The `bpf_printk!` macro is a helper providing a convenient way to invoke the
`bpf_trace_printk` and `bpf_trace_vprintk` BPF helpers. It is implemented as
a macro because it requires variadic arguments.
This commit allows for BTF maps in the .maps ELF section to be parsed.
It reads the necessary information from the BTF section of the ELF file.
While the btf_ids of Keys and Values types are stored, they are not (yet)
used.
When creating a BTF map, we pass the btf_key_type_id and
btf_value_type_id.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Change it from `[i8; 16]` to `[u8; 18]`. `i8` arrays cannot be easily used in
Rust for converting to string (i.e. with `core::str::from_utf8_unchecked`)
and developers have to convert them themselves with unsafe code.
Using u8 arrays lets developers to just convert it with
`core::str::from_utf8_unchecked` without any limitations.
Example:
https://github.com/vadorovsky/aya-examples/blob/main/clone/clone-ebpf/src/main.rs
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
Kernels before 5.11 don't use cgroup accounting, so they might reach the
RLIMIT_MEMLOCK when creating maps. After this change, we raise a warning
recommending to raise the RLIMIT_MEMLOCK.
This commit replaces the existing RTF test runner with a simple rust
binary package called - integration-test.
integration-test depends on integration-ebpf, which contains test eBPF
code written in Rust and C. `cargo xtask build-integration-test-ebpf`
can be used to build this code and supress rust-analyzer warnings. It
does require `bpf-linker`, but that is highly likely to be available to
developers of Aya. It also requires a checkout of `libbpf` to extract
headers like bpf-helpers.h.
Since everything is compiled into a single binary, it can be run
be run locally using `cargo xtask integration-test` or remotely using
`./run.sh` which re-uses the bash script from the old test framework
to spawn a VM in which to run the tests.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This change adds two new helpers:
* bpf_probe_read_user_str_bytes
* bpf_probe_read_kernel_str_bytes
Those new helpers are returning a bytes slice (`&[u8]`) with a length
equal to the length of probed, null-terminated string. When using those
helpers, users don't have to manually check for length and create such
slices themselves. They also make converting to `str` way more
convenient, for example:
```rust
let my_str = unsafe {
core::str::from_utf8_unchecked(
bpf_probe_read_user_str_bytes(user_ptr, &mut buf)?
)
};
```
This change also deprecates the old helpers, since their names are
confusing (they have nothing to do with Rust `str`) and using them
requires writing boilerplate code (for checking the length and making
eBPF verifier happy):
* bpf_probe_read_user_str
* bpf_probe_read_kernel_str
Tested on:
516b29af68
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
This allows for Extension programs already loaded to the kernel to be
attached to another program that is BTF-compatible with the one provided
at `load()` time
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This removes the ProgramFd trait with a struct that wraps a RawFd.
Program::fd() has been implemented as well as fd() for each Program
Type. This allows for a better API than requiring the use of the
ProgramFd trait.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
bpf_map_update_elem is used in lieu of bpf_map_push_elem to maintain support for kernel version < 4.20. The kernel expects a null pointer for the key for this use case. With this change, if you pass None as key to `bpf_map_update_elem`, it will pass null as key.
Publish user/kernel space docs seperately.
Add an index.html at the root for navigation.
Ensure that search engines don't index these pages.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
As it turns out, the verifier gets upset if you try to read the values
directly without using bpf_probe_read.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
Joel Höner
Michal Rostecki
Dave Tucker
Alessandro Decina
Johannes Edmeier
dependabot[bot]
Andrew Burkett
tirex
Davide Bertola