Compatibility checks independent from `KERNEL_VERSION` global variable

exein-io / pulsar

A modular and blazing fast runtime security tool for the IoT, powered by eBPF.

https://pulsar.sh

Other

888 stars 51 forks source link

Compatibility checks independent from `KERNEL_VERSION` global variable #261

Closed banditopazzo closed 4 months ago

banditopazzo commented 6 months ago

right now compatibility check for bpf_strncmp and bpf_loop are based on the global KERNEL_VERSION, that we set at runtime.

We should try to use bpf_core_enum_value_exists on enum bpf_func_id looking for BPF_FUNC_strncmp and BPF_FUNC_loop to be able to support backported features.

Ref.: https://github.com/exein-io/pulsar/pull/260#issuecomment-1964568029