yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,029 Commits
4 Branches
39 Tags
24 MiB
Rust 99.7%
C 0.3%
 
 
Go to file
roblabla 91750c0ae3 Add support for kernel module split BTF 
The kernel splits kernel modules into dedicated BTF files, using "split
BTF mode". In split BTF mode, each split BTF may reference the "base
BTF" (AKA the vmlinux BTF), but may not reference each-other. The way
it works is fairly simple: you can combine a base BTF and split BTF
by concatenating their strings and types together, creating a working
merged BTF.

Where things get dicey is when merging a base BTF with multiple split
BTFs. Because every split BTF will start from the same offset, their
string offsets and type IDs will need to be "rebased" to a new location
when merging it into the output BTF.

This commit adds support for merging one base BTF and multiple split BTF
into a single merged BTF, allowing eBPFs to manipulate structs that come
from kernel modules. It also reworks Btf::from_sys_fs to make use of
this capacity.
.cargo ci: Include mips architecture in tests
.github Use nul bytes as delimiters
.vim Re-organize into a single workspace
.vscode feat: Refactor init into test-distro
assets readme: Add crabby, sync with aya/README.md
aya chore(aya): Use BPF_ADD from bindings
aya-build aya-build: Allow setting Rust nightly version
aya-ebpf-macros Add support for Flow Dissector programs
aya-log chore(*): set clippy unused_trait_names = warn
aya-log-common taplo: reorder-keys
aya-log-ebpf-macros taplo: reorder-keys
aya-log-parser taplo: reorder-keys
aya-obj Add support for kernel module split BTF
aya-tool chore(*): set clippy unused_trait_names = warn
ebpf Merge pull request from dave-tucker/unused_trait_names
ebpf-panic chore: Fix clippy panic_handler warnings
test xtask: Move libbpf header installation logic to a helper function
test-distro test-distro: build without cross toolchain
xtask test-distro: build without cross toolchain
.gitignore xtask: remove assumptions from docs command
.gitmodules xtask: move libbpf submodule
.markdownlint-cli2.yaml chore: Disable markdownlint for generated files
.mergify.yml chore: Disable mergify on dependabot PRs
.taplo.toml taplo: reorder-keys
CODE_OF_CONDUCT.md .github: Add markdownlint
CONTRIBUTING.md .github: Add markdownlint
Cargo.toml Revert "ci: download gen_init_cpio with authentication"
LICENSE-APACHE Add license files
LICENSE-MIT Add license files
README.md Update README.md
clippy.sh chore: Fix clippy panic_handler warnings
netlify.toml taplo: reorder-keys
release.toml taplo: reorder-keys
rustfmt.toml rustfmt: group_imports = "StdExternalCrate"

README.md

Aya

Crates.io License Build status Book Gurubase

API Documentation

Unreleased Documentation Documentaiton

Community

Discord Awesome

Join the conversation on Discord to discuss anything related to Aya or discover and contribute to a list of Awesome Aya projects.

Overview

eBPF is a technology that allows running user-supplied programs inside the Linux kernel. For more info see What is eBPF.

Aya is an eBPF library built with a focus on operability and developer experience. It does not rely on libbpf nor bcc - it's built from the ground up purely in Rust, using only the libc crate to execute syscalls. With BTF support and when linked with musl, it offers a true compile once, run everywhere solution, where a single self-contained binary can be deployed on many linux distributions and kernel versions.

Some of the major features provided include:

  • Support for the BPF Type Format (BTF), which is transparently enabled when supported by the target kernel. This allows eBPF programs compiled against one kernel version to run on different kernel versions without the need to recompile.
  • Support for function call relocation and global data maps, which allows eBPF programs to make function calls and use global variables and initializers.
  • Async support with both tokio and async-std.
  • Easy to deploy and fast to build: aya doesn't require a kernel build or compiled headers, and not even a C toolchain; a release build completes in a matter of seconds.

Example

Aya supports a large chunk of the eBPF API. The following example shows how to use a BPF_PROG_TYPE_CGROUP_SKB program with aya:

use std::fs::File;
use aya::Ebpf;
use aya::programs::{CgroupSkb, CgroupSkbAttachType, CgroupAttachMode};

// load the BPF code
let mut ebpf = Ebpf::load_file("ebpf.o")?;

// get the `ingress_filter` program compiled into `ebpf.o`.
let ingress: &mut CgroupSkb = ebpf.program_mut("ingress_filter")?.try_into()?;

// load the program into the kernel
ingress.load()?;

// attach the program to the root cgroup. `ingress_filter` will be called for all
// incoming packets.
let cgroup = File::open("/sys/fs/cgroup/unified")?;
ingress.attach(cgroup, CgroupSkbAttachType::Ingress, CgroupAttachMode::AllowOverride)?;

Contributing

Please see the contributing guide.

License

Aya is distributed under the terms of either the MIT license or the Apache License (version 2.0), at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.