Commit Graph

61 Commits (0ec60c4f23d4c1b2a251c172e5d52feaff3661bf)

Author SHA1 Message Date
Christian A. Jacobsen a98b638fa9 feat(log): add support for logging raw pointer types
* Requires the usage of `:p` display hint.
* Will, like stdlib, log with `0x` prefix.
1 week ago
Altug Bozkurt fc5387c806
lsm: cgroup attachment type support 2 weeks ago
Tamir Duberstein 66ed37c8a9
integration-test: add LSM 2 weeks ago
Tamir Duberstein ffa65efb36
integration-ebpf: avoid mentioning the size 2 weeks ago
Michal R 98e8c78376 aya-ebpf: Make use of `Borrow` and `BorrowMut` in map methods
Let callers pass either owned objects or references. We do that already
in the user-space methods.
3 weeks ago
Tamir Duberstein de42b80c74
aya,ebpf: add BPF_MAP_TYPE_SK_STORAGE
This map type requires BTF, and we can finally do it!
3 weeks ago
Tamir Duberstein 5f5305c2a8
lint all crates; enable strict pointer lints 4 weeks ago
Tamir Duberstein 82e72a14ad
Remove unused import
```
  error: unused import: `define_linear_ds_test`
    --> test/integration-ebpf/src/linear_data_structures.rs:59:5
     |
  59 | use define_linear_ds_test;
     |     ^^^^^^^^^^^^^^^^^^^^^
     |
     = note: `-D unused-imports` implied by `-D warnings`
     = help: to override `-D warnings` add `#[allow(unused_imports)]`

  error: could not compile `integration-ebpf` (bin "linear_data_structures") due to 1 previous error
```
4 weeks ago
Michal R 0b2a544ddd aya-ebpf: Add BTF array definition
Before this change, Aya supported only legacy BPF map definitions, which
are instances of the `bpf_map_def` struct and end up in the `maps` ELF
section.

This change introduces a BTF map definition for arrays, with custom
structs indicating the metadata of the map, which end up in the `.maps`
section.

Co-authored-by: Tamir Duberstein <tamird@gmail.com>
1 month ago
Tamir Duberstein 353b83383d
aya-log-ebpf: zero copy! 2 months ago
Tamir Duberstein 8e2632921f
aya-log: add DST test 2 months ago
Tamir Duberstein aa47acc507
aya-log-ebpf: allow macros in expr position
This is load-bearing in aya-template.
2 months ago
Xiaobo Liu 53ec616411 ebpf: add peak() method to Queue and Stack
Add integration tests covering push,pop,peek for both types.

Signed-off-by: Xiaobo Liu <cppcoffee@gmail.com>
Signed-off-by: Tamir Duberstein <tamird@gmail.com>
2 months ago
Addison Crump f6606473af
aya-log: properly hint log level to verifier
The log level implementation in b36cbc3eb8
was incomplete as the verifier could reject programs which exceeded
their instruction limits within logging statements. This commit
addresses this issue by making the log level static variable immutable
(s.t. the compiler puts it in a read-only section) and adds an
additional test which the verifier will reject as an infinite loop iff
it is unable to detect that the static variable would otherwise allow
the logging.
2 months ago
dependabot[bot] c0ff1aa0cc
build(deps): update network-types requirement in the cargo-crates group
Updates the requirements on [network-types](https://github.com/vadorovsky/network-types) to permit the latest version.

Updates `network-types` to 0.0.7
- [Release notes](https://github.com/vadorovsky/network-types/releases)
- [Changelog](https://github.com/vadorovsky/network-types/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vadorovsky/network-types/compare/v0.0.7...v0.0.7)

---
updated-dependencies:
- dependency-name: network-types
  dependency-version: 0.0.7
  dependency-type: direct:production
  dependency-group: cargo-crates
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
Dave Tucker 3078e5aba0 chore: Fix clippy panic_handler warnings
Working with aya in vscode will currently show a number of warnings
along the lines of:

```
found duplicate lang item `panic_impl`
the lang item is first defined in crate `std` (which `aya` depends on)
...
second definition in the local crate (`bpf_probe_read`)
```

This comes from feature unification.
integration-test requires the integration-common user feature, which
requires aya, which in turn brings in std.

For this same reason we avoid running clippy across the whole workspace.

We can avoid this issue by using the panic handler from the another
crate, which implements the same loop {} panic handler we use today.
It seems rustc is happy to conditionally link the panic handler
from an external crate without issuing warnings.

Therefore, we add our own crate - ebpf-panic - for this purpose.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
7 months ago
Dave Tucker 9eecbe9d0e
Merge pull request #1224 from dave-tucker/unused_trait_names
chore(*): set clippy unused_trait_names = warn
7 months ago
Tamir Duberstein 77b1c6194c Add support for Flow Dissector programs
Closes #216.

Co-authored-by: Zenna Allwein <zrallwein@gmail.com>
Signed-off-by: Tamir Duberstein <tamird@gmail.com>
7 months ago
Dave Tucker f6c5cb2ad2 chore(*): set clippy unused_trait_names = warn
We have previously tried to import traits anonymously where possible but
enforcing this manually was hard.

Since Rust 1.83 clippy can now enforce this for us.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
7 months ago
Michal Rostecki f48b5a4a84 aya: Ensure that truncated map names are NULL terminated
Limit of map names in eBPF is 16 bytes and they have to be NULL
terminated.

Before this change, long names were truncated to 16 bytes.
`MAP_WITH_LOOOONG_NAAAAAAAAME` would become `MAP_WITH_LOOOONG`, which
doesn't contain the NULL byte.

This change fixes that by truncating the name to 15 bytes, ensuring
that the 16th byte is NULL. `MAP_WITH_LOOOONG_NAAAAAAAAME` is truncated
to `MAP_WITH_LOOOON\0`.
8 months ago
Tamir Duberstein f0a9f19ddc Bump edition to 2024
Change FromRawTracepointArgs::arg to return T rather than *const T which
seems to have been returning a dangling pointer.

Arguably this is not strictly necessary; edition 2024 seems to be
focused on increased strictness around unsafe code which doesn't unlock
new functionality for our users. That said, this work revealed an
apparent bug (see above) that we wouldn't otherwise catch due to
allow-by-default lints.
8 months ago
arctic-alpaca 015443776c replace hard-coded queue ID with queried queue ID 8 months ago
arctic-alpaca e1cb4237bd tests: add queue ID matching to AF_XDP test 8 months ago
Andrew Werner 628b7fb022 aya::programs::uprobe: add support for cookies
Fixes #1132.

Note that this change does not add support in the public API for kprobes
or tracepoints, but it's a trivial matter of plumbing.

Along the way, the Uprobe::attach API is cleaned up to make the
attachment location more coherent. The logic being: if we're going to be
breaking the API anyway, may as well clean it up a bit.

Furthermore, the aya::sys::bpf_link_attach function is cleaned up by
properly modeling the the union in the final field with a rust enum.
10 months ago
Mike Rostecki f34d355d7d bpf: Handle raw tracepoint arguments
Provide an `arg()` method in `RawTracepointArgs` wrapper of
`bpf_raw_tracepoint_args` and also in `RawTracepointContext`, so
it's directly available in raw tracepoint programs.

The methods and traits implemented here are unsafe. There is no
way to reliably check the number of available arguments, so
requesting a non-existing one leads to undefined behavior.
10 months ago
Tamir Duberstein e0c4948e36 Extract integration-common for shared types 11 months ago
Michal Rostecki 0b58d3eb6d bpf: Add `bpf_strncmp` helper
The `bpf_strncmp` helper allows for better string comparison in eBPF
programs.

Added in https://github.com/torvalds/linux/commit/c5fb19937455095573a19.
11 months ago
astoycos 5478cac008 feat(aya): Implement TCX
This commit adds the initial support for TCX
bpf links. This is a new, multi-program, attachment
type allows for the caller to specify where
they would like to be attached relative to other
programs at the attachment point using the LinkOrder
type.

Signed-off-by: astoycos <astoycos@redhat.com>
Co-authored-by: Andre Fredette <afredette@redhat.com>
Co-authored-by: Dave Tucker <dave@dtucker.co.uk>
Co-authored-by: Tamir Duberstein <tamird@gmail.com>
1 year ago
Tamir Duberstein 5b29008691 Appease `static_mut_refs`
Made stricter in https://github.com/rust-lang/rust/commit/5ba6db1b648d9.
1 year ago
tyrone-wu cb8e478800
aya,integration-test: improve integration tests for info API
Improves the existing integraiton tests for `loaded_programs()` and
`loaded_maps()` in consideration for older kernels:
  - Opt for `SocketFilter` program in tests since XDP requires v4.8 and
    fragments requires v5.18.
  - For assertion tests, first perform the assertion, if the assertion
    fails, then it checks the host kernel version to see if it is above
    the minimum version requirement. If not, then continue with test,
    otherwise fail.
    For assertions that are skipped, they're logged in stderr which can
    be observed with `-- --nocapture`.

This also fixes the `bpf_prog_get_info_by_fd()` call for kernels below
v4.15. If calling syscall  on kernels below v4.15, it can produce an
`E2BIG` error  because `check_uarg_tail_zero()` expects the entire
struct to all-zero bytes (which is caused from the map info).

Instead, we first attempt the syscall with the map info filled, if it
returns `E2BIG`, then perform syscall again with empty closure.

Also adds doc for which version a kernel feature was introduced for
better  awareness.

The tests have been verified kernel versions:
  - 4.13.0
  - 4.15.0
  - 6.1.0
1 year ago
Michal Rostecki a75fc2f769 aya-log: Allow logging `core::net::Ipv4Addr` and `core::net::Ipv6Addr`
IP address types are available in `core`, so they can be used also in
eBPF programs. This change adds support of these types in aya-log.

* Add implementation of `WriteTuBuf` to these types.
* Support these types in `Ipv4Formatter` and `Ipv6Formatter`.
* Support them with `DisplayHint::Ip`.
* Add support for formatting `[u8; 4]`, to be able to handle
  `Ipv4Addr::octets`.
1 year ago
Wouter Dullaert fb0a339adf feat(aya-ebpf): Add integration test for memmove implementation 1 year ago
tyrone-wu 6988dac159 test/integration-ebpf: added integration tests for kretprobe & uretprobe
Added integration test methods for kretprobe and uretprobe with their
appropriate contexts.
2 years ago
Dave Tucker 41c61560ea chore(aya-ebpf): Rename bpf -> ebpf
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2 years ago
Alessandro Decina 2227223a96 aya-log: fix hygiene
Before this change we leaked some bindings to the calling scope, so for
instance logging a variable named "len" led to a compile error.
2 years ago
Andrew Werner e2cf734490 aya: Implement RingBuf
This implements the userspace binding for RingBuf.

Instead of streaming the samples as heap buffers, the process_ring
function takes a callback to which we pass the event's byte region,
roughly following [libbpf]'s API design. This avoids a copy and allows
marking the consumer pointer in a timely manner.

[libbpf]: https://github.com/libbpf/libbpf/blob/master/src/ringbuf.c

Additionally, integration tests are added to demonstrate the usage
of the new APIs and to ensure that they work end-to-end.

Co-authored-by: William Findlay <william@williamfindlay.com>
Co-authored-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com>
2 years ago
Tamir Duberstein ad460879ef
integration-test: replace macro with function
There's just no need for a macro here.
2 years ago
Tamir Duberstein 8cee3f8b01
integration-test: distinguish between success and noop
These tests previously produced the same result on certain failures as
they did on success.
2 years ago
Tuetuopay 579e3cee22 aya, bpf: misc fixes following review comments 2 years ago
Tuetuopay 0647927e32 xdp: add support for chained xdp programs in {cpu,dev}map
set/insert functions can now take an optional bpf program fd to run once
the packet has been redirected from the main probe
2 years ago
Tuetuopay 4452364c41 macros: add 'map' option to xdp macro
This option allows to place the program in the specific sections to
chain programs with devmaps and cpumaps.
2 years ago
Tamir Duberstein 3cfd886dc5
log: annotate logging functions inlining
Some of these functions fail to compile when not inlined, so we should
be explicit.

Before deciding on this approach I tried various ways of making all
these functions #[inline(never)] to save instructions but I ran into
blockers:
- These functions currently return Result, which is a structure. This is
  not permitted in BPF.
- I tried inventing a newtype that is a #[repr(transparent)] wrapper of
  u16, and having these functions return that; however it seems that
  even if the object code is legal, the verifier will reject such
  functions because the BTF (if present, and it was in my local
  experiments) would indicate that the return is a structure.
- I tried having these functions return a plain u16 where 0 means error,
  but the verifier still rejected the BTF because the receiver (even if
  made into &self) is considered a structure, and forbidden.

We can eventually overcome these problems by "lying" in our BTF once
support for it matures in the bpf-linker repo (e.g. Option<NonZeroU16>
should be perfectly legal as it is guaranteed to be word-sized), but we
aren't there yet, and this is the safest thing we can do for now.
2 years ago
Dave Tucker 6d92119fbc integration-test: Add test for 2 progs in same section
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2 years ago
Dave Tucker c72aab5f7b aya-bpf-macros: Refactor for ease of testing
The aya-bpf-macros needed refactoring for:

1. Ease of testing
2. To be consistent with when we use K/V args vs. idents
3. To deprecate the use of `name` to change the exported name of a
   function - we now use the symbol table.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2 years ago
Dave Tucker bf7fdff1ce aya: Find programs using the symbol table
This makes a few changes to the way that Aya reads the ELF object
files.

1. To find programs in a section, we use the symbols table. This allows
   for cases where multiple programs could appear in the same section.
2. When parsing our ELF file we build symbols_by_section_index as an
   optimization as we use it for legacy maps, BTF maps and now programs.

As a result of theses changes the "NAME" used in `bpf.prog_mut("NAME")`
is now ALWAYS the same as the function name in the eBPF code, making the
user experience more consistent.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2 years ago
Tamir Duberstein 6fc09ca07a
integration-test: build-dep on integration-ebpf
Remove the manual dependency tracking machinery in
integration-test/build.rs in favor of a build-dependency on
integration-ebpf. This required adding an empty lib.rs to create the
library target.

This allows integration-test/build.rs to be ignorant of bpf-linker.
Remove that in favor of the logic now in integration-ebpf.
2 years ago
Andrew Stoycos fb075636c1
Add integration test for perf link pin
Add integration testing for link pinning and
loading/unloading of tracepoint, kprobe, and
uprobe programs.

Redo how we utilize bpftool to verify that programs
are loaded to be explicit with names. Also add a helper
to verify that a program is loaded AND linked.

Signed-off-by: Andrew Stoycos <astoycos@redhat.com>
2 years ago
Tamir Duberstein 8c61fc9ea6
integration-test: compile C probes using build.rs
- Add libbpf as a submodule. This prevents having to plumb its location
  around (which can't be passed to Cargo build scripts) and also
  controls the version against which codegen has run.
- Move bpf written in C to the integration-test crate and define
  constants for each probe.
- Remove magic; each C source file must be directly enumerated in the
  build script and in lib.rs.
2 years ago
Tamir Duberstein e621a09181
Clippy over tests and integration-ebpf
Replace all `assert!(matches!(..))` with `assert_matches!(..)`.

Remove the now-unused build-integration-test xtask command whose logic
doesn't match that of the build-and-run command.
2 years ago
Tamir Duberstein b8252f46d9
Skip BPF_F_XDP_HAS_FRAGS tests on unsupported kernels 2 years ago