netbird/client/internal/wgproxy/ebpf/loader.go

//go:build linux && !android

package ebpf

import (
	_ "embed"
	"net"

	"github.com/cilium/ebpf/link"
	"github.com/cilium/ebpf/rlimit"
)

const (
	mapKeyProxyPort uint32 = 0
	mapKeyWgPort    uint32 = 1
)

//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang-14 bpf src/portreplace.c --

// EBPF is a wrapper for eBPF program
type EBPF struct {
	link link.Link
}

// NewEBPF create new EBPF instance
func NewEBPF() *EBPF {
	return &EBPF{}
}

// Load load ebpf program
func (l *EBPF) Load(proxyPort, wgPort int) error {
	// it required for Docker
	err := rlimit.RemoveMemlock()
	if err != nil {
		return err
	}

	ifce, err := net.InterfaceByName("lo")
	if err != nil {
		return err
	}

	// Load pre-compiled programs into the kernel.
	objs := bpfObjects{}
	err = loadBpfObjects(&objs, nil)
	if err != nil {
		return err
	}
	defer func() {
		_ = objs.Close()
	}()

	err = objs.XdpPortMap.Put(mapKeyProxyPort, uint16(proxyPort))
	if err != nil {
		return err
	}

	err = objs.XdpPortMap.Put(mapKeyWgPort, uint16(wgPort))
	if err != nil {
		return err
	}

	defer func() {
		_ = objs.XdpPortMap.Close()
	}()

	l.link, err = link.AttachXDP(link.XDPOptions{
		Program:   objs.XdpProgFunc,
		Interface: ifce.Index,
	})
	if err != nil {
		return err
	}

	return err
}

// Free free ebpf program
func (l *EBPF) Free() error {
	if l.link != nil {
		return l.link.Close()
	}
	return nil
}
Wg ebpf proxy (#911) EBPF proxy between TURN (relay) and WireGuard to reduce number of used ports used by the NetBird agent. - Separate the wg configuration from the proxy logic - In case if eBPF type proxy has only one single proxy instance - In case if the eBPF is not supported fallback to the original proxy Implementation Between the signature of eBPF type proxy and original proxy has differences so this is why the factory structure exists 2023-07-26 14:00:47 +02:00			`//go:build linux && !android`

Move ebpf code to its own package to avoid crash issues in Android (#1033) * Move ebpf code to its own package to avoid crash issues in Android Older versions of android crashes because of the bytecode files Even when they aren't loaded as it was our case * move c file to own folder * fix lint 2023-07-27 15:34:27 +02:00			`package ebpf`
Wg ebpf proxy (#911) EBPF proxy between TURN (relay) and WireGuard to reduce number of used ports used by the NetBird agent. - Separate the wg configuration from the proxy logic - In case if eBPF type proxy has only one single proxy instance - In case if the eBPF is not supported fallback to the original proxy Implementation Between the signature of eBPF type proxy and original proxy has differences so this is why the factory structure exists 2023-07-26 14:00:47 +02:00
			`import (`
			`_ "embed"`
			`"net"`

			`"github.com/cilium/ebpf/link"`
			`"github.com/cilium/ebpf/rlimit"`
			`)`

			`const (`
			`mapKeyProxyPort uint32 = 0`
			`mapKeyWgPort uint32 = 1`
			`)`

Move ebpf code to its own package to avoid crash issues in Android (#1033) * Move ebpf code to its own package to avoid crash issues in Android Older versions of android crashes because of the bytecode files Even when they aren't loaded as it was our case * move c file to own folder * fix lint 2023-07-27 15:34:27 +02:00			`//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang-14 bpf src/portreplace.c --`
Wg ebpf proxy (#911) EBPF proxy between TURN (relay) and WireGuard to reduce number of used ports used by the NetBird agent. - Separate the wg configuration from the proxy logic - In case if eBPF type proxy has only one single proxy instance - In case if the eBPF is not supported fallback to the original proxy Implementation Between the signature of eBPF type proxy and original proxy has differences so this is why the factory structure exists 2023-07-26 14:00:47 +02:00
Move ebpf code to its own package to avoid crash issues in Android (#1033) * Move ebpf code to its own package to avoid crash issues in Android Older versions of android crashes because of the bytecode files Even when they aren't loaded as it was our case * move c file to own folder * fix lint 2023-07-27 15:34:27 +02:00			`// EBPF is a wrapper for eBPF program`
			`type EBPF struct {`
Wg ebpf proxy (#911) EBPF proxy between TURN (relay) and WireGuard to reduce number of used ports used by the NetBird agent. - Separate the wg configuration from the proxy logic - In case if eBPF type proxy has only one single proxy instance - In case if the eBPF is not supported fallback to the original proxy Implementation Between the signature of eBPF type proxy and original proxy has differences so this is why the factory structure exists 2023-07-26 14:00:47 +02:00			`link link.Link`
			`}`

Move ebpf code to its own package to avoid crash issues in Android (#1033) * Move ebpf code to its own package to avoid crash issues in Android Older versions of android crashes because of the bytecode files Even when they aren't loaded as it was our case * move c file to own folder * fix lint 2023-07-27 15:34:27 +02:00			`// NewEBPF create new EBPF instance`
			`func NewEBPF() *EBPF {`
			`return &EBPF{}`
Wg ebpf proxy (#911) EBPF proxy between TURN (relay) and WireGuard to reduce number of used ports used by the NetBird agent. - Separate the wg configuration from the proxy logic - In case if eBPF type proxy has only one single proxy instance - In case if the eBPF is not supported fallback to the original proxy Implementation Between the signature of eBPF type proxy and original proxy has differences so this is why the factory structure exists 2023-07-26 14:00:47 +02:00			`}`

Move ebpf code to its own package to avoid crash issues in Android (#1033) * Move ebpf code to its own package to avoid crash issues in Android Older versions of android crashes because of the bytecode files Even when they aren't loaded as it was our case * move c file to own folder * fix lint 2023-07-27 15:34:27 +02:00			`// Load load ebpf program`
			`func (l *EBPF) Load(proxyPort, wgPort int) error {`
Wg ebpf proxy (#911) EBPF proxy between TURN (relay) and WireGuard to reduce number of used ports used by the NetBird agent. - Separate the wg configuration from the proxy logic - In case if eBPF type proxy has only one single proxy instance - In case if the eBPF is not supported fallback to the original proxy Implementation Between the signature of eBPF type proxy and original proxy has differences so this is why the factory structure exists 2023-07-26 14:00:47 +02:00			`// it required for Docker`
			`err := rlimit.RemoveMemlock()`
			`if err != nil {`
			`return err`
			`}`

			`ifce, err := net.InterfaceByName("lo")`
			`if err != nil {`
			`return err`
			`}`

			`// Load pre-compiled programs into the kernel.`
			`objs := bpfObjects{}`
			`err = loadBpfObjects(&objs, nil)`
			`if err != nil {`
			`return err`
			`}`
			`defer func() {`
			`_ = objs.Close()`
			`}()`

			`err = objs.XdpPortMap.Put(mapKeyProxyPort, uint16(proxyPort))`
			`if err != nil {`
			`return err`
			`}`

			`err = objs.XdpPortMap.Put(mapKeyWgPort, uint16(wgPort))`
			`if err != nil {`
			`return err`
			`}`

			`defer func() {`
			`_ = objs.XdpPortMap.Close()`
			`}()`

			`l.link, err = link.AttachXDP(link.XDPOptions{`
			`Program: objs.XdpProgFunc,`
			`Interface: ifce.Index,`
			`})`
			`if err != nil {`
			`return err`
			`}`

			`return err`
			`}`

Move ebpf code to its own package to avoid crash issues in Android (#1033) * Move ebpf code to its own package to avoid crash issues in Android Older versions of android crashes because of the bytecode files Even when they aren't loaded as it was our case * move c file to own folder * fix lint 2023-07-27 15:34:27 +02:00			`// Free free ebpf program`
			`func (l *EBPF) Free() error {`
Wg ebpf proxy (#911) EBPF proxy between TURN (relay) and WireGuard to reduce number of used ports used by the NetBird agent. - Separate the wg configuration from the proxy logic - In case if eBPF type proxy has only one single proxy instance - In case if the eBPF is not supported fallback to the original proxy Implementation Between the signature of eBPF type proxy and original proxy has differences so this is why the factory structure exists 2023-07-26 14:00:47 +02:00			`if l.link != nil {`
			`return l.link.Close()`
			`}`
			`return nil`
			`}`