Only probe ipv6 if present (#227)

* Only probe ipv6 if present
* Add testing support for non-ipv6 kernels
* Add tests for new feature array.
* Only test ipv6 connections when ipv6 is enabled in the kernel.

Author: nicholasberlin

non-GPL/Events/EventsTrace/EventsTrace.c

@@ -1211,7 +1211,8 @@ static int event_ctx_callback(struct ebpf_event_header *evt_hdr)
 static void print_init_msg(uint64_t features)
 {
     printf("{\"probes_initialized\": true, \"features\": {");
-    printf("\"bpf_tramp\": %s", (features & EBPF_FEATURE_BPF_TRAMP) ? "true" : "false");
+    printf("\"bpf_tramp\": %s,", (features & EBPF_FEATURE_BPF_TRAMP) ? "true" : "false");
+    printf("\"ipv6\": %s", (features & EBPF_FEATURE_IPV6) ? "true" : "false");
     printf("}}\n");
 }
 

non-GPL/Events/Lib/EbpfEvents.c

@@ -17,6 +17,7 @@
 #include <stdbool.h>
 #include <stdio.h>
 #include <sys/resource.h>
+#include <sys/socket.h>
 #include <sys/utsname.h>
 #include <unistd.h>
 
@@ -320,6 +321,7 @@ static int probe_set_autoload(struct btf *btf, struct EventProbe_bpf *obj, uint6
 {
     int err            = 0;
     bool has_bpf_tramp = features & EBPF_FEATURE_BPF_TRAMP;
+    bool has_ipv6      = features & EBPF_FEATURE_IPV6;
 
     // do_renameat2 kprobe and fentry probe are mutually exclusive.
     // disable auto-loading of kprobe if `do_renameat2` exists in BTF and
@@ -333,10 +335,16 @@ static int probe_set_autoload(struct btf *btf, struct EventProbe_bpf *obj, uint6
     // tcp_v6_connect kprobes and fexit probe are mutually exclusive.
     // disable auto-loading of kprobes if `tcp_v6_connect` exists in BTF and
     // if bpf trampolines are supported on the current arch, and vice-versa.
-    if (has_bpf_tramp && BTF_FUNC_EXISTS(btf, tcp_v6_connect)) {
+    if (has_ipv6) {
+        if (has_bpf_tramp && BTF_FUNC_EXISTS(btf, tcp_v6_connect)) {
+            err = err ?: bpf_program__set_autoload(obj->progs.kprobe__tcp_v6_connect, false);
+            err = err ?: bpf_program__set_autoload(obj->progs.kretprobe__tcp_v6_connect, false);
+        } else {
+            err = err ?: bpf_program__set_autoload(obj->progs.fexit__tcp_v6_connect, false);
+        }
+    } else {
         err = err ?: bpf_program__set_autoload(obj->progs.kprobe__tcp_v6_connect, false);
         err = err ?: bpf_program__set_autoload(obj->progs.kretprobe__tcp_v6_connect, false);
-    } else {
         err = err ?: bpf_program__set_autoload(obj->progs.fexit__tcp_v6_connect, false);
     }
 
@@ -531,13 +539,27 @@ static bool system_has_bpf_tramp(void)
     return ret;
 }
 
+static bool system_has_ipv6(void)
+{
+    int fd;
+    bool supported = false;
+    if ((fd = socket(AF_INET6, SOCK_STREAM, 0)) != -1) {
+        close(fd);
+        supported = true;
+    }
+    return supported;
+}
+
 static uint64_t detect_system_features(void)
 {
     uint64_t features = 0;
 
     if (system_has_bpf_tramp())
         features |= EBPF_FEATURE_BPF_TRAMP;
 
+    if (system_has_ipv6())
+        features |= EBPF_FEATURE_IPV6;
+
     return features;
 }
 

non-GPL/Events/Lib/EbpfEvents.h

@@ -17,6 +17,7 @@
 
 enum ebpf_kernel_feature {
     EBPF_FEATURE_BPF_TRAMP = (1 << 0),
+    EBPF_FEATURE_IPV6      = (1 << 1),
 };
 
 /* Opaque context */

testing/testrunner/ebpf_test.go

@@ -70,6 +70,13 @@ func FeaturesCorrect(t *testing.T, et *Runner) {
 	default:
 		t.Fatalf("unknown arch %s, please add to the TestFeaturesCorrect test", arch)
 	}
+
+	// test for IPv6 support feature
+	if _, err := os.Stat("/proc/sys/net/ipv6"); err == nil {
+		require.True(t, et.InitMsg.Features.IPv6)
+	} else {
+		require.False(t, et.InitMsg.Features.IPv6)
+	}
 }
 
 func ForkExit(t *testing.T, et *Runner) {
@@ -766,21 +773,33 @@ func TestEbpf(t *testing.T) {
 		{"Tcpv4ConnectionAttempt", Tcpv4ConnectionAttempt, []string{"--net-conn-attempt"}, false},
 		{"Tcpv4ConnectionAccept", Tcpv4ConnectionAccept, []string{"--net-conn-accept"}, false},
 		{"Tcpv4ConnectionClose", Tcpv4ConnectionClose, []string{"--net-conn-close"}, false},
-		{"Tcpv6ConnectionAttempt", Tcpv6ConnectionAttempt, []string{"--net-conn-attempt"}, false},
-		{"Tcpv6ConnectionAccept", Tcpv6ConnectionAccept, []string{"--net-conn-accept"}, false},
-		{"Tcpv6ConnectionClose", Tcpv6ConnectionClose, []string{"--net-conn-close"}, false},
 		{"DNSMonitor", DNSMonitor, []string{"--net-conn-dns-pkt"}, false},
 		{"Ptrace", Ptrace, []string{"--process-ptrace"}, false},
 		{"Shmget", Shmget, []string{"--process-shmget"}, false},
 		{"MemfdCreate", MemfdCreate, []string{"--process-memfd-create", "--process-exec"}, false},
-
 		{"TcFilter", TcFilter, []string{}, false},
-
 		{"FileCreateContainer", FileCreateContainer, []string{"--file-create"}, true},
 		{"FileRenameContainer", FileRenameContainer, []string{"--file-rename"}, true},
 		{"FileDeleteContainer", FileDeleteContainer, []string{"--file-delete"}, true},
 	}
 
+	// Conditionally add IPv6 tests if IPv6 is supported
+	if _, err := os.Stat("/proc/sys/net/ipv6"); err == nil {
+		// Add all IPv6 test cases
+		ipv6Tests := []struct {
+			name             string
+			handle           func(t *testing.T, et *Runner)
+			args             []string
+			requireOverlayFS bool
+		}{
+			{"Tcpv6ConnectionAttempt", Tcpv6ConnectionAttempt, []string{"--net-conn-attempt"}, false},
+			{"Tcpv6ConnectionAccept", Tcpv6ConnectionAccept, []string{"--net-conn-accept"}, false},
+			{"Tcpv6ConnectionClose", Tcpv6ConnectionClose, []string{"--net-conn-close"}, false},
+		}
+
+		testCases = append(testCases, ipv6Tests...)
+	}
+
 	failed := false
 
 	for _, test := range testCases {

testing/testrunner/utils.go

@@ -42,6 +42,7 @@ type InitMsg struct {
 	InitSuccess bool `json:"probes_initialized"`
 	Features    struct {
 		BpfTramp bool `json:"bpf_tramp"`
+		IPv6 	 bool `json:"ipv6"`
 	} `json:"features"`
 }