|
|
|
@ -9,6 +9,7 @@ use std::{
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
use libc::if_nametoindex;
|
|
|
|
use libc::if_nametoindex;
|
|
|
|
|
|
|
|
use log::warn;
|
|
|
|
use thiserror::Error;
|
|
|
|
use thiserror::Error;
|
|
|
|
|
|
|
|
|
|
|
|
use crate::{
|
|
|
|
use crate::{
|
|
|
|
@ -135,42 +136,61 @@ impl Xdp {
|
|
|
|
let prog_fd = self.fd()?;
|
|
|
|
let prog_fd = self.fd()?;
|
|
|
|
let prog_fd = prog_fd.as_fd();
|
|
|
|
let prog_fd = prog_fd.as_fd();
|
|
|
|
|
|
|
|
|
|
|
|
if KernelVersion::current().unwrap() >= KernelVersion::new(5, 9, 0) {
|
|
|
|
match KernelVersion::current() {
|
|
|
|
// Unwrap safety: the function starts with `self.fd()?` that will succeed if and only
|
|
|
|
Ok(kernel_version) => {
|
|
|
|
// if the program has been loaded, i.e. there is an fd. We get one by:
|
|
|
|
if kernel_version >= KernelVersion::new(5, 9, 0) {
|
|
|
|
// - Using `Xdp::from_pin` that sets `expected_attach_type`
|
|
|
|
// Unwrap safety: the function starts with `self.fd()?` that will succeed if and only
|
|
|
|
// - Calling `Xdp::attach` that sets `expected_attach_type`, as geting an `Xdp`
|
|
|
|
// if the program has been loaded, i.e. there is an fd. We get one by:
|
|
|
|
// instance trhough `Xdp:try_from(Program)` does not set any fd.
|
|
|
|
// - Using `Xdp::from_pin` that sets `expected_attach_type`
|
|
|
|
// So, in all cases where we have an fd, we have an expected_attach_type. Thus, if we
|
|
|
|
// - Calling `Xdp::attach` that sets `expected_attach_type`, as geting an `Xdp`
|
|
|
|
// reach this point, expected_attach_type is guaranteed to be Some(_).
|
|
|
|
// instance trhough `Xdp:try_from(Program)` does not set any fd.
|
|
|
|
let attach_type = self.data.expected_attach_type.unwrap();
|
|
|
|
// So, in all cases where we have an fd, we have an expected_attach_type. Thus, if we
|
|
|
|
let link_fd = bpf_link_create(
|
|
|
|
// reach this point, expected_attach_type is guaranteed to be Some(_).
|
|
|
|
prog_fd,
|
|
|
|
let attach_type = self.data.expected_attach_type.unwrap();
|
|
|
|
LinkTarget::IfIndex(if_index),
|
|
|
|
let link_fd = bpf_link_create(
|
|
|
|
attach_type,
|
|
|
|
prog_fd,
|
|
|
|
None,
|
|
|
|
LinkTarget::IfIndex(if_index),
|
|
|
|
flags.bits(),
|
|
|
|
attach_type,
|
|
|
|
)
|
|
|
|
None,
|
|
|
|
.map_err(|(_, io_error)| SyscallError {
|
|
|
|
flags.bits(),
|
|
|
|
call: "bpf_link_create",
|
|
|
|
)
|
|
|
|
io_error,
|
|
|
|
.map_err(|(_, io_error)| SyscallError {
|
|
|
|
})?;
|
|
|
|
call: "bpf_link_create",
|
|
|
|
self.data
|
|
|
|
io_error,
|
|
|
|
.links
|
|
|
|
})?;
|
|
|
|
.insert(XdpLink::new(XdpLinkInner::FdLink(FdLink::new(link_fd))))
|
|
|
|
self.data
|
|
|
|
} else {
|
|
|
|
.links
|
|
|
|
let if_index = if_index as i32;
|
|
|
|
.insert(XdpLink::new(XdpLinkInner::FdLink(FdLink::new(link_fd))))
|
|
|
|
unsafe { netlink_set_xdp_fd(if_index, Some(prog_fd), None, flags.bits()) }
|
|
|
|
} else {
|
|
|
|
.map_err(|io_error| XdpError::NetlinkError { io_error })?;
|
|
|
|
let if_index = if_index as i32;
|
|
|
|
|
|
|
|
unsafe { netlink_set_xdp_fd(if_index, Some(prog_fd), None, flags.bits()) }
|
|
|
|
let prog_fd = prog_fd.as_raw_fd();
|
|
|
|
.map_err(|io_error| XdpError::NetlinkError { io_error })?;
|
|
|
|
self.data
|
|
|
|
|
|
|
|
.links
|
|
|
|
let prog_fd = prog_fd.as_raw_fd();
|
|
|
|
.insert(XdpLink::new(XdpLinkInner::NlLink(NlLink {
|
|
|
|
self.data
|
|
|
|
if_index,
|
|
|
|
.links
|
|
|
|
prog_fd,
|
|
|
|
.insert(XdpLink::new(XdpLinkInner::NlLink(NlLink {
|
|
|
|
flags,
|
|
|
|
if_index,
|
|
|
|
})))
|
|
|
|
prog_fd,
|
|
|
|
|
|
|
|
flags,
|
|
|
|
|
|
|
|
})))
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
Err(e) => {
|
|
|
|
|
|
|
|
eprintln!("Error getting the current kernel version");
|
|
|
|
|
|
|
|
let if_index = if_index as i32;
|
|
|
|
|
|
|
|
unsafe { netlink_set_xdp_fd(if_index, Some(prog_fd), None, flags.bits()) }
|
|
|
|
|
|
|
|
.map_err(|io_error| XdpError::NetlinkError { io_error })?;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
let prog_fd = prog_fd.as_raw_fd();
|
|
|
|
|
|
|
|
self.data
|
|
|
|
|
|
|
|
.links
|
|
|
|
|
|
|
|
.insert(XdpLink::new(XdpLinkInner::NlLink(NlLink {
|
|
|
|
|
|
|
|
if_index,
|
|
|
|
|
|
|
|
prog_fd,
|
|
|
|
|
|
|
|
flags,
|
|
|
|
|
|
|
|
})))
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@ -269,11 +289,20 @@ impl Link for NlLink {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
fn detach(self) -> Result<(), ProgramError> {
|
|
|
|
fn detach(self) -> Result<(), ProgramError> {
|
|
|
|
let flags = if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
|
|
|
|
let flags = match KernelVersion::current() {
|
|
|
|
self.flags.bits() | XDP_FLAGS_REPLACE
|
|
|
|
Ok(kernel_version) => {
|
|
|
|
} else {
|
|
|
|
if kernel_version >= KernelVersion::new(5, 7, 0) {
|
|
|
|
self.flags.bits()
|
|
|
|
self.flags.bits() | XDP_FLAGS_REPLACE
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
self.flags.bits()
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
Err(_) => {
|
|
|
|
|
|
|
|
warn!("Warning: Can not get the current kernel version");
|
|
|
|
|
|
|
|
self.flags.bits()
|
|
|
|
|
|
|
|
}
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
// SAFETY: TODO(https://github.com/aya-rs/aya/issues/612): make this safe by not holding `RawFd`s.
|
|
|
|
// SAFETY: TODO(https://github.com/aya-rs/aya/issues/612): make this safe by not holding `RawFd`s.
|
|
|
|
let prog_fd = unsafe { BorrowedFd::borrow_raw(self.prog_fd) };
|
|
|
|
let prog_fd = unsafe { BorrowedFd::borrow_raw(self.prog_fd) };
|
|
|
|
let _ = unsafe { netlink_set_xdp_fd(self.if_index, None, Some(prog_fd), flags) };
|
|
|
|
let _ = unsafe { netlink_set_xdp_fd(self.if_index, None, Some(prog_fd), flags) };
|
|
|
|
|
Badr
4 months ago