From 0ab5fe6b3d7eeb6a27b147c9bd96cdd1e9d09a3b Mon Sep 17 00:00:00 2001 From: Zenna Allwein Date: Sat, 30 Sep 2023 17:10:57 -0500 Subject: [PATCH] [216] Add Support For Flow Dissector Programs --- aya-bpf-macros/src/flow_dissector.rs | 66 +++++++++++ aya-bpf-macros/src/lib.rs | 17 +++ .../src/generated/btf_internal_bindings.rs | 2 +- .../src/generated/linux_bindings_x86_64.rs | 107 +++++++++--------- aya-obj/src/obj.rs | 2 + aya/src/bpf.rs | 6 +- aya/src/programs/flow_dissector.rs | 103 +++++++++++++++++ aya/src/programs/mod.rs | 15 +++ bpf/aya-bpf/src/programs/flow_dissector.rs | 34 ++++++ bpf/aya-bpf/src/programs/mod.rs | 2 + 10 files changed, 300 insertions(+), 54 deletions(-) create mode 100644 aya-bpf-macros/src/flow_dissector.rs create mode 100644 aya/src/programs/flow_dissector.rs create mode 100644 bpf/aya-bpf/src/programs/flow_dissector.rs diff --git a/aya-bpf-macros/src/flow_dissector.rs b/aya-bpf-macros/src/flow_dissector.rs new file mode 100644 index 000000000..297435d9a --- /dev/null +++ b/aya-bpf-macros/src/flow_dissector.rs @@ -0,0 +1,66 @@ +use proc_macro2::TokenStream; +use proc_macro_error::abort; +use quote::quote; +use syn::{ItemFn, Result}; + +pub(crate) struct FlowDissector { + item: ItemFn, +} + +impl FlowDissector { + pub(crate) fn parse(attrs: TokenStream, item: TokenStream) -> Result { + if !attrs.is_empty() { + abort!(attrs, "unexpected attribute") + } + let item = syn::parse2(item)?; + Ok(FlowDissector { item }) + } + + pub(crate) fn expand(&self) -> Result { + let fn_name = self.item.sig.ident.clone(); + let fn_vis = &self.item.vis; + let item = &self.item; + Ok(quote! { + #[no_mangle] + #[link_section = "flow_dissector"] + #fn_vis fn #fn_name(ctx: *mut ::aya_bpf::bindings::__sk_buff) -> u32 { + return #fn_name(::aya_bpf::programs::FlowDissectorContext::new(ctx)); + + #item + } + }) + } +} + +#[cfg(test)] +mod tests { + use syn::parse_quote; + + use super::*; + + #[test] + fn test_flow_dissector() { + let prog = FlowDissector::parse( + parse_quote! {}, + parse_quote! { + fn prog(ctx: &mut ::aya_bpf::programs::FlowDissectorContext) -> u32 { + 0 + } + }, + ) + .unwrap(); + let expanded = prog.expand().unwrap(); + let expected = quote! { + #[no_mangle] + #[link_section = "flow_dissector"] + fn prog(ctx: *mut ::aya_bpf::bindings::__sk_buff) -> u32 { + return prog(::aya_bpf::programs::FlowDissectorContext::new(ctx)); + + fn prog(ctx: &mut ::aya_bpf::programs::FlowDissectorContext) -> u32 { + 0 + } + } + }; + assert_eq!(expected.to_string(), expanded.to_string()); + } +} diff --git a/aya-bpf-macros/src/lib.rs b/aya-bpf-macros/src/lib.rs index 4393ab95a..f9e0e09d2 100644 --- a/aya-bpf-macros/src/lib.rs +++ b/aya-bpf-macros/src/lib.rs @@ -8,6 +8,7 @@ mod cgroup_sockopt; mod cgroup_sysctl; mod fentry; mod fexit; +mod flow_dissector; mod kprobe; mod lsm; mod map; @@ -32,6 +33,7 @@ use cgroup_sockopt::CgroupSockopt; use cgroup_sysctl::CgroupSysctl; use fentry::FEntry; use fexit::FExit; +use flow_dissector::FlowDissector; use kprobe::{KProbe, KProbeKind}; use lsm::Lsm; use map::Map; @@ -605,6 +607,21 @@ pub fn fexit(attrs: TokenStream, item: TokenStream) -> TokenStream { } } +/// Marks a function as an eBPF Flow Dissector program that can be attached to +/// a network namespace. +/// +#[proc_macro_error] +#[proc_macro_attribute] +pub fn flow_dissector(attrs: TokenStream, item: TokenStream) -> TokenStream { + match FlowDissector::parse(attrs.into(), item.into()) { + Ok(prog) => prog + .expand() + .unwrap_or_else(|err| abort!(err.span(), "{}", err)) + .into(), + Err(err) => abort!(err.span(), "{}", err), + } +} + /// Marks a function as an eBPF Socket Lookup program that can be attached to /// a network namespace. /// diff --git a/aya-obj/src/generated/btf_internal_bindings.rs b/aya-obj/src/generated/btf_internal_bindings.rs index 4b254c028..6764cbf71 100644 --- a/aya-obj/src/generated/btf_internal_bindings.rs +++ b/aya-obj/src/generated/btf_internal_bindings.rs @@ -1,4 +1,4 @@ -/* automatically generated by rust-bindgen 0.65.1 */ +/* automatically generated by rust-bindgen 0.68.1 */ pub type __u8 = ::core::ffi::c_uchar; pub type __u16 = ::core::ffi::c_ushort; diff --git a/aya-obj/src/generated/linux_bindings_x86_64.rs b/aya-obj/src/generated/linux_bindings_x86_64.rs index 9bca533b6..5f81b49d2 100644 --- a/aya-obj/src/generated/linux_bindings_x86_64.rs +++ b/aya-obj/src/generated/linux_bindings_x86_64.rs @@ -1,4 +1,4 @@ -/* automatically generated by rust-bindgen 0.65.1 */ +/* automatically generated by rust-bindgen 0.68.1 */ #[repr(C)] #[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] @@ -110,6 +110,8 @@ impl ::core::fmt::Debug for __IncompleteArrayField { fmt.write_str("__IncompleteArrayField") } } +pub const SO_ATTACH_BPF: u32 = 50; +pub const SO_DETACH_BPF: u32 = 27; pub const BPF_LD: u32 = 0; pub const BPF_LDX: u32 = 1; pub const BPF_ST: u32 = 2; @@ -148,12 +150,6 @@ pub const BPF_F_TEST_XDP_LIVE_FRAMES: u32 = 2; pub const BTF_INT_SIGNED: u32 = 1; pub const BTF_INT_CHAR: u32 = 2; pub const BTF_INT_BOOL: u32 = 4; -pub const PERF_MAX_STACK_DEPTH: u32 = 127; -pub const PERF_MAX_CONTEXTS_PER_STACK: u32 = 8; -pub const PERF_FLAG_FD_NO_GROUP: u32 = 1; -pub const PERF_FLAG_FD_OUTPUT: u32 = 2; -pub const PERF_FLAG_PID_CGROUP: u32 = 4; -pub const PERF_FLAG_FD_CLOEXEC: u32 = 8; pub const NLMSG_ALIGNTO: u32 = 4; pub const XDP_FLAGS_UPDATE_IF_NOEXIST: u32 = 1; pub const XDP_FLAGS_SKB_MODE: u32 = 2; @@ -162,8 +158,12 @@ pub const XDP_FLAGS_HW_MODE: u32 = 8; pub const XDP_FLAGS_REPLACE: u32 = 16; pub const XDP_FLAGS_MODES: u32 = 14; pub const XDP_FLAGS_MASK: u32 = 31; -pub const SO_ATTACH_BPF: u32 = 50; -pub const SO_DETACH_BPF: u32 = 27; +pub const PERF_MAX_STACK_DEPTH: u32 = 127; +pub const PERF_MAX_CONTEXTS_PER_STACK: u32 = 8; +pub const PERF_FLAG_FD_NO_GROUP: u32 = 1; +pub const PERF_FLAG_FD_OUTPUT: u32 = 2; +pub const PERF_FLAG_PID_CGROUP: u32 = 4; +pub const PERF_FLAG_FD_CLOEXEC: u32 = 8; pub const TC_H_MAJ_MASK: u32 = 4294901760; pub const TC_H_MIN_MASK: u32 = 65535; pub const TC_H_UNSPEC: u32 = 0; @@ -402,7 +402,8 @@ pub enum bpf_attach_type { BPF_TRACE_KPROBE_MULTI = 42, BPF_LSM_CGROUP = 43, BPF_STRUCT_OPS = 44, - __MAX_BPF_ATTACH_TYPE = 45, + BPF_NETFILTER = 45, + __MAX_BPF_ATTACH_TYPE = 46, } #[repr(u32)] #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] @@ -1150,6 +1151,17 @@ pub struct btf_var_secinfo { pub struct btf_decl_tag { pub component_idx: __s32, } +pub const IFLA_XDP_UNSPEC: _bindgen_ty_84 = 0; +pub const IFLA_XDP_FD: _bindgen_ty_84 = 1; +pub const IFLA_XDP_ATTACHED: _bindgen_ty_84 = 2; +pub const IFLA_XDP_FLAGS: _bindgen_ty_84 = 3; +pub const IFLA_XDP_PROG_ID: _bindgen_ty_84 = 4; +pub const IFLA_XDP_DRV_PROG_ID: _bindgen_ty_84 = 5; +pub const IFLA_XDP_SKB_PROG_ID: _bindgen_ty_84 = 6; +pub const IFLA_XDP_HW_PROG_ID: _bindgen_ty_84 = 7; +pub const IFLA_XDP_EXPECTED_FD: _bindgen_ty_84 = 8; +pub const __IFLA_XDP_MAX: _bindgen_ty_84 = 9; +pub type _bindgen_ty_84 = ::core::ffi::c_uint; #[repr(u32)] #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] pub enum perf_type_id { @@ -2121,17 +2133,20 @@ pub enum perf_event_type { PERF_RECORD_AUX_OUTPUT_HW_ID = 21, PERF_RECORD_MAX = 22, } -pub const IFLA_XDP_UNSPEC: _bindgen_ty_90 = 0; -pub const IFLA_XDP_FD: _bindgen_ty_90 = 1; -pub const IFLA_XDP_ATTACHED: _bindgen_ty_90 = 2; -pub const IFLA_XDP_FLAGS: _bindgen_ty_90 = 3; -pub const IFLA_XDP_PROG_ID: _bindgen_ty_90 = 4; -pub const IFLA_XDP_DRV_PROG_ID: _bindgen_ty_90 = 5; -pub const IFLA_XDP_SKB_PROG_ID: _bindgen_ty_90 = 6; -pub const IFLA_XDP_HW_PROG_ID: _bindgen_ty_90 = 7; -pub const IFLA_XDP_EXPECTED_FD: _bindgen_ty_90 = 8; -pub const __IFLA_XDP_MAX: _bindgen_ty_90 = 9; -pub type _bindgen_ty_90 = ::core::ffi::c_uint; +pub const TCA_BPF_UNSPEC: _bindgen_ty_148 = 0; +pub const TCA_BPF_ACT: _bindgen_ty_148 = 1; +pub const TCA_BPF_POLICE: _bindgen_ty_148 = 2; +pub const TCA_BPF_CLASSID: _bindgen_ty_148 = 3; +pub const TCA_BPF_OPS_LEN: _bindgen_ty_148 = 4; +pub const TCA_BPF_OPS: _bindgen_ty_148 = 5; +pub const TCA_BPF_FD: _bindgen_ty_148 = 6; +pub const TCA_BPF_NAME: _bindgen_ty_148 = 7; +pub const TCA_BPF_FLAGS: _bindgen_ty_148 = 8; +pub const TCA_BPF_FLAGS_GEN: _bindgen_ty_148 = 9; +pub const TCA_BPF_TAG: _bindgen_ty_148 = 10; +pub const TCA_BPF_ID: _bindgen_ty_148 = 11; +pub const __TCA_BPF_MAX: _bindgen_ty_148 = 12; +pub type _bindgen_ty_148 = ::core::ffi::c_uint; #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct ifinfomsg { @@ -2153,37 +2168,25 @@ pub struct tcmsg { pub tcm_parent: __u32, pub tcm_info: __u32, } -pub const TCA_UNSPEC: _bindgen_ty_103 = 0; -pub const TCA_KIND: _bindgen_ty_103 = 1; -pub const TCA_OPTIONS: _bindgen_ty_103 = 2; -pub const TCA_STATS: _bindgen_ty_103 = 3; -pub const TCA_XSTATS: _bindgen_ty_103 = 4; -pub const TCA_RATE: _bindgen_ty_103 = 5; -pub const TCA_FCNT: _bindgen_ty_103 = 6; -pub const TCA_STATS2: _bindgen_ty_103 = 7; -pub const TCA_STAB: _bindgen_ty_103 = 8; -pub const TCA_PAD: _bindgen_ty_103 = 9; -pub const TCA_DUMP_INVISIBLE: _bindgen_ty_103 = 10; -pub const TCA_CHAIN: _bindgen_ty_103 = 11; -pub const TCA_HW_OFFLOAD: _bindgen_ty_103 = 12; -pub const TCA_INGRESS_BLOCK: _bindgen_ty_103 = 13; -pub const TCA_EGRESS_BLOCK: _bindgen_ty_103 = 14; -pub const __TCA_MAX: _bindgen_ty_103 = 15; -pub type _bindgen_ty_103 = ::core::ffi::c_uint; -pub const TCA_BPF_UNSPEC: _bindgen_ty_159 = 0; -pub const TCA_BPF_ACT: _bindgen_ty_159 = 1; -pub const TCA_BPF_POLICE: _bindgen_ty_159 = 2; -pub const TCA_BPF_CLASSID: _bindgen_ty_159 = 3; -pub const TCA_BPF_OPS_LEN: _bindgen_ty_159 = 4; -pub const TCA_BPF_OPS: _bindgen_ty_159 = 5; -pub const TCA_BPF_FD: _bindgen_ty_159 = 6; -pub const TCA_BPF_NAME: _bindgen_ty_159 = 7; -pub const TCA_BPF_FLAGS: _bindgen_ty_159 = 8; -pub const TCA_BPF_FLAGS_GEN: _bindgen_ty_159 = 9; -pub const TCA_BPF_TAG: _bindgen_ty_159 = 10; -pub const TCA_BPF_ID: _bindgen_ty_159 = 11; -pub const __TCA_BPF_MAX: _bindgen_ty_159 = 12; -pub type _bindgen_ty_159 = ::core::ffi::c_uint; +pub const TCA_UNSPEC: _bindgen_ty_168 = 0; +pub const TCA_KIND: _bindgen_ty_168 = 1; +pub const TCA_OPTIONS: _bindgen_ty_168 = 2; +pub const TCA_STATS: _bindgen_ty_168 = 3; +pub const TCA_XSTATS: _bindgen_ty_168 = 4; +pub const TCA_RATE: _bindgen_ty_168 = 5; +pub const TCA_FCNT: _bindgen_ty_168 = 6; +pub const TCA_STATS2: _bindgen_ty_168 = 7; +pub const TCA_STAB: _bindgen_ty_168 = 8; +pub const TCA_PAD: _bindgen_ty_168 = 9; +pub const TCA_DUMP_INVISIBLE: _bindgen_ty_168 = 10; +pub const TCA_CHAIN: _bindgen_ty_168 = 11; +pub const TCA_HW_OFFLOAD: _bindgen_ty_168 = 12; +pub const TCA_INGRESS_BLOCK: _bindgen_ty_168 = 13; +pub const TCA_EGRESS_BLOCK: _bindgen_ty_168 = 14; +pub const TCA_DUMP_FLAGS: _bindgen_ty_168 = 15; +pub const TCA_EXT_WARN_MSG: _bindgen_ty_168 = 16; +pub const __TCA_MAX: _bindgen_ty_168 = 17; +pub type _bindgen_ty_168 = ::core::ffi::c_uint; pub const AYA_PERF_EVENT_IOC_ENABLE: ::core::ffi::c_int = 9216; pub const AYA_PERF_EVENT_IOC_DISABLE: ::core::ffi::c_int = 9217; pub const AYA_PERF_EVENT_IOC_SET_BPF: ::core::ffi::c_int = 1074013192; diff --git a/aya-obj/src/obj.rs b/aya-obj/src/obj.rs index 1776b3ca7..c296dcea6 100644 --- a/aya-obj/src/obj.rs +++ b/aya-obj/src/obj.rs @@ -264,6 +264,7 @@ pub enum ProgramSection { FExit { sleepable: bool, }, + FlowDissector, Extension, SkLookup, CgroupSock { @@ -419,6 +420,7 @@ impl FromStr for ProgramSection { "fentry.s" => FEntry { sleepable: true }, "fexit" => FExit { sleepable: false }, "fexit.s" => FExit { sleepable: true }, + "flow_dissector" => FlowDissector, "freplace" => Extension, "sk_lookup" => SkLookup, _ => { diff --git a/aya/src/bpf.rs b/aya/src/bpf.rs index 2272bc524..cb6852b37 100644 --- a/aya/src/bpf.rs +++ b/aya/src/bpf.rs @@ -31,7 +31,7 @@ use crate::{ }, programs::{ BtfTracePoint, CgroupDevice, CgroupSkb, CgroupSkbAttachType, CgroupSock, CgroupSockAddr, - CgroupSockopt, CgroupSysctl, Extension, FEntry, FExit, KProbe, LircMode2, Lsm, PerfEvent, + CgroupSockopt, CgroupSysctl, Extension, FEntry, FExit, FlowDissector, KProbe, LircMode2, Lsm, PerfEvent, ProbeKind, Program, ProgramData, ProgramError, RawTracePoint, SchedClassifier, SkLookup, SkMsg, SkSkb, SkSkbKind, SockOps, SocketFilter, TracePoint, UProbe, Xdp, }, @@ -434,6 +434,7 @@ impl<'a> BpfLoader<'a> { | ProgramSection::PerfEvent | ProgramSection::RawTracePoint | ProgramSection::SkLookup + | ProgramSection::FlowDissector | ProgramSection::CgroupSock { attach_type: _ } | ProgramSection::CgroupDevice => {} } @@ -666,6 +667,9 @@ impl<'a> BpfLoader<'a> { } Program::FExit(FExit { data }) } + ProgramSection::FlowDissector => Program::FlowDissector(FlowDissector { + data: ProgramData::new(prog_name, obj, btf_fd, *verifier_log_level) + }), ProgramSection::Extension => Program::Extension(Extension { data: ProgramData::new(prog_name, obj, btf_fd, *verifier_log_level), }), diff --git a/aya/src/programs/flow_dissector.rs b/aya/src/programs/flow_dissector.rs new file mode 100644 index 000000000..0123c659d --- /dev/null +++ b/aya/src/programs/flow_dissector.rs @@ -0,0 +1,103 @@ +//! Flow dissector programs. + +use std::os::fd::AsFd; + +use crate::{ + generated::{bpf_attach_type::BPF_FLOW_DISSECTOR, bpf_prog_type::BPF_PROG_TYPE_FLOW_DISSECTOR}, + programs::{ + define_link_wrapper, load_program, FdLink, FdLinkId, + ProgramData, ProgramError, + }, + sys::{bpf_link_create, LinkTarget, SyscallError}, +}; + +/// A program that can be attached as a Flow Dissector routine +/// +/// ['FlowDissector'] programs operate on an __sk_buff. +/// However, only the limited set of fields is allowed: data, data_end and flow_keys. +/// flow_keys is struct bpf_flow_keys and contains flow dissector input and output arguments. +/// +/// # Minimum kernel version +/// +/// The minimum kernel version required to use this feature is 4.2. +/// +/// # Examples +/// +/// ```no_run +/// # #[derive(Debug, thiserror::Error)] +/// # enum Error { +/// # #[error(transparent)] +/// # IO(#[from] std::io::Error), +/// # #[error(transparent)] +/// # Map(#[from] aya::maps::MapError), +/// # #[error(transparent)] +/// # Program(#[from] aya::programs::ProgramError), +/// # #[error(transparent)] +/// # Bpf(#[from] aya::BpfError) +/// # } +/// # let mut bpf = Bpf::load_file("ebpf_programs.o")?; +/// use aya::{Bpf, programs::FlowDissector}; +/// use std::fs::File; +/// +/// let program: &mut FlowDissector = bpf.program_mut("filename_lookup").unwrap().try_into()?; +/// program.load()?; +/// +/// let net_ns = File::open("/proc/self/ns/net")?; +/// program.attach(net_ns)?; +/// # Ok::<(), Error>(()) +/// ``` +#[derive(Debug)] +#[doc(alias = "BPF_PROG_TYPE_FLOW_DISSECTOR")] +pub struct FlowDissector { + pub(crate) data: ProgramData, +} + +impl FlowDissector { + /// Loads the program inside the kernel. + pub fn load(&mut self) -> Result<(), ProgramError> { + self.data.expected_attach_type = Some(BPF_FLOW_DISSECTOR); + load_program(BPF_PROG_TYPE_FLOW_DISSECTOR, &mut self.data) + } + + /// Attaches the program to the given network namespace. + /// + /// The returned value can be used to detach, see [FlowDissector::detach]. + pub fn attach(&mut self, netns: T) -> Result { + let prog_fd = self.fd()?; + let prog_fd = prog_fd.as_fd(); + let netns_fd = netns.as_fd(); + + let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(netns_fd), BPF_FLOW_DISSECTOR, None, 0) + .map_err(|(_, io_error)| SyscallError { + call: "bpf_link_create", + io_error, + })?; + self.data + .links + .insert(FlowDissectorLink::new(FdLink::new(link_fd))) + } + + /// Detaches the program. + /// + /// See [FlowDissector::attach]. + pub fn detach(&mut self, link_id: FlowDissectorLinkId) -> Result<(), ProgramError> { + self.data.links.remove(link_id) + } + + /// Takes ownership of the link referenced by the provided link_id. + /// + /// The link will be detached on `Drop` and the caller is now responsible + /// for managing its lifetime. + pub fn take_link(&mut self, link_id: FlowDissectorLinkId) -> Result { + self.data.take_link(link_id) + } +} + +define_link_wrapper!( + /// The link used by [FlowDissector] programs. + FlowDissectorLink, + /// The type returned by [FlowDissector::attach]. Can be passed to [FlowDissector::detach]. + FlowDissectorLinkId, + FdLink, + FdLinkId +); diff --git a/aya/src/programs/mod.rs b/aya/src/programs/mod.rs index 64da0fdff..6e606eb7a 100644 --- a/aya/src/programs/mod.rs +++ b/aya/src/programs/mod.rs @@ -44,6 +44,7 @@ pub mod cgroup_sysctl; pub mod extension; pub mod fentry; pub mod fexit; +pub mod flow_dissector; pub mod kprobe; pub mod links; pub mod lirc_mode2; @@ -83,6 +84,7 @@ pub use cgroup_sysctl::CgroupSysctl; pub use extension::{Extension, ExtensionError}; pub use fentry::FEntry; pub use fexit::FExit; +pub use flow_dissector::FlowDissector; pub use kprobe::{KProbe, KProbeError}; use libc::ENOSPC; pub use links::Link; @@ -276,6 +278,8 @@ pub enum Program { FEntry(FEntry), /// A [`FExit`] program FExit(FExit), + /// A [`FlowDissector`] program + FlowDissector(FlowDissector), /// A [`Extension`] program Extension(Extension), /// A [`SkLookup`] program @@ -310,6 +314,7 @@ impl Program { Self::BtfTracePoint(_) => BPF_PROG_TYPE_TRACING, Self::FEntry(_) => BPF_PROG_TYPE_TRACING, Self::FExit(_) => BPF_PROG_TYPE_TRACING, + Self::FlowDissector(_) => BPF_PROG_TYPE_FLOW_DISSECTOR, Self::Extension(_) => BPF_PROG_TYPE_EXT, Self::CgroupSockAddr(_) => BPF_PROG_TYPE_CGROUP_SOCK_ADDR, Self::SkLookup(_) => BPF_PROG_TYPE_SK_LOOKUP, @@ -340,6 +345,7 @@ impl Program { Self::BtfTracePoint(p) => p.pin(path), Self::FEntry(p) => p.pin(path), Self::FExit(p) => p.pin(path), + Self::FlowDissector(p) => p.pin(path), Self::Extension(p) => p.pin(path), Self::CgroupSockAddr(p) => p.pin(path), Self::SkLookup(p) => p.pin(path), @@ -370,6 +376,7 @@ impl Program { Self::BtfTracePoint(mut p) => p.unload(), Self::FEntry(mut p) => p.unload(), Self::FExit(mut p) => p.unload(), + Self::FlowDissector(mut p) => p.unload(), Self::Extension(mut p) => p.unload(), Self::CgroupSockAddr(mut p) => p.unload(), Self::SkLookup(mut p) => p.unload(), @@ -402,6 +409,7 @@ impl Program { Self::BtfTracePoint(p) => p.fd(), Self::FEntry(p) => p.fd(), Self::FExit(p) => p.fd(), + Self::FlowDissector(p) => p.fd(), Self::Extension(p) => p.fd(), Self::CgroupSockAddr(p) => p.fd(), Self::SkLookup(p) => p.fd(), @@ -435,6 +443,7 @@ impl Program { Self::BtfTracePoint(p) => p.info(), Self::FEntry(p) => p.info(), Self::FExit(p) => p.info(), + Self::FlowDissector(p) => p.info(), Self::Extension(p) => p.info(), Self::CgroupSockAddr(p) => p.info(), Self::SkLookup(p) => p.info(), @@ -748,6 +757,7 @@ impl_program_unload!( BtfTracePoint, FEntry, FExit, + FlowDissector, Extension, CgroupSockAddr, SkLookup, @@ -788,6 +798,7 @@ impl_fd!( BtfTracePoint, FEntry, FExit, + FlowDissector, Extension, CgroupSockAddr, SkLookup, @@ -842,6 +853,7 @@ impl_program_pin!( BtfTracePoint, FEntry, FExit, + FlowDissector, Extension, CgroupSockAddr, SkLookup, @@ -882,6 +894,7 @@ impl_from_pin!( BtfTracePoint, FEntry, FExit, + FlowDissector, Extension, SkLookup, SockOps, @@ -936,6 +949,7 @@ impl_try_from_program!( BtfTracePoint, FEntry, FExit, + FlowDissector, Extension, CgroupSockAddr, SkLookup, @@ -982,6 +996,7 @@ impl_info!( BtfTracePoint, FEntry, FExit, + FlowDissector, Extension, CgroupSockAddr, SkLookup, diff --git a/bpf/aya-bpf/src/programs/flow_dissector.rs b/bpf/aya-bpf/src/programs/flow_dissector.rs new file mode 100644 index 000000000..6df1b050e --- /dev/null +++ b/bpf/aya-bpf/src/programs/flow_dissector.rs @@ -0,0 +1,34 @@ +use aya_bpf_cty::c_void; + +use crate::{bindings::{__sk_buff}, BpfContext}; + +pub struct FlowDissectorContext { + skb: *mut __sk_buff, +} + +impl FlowDissectorContext { + pub fn new(skb: *mut __sk_buff) -> FlowDissectorContext{ + FlowDissectorContext { skb } + } + + #[inline] + pub fn data(&self) -> usize { + unsafe { (*self.skb).data as usize } + } + + #[inline] + pub fn data_end(&self) -> usize { + unsafe { (*self.skb).data_end as usize } + } + + #[inline] + pub fn flow_keys(&self) -> usize { + unsafe { (*self.skb).__bindgen_anon_1.flow_keys as usize} + } +} + +impl BpfContext for FlowDissectorContext { + fn as_ptr(&self) -> *mut c_void { + self.skb as *mut _ + } +} diff --git a/bpf/aya-bpf/src/programs/mod.rs b/bpf/aya-bpf/src/programs/mod.rs index 498b0d1c7..ddfdd9b03 100644 --- a/bpf/aya-bpf/src/programs/mod.rs +++ b/bpf/aya-bpf/src/programs/mod.rs @@ -1,6 +1,7 @@ pub mod device; pub mod fentry; pub mod fexit; +pub mod flow_dissector; pub mod lsm; pub mod perf_event; pub mod probe; @@ -21,6 +22,7 @@ pub mod xdp; pub use device::DeviceContext; pub use fentry::FEntryContext; pub use fexit::FExitContext; +pub use flow_dissector::FlowDissectorContext; pub use lsm::LsmContext; pub use perf_event::PerfEventContext; pub use probe::ProbeContext;