yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat(aya): Return error messages from netlink

Browse Source 
This returns error strings from netlink since they are more informative
than the raw os error. For example:

"Device or Resource Busy" vs. "XDP program already attached".

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
reviewable/pr690/r3
Dave Tucker 2 years ago
parent 2f757b2091
commit f503df113a
4 changed files with 150 additions and 70 deletions
Show Stats Download Patch File Download Diff File

7
aya/src/programs/mod.rs
Unescape Escape View File

@ -123,7 +123,8 @@ use crate::{
sys::{
bpf_btf_get_fd_by_id, bpf_get_object, bpf_link_get_fd_by_id, bpf_link_get_info_by_fd,
bpf_load_program, bpf_pin_object, bpf_prog_get_fd_by_id, bpf_prog_query, iter_link_ids,
retry_with_verifier_logs, EbpfLoadProgramAttrs, ProgQueryTarget, SyscallError,
retry_with_verifier_logs, EbpfLoadProgramAttrs, NetlinkError, ProgQueryTarget,
SyscallError,
},
util::KernelVersion,
VerifierLogLevel,
@ -223,6 +224,10 @@ pub enum ProgramError {
/// Providing an attach cookie is not supported.
#[error("providing an attach cookie is not supported")]
AttachCookieNotSupported,
/// An error occurred while working with Netlink.
#[error(transparent)]
NetlinkError(#[from] NetlinkError),
}
/// A [`Program`] file descriptor.

43
aya/src/programs/tc.rs
Unescape Escape View File

@ -23,7 +23,8 @@ use crate::{
sys::{
bpf_link_create, bpf_link_get_info_by_fd, bpf_link_update, bpf_prog_get_fd_by_id,
netlink_find_filter_with_name, netlink_qdisc_add_clsact, netlink_qdisc_attach,
netlink_qdisc_detach, BpfLinkCreateArgs, LinkTarget, ProgQueryTarget, SyscallError,
netlink_qdisc_detach, BpfLinkCreateArgs, LinkTarget, NetlinkError, ProgQueryTarget,
SyscallError,
},
util::{ifindex_from_ifname, tc_handler_make, KernelVersion},
VerifierLogLevel,
@ -88,12 +89,16 @@ pub struct SchedClassifier {
#[derive(Debug, Error)]
pub enum TcError {
/// netlink error while attaching ebpf program
#[error("netlink error while attaching ebpf program to tc")]
NetlinkError {
/// the [`io::Error`] from the netlink call
#[source]
io_error: io::Error,
},
#[error(transparent)]
NetlinkError(#[from] NetlinkError),
/// the provided string contains a nul byte
#[error(transparent)]
NulError(#[from] std::ffi::NulError),
#[error(transparent)]
/// an IO error occurred
IoError(#[from] io::Error),
/// the clsact qdisc is already attached
#[error("the clsact qdisc is already attached")]
AlreadyAttached,
@ -209,8 +214,7 @@ impl SchedClassifier {
attach_type: TcAttachType,
options: TcAttachOptions,
) -> Result<SchedClassifierLinkId, ProgramError> {
let if_index = ifindex_from_ifname(interface)
.map_err(|io_error| TcError::NetlinkError { io_error })?;
let if_index = ifindex_from_ifname(interface).map_err(TcError::IoError)?;
self.do_attach(if_index, attach_type, options, true)
}
@ -281,7 +285,7 @@ impl SchedClassifier {
create,
)
}
.map_err(|io_error| TcError::NetlinkError { io_error })?;
.map_err(TcError::NetlinkError)?;
self.data
.links
@ -343,8 +347,7 @@ impl SchedClassifier {
interface: &str,
attach_type: TcAttachType,
) -> Result<(u64, Vec<ProgramInfo>), ProgramError> {
let if_index = ifindex_from_ifname(interface)
.map_err(|io_error| TcError::NetlinkError { io_error })?;
let if_index = ifindex_from_ifname(interface).map_err(TcError::IoError)?;
let (revision, prog_ids) = query(
ProgQueryTarget::IfIndex(if_index),
@ -393,7 +396,7 @@ impl Link for NlLink {
self.handle,
)
}
.map_err(|io_error| TcError::NetlinkError { io_error })?;
.map_err(ProgramError::NetlinkError)?;
Ok(())
}
}
@ -557,9 +560,9 @@ impl SchedClassifierLink {
///
/// The `clsact` qdisc must be added to an interface before [`SchedClassifier`]
/// programs can be attached.
pub fn qdisc_add_clsact(if_name: &str) -> Result<(), io::Error> {
pub fn qdisc_add_clsact(if_name: &str) -> Result<(), TcError> {
let if_index = ifindex_from_ifname(if_name)?;
unsafe { netlink_qdisc_add_clsact(if_index as i32) }
unsafe { netlink_qdisc_add_clsact(if_index as i32).map_err(TcError::NetlinkError) }
}
/// Detaches the programs with the given name.
@ -573,8 +576,8 @@ pub fn qdisc_detach_program(
if_name: &str,
attach_type: TcAttachType,
name: &str,
) -> Result<(), io::Error> {
let cstr = CString::new(name)?;
) -> Result<(), TcError> {
let cstr = CString::new(name).map_err(TcError::NulError)?;
qdisc_detach_program_fast(if_name, attach_type, &cstr)
}
@ -591,15 +594,15 @@ fn qdisc_detach_program_fast(
if_name: &str,
attach_type: TcAttachType,
name: &CStr,
) -> Result<(), io::Error> {
) -> Result<(), TcError> {
let if_index = ifindex_from_ifname(if_name)? as i32;
let filter_info = unsafe { netlink_find_filter_with_name(if_index, attach_type, name)? };
if filter_info.is_empty() {
return Err(io::Error::new(
return Err(TcError::IoError(io::Error::new(
io::ErrorKind::NotFound,
name.to_string_lossy(),
));
)));
}
for (prio, handle) in filter_info {

9
aya/src/programs/xdp.rs
Unescape Escape View File

@ -3,7 +3,6 @@
use std::{
ffi::CString,
hash::Hash,
io,
os::fd::{AsFd as _, AsRawFd as _, BorrowedFd, RawFd},
path::Path,
};
@ -23,7 +22,7 @@ use crate::{
},
sys::{
bpf_link_create, bpf_link_get_info_by_fd, bpf_link_update, netlink_set_xdp_fd, LinkTarget,
SyscallError,
NetlinkError, SyscallError,
},
util::KernelVersion,
VerifierLogLevel,
@ -37,7 +36,7 @@ pub enum XdpError {
NetlinkError {
/// the [`io::Error`] from the netlink call
#[source]
io_error: io::Error,
nl_err: NetlinkError,
},
}
@ -162,7 +161,7 @@ impl Xdp {
} else {
let if_index = if_index as i32;
unsafe { netlink_set_xdp_fd(if_index, Some(prog_fd), None, flags.bits()) }
.map_err(|io_error| XdpError::NetlinkError { io_error })?;
.map_err(|nl_err| XdpError::NetlinkError { nl_err })?;
let prog_fd = prog_fd.as_raw_fd();
self.data
@ -224,7 +223,7 @@ impl Xdp {
Some(old_prog_fd),
replace_flags.bits(),
)
.map_err(|io_error| XdpError::NetlinkError { io_error })?;
.map_err(|nl_err| XdpError::NetlinkError { nl_err })?;
}
let prog_fd = prog_fd.as_raw_fd();

153
aya/src/sys/netlink.rs
Unescape Escape View File

@ -8,10 +8,10 @@ use std::{
use libc::{
getsockname, nlattr, nlmsgerr, nlmsghdr, recv, send, setsockopt, sockaddr_nl, socket,
AF_NETLINK, AF_UNSPEC, ETH_P_ALL, IFF_UP, IFLA_XDP, NETLINK_EXT_ACK, NETLINK_ROUTE,
NLA_ALIGNTO, NLA_F_NESTED, NLA_TYPE_MASK, NLMSG_DONE, NLMSG_ERROR, NLM_F_ACK, NLM_F_CREATE,
NLM_F_DUMP, NLM_F_ECHO, NLM_F_EXCL, NLM_F_MULTI, NLM_F_REQUEST, RTM_DELTFILTER, RTM_GETTFILTER,
RTM_NEWQDISC, RTM_NEWTFILTER, RTM_SETLINK, SOCK_RAW, SOL_NETLINK,
AF_NETLINK, AF_UNSPEC, ETH_P_ALL, IFF_UP, IFLA_XDP, NETLINK_CAP_ACK, NETLINK_EXT_ACK,
NETLINK_ROUTE, NLA_ALIGNTO, NLA_F_NESTED, NLA_TYPE_MASK, NLMSG_DONE, NLMSG_ERROR, NLM_F_ACK,
NLM_F_CREATE, NLM_F_DUMP, NLM_F_ECHO, NLM_F_EXCL, NLM_F_MULTI, NLM_F_REQUEST, RTM_DELTFILTER,
RTM_GETTFILTER, RTM_NEWQDISC, RTM_NEWTFILTER, RTM_SETLINK, SOCK_RAW, SOL_NETLINK,
};
use thiserror::Error;
@ -25,6 +25,7 @@ use crate::{
util::tc_handler_make,
};
const NLMSGERR_ATTR_MSG: u16 = 0x01;
const NLA_HDR_LEN: usize = align_to(mem::size_of::<nlattr>(), NLA_ALIGNTO as usize);
// Safety: marking this as unsafe overall because of all the pointer math required to comply with
@ -34,7 +35,7 @@ pub(crate) unsafe fn netlink_set_xdp_fd(
fd: Option<BorrowedFd<'_>>,
old_fd: Option<BorrowedFd<'_>>,
flags: u32,
) -> Result<(), io::Error> {
) -> Result<(), NetlinkError> {
let sock = NetlinkSocket::open()?;
// Safety: Request is POD so this is safe
@ -54,33 +55,39 @@ pub(crate) unsafe fn netlink_set_xdp_fd(
// write the attrs
let attrs_buf = request_attributes(&mut req, nlmsg_len);
let mut attrs = NestedAttrs::new(attrs_buf, IFLA_XDP);
attrs.write_attr(
attrs
.write_attr(
IFLA_XDP_FD as u16,
fd.map(|fd| fd.as_raw_fd()).unwrap_or(-1),
)?;
)
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
if flags > 0 {
attrs.write_attr(IFLA_XDP_FLAGS as u16, flags)?;
attrs
.write_attr(IFLA_XDP_FLAGS as u16, flags)
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
}
if flags & XDP_FLAGS_REPLACE != 0 {
attrs.write_attr(
attrs
.write_attr(
IFLA_XDP_EXPECTED_FD as u16,
old_fd.map(|fd| fd.as_raw_fd()).unwrap(),
)?;
)
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
}
let nla_len = attrs.finish()?;
let nla_len = attrs
.finish()
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
req.header.nlmsg_len += align_to(nla_len, NLA_ALIGNTO as usize) as u32;
sock.send(&bytes_of(&req)[..req.header.nlmsg_len as usize])?;
sock.recv()?;
Ok(())
}
pub(crate) unsafe fn netlink_qdisc_add_clsact(if_index: i32) -> Result<(), io::Error> {
pub(crate) unsafe fn netlink_qdisc_add_clsact(if_index: i32) -> Result<(), NetlinkError> {
let sock = NetlinkSocket::open()?;
let mut req = mem::zeroed::<TcRequest>();
@ -101,7 +108,8 @@ pub(crate) unsafe fn netlink_qdisc_add_clsact(if_index: i32) -> Result<(), io::E
// add the TCA_KIND attribute
let attrs_buf = request_attributes(&mut req, nlmsg_len);
let attr_len = write_attr_bytes(attrs_buf, 0, TCA_KIND as u16, b"clsact\0")?;
let attr_len = write_attr_bytes(attrs_buf, 0, TCA_KIND as u16, b"clsact\0")
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
req.header.nlmsg_len += align_to(attr_len, NLA_ALIGNTO as usize) as u32;
sock.send(&bytes_of(&req)[..req.header.nlmsg_len as usize])?;
@ -118,7 +126,7 @@ pub(crate) unsafe fn netlink_qdisc_attach(
priority: u16,
handle: u32,
create: bool,
) -> Result<(u16, u32), io::Error> {
) -> Result<(u16, u32), NetlinkError> {
let sock = NetlinkSocket::open()?;
let mut req = mem::zeroed::<TcRequest>();
@ -152,15 +160,24 @@ pub(crate) unsafe fn netlink_qdisc_attach(
let attrs_buf = request_attributes(&mut req, nlmsg_len);
// add TCA_KIND
let kind_len = write_attr_bytes(attrs_buf, 0, TCA_KIND as u16, b"bpf\0")?;
let kind_len = write_attr_bytes(attrs_buf, 0, TCA_KIND as u16, b"bpf\0")
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
// add TCA_OPTIONS which includes TCA_BPF_FD, TCA_BPF_NAME and TCA_BPF_FLAGS
let mut options = NestedAttrs::new(&mut attrs_buf[kind_len..], TCA_OPTIONS as u16);
options.write_attr(TCA_BPF_FD as u16, prog_fd)?;
options.write_attr_bytes(TCA_BPF_NAME as u16, prog_name.to_bytes_with_nul())?;
options
.write_attr(TCA_BPF_FD as u16, prog_fd)
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
options
.write_attr_bytes(TCA_BPF_NAME as u16, prog_name.to_bytes_with_nul())
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
let flags: u32 = TCA_BPF_FLAG_ACT_DIRECT;
options.write_attr(TCA_BPF_FLAGS as u16, flags)?;
let options_len = options.finish()?;
options
.write_attr(TCA_BPF_FLAGS as u16, flags)
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
let options_len = options
.finish()
.map_err(|e| NetlinkError(NetlinkErrorRepr::IoError(e)))?;
req.header.nlmsg_len += align_to(kind_len + options_len, NLA_ALIGNTO as usize) as u32;
sock.send(&bytes_of(&req)[..req.header.nlmsg_len as usize])?;
@ -176,10 +193,10 @@ pub(crate) unsafe fn netlink_qdisc_attach(
None => {
// if sock.recv() succeeds we should never get here unless there's a
// bug in the kernel
return Err(io::Error::new(
return Err(NetlinkError(NetlinkErrorRepr::IoError(io::Error::new(
io::ErrorKind::Other,
"no RTM_NEWTFILTER reply received, this is a bug.",
));
))));
}
};
@ -192,7 +209,7 @@ pub(crate) unsafe fn netlink_qdisc_detach(
attach_type: &TcAttachType,
priority: u16,
handle: u32,
) -> Result<(), io::Error> {
) -> Result<(), NetlinkError> {
let sock = NetlinkSocket::open()?;
let mut req = mem::zeroed::<TcRequest>();
@ -222,7 +239,7 @@ pub(crate) unsafe fn netlink_find_filter_with_name(
if_index: i32,
attach_type: TcAttachType,
name: &CStr,
) -> Result<Vec<(u16, u32)>, io::Error> {
) -> Result<Vec<(u16, u32)>, NetlinkError> {
let mut req = mem::zeroed::<TcRequest>();
let nlmsg_len = mem::size_of::<nlmsghdr>() + mem::size_of::<tcmsg>();
@ -249,10 +266,12 @@ pub(crate) unsafe fn netlink_find_filter_with_name(
let tc_msg = ptr::read_unaligned(msg.data.as_ptr() as *const tcmsg);
let priority = (tc_msg.tcm_info >> 16) as u16;
let attrs = parse_attrs(&msg.data[mem::size_of::<tcmsg>()..])?;
let attrs = parse_attrs(&msg.data[mem::size_of::<tcmsg>()..])
.map_err(|e| NetlinkError(NetlinkErrorRepr::NlAttrError(e)))?;
if let Some(opts) = attrs.get(&(TCA_OPTIONS as u16)) {
let opts = parse_attrs(opts.data)?;
let opts = parse_attrs(opts.data)
.map_err(|e| NetlinkError(NetlinkErrorRepr::NlAttrError(e)))?;
if let Some(f_name) = opts.get(&(TCA_BPF_NAME as u16)) {
if let Ok(f_name) = CStr::from_bytes_with_nul(f_name.data) {
if name == f_name {
@ -267,7 +286,7 @@ pub(crate) unsafe fn netlink_find_filter_with_name(
}
#[doc(hidden)]
pub unsafe fn netlink_set_link_up(if_index: i32) -> Result<(), io::Error> {
pub unsafe fn netlink_set_link_up(if_index: i32) -> Result<(), NetlinkError> {
let sock = NetlinkSocket::open()?;
// Safety: Request is POD so this is safe
@ -311,12 +330,32 @@ struct NetlinkSocket {
_nl_pid: u32,
}
#[derive(Error, Debug)]
#[error(transparent)]
pub struct NetlinkError(#[from] NetlinkErrorRepr);
#[derive(Error, Debug)]
pub(crate) enum NetlinkErrorRepr {
#[error("netlink error: {message}")]
Error {
message: String,
#[source]
source: io::Error,
},
#[error(transparent)]
IoError(#[from] io::Error),
#[error(transparent)]
NulError(#[from] std::ffi::NulError),
#[error(transparent)]
NlAttrError(#[from] NlAttrError),
}
impl NetlinkSocket {
fn open() -> Result<Self, io::Error> {
fn open() -> Result<Self, NetlinkErrorRepr> {
// Safety: libc wrapper
let sock = unsafe { socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) };
if sock < 0 {
return Err(io::Error::last_os_error());
return Err(NetlinkErrorRepr::IoError(io::Error::last_os_error()));
}
// SAFETY: `socket` returns a file descriptor.
let sock = unsafe { crate::MockableFd::from_raw_fd(sock) };
@ -324,13 +363,29 @@ impl NetlinkSocket {
let enable = 1i32;
// Safety: libc wrapper
unsafe {
setsockopt(
// Set NETLINK_EXT_ACK to get extended attributes.
if setsockopt(
sock.as_raw_fd(),
SOL_NETLINK,
NETLINK_EXT_ACK,
&enable as *const _ as *const _,
mem::size_of::<i32>() as u32,
)
) < 0
{
return Err(NetlinkErrorRepr::IoError(io::Error::last_os_error()));
};
// Set NETLINK_CAP_ACK to avoid getting copies of request payload.
if setsockopt(
sock.as_raw_fd(),
SOL_NETLINK,
NETLINK_CAP_ACK,
&enable as *const _ as *const _,
mem::size_of::<i32>() as u32,
) < 0
{
return Err(NetlinkErrorRepr::IoError(io::Error::last_os_error()));
};
};
// Safety: sockaddr_nl is POD so this is safe
@ -346,7 +401,7 @@ impl NetlinkSocket {
)
} < 0
{
return Err(io::Error::last_os_error());
return Err(NetlinkErrorRepr::IoError(io::Error::last_os_error()));
}
Ok(Self {
@ -355,7 +410,7 @@ impl NetlinkSocket {
})
}
fn send(&self, msg: &[u8]) -> Result<(), io::Error> {
fn send(&self, msg: &[u8]) -> Result<(), NetlinkErrorRepr> {
if unsafe {
send(
self.sock.as_raw_fd(),
@ -365,12 +420,12 @@ impl NetlinkSocket {
)
} < 0
{
return Err(io::Error::last_os_error());
return Err(NetlinkErrorRepr::IoError(io::Error::last_os_error()));
}
Ok(())
}
fn recv(&self) -> Result<Vec<NetlinkMessage>, io::Error> {
fn recv(&self) -> Result<Vec<NetlinkMessage>, NetlinkErrorRepr> {
let mut buf = [0u8; 4096];
let mut messages = Vec::new();
let mut multipart = true;
@ -386,7 +441,7 @@ impl NetlinkSocket {
)
};
if len < 0 {
return Err(io::Error::last_os_error());
return Err(NetlinkErrorRepr::IoError(io::Error::last_os_error()));
}
if len == 0 {
break;
@ -405,7 +460,25 @@ impl NetlinkSocket {
// this is an ACK
continue;
}
return Err(io::Error::from_raw_os_error(-err.error));
let attrs = parse_attrs(&message.data)?;
let err_msg = attrs.get(&NLMSGERR_ATTR_MSG).and_then(|msg| {
CStr::from_bytes_with_nul(msg.data)
.ok()
.map(|s| s.to_string_lossy().into_owned())
});
match err_msg {
Some(err_msg) => {
return Err(NetlinkErrorRepr::Error {
message: err_msg,
source: io::Error::from_raw_os_error(-err.error),
});
}
None => {
return Err(NetlinkErrorRepr::IoError(
io::Error::from_raw_os_error(-err.error),
));
}
}
}
NLMSG_DONE => break 'out,
_ => messages.push(message),
@ -452,7 +525,7 @@ impl NetlinkMessage {
));
}
(
Vec::new(),
buf[data_offset + mem::size_of::<nlmsgerr>()..msg_len].to_vec(),
// Safety: nlmsgerr is POD so read is safe
Some(unsafe {
ptr::read_unaligned(buf[data_offset..].as_ptr() as *const nlmsgerr)
@ -628,7 +701,7 @@ struct NlAttr<'a> {
}
#[derive(Debug, Error, PartialEq, Eq)]
enum NlAttrError {
pub(crate) enum NlAttrError {
#[error("invalid buffer size `{size}`, expected `{expected}`")]
InvalidBufferLength { size: usize, expected: usize },

Write Preview
Loading…
Cancel
Save