This change exposes the BPF helper bpf_socket_get_uid as a public method
of SkBuffContext, which allows to get the owner UID of the socket
associated to the sk_buff stored in the context.
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
`BPF_PROG_TYPE_SOCKET_FILTER` program expands the sectionname's kind with `socket` not `socket_filter`.
So current eBPF program with socket filter always fails.
This patch fixes it.
Fix https://github.com/aya-rs/aya/issues/227
fa037a88e2 allowed for cgroup skb programs
that did not specify an attach direction to use the cgroup/skb section
name per the convention established in libbpf. It did not add the
necessary code to load programs from those sections which is added in
this commit
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This allows for C code to be compiled and used in tests!
It does require libbpf on the host machine though...
Also moved removal of the `user` and `ebpf` dirs created by rust-script
into `lib.sh` and parameterized bits of the XDP smoke test for ease of
copying
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This uses a mix of rust-script, bash, qemu and a test runner called RTF
to add a regression test suite... and wires it into GitHub Actions
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Handle relocations against .text symbols in all instructions not just
calls. Makes it so that let x = &some_function triggers linking of
some_function in the current program and handles the resulting
relocation accordingly.
Among other things, enables the use of bpf_for_each_map_elem.
This replaces the / character with a . which is allowed in the kernel
names. Not allowing a forward slash is perhaps a kernel bug, but lets
fix it up here as it's commonly used for Aya
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Aya will now perform sanitzation and fixups in a single phase, requiring
only one pass over the BTF. This modifies the parsed BTF in place.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Currently errors can occur if the verifier output is > buffer as we get
ENOMEM. We should only provide a log_buf if initial load failed, then
retry up to 10 times to get full verifier output.
To DRY this logic it has been moved to a function so its shared with
program loading
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
one verifier loop to rule them all
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
If an argument has a type, it must also have a name, see btf_func_check
in the kernel.
Given:
SEC("lsm/syslog")
int BPF_PROG(syslog_audit, int type, int ret_prev)
{
return 0;
}
Fixes:
error: BTF error: the BPF_BTF_LOAD syscall failed. Verifier output: magic: 0xeb9f
version: 1
flags: 0x0
hdr_len: 24
type_off: 0
type_len: 76
str_off: 76
str_len: 128
btf_total_size: 228
[1] FUNC_PROTO (anon) return=2 args=(3 (anon))
[2] INT int size=4 bits_offset=0 nr_bits=32 encoding=SIGNED
[3] PTR (anon) type_id=4
[4] INT long long unsigned int size=8 bits_offset=0 nr_bits=64 encoding=(none)
[5] FUNC syslog_audit type_id=1
[5] FUNC syslog_audit type_id=1 Invalid arg#1
: Invalid argument (os error 22)