Mini Shell

Direktori : /proc/thread-self/root/proc/self/root/lib/python3.6/site-packages/bcc/
Upload File :
Current File : //proc/thread-self/root/proc/self/root/lib/python3.6/site-packages/bcc/disassembler.py

# Copyright 2019 Clevernet
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from os import linesep
import ctypes as ct
from .table import get_table_type_name

class OffsetUnion(ct.Union):
    _fields_ = [('offsetu', ct.c_uint16), ('offset', ct.c_int16)]

class ImmUnion(ct.Union):
    _fields_ = [('immu', ct.c_uint32), ('imm', ct.c_int32)]

class BPFInstrFields(ct.Structure):
    _pack_ = 1
    _anonymous_ = ('o', 'i')
    _fields_ = [('opcode', ct.c_uint8),
                ('dst', ct.c_uint8, 4),
                ('src', ct.c_uint8, 4),
                ('o', OffsetUnion),
                ('i', ImmUnion)]

class BPFInstr(ct.Union):
    _pack_ = 1
    _anonymous_ = ('s')
    _fields_ = [('s', BPFInstrFields), ('instr', ct.c_uint64)]

class BPFDecoder():
    BPF_PSEUDO_CALL = 1
    bpf_helpers = ['unspec',
                   'map_lookup_elem',
                   'map_update_elem',
                   'map_delete_elem',
                   'probe_read',
                   'ktime_get_ns',
                   'trace_printk',
                   'get_prandom_u32',
                   'get_smp_processor_id',
                   'skb_store_bytes',
                   'l3_csum_replace',
                   'l4_csum_replace',
                   'tail_call',
                   'clone_redirect',
                   'get_current_pid_tgid',
                   'get_current_uid_gid',
                   'get_current_comm',
                   'get_cgroup_classid',
                   'skb_vlan_push',
                   'skb_vlan_pop',
                   'skb_get_tunnel_key',
                   'skb_set_tunnel_key',
                   'perf_event_read',
                   'redirect',
                   'get_route_realm',
                   'perf_event_output',
                   'skb_load_bytes',
                   'get_stackid',
                   'csum_diff',
                   'skb_get_tunnel_opt',
                   'skb_set_tunnel_opt',
                   'skb_change_proto',
                   'skb_change_type',
                   'skb_under_cgroup',
                   'get_hash_recalc',
                   'get_current_task',
                   'probe_write_user',
                   'current_task_under_cgroup',
                   'skb_change_tail',
                   'skb_pull_data',
                   'csum_update',
                   'set_hash_invalid',
                   'get_numa_node_id',
                   'skb_change_head',
                   'xdp_adjust_head',
                   'probe_read_str',
                   'get_socket_cookie',
                   'get_socket_uid',
                   'set_hash',
                   'setsockopt',
                   'skb_adjust_room',
                   'redirect_map',
                   'sk_redirect_map',
                   'sock_map_update',
                   'xdp_adjust_meta',
                   'perf_event_read_value',
                   'perf_prog_read_value',
                   'getsockopt',
                   'override_return',
                   'sock_ops_cb_flags_set',
                   'msg_redirect_map',
                   'msg_apply_bytes',
                   'msg_cork_bytes',
                   'msg_pull_data',
                   'bind',
                   'xdp_adjust_tail',
                   'skb_get_xfrm_state',
                   'get_stack',
                   'skb_load_bytes_relative',
                   'fib_lookup',
                   'sock_hash_update',
                   'msg_redirect_hash',
                   'sk_redirect_hash',
                   'lwt_push_encap',
                   'lwt_seg6_store_bytes',
                   'lwt_seg6_adjust_srh',
                   'lwt_seg6_action',
                   'rc_repeat',
                   'rc_keydown',
                   'skb_cgroup_id',
                   'get_current_cgroup_id',
                   'get_local_storage',
                   'sk_select_reuseport',
                   'skb_ancestor_cgroup_id',
                   'sk_lookup_tcp',
                   'sk_lookup_udp',
                   'sk_release',
                   'map_push_elem',
                   'map_pop_elem',
                   'map_peek_elem',
                   'msg_push_data',
                   'msg_pop_data',
                   'rc_pointer_rel']

    opcodes = {0x04: ('add32',    'dstimm',     '+=',     32),
               0x05: ('ja',       'joff',       None,     64),
               0x07: ('add',      'dstimm',     '+=',     64),
               0x0c: ('add32',    'dstsrc',     '+=',     32),
               0x0f: ('add',      'dstsrc',     '+=',     64),
               0x14: ('sub32',    'dstimm',     '-=',     32),
               0x15: ('jeq',      'jdstimmoff', '==',     64),
               0x17: ('sub',      'dstimm',     '-=',     64),
               0x18: ('lddw',     'lddw',       None,     64),
               0x1c: ('sub32',    'dstsrc',     '-=',     32),
               0x1d: ('jeq',      'jdstsrcoff', '==',     64),
               0x1f: ('sub',      'dstsrc',     '-=',     64),
               0x20: ('ldabsw',   'ldabs',      None,     32),
               0x24: ('mul32',    'dstimm',     '*=',     32),
               0x25: ('jgt',      'jdstimmoff', '>',      64),
               0x27: ('mul',      'dstimm',     '*=',     64),
               0x28: ('ldabsh',   'ldabs',      None,     16),
               0x2c: ('mul32',    'dstsrc',     '*=',     32),
               0x2d: ('jgt',      'jdstsrcoff', '>',      64),
               0x2f: ('mul',      'dstsrc',     '*=',     64),
               0x30: ('ldabsb',   'ldabs',      None,      8),
               0x34: ('div32',    'dstimm',     '/=',     32),
               0x35: ('jge',      'jdstimmoff', '>=',     64),
               0x37: ('div',      'dstimm',     '/=',     64),
               0x38: ('ldabsdw',  'ldabs',      None,     64),
               0x3c: ('div32',    'dstsrc',     '/=',     32),
               0x3d: ('jge',      'jdstsrcoff', '>=',     64),
               0x3f: ('div',      'dstsrc',     '/=',     64),
               0x40: ('ldindw',   'ldind',      None,     32),
               0x44: ('or32',     'dstimm_bw',  '|=',     32),
               0x45: ('jset',     'jdstimmoff', '&',      64),
               0x47: ('or',       'dstimm_bw',  '|=',     64),
               0x48: ('ldindh',   'ldind',      None,     16),
               0x4c: ('or32',     'dstsrc',     '|=',     32),
               0x4d: ('jset',     'jdstsrcoff', '&',      64),
               0x4f: ('or',       'dstsrc',     '|=',     64),
               0x50: ('ldindb',   'ldind',      None,      8),
               0x54: ('and32',    'dstimm_bw',  '&=',     32),
               0x55: ('jne',      'jdstimmoff', '!=',     64),
               0x57: ('and',      'dstimm_bw',  '&=',     64),
               0x58: ('ldinddw',  'ldind',      None,     64),
               0x5c: ('and32',    'dstsrc',     '&=',     32),
               0x5d: ('jne',      'jdstsrcoff', '!=',     64),
               0x5f: ('and',      'dstsrc',     '&=',     64),
               0x61: ('ldxw',     'ldstsrcoff', None,     32),
               0x62: ('stw',      'sdstoffimm', None,     32),
               0x63: ('stxw',     'sdstoffsrc', None,     32),
               0x64: ('lsh32',    'dstimm',     '<<=',    32),
               0x65: ('jsgt',     'jdstimmoff', 's>',     64),
               0x67: ('lsh',      'dstimm',     '<<=',    64),
               0x69: ('ldxh',     'ldstsrcoff', None,     16),
               0x6a: ('sth',      'sdstoffimm', None,     16),
               0x6b: ('stxh',     'sdstoffsrc', None,     16),
               0x6c: ('lsh32',    'dstsrc',     '<<=',    32),
               0x6d: ('jsgt',     'jdstsrcoff', 's>',     64),
               0x6f: ('lsh',      'dstsrc',     '<<=',    64),
               0x71: ('ldxb',     'ldstsrcoff', None,      8),
               0x72: ('stb',      'sdstoffimm', None,      8),
               0x73: ('stxb',     'sdstoffsrc', None,      8),
               0x74: ('rsh32',    'dstimm',     '>>=',    32),
               0x75: ('jsge',     'jdstimmoff', 's>=',    64),
               0x77: ('rsh',      'dstimm',     '>>=',    64),
               0x79: ('ldxdw',    'ldstsrcoff', None,     64),
               0x7a: ('stdw',     'sdstoffimm', None,     64),
               0x7b: ('stxdw',    'sdstoffsrc', None,     64),
               0x7c: ('rsh32',    'dstsrc',     '>>=',    32),
               0x7d: ('jsge',     'jdstsrcoff', 's>=',    64),
               0x7f: ('rsh',      'dstsrc',     '>>=',    64),
               0x84: ('neg32',    'dst',        '~',      32),
               0x85: ('call',     'call',       None,     64),
               0x87: ('neg',      'dst',        '~',      64),
               0x94: ('mod32',    'dstimm',     '%=',     32),
               0x95: ('exit',     'exit',       None,     64),
               0x97: ('mod',      'dstimm',     '%=',     64),
               0x9c: ('mod32',    'dstsrc',     '%=',     32),
               0x9f: ('mod',      'dstsrc',     '%=',     64),
               0xa4: ('xor32',    'dstimm_bw',  '^=',     32),
               0xa5: ('jlt',      'jdstimmoff', '<',      64),
               0xa7: ('xor',      'dstimm_bw',  '^=',     64),
               0xac: ('xor32',    'dstsrc',     '^=',     32),
               0xad: ('jlt',      'jdstsrcoff', '<',      64),
               0xaf: ('xor',      'dstsrc',     '^=',     64),
               0xb4: ('mov32',    'dstimm',     '=',      32),
               0xb5: ('jle',      'jdstimmoff', '<=',     64),
               0xb7: ('mov',      'dstimm',     '=',      64),
               0xbc: ('mov32',    'dstsrc',     '=',      32),
               0xbd: ('jle',      'jdstsrcoff', '<=',     64),
               0xbf: ('mov',      'dstsrc',     '=',      64),
               0xc4: ('arsh32',   'dstimm',     's>>=',   32),
               0xc5: ('jslt',     'jdstimmoff', 's<',     64),
               0xc7: ('arsh',     'dstimm',     's>>=',   64),
               0xcc: ('arsh32',   'dstsrc',     's>>=',   32),
               0xcd: ('jslt',     'jdstsrcoff', 's<',     64),
               0xcf: ('arsh',     'dstsrc',     's>>=',   64),
               0xd5: ('jsle',     'jdstimmoff', 's<=',    64),
               0xdc: ('endian32', 'dstsrc',     'endian', 32),
               0xdd: ('jsle',     'jdstimmoff', 's<=',    64),}

    @classmethod
    def decode(cls, i, w, w1):
        try:
            name, opclass, op, bits = cls.opcodes[w.opcode]
            if opclass == 'dstimm':
                return 'r%d %s %d' % (w.dst, op, w.imm), 0

            elif opclass == 'dstimm_bw':
                return 'r%d %s 0x%x' % (w.dst, op, w.immu), 0

            elif opclass == 'joff':
                return 'goto %s <%d>' % ('%+d' % (w.offset),
                                         i + w.offset + 1), 0

            elif opclass == 'dstsrc':
                return 'r%d %s r%d' % (w.dst, op, w.src), 0

            elif opclass == 'jdstimmoff':
                return 'if r%d %s %d goto pc%s <%d>' % (w.dst, op, w.imm,
                                                      '%+d' % (w.offset),
                                                      i + w.offset + 1), 0

            elif opclass == 'jdstsrcoff':
                return 'if r%d %s r%d goto pc%s <%d>' % (w.dst, op, w.src,
                                                       '%+d' % (w.offset),
                                                       i + w.offset + 1), 0

            elif opclass == 'lddw':
                # imm contains the file descriptor (FD) of the map being loaded;
                # the kernel will translate this into the proper address
                if w1 is None:
                    raise Exception("lddw requires two instructions to be disassembled")
                if w1.imm == 0:
                    return 'r%d = <map at fd #%d>' % (w.dst, w.imm), 1
                imm = (w1.imm << 32) | w.imm
                return 'r%d = 0x%x' % (w.dst, imm), 1

            elif opclass == 'ldabs':
                return 'r0 = *(u%s*)skb[%s]' % (bits, w.imm), 0

            elif opclass == 'ldind':
                return 'r0 = *(u%d*)skb[r%d %s]' % (bits, w.src,
                                                    '%+d' % (w.imm)), 0

            elif opclass == 'ldstsrcoff':
                return 'r%d = *(u%d*)(r%d %s)' % (w.dst, bits, w.src,
                                                  '%+d' % (w.offset)), 0

            elif opclass == 'sdstoffimm':
                return '*(u%d*)(r%d %s) = %d' % (bits, w.dst,
                                                 '%+d' % (w.offset), w.imm), 0

            elif opclass == 'sdstoffsrc':
                return '*(u%d*)(r%d %s) = r%d' % (bits, w.dst,
                                                  '%+d' % (w.offset), w.src), 0

            elif opclass == 'dst':
                return 'r%d = %s (u%s)r%d' % (w.dst, op, bits, w.dst), 0

            elif opclass == 'call':
                if w.src != cls.BPF_PSEUDO_CALL:
                    try:
                        return '%s bpf_%s#%d' % (name, cls.bpf_helpers[w.immu], w.immu), 0
                    except IndexError:
                        return '%s <unknown helper #%d>' % (op, w.immu), 0
                return '%s %s' % (name, '%+d' % (w.imm)), 0
            elif opclass == 'exit':
                return name, 0
            else:
                raise Exception('unknown opcode class')

        except KeyError:
            return 'unknown <0x%x>' % (w.opcode)

def disassemble_instruction(i, w0, w1=None):
    instr, skip = BPFDecoder.decode(i, w0, w1)
    return "%4d: (%02x) %s" % (i, w0.opcode, instr), skip

def disassemble_str(bpfstr):
    ptr = ct.cast(ct.c_char_p(bpfstr), ct.POINTER(BPFInstr))
    numinstr = int(len(bpfstr) / 8)
    w0 = ptr[0]
    skip = 0
    instr_list = []
    for i in range(1, numinstr):
        w1 = ptr[i]
        if skip:
            skip -= 1
            instr_str = "%4d:      (64-bit upper word)" % (i)
        else:
            instr_str, skip = disassemble_instruction(i - 1, w0, w1)
        instr_list.append(instr_str)
        w0 = w1
    instr_str, skip = disassemble_instruction(numinstr - 1, w0, None)
    instr_list.append(instr_str)
    return instr_list

def disassemble_prog(func_name, bpfstr):
    instr_list = ["Disassemble of BPF program %s:" % (func_name)]
    instr_list += disassemble_str(bpfstr)
    return linesep.join(instr_list)

class MapDecoder ():
    ctype2str = {ct.c_bool: u"_Bool",
                 ct.c_char: u"char",
                 ct.c_wchar: u"wchar_t",
                 ct.c_ubyte: u"unsigned char",
                 ct.c_short: u"short",
                 ct.c_ushort: u"unsigned short",
                 ct.c_int: u"int",
                 ct.c_uint: u"unsigned int",
                 ct.c_long: u"long",
                 ct.c_ulong: u"unsigned long",
                 ct.c_longlong: u"long long",
                 ct.c_ulonglong: u"unsigned long long",
                 ct.c_float: u"float",
                 ct.c_double: u"double",
                 ct.c_longdouble: u"long double",
                 ct.c_int64 * 2: u"__int128",
                 ct.c_uint64 * 2: u"unsigned __int128",}

    @classmethod
    def get_ct_name(cls, t):
        try:
            if issubclass(t, ct.Structure):
                field_type_name = "struct"
            elif issubclass(t, ct.Union):
                field_type_name = "union"
            elif issubclass(t, ct.Array):
                field_type_name = cls.ctype2str[t._type_] + "[" + str(t._length_) + "]"
            else:
                field_type_name = cls.ctype2str[t]
        except KeyError:
            field_type_name = str(t)
        return field_type_name

    @classmethod
    def format_size_info(cls, offset, size, enabled=False, bitoffset=None):
        if not enabled:
            return ""
        if bitoffset is not None:
            return "[%d,%d +%d bit]" % (offset, bitoffset, size)
        return "[%d +%d] " % (offset, size)

    @classmethod
    def print_ct_map(cls, t, indent="", offset=0, sizeinfo=False):
        map_lines = []
        try:
            for field_name, field_type in t._fields_:
                is_structured = (issubclass(field_type, ct.Structure) or
                                 issubclass(field_type, ct.Union))
                field_type_name = cls.get_ct_name(field_type)
                field_offset = getattr(t, field_name).offset
                field_size = ct.sizeof(field_type)
                sizedesc = cls.format_size_info(offset + field_offset,
                                                field_size, sizeinfo)
                if is_structured:
                    map_lines.append("%s%s%s {" % (indent, sizedesc, field_type_name))
                    map_lines += cls.print_ct_map(field_type,
                                                  indent + "  ",
                                                  offset + field_offset)
                    map_lines.append("%s} %s;" % (indent, field_name))
                else:
                    map_lines.append("%s%s%s %s;" % (indent, sizedesc,
                                                     field_type_name,
                                                     field_name))
        except ValueError:
            # is a bit field
            offset_bits = 0
            for field in t._fields_:
                if len(field) == 3:
                    field_name, field_type, field_bits = field
                    field_type_name = cls.get_ct_name(field_type)
                    sizedesc = cls.format_size_info(offset, offset_bits,
                                                    sizeinfo, field_bits)
                    map_lines.append("%s%s%s %s:%d;" % (indent, sizedesc,
                                                        field_type_name,
                                                        field_name,
                                                        field_bits))
                else:
                    # end of previous bit field
                    field_name, field_type = field
                    field_type_name = cls.get_ct_name(field_type)
                    field_offset = getattr(t, field_name).offset
                    field_size = ct.sizeof(field_type)
                    field_bits = 0
                    offset_bits = 0
                    sizedesc = cls.format_size_info(offset + field_offset,
                                                    field_size, sizeinfo)
                    map_lines.append("%s%s%s %s;" % (indent, sizedesc,
                                                     field_type_name,
                                                     field_name))
                    offset += field_offset
                offset_bits += field_bits
        return map_lines

    @classmethod
    def print_map_ctype(cls, t, field_name, sizeinfo):
        is_structured = (issubclass(t, ct.Structure) or
                         issubclass(t, ct.Union))
        type_name = cls.get_ct_name(t)
        if is_structured:
            map_lines = ["  %s {" % (type_name)]
            map_lines += cls.print_ct_map(t, "    ", sizeinfo=sizeinfo)
            map_lines.append("  } %s;" % (field_name))
        else:
            map_lines = ["  %s %s;" % (type_name, field_name)]
        return map_lines

    @classmethod
    def decode_map(cls, map_name, map_obj, map_type, sizeinfo=False):
        map_lines = ['Layout of BPF map %s (type %s, FD %d, ID %d):' % (map_name,
                                                                        map_type,
                                                                        map_obj.map_fd,
                                                                        map_obj.map_id)]
        map_lines += cls.print_map_ctype(map_obj.Key, 'key', sizeinfo=sizeinfo)
        map_lines += cls.print_map_ctype(map_obj.Leaf, 'value', sizeinfo=sizeinfo)
        return linesep.join(map_lines)

def decode_map(map_name, map_obj, map_type, sizeinfo=False):
    map_type_name = get_table_type_name(map_type)
    return MapDecoder.decode_map(map_name, map_obj, map_type_name, sizeinfo=sizeinfo)

Zerion Mini Shell 1.0