aya/aya-log
Michal Rostecki 628b473e09 ebpf: Ensure the bounds of log buffer
eBPF verifier rejects programs which are not checking the bounds of the
log buffer before writing any arguments. This change ensures that
written log arguments.

In practice, it means that doing this kind of checks is not going to be
needed in eBPF program code anymore:

33a1aee2ea/echo-ebpf/src/main.rs (L47)

Tested on:

876f8b4551

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
..
.cargo git add .cargo and xtask
aya-log aya-log, aya-log-common: start next development iteration 0.1.10-dev.0
aya-log-common common: Bump the buffer size
ebpf ebpf: Ensure the bounds of log buffer
xtask xtask: do not release
.gitignore Initial commit
Cargo.toml Initial commit
README.md Simplify BpfLogger::init
release.toml Add cargo-release config

README.md

aya-log - a logging library for eBPF programs

Overview

aya-log is a logging library for eBPF programs written using aya. Think of it as the log crate for eBPF.

Installation

User space

Add aya-log to Cargo.toml:

[dependencies]
aya-log = { git = "https://github.com/aya-rs/aya-log", branch = "main" }

eBPF side

Add aya-log-ebpf to Cargo.toml:

[dependencies]
aya-log-ebpf = { git = "https://github.com/aya-rs/aya-log", branch = "main" }

Example

Here's an example that uses aya-log in conjunction with the simplelog crate to log eBPF messages to the terminal.

User space code

use simplelog::{ColorChoice, ConfigBuilder, LevelFilter, TermLogger, TerminalMode};
use aya_log::BpfLogger;

TermLogger::init(
    LevelFilter::Debug,
    ConfigBuilder::new()
        .set_target_level(LevelFilter::Error)
        .set_location_level(LevelFilter::Error)
        .build(),
    TerminalMode::Mixed,
    ColorChoice::Auto,
)
.unwrap();

// Will log using the default logger, which is TermLogger in this case
BpfLogger::init(&mut bpf).unwrap();

eBPF code

use aya_log_ebpf::info;

fn try_xdp_firewall(ctx: XdpContext) -> Result<u32, ()> {
    if let Some(port) = tcp_dest_port(&ctx)? {
        if block_port(port) {
            info!(&ctx, "❌ blocked incoming connection on port: {}", port);
            return Ok(XDP_DROP);
        }
    }

    Ok(XDP_PASS)
}