpf.ProgramSpec, filterExpr, l2TunnelFilterExpr string) (err error) {
@@ -25,7 +23,7 @@ func InjectFilters(program *ebpf.ProgramSpec, filterExpr, tunnelFilterExprL2, tu
 		// This could happen for l2 only filters such as "arp". In this
 		// case we don't want to exit with an error, but instead inject
 		// a deny-all filter to reject all l3 skbs.
-		return injectFilter(program, "__pwru_reject_all__", true, false)
+		return injectFilter(program, elibpcap.RejectAllExpr, true, false)
 	}
 	// Attach any tunnel filters.
 	if err := injectFilter(program, tunnelFilterExprL2, false, true); err != nil {
@@ -51,47 +49,16 @@ func injectFilter(program *ebpf.ProgramSpec, filterExpr string, l3 bool, tunnel
 	if l3 {
 		suffix = tunnelSuffix + "_l3"
 	}
-	injectIdx := -1
-	for idx, inst := range program.Instructions {
-		if inst.Symbol() == "filter_pcap_ebpf"+suffix {
-			injectIdx = idx
-			break
-		}
-	}
-	if injectIdx == -1 {
-		return errors.New("Cannot find the injection position")
-	}
 
-	var filterEbpf asm.Instructions
-	if filterExpr == "__pwru_reject_all__" {
-		// let data = data_end, so kprobe_pwru.c:filter_pcap_ebpf_l3() always returns false
-		filterEbpf = asm.Instructions{
-			asm.Mov.Reg(asm.R4, asm.R5), // r4 = r5 (data = data_end)
-		}
-	} else {
-		filterEbpf, err = CompileEbpf(filterExpr, cbpfc.EBPFOpts{
-			// The rejection position is in the beginning of the `filter_pcap_ebpf` function:
-			// filter_pcap_ebpf(void *_skb, void *__skb, void *___skb, void *data, void* data_end)
-			// So we can confidently say, skb->data is at r4, skb->data_end is at r5.
-			PacketStart: asm.R4,
-			PacketEnd:   asm.R5,
-			Result:      asm.R0,
-			ResultLabel: "result" + suffix,
-			// R0-R3 are also safe to use thanks to the placeholder parameters _skb, __skb, ___skb.
-			Working:     [4]asm.Register{asm.R0, asm.R1, asm.R2, asm.R3},
-			LabelPrefix: "filter" + suffix,
-			StackOffset: -int(AvailableOffset),
-		}, l3)
-	}
-	if err != nil {
-		return
-	}
-
-	filterEbpf[0] = filterEbpf[0].WithMetadata(program.Instructions[injectIdx].Metadata)
-	program.Instructions[injectIdx] = program.Instructions[injectIdx].WithMetadata(asm.Metadata{})
-	program.Instructions = append(program.Instructions[:injectIdx],
-		append(filterEbpf, program.Instructions[injectIdx:]...)...,
+	program.Instructions, err = elibpcap.Inject(
+		filterExpr,
+		program.Instructions,
+		elibpcap.Options{
+			AtBpf2Bpf:  "filter_pcap_ebpf" + suffix,
+			DirectRead: false,
+			L2Skb:      !l3,
+		},
 	)
+	return
 
-	return nil
 }