fix(bpf): Correctly parse IP headers with options (#337)

* feat(bpf): Improve PID attribution and IP parsing

This commit introduces several improvements to the eBPF probe to enhance robustness and feature completeness.

- feat: Add fallback for PID attribution
  Uses `bpf_get_current_task()` as a fallback mechanism to resolve the process ID for a packet. This significantly improves PID attribution for scenarios where the primary flow-based mapping might fail, such as with short-lived connections. Includes a check for kernel support to ensure backward compatibility.

- fix: Correctly parse IP headers with options
  The IP header length is now dynamically calculated based on the IHL (Internet Header Length) field. This fixes a bug where packets with IP options would be parsed incorrectly, leading to errors in L4 (TCP/UDP) header analysis.

- chore: Clean up debug logs
  Commented out several `debug_log` statements to reduce noise and performance overhead.

* refactor(bpf): Remove unsafe PID fallback

Removes the PID fallback mechanism that uses bpf_get_current_task().
This is unsafe without a reliable way to detect interrupt context (e.g., bpf_in_interrupt()),
as it can lead to incorrect PID association.
The explanatory comment is updated to reflect this.

Author: mozillazg

bpf/bpf_arm64_bpfel.o

@@ -76,7 +76,22 @@ static __always_inline int parse_skb_l3(struct __sk_buff *skb, u16 protocol, str
         l3->protocol = ip_hdr.protocol;
         l3->saddr[0] = ip_hdr.saddr;
         l3->daddr[0] = ip_hdr.daddr;
-        *offset += sizeof(struct iphdr);
+
+        u8 ip_ihl = 0;
+        u32 ip_hdr_len = 0;
+        // support ip options
+        if (bpf_skb_load_bytes(skb, *offset, &ip_ihl, sizeof(ip_ihl)) == 0) {
+            ip_hdr_len = (ip_ihl & 0x0f) * 4;
+        }
+        if (ip_hdr_len < sizeof(struct iphdr)) {
+            //            debug_log("[ptcpdump] invalid ip header length: %d, use default %d\n", ip_hdr_len,
+            //            sizeof(struct iphdr));
+            ip_hdr_len = sizeof(struct iphdr);
+        }
+
+        //        debug_log("source_ip: %pI4, dest_ip: %pI4\n", &l3->saddr[0], &l3->daddr[0]);
+
+        *offset += ip_hdr_len;
         return 0;
     }
     case ETH_P_IPV6: {
@@ -122,14 +137,17 @@ static __always_inline int parse_skb_l4(struct __sk_buff *skb, u8 protocol, stru
     case IPPROTO_TCP: {
         struct tcphdr tcp_hdr;
         if (bpf_skb_load_bytes(skb, *offset, &tcp_hdr, sizeof(struct tcphdr)) < 0) {
-            // debug_log("parse_skb_l4 1 failed:\n");
+            //             debug_log("parse_skb_l4 1 failed:\n");
             return -1;
         }
         l4->sport = bpf_ntohs(tcp_hdr.source);
         l4->dport = bpf_ntohs(tcp_hdr.dest);
+
+        //        debug_log("parse_skb_l4 1 success: %d -> %d\n", l4->sport, l4->dport);
+
         *offset += sizeof(struct tcphdr);
-    }
         return 0;
+    }
     case IPPROTO_UDP: {
         struct udphdr udp_hdr;
         if (bpf_skb_load_bytes(skb, *offset, &udp_hdr, sizeof(struct udphdr)) < 0) {