Make max packet size a runtime parameter

[elazarg]

Summary

• Add --max-packet-size CLI option (default 65535) backed by a field in ebpf_verifier_options_t, with a 1 GiB upper limit
• Replace compile-time MAX_PACKET_SIZE and PTR_MAX constants with inline accessors that read from thread_local_options, so they track the configured max packet size
• Follows the pattern of Make stack size and call depth runtime parameters #1070 (configurable stack size / call depth)

Fixes #738.

Test plan

• Build succeeds
• Full test suite passes (1533 cases, 8733 assertions; 237 expected failures unchanged)
• ./bin/prevail --help shows the new --max-packet-size option

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features
  • Added --max-packet-size command-line option to configure maximum packet size constraints (default: 65535 bytes). Enables users to customize verification limits within the range [1, 1073741824], with built-in validation for safe and valid configurations.

[coderabbitai]

Walkthrough

This change makes the maximum packet size verifiable limit configurable rather than hardcoded to 65535 bytes, enabling verification in domains where packets exceed this size. Configuration is managed via a new CLI option and enforced through validation in the options object.

Changes

Cohort / File(s)	Summary
Configuration Infrastructure src/config.hpp, src/main.cpp	Added max_packet_size field (default 0xffff) to ebpf_verifier_options_t with upper-bound constant MAX_PACKET_SIZE_LIMIT = (1 << 30). Validation enforces the range [1, MAX_PACKET_SIZE_LIMIT]. Added --max-packet-size CLI option with range validation.
Runtime Accessor Functions src/crab/ebpf_domain.hpp	Replaced compile-time constants MAX_PACKET_SIZE and PTR_MAX with inline functions max_packet_size() and ptr_max() that read from thread_local_options.max_packet_size at runtime.
Constraint Updates src/crab/ebpf_checker.cpp, src/crab/ebpf_domain.cpp, src/crab/ebpf_transformer.cpp	Updated packet and pointer upper-bound constraints to call max_packet_size() and ptr_max() functions instead of using compile-time constants in access-checking and constraint-setup logic.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 10.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: converting a hard-coded maximum packet size constant into a configurable runtime parameter.
Linked Issues check	✅ Passed	All requirements from issue #738 are met: the hard-coded assumption is removed, compile-time constants are replaced with runtime-configurable values via CLI option, and the domain can now specify custom packet sizes.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to making packet size runtime-configurable. No unrelated modifications or scope creep detected across the five modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dynamic-packet

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/crab/ebpf_domain.cpp`:
- Around line 352-353: The packet-size upper bound is currently exclusive,
making max_packet_size() effectively off-by-one; change the constraint in
inv.add_value_constraint(variable_registry->packet_size() < max_packet_size())
to use <= so packet_size() <= max_packet_size(), and apply the same inclusive
fix to the analogous data_end cap in src/crab/ebpf_transformer.cpp (replace the
strict < comparison against the max-packet-size bound with <=); ensure you
update the constraints that reference max_packet_size() and any helpers that
enforce the packet/data_end bound so the limit is inclusive.

In `@src/crab/ebpf_domain.hpp`:
- Around line 24-25: Add an explicit precondition for ptr_max() next to the
accessors: state in a short comment and/or assert that
thread_local_options.max_packet_size has been validated so that ptr_max() is
non-negative and that ptr_max() + max_packet_size() <=
std::numeric_limits<int32_t>::max(); e.g., annotate the inline int64_t ptr_max()
noexcept { ... } with a one-line soundness comment and an assertion (or
static/runtime check) that thread_local_options.max_packet_size is within the
expected bounds so callers can rely on ptr_max() >= 0 and no overflow when
adding max_packet_size().

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4ead8822-18f6-4f34-a92a-f25fd715a761

📥 Commits

Reviewing files that changed from the base of the PR and between 472a486 and d604c87.

📒 Files selected for processing (6)

• src/config.hpp
• src/crab/ebpf_checker.cpp
• src/crab/ebpf_domain.cpp
• src/crab/ebpf_domain.hpp
• src/crab/ebpf_transformer.cpp
• src/main.cpp