diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ed4d27e..f06bf15 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,6 +32,7 @@ jobs: - classifier - cgroup_skb - cgroup_sysctl + - cgroup_sockopt - tracepoint - lsm - tp_btf diff --git a/cargo-generate.toml b/cargo-generate.toml index 422f068..567397a 100644 --- a/cargo-generate.toml +++ b/cargo-generate.toml @@ -19,6 +19,7 @@ choices = [ "classifier", "cgroup_skb", "cgroup_sysctl", + "cgroup_sockopt", "tracepoint", "lsm", "tp_btf" @@ -46,6 +47,11 @@ type = "string" prompt = "Attach direction?" choices = [ "Ingress", "Egress" ] +[conditional.'program_type == "cgroup_sockopt"'.placeholders.sockopt_target] +type = "string" +prompt = "Which socket option?" +choices = [ "getsockopt", "setsockopt" ] + [conditional.'program_type == "sk_msg"'.placeholders.sock_map] type = "string" prompt = "Map Name (UPPER_CASE)?" diff --git a/test.sh b/test.sh index e9d758f..5fd2e4a 100755 --- a/test.sh +++ b/test.sh @@ -39,6 +39,9 @@ case "$PROG_TYPE" in "tp_btf") ADDITIONAL_ARGS="-d tracepoint_name=net_dev_queue" ;; + "cgroup_sockopt") + ADDITIONAL_ARGS="-d sockopt_target=getsockopt" + ;; *) ADDITIONAL_ARGS='' esac diff --git a/{{project-name}}-ebpf/src/main.rs b/{{project-name}}-ebpf/src/main.rs index 906db02..9774bf9 100644 --- a/{{project-name}}-ebpf/src/main.rs +++ b/{{project-name}}-ebpf/src/main.rs @@ -303,6 +303,25 @@ unsafe fn try_{{crate_name}}(ctx: SysctlContext) -> Result { info!(&ctx, "sysctl operation called"); Ok(0) } +{%- when "cgroup_sockopt" %} +use aya_bpf::{ + macros::cgroup_sockopt, + programs::SockoptContext, +}; +use aya_log_ebpf::info; + +#[cgroup_sockopt({{sockopt_target}},name="{{crate_name}}")] +pub fn {{crate_name}}(ctx: SockoptContext) -> i32 { + match unsafe { try_{{crate_name}}(ctx) } { + Ok(ret) => ret, + Err(ret) => ret, + } +} + +unsafe fn try_{{crate_name}}(ctx: SockoptContext) -> Result { + info!(&ctx, "{{sockopt_target}} called"); + Ok(0) +} {%- endcase %} #[panic_handler] diff --git a/{{project-name}}/src/main.rs b/{{project-name}}/src/main.rs index f0eaab6..4eeeb44 100644 --- a/{{project-name}}/src/main.rs +++ b/{{project-name}}/src/main.rs @@ -22,7 +22,9 @@ use aya::programs::{tc, SchedClassifier, TcAttachType}; {%- when "cgroup_skb" -%} use aya::programs::{CgroupSkb, CgroupSkbAttachType}; {%- when "cgroup_sysctl" -%} -use aya::programs::{CgroupSysctl}; +use aya::programs::CgroupSysctl; +{%- when "cgroup_sockopt" -%} +use aya::programs::CgroupSockopt; {%- when "tracepoint" -%} use aya::programs::TracePoint; {%- when "lsm" -%} @@ -45,7 +47,7 @@ struct Opt { {% if program_type == "xdp" or program_type == "classifier" -%} #[clap(short, long, default_value = "eth0")] iface: String, - {%- elsif program_type == "sock_ops" or program_type == "cgroup_skb" or program_type == "cgroup_sysctl" -%} + {%- elsif program_type == "sock_ops" or program_type == "cgroup_skb" or program_type == "cgroup_sysctl" or program_type == "cgroup_sockopt" -%} #[clap(short, long, default_value = "/sys/fs/cgroup/unified")] cgroup_path: String, {%- elsif program_type == "uprobe" or program_type == "uretprobe" -%} @@ -152,6 +154,11 @@ async fn main() -> Result<(), anyhow::Error> { let cgroup = std::fs::File::open(opt.cgroup_path)?; program.load()?; program.attach(cgroup)?; + {%- when "cgroup_sockopt" -%} + let program: &mut CgroupSockopt = bpf.program_mut("{{crate_name}}").unwrap().try_into()?; + let cgroup = std::fs::File::open(opt.cgroup_path)?; + program.load()?; + program.attach(cgroup)?; {%- endcase %} info!("Waiting for Ctrl-C...");