yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
pr/Billy99/974
linker-bindep
fix-verifier-blixt
revert-461-main
gh-pages
ci
perf-event
aya-log-ebpf-v0.1.0
aya-log-ebpf-macros-v0.1.0
aya-log-parser-v0.1.13
aya-ebpf-v0.1.0
aya-ebpf-macros-v0.1.0
aya-ebpf-bindings-v0.1.0
aya-ebpf-cty-v0.2.1
aya-log-v0.2.0
aya-log-common-v0.1.14
aya-v0.12.0
aya-obj-v0.1.0
aya-log-common-v0.1.13
aya-log-v0.1.13
aya-log-common-v0.1.11
aya-log-v0.1.11
aya-log-common-v0.1.10
aya-log-v0.1.10
aya-v0.11.0
aya-log-common-v0.1.9
aya-log-v0.1.9
aya-v0.10.7
aya-v0.10.6
aya-log-v0.1.1
aya-v0.10.5
aya-v0.10.4
aya-v0.10.3
aya-v0.10.2
aya-v0.10.1
aya-v0.10.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a06a5ae07e'
${ noResults }
aya/aya-bpf-macros/src/lib.rs

543 lines
16 KiB
Rust
Raw Normal View History Unescape Escape

bpf: initial bpf bindings
4 years ago
mod expand;
Add support for PerfEvent programs.
3 years ago
use expand::{
Add support for BPF_PROG_TYPE_CGROUP_DEVICE Kernel 4.15 added a new eBPF program that can be used with cgroup v2 to control & observe device access (e.g. read, write, mknod) - `BPF_PROG_TYPE_CGROUP_DEVICE`. We add the ability to create these programs with the `cgroup_device` proc macro which creates the `cgroup/dev` link section. Device details are available to the eBPF program in `DeviceContext`. The userspace representation is provided with the `CgroupDevice` structure. Fixes: #212 Signed-off-by: Milan <milan@mdaverde.com>
2 years ago
Args, BtfTracePoint, CgroupDevice, CgroupSkb, CgroupSock, CgroupSockAddr, CgroupSockopt,
CgroupSysctl, FEntry, FExit, Lsm, Map, PerfEvent, Probe, ProbeKind, RawTracePoint,
SchedClassifier, SkLookup, SkMsg, SkSkb, SkSkbKind, SockAddrArgs, SockOps, SocketFilter,
SockoptArgs, TracePoint, Xdp,
Add support for PerfEvent programs.
3 years ago
};
bpf: initial bpf bindings
4 years ago
use proc_macro::TokenStream;
Fix CI, clippy and feedback Signed-off-by: Milan <milan@mdaverde.com>
2 years ago
use syn::{parse_macro_input, ItemFn, ItemStatic};
bpf: initial bpf bindings
4 years ago
#[proc_macro_attribute]
pub fn map(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemStatic);
Map::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
#[proc_macro_attribute]
pub fn kprobe(attrs: TokenStream, item: TokenStream) -> TokenStream {
probe(ProbeKind::KProbe, attrs, item)
}
#[proc_macro_attribute]
pub fn kretprobe(attrs: TokenStream, item: TokenStream) -> TokenStream {
probe(ProbeKind::KRetProbe, attrs, item)
}
#[proc_macro_attribute]
pub fn uprobe(attrs: TokenStream, item: TokenStream) -> TokenStream {
probe(ProbeKind::UProbe, attrs, item)
}
#[proc_macro_attribute]
pub fn uretprobe(attrs: TokenStream, item: TokenStream) -> TokenStream {
probe(ProbeKind::URetProbe, attrs, item)
}
bpf: add more bindings Initial support for Array, HashMap and SockHash maps, and for SkSkb, SkMsg, SockOps and XDP programs.
3 years ago
#[proc_macro_attribute]
pub fn sock_ops(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
SockOps::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
#[proc_macro_attribute]
pub fn sk_msg(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
SkMsg::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
#[proc_macro_attribute]
pub fn xdp(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
Xdp::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: add support for BPF_PROG_TYPE_SCHED_CLS programs
3 years ago
#[proc_macro_attribute]
pub fn classifier(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
SchedClassifier::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
Add support for BPF_PROG_TYPE_CGROUP_SYSCTL (#256) * Add support for BPF_PROG_TYPE_CGROUP_SYSCTL This patch adds support for `BPF_PROG_TYPE_CGROUP_SYSCTL`. * Parse unnamed macro * Fix docs
2 years ago
#[proc_macro_attribute]
pub fn cgroup_sysctl(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
CgroupSysctl::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
Add support for BPF_PROG_TYPE_CGROUP_SOCKOPT (#268)
2 years ago
#[proc_macro_attribute]
pub fn cgroup_sockopt(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as SockoptArgs);
let attach_type = args.attach_type.to_string();
let item = parse_macro_input!(item as ItemFn);
CgroupSockopt::from_syn(args.args, item, attach_type)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: add support for BPF_PROG_TYPE_CGROUP_SKB programs Example: fn cgroup_skb_egress(skb: SkSkbContext) -> i32 { // allow data to go through 1 }
3 years ago
#[proc_macro_attribute]
pub fn cgroup_skb(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
CgroupSkb::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: Add support for BPF_PROG_TYPE_CGROUP_SOCK_ADDR Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2 years ago
#[proc_macro_attribute]
pub fn cgroup_sock_addr(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as SockAddrArgs);
let attach_type = args.attach_type.to_string();
let item = parse_macro_input!(item as ItemFn);
CgroupSockAddr::from_syn(args.args, item, attach_type)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: Implement BPF_PROG_TYPE_CGROUP_SOCK Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2 years ago
#[proc_macro_attribute]
pub fn cgroup_sock(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
CgroupSock::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: initial bpf bindings
4 years ago
fn probe(kind: ProbeKind, attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
Probe::from_syn(kind, args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: add support for tracepoint program (#29) This patch add initial support for tracepoint program type. Hope you enjoy. Signed-off-by: Tw <wei.tan@intel.com>
3 years ago
#[proc_macro_attribute]
pub fn tracepoint(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
TracePoint::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
Add support for PerfEvent programs.
3 years ago
#[proc_macro_attribute]
pub fn perf_event(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
PerfEvent::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
Add support for raw tracepoint and LSM programs This change adds support for the following program types: * raw tracepoint * LSM Supporting LSM programs involved a necessity of supporting more load_attrs for the BPF_PROG_LOAD operation, concretely: * expected_attach_type - for LSM programs, it has always to be set to BPF_LSM_MAC * attach_btf_obj_fd - it's often used to reference the file descriptor of program's BTF info, altough in case of LSM programs, it only has to contain the value 0, which means the vmlinux object file (usually /sys/kernel/btf/vmlinux) * attach_btf_id - ID of the BTF object, which in case of LSM programs is the ID of the function (the LSM hook) The example of LSM program using that functionality can be found here: https://github.com/vadorovsky/aya-example-lsm Fixes: #9 Signed-off-by: William Findlay <william@williamfindlay.com> Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// Marks a function as a raw tracepoint eBPF program that can be attached at a
/// pre-defined kernel trace point.
///
/// The kernel provides a set of pre-defined trace points that eBPF programs can
/// be attached to. See `/sys/kernel/debug/tracing/events` for a list of which
/// events can be traced.
///
/// # Minimum kernel version
///
/// The minimum kernel version required to use this feature is 4.7.
///
/// # Examples
///
/// ```no_run
/// use aya_bpf::{macros::raw_tracepoint, programs::RawTracePointContext};
///
/// #[raw_tracepoint(name = "sys_enter")]
/// pub fn sys_enter(ctx: RawTracePointContext) -> i32 {
/// match unsafe { try_sys_enter(ctx) } {
/// Ok(ret) => ret,
/// Err(ret) => ret,
/// }
/// }
///
/// unsafe fn try_sys_enter(_ctx: RawTracePointContext) -> Result<i32, i32> {
/// Ok(0)
/// }
/// ```
#[proc_macro_attribute]
pub fn raw_tracepoint(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
RawTracePoint::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
/// Marks a function as an LSM program that can be attached to Linux LSM hooks.
/// Used to implement security policy and audit logging.
///
aya-bpf-macros: Fix LSM macro documentation It was causing `cargo doc` inside bpf/ to fail. Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// LSM probes can be attached to the kernel's security hooks to implement mandatory
Add support for raw tracepoint and LSM programs This change adds support for the following program types: * raw tracepoint * LSM Supporting LSM programs involved a necessity of supporting more load_attrs for the BPF_PROG_LOAD operation, concretely: * expected_attach_type - for LSM programs, it has always to be set to BPF_LSM_MAC * attach_btf_obj_fd - it's often used to reference the file descriptor of program's BTF info, altough in case of LSM programs, it only has to contain the value 0, which means the vmlinux object file (usually /sys/kernel/btf/vmlinux) * attach_btf_id - ID of the BTF object, which in case of LSM programs is the ID of the function (the LSM hook) The example of LSM program using that functionality can be found here: https://github.com/vadorovsky/aya-example-lsm Fixes: #9 Signed-off-by: William Findlay <william@williamfindlay.com> Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// access control policy and security auditing.
///
/// LSM probes require a kernel compiled with `CONFIG_BPF_LSM=y` and `CONFIG_DEBUG_INFO_BTF=y`.
/// In order for the probes to fire, you also need the BPF LSM to be enabled through your
/// kernel's boot paramters (like `lsm=lockdown,yama,bpf`).
///
/// # Minimum kernel version
///
/// The minimum kernel version required to use this feature is 5.7.
///
/// # Examples
///
/// ```no_run
/// use aya_bpf::{macros::lsm, programs::LsmContext};
///
/// #[lsm(name = "file_open")]
/// pub fn file_open(ctx: LsmContext) -> i32 {
/// match unsafe { try_file_open(ctx) } {
/// Ok(ret) => ret,
/// Err(ret) => ret,
/// }
/// }
///
/// unsafe fn try_file_open(_ctx: LsmContext) -> Result<i32, i32> {
/// Ok(0)
/// }
/// ```
#[proc_macro_attribute]
pub fn lsm(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
Lsm::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
aya/aya-bpf: implement btf tracepoint programs
3 years ago
/// Marks a function as a [BTF-enabled raw tracepoint][1] eBPF program that can be attached at
/// a pre-defined kernel trace point.
///
/// The kernel provides a set of pre-defined trace points that eBPF programs can
/// be attached to. See `/sys/kernel/debug/tracing/events` for a list of which
/// events can be traced.
///
/// # Minimum kernel version
///
/// The minimum kernel version required to use this feature is 5.5.
///
/// # Examples
///
/// ```no_run
/// use aya_bpf::{macros::btf_tracepoint, programs::BtfTracePointContext};
///
/// #[btf_tracepoint(name = "sched_process_fork")]
/// pub fn sched_process_fork(ctx: BtfTracePointContext) -> u32 {
/// match unsafe { try_sched_process_fork(ctx) } {
/// Ok(ret) => ret,
/// Err(ret) => ret,
/// }
/// }
///
/// unsafe fn try_sched_process_fork(_ctx: BtfTracePointContext) -> Result<u32, u32> {
/// Ok(0)
/// }
/// ```
///
/// [1]: https://github.com/torvalds/linux/commit/9e15db66136a14cde3f35691f1d839d950118826
#[proc_macro_attribute]
pub fn btf_tracepoint(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
BtfTracePoint::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: Add macros for sk_skb programs This commit adds the stream_parser and stream_verdict macros for use in bpf programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// Marks a function as a SK_SKB Stream Parser eBPF program that can be attached
/// to a SockMap
///
/// # Minimum kernel version
///
/// The minimum kernel version required to use this feature is 4.14
///
/// # Examples
///
/// ```no_run
bpf: Rename SkSkbContext to SkBuffContext This is necessary since the context is used in many other program types and not just in SK_SKB programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// use aya_bpf::{macros::stream_parser, programs::SkBuffContext};
bpf: Add macros for sk_skb programs This commit adds the stream_parser and stream_verdict macros for use in bpf programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
///
///
///#[stream_parser]
bpf: Rename SkSkbContext to SkBuffContext This is necessary since the context is used in many other program types and not just in SK_SKB programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
///fn stream_parser(ctx: SkBuffContext) -> u32 {
bpf: Add macros for sk_skb programs This commit adds the stream_parser and stream_verdict macros for use in bpf programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// match { try_stream_parser(ctx) } {
/// Ok(ret) => ret,
/// Err(ret) => ret,
/// }
///}
///
bpf: Rename SkSkbContext to SkBuffContext This is necessary since the context is used in many other program types and not just in SK_SKB programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
///fn try_stream_parser(ctx: SkBuffContext) -> Result<u32, u32> {
bpf: Add macros for sk_skb programs This commit adds the stream_parser and stream_verdict macros for use in bpf programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// Ok(ctx.len())
///}
/// ```
#[proc_macro_attribute]
pub fn stream_parser(attrs: TokenStream, item: TokenStream) -> TokenStream {
sk_skb(SkSkbKind::StreamParser, attrs, item)
}
/// Marks a function as a SK_SKB Stream Verdict eBPF program that can be attached
/// to a SockMap
///
/// # Minimum kernel version
///
/// The minimum kernel version required to use this feature is 4.14
///
/// # Examples
///
/// ```no_run
bpf: Rename SkSkbContext to SkBuffContext This is necessary since the context is used in many other program types and not just in SK_SKB programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// use aya_bpf::{macros::stream_verdict, programs::SkBuffContext, bindings::sk_action};
bpf: Add macros for sk_skb programs This commit adds the stream_parser and stream_verdict macros for use in bpf programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
///
///
///#[stream_verdict]
bpf: Rename SkSkbContext to SkBuffContext This is necessary since the context is used in many other program types and not just in SK_SKB programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
///fn stream_verdict(ctx: SkBuffContext) -> u32 {
bpf: Add macros for sk_skb programs This commit adds the stream_parser and stream_verdict macros for use in bpf programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// match { try_stream_verdict(ctx) } {
/// Ok(ret) => ret,
/// Err(ret) => ret,
/// }
///}
///
bpf: Rename SkSkbContext to SkBuffContext This is necessary since the context is used in many other program types and not just in SK_SKB programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
///fn try_stream_verdict(_ctx: SkBuffContext) -> Result<u32, u32> {
bpf: Add macros for sk_skb programs This commit adds the stream_parser and stream_verdict macros for use in bpf programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// Ok(sk_action::SK_PASS)
///}
/// ```
#[proc_macro_attribute]
pub fn stream_verdict(attrs: TokenStream, item: TokenStream) -> TokenStream {
sk_skb(SkSkbKind::StreamVerdict, attrs, item)
}
fn sk_skb(kind: SkSkbKind, attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
SkSkb::from_syn(kind, args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: Add macro for socket_filter programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// Marks a function as a eBPF Socket Filter program that can be attached to
/// a socket.
///
/// # Minimum kernel version
///
/// The minimum kernel version required to use this feature is 3.19
///
/// # Examples
///
/// ```no_run
bpf: Rename SkSkbContext to SkBuffContext This is necessary since the context is used in many other program types and not just in SK_SKB programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// use aya_bpf::{macros::socket_filter, programs::SkBuffContext};
bpf: Add macro for socket_filter programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
///
/// #[socket_filter(name = "accept_all")]
bpf: Rename SkSkbContext to SkBuffContext This is necessary since the context is used in many other program types and not just in SK_SKB programs. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// pub fn accept_all(_ctx: SkBuffContext) -> i64 {
bpf: Add macro for socket_filter programs Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
3 years ago
/// return 0
/// }
/// ```
#[proc_macro_attribute]
pub fn socket_filter(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
SocketFilter::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// Marks a function as a fentry eBPF program that can be attached to almost
/// any function inside the kernel. The difference between fentry and kprobe
/// is that fexit has practically zero overhead to call before kernel function.
/// fentry programs can be also attached to other eBPF programs.
///
/// # Minimumm kernel version
///
/// The minimum kernel version required to use this feature is 5.5.
///
/// # Examples
///
/// ```no_run
bpf/macros: fix tests Doctests were broken due to depencencies on a generated vmlinux, incorrect function signatures, and a missing unsafe keyword.
3 years ago
/// # #![allow(non_camel_case_types)]
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// use aya_bpf::{macros::fentry, programs::FEntryContext};
bpf/macros: fix tests Doctests were broken due to depencencies on a generated vmlinux, incorrect function signatures, and a missing unsafe keyword.
3 years ago
/// # type filename = u32;
/// # type path = u32;
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
///
/// #[fentry(name = "filename_lookup")]
/// fn filename_lookup(ctx: FEntryContext) -> i32 {
bpf/macros: fix tests Doctests were broken due to depencencies on a generated vmlinux, incorrect function signatures, and a missing unsafe keyword.
3 years ago
/// match unsafe { try_filename_lookup(ctx) } {
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// Ok(ret) => ret,
/// Err(ret) => ret,
/// }
/// }
///
bpf/macros: fix tests Doctests were broken due to depencencies on a generated vmlinux, incorrect function signatures, and a missing unsafe keyword.
3 years ago
/// unsafe fn try_filename_lookup(ctx: FEntryContext) -> Result<i32, i32> {
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// let _f: *const filename = ctx.arg(1);
/// let _p: *const path = ctx.arg(3);
///
/// Ok(0)
/// }
/// ```
#[proc_macro_attribute]
pub fn fentry(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
FEntry::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
/// Marks a function as a fexit eBPF program that can be attached to almost
/// any function inside the kernel. The difference between fexit and kretprobe
/// is that fexit has practically zero overhead to call after kernel function
/// and it focuses on access to arguments rather than the return value. fexit
/// programs can be also attached to other eBPF programs
///
/// # Minimumm kernel version
///
/// The minimum kernel version required to use this feature is 5.5.
///
/// # Examples
///
/// ```no_run
bpf/macros: fix tests Doctests were broken due to depencencies on a generated vmlinux, incorrect function signatures, and a missing unsafe keyword.
3 years ago
/// # #![allow(non_camel_case_types)]
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// use aya_bpf::{macros::fexit, programs::FExitContext};
bpf/macros: fix tests Doctests were broken due to depencencies on a generated vmlinux, incorrect function signatures, and a missing unsafe keyword.
3 years ago
/// # type filename = u32;
/// # type path = u32;
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
///
/// #[fexit(name = "filename_lookup")]
/// fn filename_lookup(ctx: FExitContext) -> i32 {
bpf/macros: fix tests Doctests were broken due to depencencies on a generated vmlinux, incorrect function signatures, and a missing unsafe keyword.
3 years ago
/// match unsafe { try_filename_lookup(ctx) } {
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// Ok(ret) => ret,
/// Err(ret) => ret,
/// }
/// }
///
bpf/macros: fix tests Doctests were broken due to depencencies on a generated vmlinux, incorrect function signatures, and a missing unsafe keyword.
3 years ago
/// unsafe fn try_filename_lookup(ctx: FExitContext) -> Result<i32, i32> {
Support for fentry and fexit programs fentry and fexit programs are similar to kprobe and kretprobe, but they are newer and they have practically zero overhead to call before or after kernel function. Also, fexit programs are focused on access to arguments rather than the return value. Those kind of programs were introduced in the following patchset: https://lwn.net/Articles/804112/ Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// let _f: *const filename = ctx.arg(1);
/// let _p: *const path = ctx.arg(3);
///
/// Ok(0)
/// }
/// ```
#[proc_macro_attribute]
pub fn fexit(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
FExit::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
bpf: Support BPF_PROG_TYPE_SK_LOOKUP Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2 years ago
/// Marks a function as an eBPF Socket Lookup program that can be attached to
/// a network namespace.
///
/// # Minimum kernel version
///
/// The minimum kernel version required to use this feature is 5.9
///
/// # Examples
///
/// ```no_run
/// use aya_bpf::{macros::sk_lookup, programs::SkLookupContext};
///
/// #[sk_lookup(name = "redirect")]
/// pub fn accept_all(_ctx: SkLookupContext) -> u32 {
/// // use sk_assign to redirect
/// return 0
/// }
/// ```
#[proc_macro_attribute]
pub fn sk_lookup(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
SkLookup::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}
Add support for BPF_PROG_TYPE_CGROUP_DEVICE Kernel 4.15 added a new eBPF program that can be used with cgroup v2 to control & observe device access (e.g. read, write, mknod) - `BPF_PROG_TYPE_CGROUP_DEVICE`. We add the ability to create these programs with the `cgroup_device` proc macro which creates the `cgroup/dev` link section. Device details are available to the eBPF program in `DeviceContext`. The userspace representation is provided with the `CgroupDevice` structure. Fixes: #212 Signed-off-by: Milan <milan@mdaverde.com>
2 years ago
/// Marks a function as a cgroup device eBPF program that can be attached to a
/// cgroup.
///
/// # Minimum kernel version
///
/// The minimum kernel version required to use this feature is 4.15.
///
/// # Examples
///
/// ```no_run
/// use aya_bpf::{
/// macros::cgroup_device,
/// programs::DeviceContext,
/// };
///
/// #[cgroup_device(name="cgroup_dev")]
/// pub fn cgroup_dev(ctx: DeviceContext) -> i32 {
Fix CI, clippy and feedback Signed-off-by: Milan <milan@mdaverde.com>
2 years ago
/// // Reject all device access
/// return 0;
Add support for BPF_PROG_TYPE_CGROUP_DEVICE Kernel 4.15 added a new eBPF program that can be used with cgroup v2 to control & observe device access (e.g. read, write, mknod) - `BPF_PROG_TYPE_CGROUP_DEVICE`. We add the ability to create these programs with the `cgroup_device` proc macro which creates the `cgroup/dev` link section. Device details are available to the eBPF program in `DeviceContext`. The userspace representation is provided with the `CgroupDevice` structure. Fixes: #212 Signed-off-by: Milan <milan@mdaverde.com>
2 years ago
/// }
/// ```
#[proc_macro_attribute]
pub fn cgroup_device(attrs: TokenStream, item: TokenStream) -> TokenStream {
let args = parse_macro_input!(attrs as Args);
let item = parse_macro_input!(item as ItemFn);
CgroupDevice::from_syn(args, item)
.and_then(|u| u.expand())
.unwrap_or_else(|err| err.to_compile_error())
.into()
}