Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support BPF Token #990

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Support BPF Token #990

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions aya-log/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ edition.workspace = true

[dependencies]
aya = { path = "../aya", version = "^0.12.0", features = ["async_tokio"] }
aya-obj = { path = "../aya-obj", version = "^0.1.0" }
aya-log-common = { path = "../aya-log-common", version = "^0.1.14", default-features = false }
bytes = { workspace = true }
log = { workspace = true }
Expand Down
8 changes: 5 additions & 3 deletions aya-log/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ use aya::{
use aya_log_common::{
Argument, DisplayHint, Level, LogValueLength, RecordField, LOG_BUF_CAPACITY, LOG_FIELDS,
};
use aya_obj::Features;
use bytes::BytesMut;
use log::{error, Log, Record};
use thiserror::Error;
Expand Down Expand Up @@ -123,8 +124,8 @@ impl EbpfLogger {
///
/// Attaches to the logs produced by `program_id`. Can be used to read logs generated by a
/// pinned program. The log records will be written to the default logger. See [log::logger].
pub fn init_from_id(program_id: u32) -> Result<EbpfLogger, Error> {
Self::init_from_id_with_logger(program_id, log::logger())
pub fn init_from_id(program_id: u32, features: Features) -> Result<EbpfLogger, Error> {
Self::init_from_id_with_logger(program_id, log::logger(), features)
}

/// Attaches to an existing `aya-log-ebpf` instance and logs with the given logger.
Expand All @@ -134,6 +135,7 @@ impl EbpfLogger {
pub fn init_from_id_with_logger<T: Log + 'static>(
program_id: u32,
logger: T,
features: Features,
) -> Result<EbpfLogger, Error> {
let program_info = loaded_programs()
.filter_map(|info| info.ok())
Expand All @@ -149,7 +151,7 @@ impl EbpfLogger {
None => false,
})
.ok_or(Error::MapNotFound)?;
let map = MapData::from_id(map.id()).map_err(Error::MapError)?;
let map = MapData::from_id(map.id(), features.clone()).map_err(Error::MapError)?;

Self::read_logs_async(Map::PerfEventArray(map), logger)?;

Expand Down
185 changes: 185 additions & 0 deletions aya-obj/src/attach.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
//! Link types for BPFFS Permissions

use crate::generated::bpf_attach_type;

/// The type of BPF link
#[derive(Copy, Clone, Debug)]
pub enum BpfAttachType {
/// Cgroup Inet Ingress
CgroupInetIngress,
/// Cgroup Inet Egress
CgroupInetEgress,
/// Cgroup Inet Sock Create
CgroupInetSockCreate,
/// Cgroup Sock Ops
CgroupSockOps,
/// Sk Skb Stream Parser
SkSkbStreamParser,
/// Sk Skb Stream Verdict
SkSkbStreamVerdict,
/// Cgroup Device
CgroupDevice,
/// Sk Msg Verdict
SkMsgVerdict,
/// Cgroup Inet4 Bind
CgroupInet4Bind,
/// Cgroup Inet6 Bind
CgroupInet6Bind,
/// Cgroup Inet4 Connect
CgroupInet4Connect,
/// Cgroup Inet6 Connect
CgroupInet6Connect,
/// Cgroup Inet4 Post Bind
CgroupInet4PostBind,
/// Cgroup Inet6 Post Bind
CgroupInet6PostBind,
/// Cgroup Udp4 Sendmsg
CgroupUdp4Sendmsg,
/// Cgroup Udp6 Sendmsg
CgroupUdp6Sendmsg,
/// Lirc Mode2
LircMode2,
/// Flow Dissector
FlowDissector,
/// Cgroup Sysctl
CgroupSysctl,
/// Cgroup Udp4 Recvmsg
CgroupUdp4Recvmsg,
/// Cgroup Udp6 Recvmsg
CgroupUdp6Recvmsg,
/// Cgroup Getsockopt
CgroupGetsockopt,
/// Cgroup Setsockopt
CgroupSetsockopt,
/// Trace Raw Tp
TraceRawTp,
/// Trace Fentry
TraceFentry,
/// Trace Fexit
TraceFexit,
/// Modify Return
ModifyReturn,
/// Lsm Mac
LsmMac,
/// Trace Iter
TraceIter,
/// Cgroup Inet4 Getpeername
CgroupInet4Getpeername,
/// Cgroup Inet6 Getpeername
CgroupInet6Getpeername,
/// Cgroup Inet4 Getsockname
CgroupInet4Getsockname,
/// Cgroup Inet6 Getsockname
CgroupInet6Getsockname,
/// Xdp Devmap
XdpDevmap,
/// Cgroup Inet Sock Release
CgroupInetSockRelease,
/// Xdp Cpumap
XdpCpumap,
/// Sk Lookup
SkLookup,
/// Xdp
Xdp,
/// Sk Skb Verdict
SkSkbVerdict,
/// Sk Reuseport Select
SkReuseportSelect,
/// Sk Reuseport Select Or Migrate
SkReuseportSelectOrMigrate,
/// Perf Event
PerfEvent,
/// Trace Kprobe Multi
TraceKprobeMulti,
/// Lsm Cgroup
LsmCgroup,
/// Struct Ops
StructOps,
/// Netfilter
Netfilter,
/// Tcx Ingress
TcxIngress,
/// Tcx Egress
TcxEgress,
/// Trace Uprobe Multi
TraceUprobeMulti,
/// Cgroup Unix Connect
CgroupUnixConnect,
/// Cgroup Unix Sendmsg
CgroupUnixSendmsg,
/// Cgroup Unix Recvmsg
CgroupUnixRecvmsg,
/// Cgroup Unix Getpeername
CgroupUnixGetpeername,
/// Cgroup Unix Getsockname
CgroupUnixGetsockname,
/// Netkit Primary
NetkitPrimary,
/// Netkit Peer
NetkitPeer,
}

impl From<BpfAttachType> for bpf_attach_type {
fn from(attach_type: BpfAttachType) -> Self {
match attach_type {
BpfAttachType::CgroupInetIngress => bpf_attach_type::BPF_CGROUP_INET_INGRESS,
BpfAttachType::CgroupInetEgress => bpf_attach_type::BPF_CGROUP_INET_EGRESS,
BpfAttachType::CgroupInetSockCreate => bpf_attach_type::BPF_CGROUP_INET_SOCK_CREATE,
BpfAttachType::CgroupSockOps => bpf_attach_type::BPF_CGROUP_SOCK_OPS,
BpfAttachType::SkSkbStreamParser => bpf_attach_type::BPF_SK_SKB_STREAM_PARSER,
BpfAttachType::SkSkbStreamVerdict => bpf_attach_type::BPF_SK_SKB_STREAM_VERDICT,
BpfAttachType::CgroupDevice => bpf_attach_type::BPF_CGROUP_DEVICE,
BpfAttachType::SkMsgVerdict => bpf_attach_type::BPF_SK_MSG_VERDICT,
BpfAttachType::CgroupInet4Bind => bpf_attach_type::BPF_CGROUP_INET4_BIND,
BpfAttachType::CgroupInet6Bind => bpf_attach_type::BPF_CGROUP_INET6_BIND,
BpfAttachType::CgroupInet4Connect => bpf_attach_type::BPF_CGROUP_INET4_CONNECT,
BpfAttachType::CgroupInet6Connect => bpf_attach_type::BPF_CGROUP_INET6_CONNECT,
BpfAttachType::CgroupInet4PostBind => bpf_attach_type::BPF_CGROUP_INET4_POST_BIND,
BpfAttachType::CgroupInet6PostBind => bpf_attach_type::BPF_CGROUP_INET6_POST_BIND,
BpfAttachType::CgroupUdp4Sendmsg => bpf_attach_type::BPF_CGROUP_UDP4_SENDMSG,
BpfAttachType::CgroupUdp6Sendmsg => bpf_attach_type::BPF_CGROUP_UDP6_SENDMSG,
BpfAttachType::LircMode2 => bpf_attach_type::BPF_LIRC_MODE2,
BpfAttachType::FlowDissector => bpf_attach_type::BPF_FLOW_DISSECTOR,
BpfAttachType::CgroupSysctl => bpf_attach_type::BPF_CGROUP_SYSCTL,
BpfAttachType::CgroupUdp4Recvmsg => bpf_attach_type::BPF_CGROUP_UDP4_RECVMSG,
BpfAttachType::CgroupUdp6Recvmsg => bpf_attach_type::BPF_CGROUP_UDP6_RECVMSG,
BpfAttachType::CgroupGetsockopt => bpf_attach_type::BPF_CGROUP_GETSOCKOPT,
BpfAttachType::CgroupSetsockopt => bpf_attach_type::BPF_CGROUP_SETSOCKOPT,
BpfAttachType::TraceRawTp => bpf_attach_type::BPF_TRACE_RAW_TP,
BpfAttachType::TraceFentry => bpf_attach_type::BPF_TRACE_FENTRY,
BpfAttachType::TraceFexit => bpf_attach_type::BPF_TRACE_FEXIT,
BpfAttachType::ModifyReturn => bpf_attach_type::BPF_MODIFY_RETURN,
BpfAttachType::LsmMac => bpf_attach_type::BPF_LSM_MAC,
BpfAttachType::TraceIter => bpf_attach_type::BPF_TRACE_ITER,
BpfAttachType::CgroupInet4Getpeername => bpf_attach_type::BPF_CGROUP_INET4_GETPEERNAME,
BpfAttachType::CgroupInet6Getpeername => bpf_attach_type::BPF_CGROUP_INET6_GETPEERNAME,
BpfAttachType::CgroupInet4Getsockname => bpf_attach_type::BPF_CGROUP_INET4_GETSOCKNAME,
BpfAttachType::CgroupInet6Getsockname => bpf_attach_type::BPF_CGROUP_INET6_GETSOCKNAME,
BpfAttachType::XdpDevmap => bpf_attach_type::BPF_XDP_DEVMAP,
BpfAttachType::CgroupInetSockRelease => bpf_attach_type::BPF_CGROUP_INET_SOCK_RELEASE,
BpfAttachType::XdpCpumap => bpf_attach_type::BPF_XDP_CPUMAP,
BpfAttachType::SkLookup => bpf_attach_type::BPF_SK_LOOKUP,
BpfAttachType::Xdp => bpf_attach_type::BPF_XDP,
BpfAttachType::SkSkbVerdict => bpf_attach_type::BPF_SK_SKB_VERDICT,
BpfAttachType::SkReuseportSelect => bpf_attach_type::BPF_SK_REUSEPORT_SELECT,
BpfAttachType::SkReuseportSelectOrMigrate => {
bpf_attach_type::BPF_SK_REUSEPORT_SELECT_OR_MIGRATE
}
BpfAttachType::PerfEvent => bpf_attach_type::BPF_PERF_EVENT,
BpfAttachType::TraceKprobeMulti => bpf_attach_type::BPF_TRACE_KPROBE_MULTI,
BpfAttachType::LsmCgroup => bpf_attach_type::BPF_LSM_CGROUP,
BpfAttachType::StructOps => bpf_attach_type::BPF_STRUCT_OPS,
BpfAttachType::Netfilter => bpf_attach_type::BPF_NETFILTER,
BpfAttachType::TcxIngress => bpf_attach_type::BPF_TCX_INGRESS,
BpfAttachType::TcxEgress => bpf_attach_type::BPF_TCX_EGRESS,
BpfAttachType::TraceUprobeMulti => bpf_attach_type::BPF_TRACE_UPROBE_MULTI,
BpfAttachType::CgroupUnixConnect => bpf_attach_type::BPF_CGROUP_UNIX_CONNECT,
BpfAttachType::CgroupUnixSendmsg => bpf_attach_type::BPF_CGROUP_UNIX_SENDMSG,
BpfAttachType::CgroupUnixRecvmsg => bpf_attach_type::BPF_CGROUP_UNIX_RECVMSG,
BpfAttachType::CgroupUnixGetpeername => bpf_attach_type::BPF_CGROUP_UNIX_GETPEERNAME,
BpfAttachType::CgroupUnixGetsockname => bpf_attach_type::BPF_CGROUP_UNIX_GETSOCKNAME,
BpfAttachType::NetkitPrimary => bpf_attach_type::BPF_NETKIT_PRIMARY,
BpfAttachType::NetkitPeer => bpf_attach_type::BPF_NETKIT_PEER,
}
}
}
2 changes: 1 addition & 1 deletion aya-obj/src/btf/btf.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ pub enum BtfError {
}

/// Available BTF features
#[derive(Default, Debug)]
#[derive(Default, Debug, Clone)]
#[allow(missing_docs)]
pub struct BtfFeatures {
btf_func: bool,
Expand Down
126 changes: 126 additions & 0 deletions aya-obj/src/cmd.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
//! Command types for BPFFS Permissions

use crate::generated::bpf_cmd;

/// The type of BPF link
#[derive(Copy, Clone, Debug)]
pub enum BpfCommand {
/// Map Create
MapCreate,
/// Map Lookup Element
MapLookupElem,
/// Map Update Element
MapUpdateElem,
/// Map Delete Element
MapDeleteElem,
/// Map Get Next Key
MapGetNextKey,
/// Program Load
ProgLoad,
/// Object Pin
ObjPin,
/// Object Get
ObjGet,
/// Program Attach
ProgAttach,
/// Program Detach
ProgDetach,
/// Program Test Run
ProgTestRun,
/// Program Get Next Id
ProgGetNextId,
/// Map Get Next Id
MapGetNextId,
/// Program Get FD By Id
ProgGetFdById,
/// Map Get FD By Id
MapGetFdById,
/// Object Get Info By FD
ObjGetInfoByFd,
/// Program Query
ProgQuery,
/// Raw Tracepoint Open
RawTracepointOpen,
/// BTF Load
BtfLoad,
/// BTF Get FD By Id
BtfGetFdById,
/// Task FD Query
TaskFdQuery,
/// Map Lookup And Delete Element
MapLookupAndDeleteElem,
/// Map Freeze
MapFreeze,
/// BTF Get Next Id
BtfGetNextId,
/// Map Lookup Batch
MapLookupBatch,
/// Map Lookup And Delete Batch
MapLookupAndDeleteBatch,
/// Map Update Batch
MapUpdateBatch,
/// Map Delete Batch
MapDeleteBatch,
/// Link Create
LinkCreate,
/// Link Update
LinkUpdate,
/// Link Get FD By Id
LinkGetFdById,
/// Link Get Next Id
LinkGetNextId,
/// Enable Stats
EnableStats,
/// Iter Create
IterCreate,
/// Link Detach
LinkDetach,
/// Program Bind Map
ProgBindMap,
/// Token Create
TokenCreate,
}

impl From<BpfCommand> for bpf_cmd {
fn from(value: BpfCommand) -> Self {
match value {
BpfCommand::MapCreate => bpf_cmd::BPF_MAP_CREATE,
BpfCommand::MapLookupElem => bpf_cmd::BPF_MAP_LOOKUP_ELEM,
BpfCommand::MapUpdateElem => bpf_cmd::BPF_MAP_UPDATE_ELEM,
BpfCommand::MapDeleteElem => bpf_cmd::BPF_MAP_DELETE_ELEM,
BpfCommand::MapGetNextKey => bpf_cmd::BPF_MAP_GET_NEXT_KEY,
BpfCommand::ProgLoad => bpf_cmd::BPF_PROG_LOAD,
BpfCommand::ObjPin => bpf_cmd::BPF_OBJ_PIN,
BpfCommand::ObjGet => bpf_cmd::BPF_OBJ_GET,
BpfCommand::ProgAttach => bpf_cmd::BPF_PROG_ATTACH,
BpfCommand::ProgDetach => bpf_cmd::BPF_PROG_DETACH,
BpfCommand::ProgTestRun => bpf_cmd::BPF_PROG_TEST_RUN,
BpfCommand::ProgGetNextId => bpf_cmd::BPF_PROG_GET_NEXT_ID,
BpfCommand::MapGetNextId => bpf_cmd::BPF_MAP_GET_NEXT_ID,
BpfCommand::ProgGetFdById => bpf_cmd::BPF_PROG_GET_FD_BY_ID,
BpfCommand::MapGetFdById => bpf_cmd::BPF_MAP_GET_FD_BY_ID,
BpfCommand::ObjGetInfoByFd => bpf_cmd::BPF_OBJ_GET_INFO_BY_FD,
BpfCommand::ProgQuery => bpf_cmd::BPF_PROG_QUERY,
BpfCommand::RawTracepointOpen => bpf_cmd::BPF_RAW_TRACEPOINT_OPEN,
BpfCommand::BtfLoad => bpf_cmd::BPF_BTF_LOAD,
BpfCommand::BtfGetFdById => bpf_cmd::BPF_BTF_GET_FD_BY_ID,
BpfCommand::TaskFdQuery => bpf_cmd::BPF_TASK_FD_QUERY,
BpfCommand::MapLookupAndDeleteElem => bpf_cmd::BPF_MAP_LOOKUP_AND_DELETE_ELEM,
BpfCommand::MapFreeze => bpf_cmd::BPF_MAP_FREEZE,
BpfCommand::BtfGetNextId => bpf_cmd::BPF_BTF_GET_NEXT_ID,
BpfCommand::MapLookupBatch => bpf_cmd::BPF_MAP_LOOKUP_BATCH,
BpfCommand::MapLookupAndDeleteBatch => bpf_cmd::BPF_MAP_LOOKUP_AND_DELETE_BATCH,
BpfCommand::MapUpdateBatch => bpf_cmd::BPF_MAP_UPDATE_BATCH,
BpfCommand::MapDeleteBatch => bpf_cmd::BPF_MAP_DELETE_BATCH,
BpfCommand::LinkCreate => bpf_cmd::BPF_LINK_CREATE,
BpfCommand::LinkUpdate => bpf_cmd::BPF_LINK_UPDATE,
BpfCommand::LinkGetFdById => bpf_cmd::BPF_LINK_GET_FD_BY_ID,
BpfCommand::LinkGetNextId => bpf_cmd::BPF_LINK_GET_NEXT_ID,
BpfCommand::EnableStats => bpf_cmd::BPF_ENABLE_STATS,
BpfCommand::IterCreate => bpf_cmd::BPF_ITER_CREATE,
BpfCommand::LinkDetach => bpf_cmd::BPF_LINK_DETACH,
BpfCommand::ProgBindMap => bpf_cmd::BPF_PROG_BIND_MAP,
BpfCommand::TokenCreate => bpf_cmd::BPF_TOKEN_CREATE,
}
}
}
3 changes: 3 additions & 0 deletions aya-obj/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,8 +85,11 @@ mod std {
}
}

pub mod attach;
pub mod btf;
pub mod cmd;
pub mod generated;
pub mod links;
pub mod maps;
pub mod obj;
pub mod programs;
Expand Down
Loading
Loading