Initial commit
Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>
This commit is contained in:
commit
f3ee525588
2
.cargo/config.toml
Normal file
2
.cargo/config.toml
Normal file
@ -0,0 +1,2 @@
|
||||
[alias]
|
||||
xtask = "run --package xtask --"
|
13
.gitignore
vendored
Normal file
13
.gitignore
vendored
Normal file
@ -0,0 +1,13 @@
|
||||
### https://raw.github.com/github/gitignore/master/Rust.gitignore
|
||||
|
||||
# Generated by Cargo
|
||||
# will have compiled files and executables
|
||||
debug/
|
||||
target/
|
||||
|
||||
# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
|
||||
# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
|
||||
Cargo.lock
|
||||
|
||||
# These are backup files generated by rustfmt
|
||||
**/*.rs.bk
|
3
.vim/coc-settings.json
Normal file
3
.vim/coc-settings.json
Normal file
@ -0,0 +1,3 @@
|
||||
{
|
||||
"rust-analyzer.linkedProjects": ["Cargo.toml", "aya-playground-ebpf/Cargo.toml"]
|
||||
}
|
3
.vscode/settings.json
vendored
Normal file
3
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
{
|
||||
"rust-analyzer.linkedProjects": ["Cargo.toml", "aya-playground-ebpf/Cargo.toml"]
|
||||
}
|
2
Cargo.toml
Normal file
2
Cargo.toml
Normal file
@ -0,0 +1,2 @@
|
||||
[workspace]
|
||||
members = ["xtask", "aya-playground", "aya-playground-common"]
|
31
README.md
Normal file
31
README.md
Normal file
@ -0,0 +1,31 @@
|
||||
# aya-playground
|
||||
|
||||
## Prerequisites
|
||||
|
||||
1. Install bpf-linker: `cargo install bpf-linker`
|
||||
|
||||
## Build eBPF
|
||||
|
||||
```bash
|
||||
cargo xtask build-ebpf
|
||||
```
|
||||
|
||||
To perform a release build you can use the `--release` flag.
|
||||
You may also change the target architecture with the `--target` flag.
|
||||
|
||||
## Build Userspace
|
||||
|
||||
```bash
|
||||
cargo build
|
||||
```
|
||||
|
||||
## Run
|
||||
|
||||
```bash
|
||||
RUST_LOG=info cargo xtask run
|
||||
```
|
||||
# Full Execution
|
||||
```bash
|
||||
cargo xtask build-ebpf
|
||||
RUST_LOG=info cargo xtask run -- --iface wlp2s0
|
||||
```
|
28
README.md~
Normal file
28
README.md~
Normal file
@ -0,0 +1,28 @@
|
||||
# aya-playground
|
||||
|
||||
## Prerequisites
|
||||
|
||||
1. Install bpf-linker: `cargo install bpf-linker`
|
||||
|
||||
## Build eBPF
|
||||
|
||||
```bash
|
||||
cargo xtask build-ebpf
|
||||
```
|
||||
|
||||
To perform a release build you can use the `--release` flag.
|
||||
You may also change the target architecture with the `--target` flag.
|
||||
|
||||
## Build Userspace
|
||||
|
||||
```bash
|
||||
cargo build
|
||||
```
|
||||
|
||||
## Run
|
||||
|
||||
```bash
|
||||
RUST_LOG=info cargo xtask run
|
||||
```
|
||||
cargo xtask build-ebpf
|
||||
RUST_LOG=info cargo xtask run -- --iface wlp2s0
|
14
aya-playground-common/Cargo.toml
Normal file
14
aya-playground-common/Cargo.toml
Normal file
@ -0,0 +1,14 @@
|
||||
[package]
|
||||
name = "aya-playground-common"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[features]
|
||||
default = []
|
||||
user = ["aya"]
|
||||
|
||||
[dependencies]
|
||||
aya = { git = "https://github.com/aya-rs/aya", optional = true }
|
||||
|
||||
[lib]
|
||||
path = "src/lib.rs"
|
1
aya-playground-common/src/lib.rs
Normal file
1
aya-playground-common/src/lib.rs
Normal file
@ -0,0 +1 @@
|
||||
#![no_std]
|
6
aya-playground-ebpf/.cargo/config.toml
Normal file
6
aya-playground-ebpf/.cargo/config.toml
Normal file
@ -0,0 +1,6 @@
|
||||
[build]
|
||||
target-dir = "../target"
|
||||
target = "bpfel-unknown-none"
|
||||
|
||||
[unstable]
|
||||
build-std = ["core"]
|
4
aya-playground-ebpf/.vim/coc-settings.json
Normal file
4
aya-playground-ebpf/.vim/coc-settings.json
Normal file
@ -0,0 +1,4 @@
|
||||
{
|
||||
"rust-analyzer.cargo.target": "bpfel-unknown-none",
|
||||
"rust-analyzer.checkOnSave.allTargets": false
|
||||
}
|
4
aya-playground-ebpf/.vscode/settings.json
vendored
Normal file
4
aya-playground-ebpf/.vscode/settings.json
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
{
|
||||
"rust-analyzer.cargo.target": "bpfel-unknown-none",
|
||||
"rust-analyzer.checkOnSave.allTargets": false
|
||||
}
|
33
aya-playground-ebpf/Cargo.toml
Normal file
33
aya-playground-ebpf/Cargo.toml
Normal file
@ -0,0 +1,33 @@
|
||||
[package]
|
||||
name = "aya-playground-ebpf"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
aya-bpf = { git = "https://github.com/aya-rs/aya" }
|
||||
aya-log-ebpf = { git = "https://github.com/aya-rs/aya" }
|
||||
aya-playground-common = { path = "../aya-playground-common" }
|
||||
network-types = "0.0.4"
|
||||
|
||||
[[bin]]
|
||||
name = "aya-playground"
|
||||
path = "src/main.rs"
|
||||
|
||||
[profile.dev]
|
||||
opt-level = 3
|
||||
debug = false
|
||||
debug-assertions = false
|
||||
overflow-checks = false
|
||||
lto = true
|
||||
panic = "abort"
|
||||
incremental = false
|
||||
codegen-units = 1
|
||||
rpath = false
|
||||
|
||||
[profile.release]
|
||||
lto = true
|
||||
panic = "abort"
|
||||
codegen-units = 1
|
||||
|
||||
[workspace]
|
||||
members = []
|
32
aya-playground-ebpf/Cargo.toml~
Normal file
32
aya-playground-ebpf/Cargo.toml~
Normal file
@ -0,0 +1,32 @@
|
||||
[package]
|
||||
name = "aya-playground-ebpf"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
aya-bpf = { git = "https://github.com/aya-rs/aya" }
|
||||
aya-log-ebpf = { git = "https://github.com/aya-rs/aya" }
|
||||
aya-playground-common = { path = "../aya-playground-common" }
|
||||
|
||||
[[bin]]
|
||||
name = "aya-playground"
|
||||
path = "src/main.rs"
|
||||
|
||||
[profile.dev]
|
||||
opt-level = 3
|
||||
debug = false
|
||||
debug-assertions = false
|
||||
overflow-checks = false
|
||||
lto = true
|
||||
panic = "abort"
|
||||
incremental = false
|
||||
codegen-units = 1
|
||||
rpath = false
|
||||
|
||||
[profile.release]
|
||||
lto = true
|
||||
panic = "abort"
|
||||
codegen-units = 1
|
||||
|
||||
[workspace]
|
||||
members = []
|
13
aya-playground-ebpf/rust-toolchain.toml
Normal file
13
aya-playground-ebpf/rust-toolchain.toml
Normal file
@ -0,0 +1,13 @@
|
||||
[toolchain]
|
||||
channel = "nightly"
|
||||
# The source code of rustc, provided by the rust-src component, is needed for
|
||||
# building eBPF programs.
|
||||
components = [
|
||||
"cargo",
|
||||
"clippy",
|
||||
"rust-docs",
|
||||
"rust-src",
|
||||
"rust-std",
|
||||
"rustc",
|
||||
"rustfmt",
|
||||
]
|
67
aya-playground-ebpf/src/main.rs
Normal file
67
aya-playground-ebpf/src/main.rs
Normal file
@ -0,0 +1,67 @@
|
||||
#![no_std]
|
||||
#![no_main]
|
||||
|
||||
use aya_bpf::{bindings::xdp_action, macros::xdp, programs::XdpContext};
|
||||
use aya_log_ebpf::info;
|
||||
|
||||
use core::mem;
|
||||
use network_types::{
|
||||
eth::{EthHdr, EtherType},
|
||||
ip::{IpProto, Ipv4Hdr},
|
||||
tcp::TcpHdr,
|
||||
udp::UdpHdr,
|
||||
};
|
||||
|
||||
#[panic_handler]
|
||||
fn panic(_info: &core::panic::PanicInfo) -> ! {
|
||||
unsafe { core::hint::unreachable_unchecked() }
|
||||
}
|
||||
|
||||
#[xdp]
|
||||
pub fn aya_playground(ctx: XdpContext) -> u32 {
|
||||
match try_xdp_firewall(ctx) {
|
||||
Ok(ret) => ret,
|
||||
Err(_) => xdp_action::XDP_ABORTED,
|
||||
}
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn ptr_at<T>(ctx: &XdpContext, offset: usize) -> Result<*const T, ()> {
|
||||
let start = ctx.data();
|
||||
let end = ctx.data_end();
|
||||
let len = mem::size_of::<T>();
|
||||
|
||||
if start + offset + len > end {
|
||||
Err(())
|
||||
} else {
|
||||
Ok((start + offset) as *const T)
|
||||
}
|
||||
}
|
||||
|
||||
fn try_xdp_firewall(ctx: XdpContext) -> Result<u32, ()> {
|
||||
let ethhdr: *const EthHdr = ptr_at(&ctx, 0)?;
|
||||
// Only pass Ipv4 along pipeline, ALLOW rest
|
||||
match unsafe { (*ethhdr).ether_type } {
|
||||
EtherType::Ipv4 => {}
|
||||
_ => return Ok(xdp_action::XDP_PASS),
|
||||
}
|
||||
|
||||
let ipv4hdr: *const Ipv4Hdr = ptr_at(&ctx, EthHdr::LEN)?;
|
||||
let source_addr = u32::from_be(unsafe { (*ipv4hdr).src_addr });
|
||||
|
||||
let source_port = match unsafe { (*ipv4hdr).proto } {
|
||||
IpProto::Tcp => {
|
||||
let tcphdr: *const TcpHdr = ptr_at(&ctx, Ipv4Hdr::LEN)?;
|
||||
u16::from_be(unsafe { (*tcphdr).source })
|
||||
}
|
||||
IpProto::Udp => {
|
||||
let udphdr: *const UdpHdr = ptr_at(&ctx, Ipv4Hdr::LEN)?;
|
||||
u16::from_be(unsafe { (*udphdr).source })
|
||||
}
|
||||
_ => return Err(()),
|
||||
};
|
||||
|
||||
info!(&ctx, "SRC IP: {:i}, SRC PORT: {}", source_addr, source_port);
|
||||
|
||||
Ok(xdp_action::XDP_PASS)
|
||||
}
|
20
aya-playground/Cargo.toml
Normal file
20
aya-playground/Cargo.toml
Normal file
@ -0,0 +1,20 @@
|
||||
[package]
|
||||
name = "aya-playground"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
publish = false
|
||||
|
||||
[dependencies]
|
||||
aya = { git = "https://github.com/aya-rs/aya", features = ["async_tokio"] }
|
||||
aya-log = { git = "https://github.com/aya-rs/aya" }
|
||||
clap = { version = "4.1", features = ["derive"] }
|
||||
aya-playground-common = { path = "../aya-playground-common", features = ["user"] }
|
||||
anyhow = "1"
|
||||
env_logger = "0.10"
|
||||
libc = "0.2"
|
||||
log = "0.4"
|
||||
tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal"] }
|
||||
|
||||
[[bin]]
|
||||
name = "aya-playground"
|
||||
path = "src/main.rs"
|
58
aya-playground/src/main.rs
Normal file
58
aya-playground/src/main.rs
Normal file
@ -0,0 +1,58 @@
|
||||
use anyhow::Context;
|
||||
use aya::programs::{Xdp, XdpFlags};
|
||||
use aya::{include_bytes_aligned, Bpf};
|
||||
use aya_log::BpfLogger;
|
||||
use clap::Parser;
|
||||
use log::{info, warn, debug};
|
||||
use tokio::signal;
|
||||
|
||||
#[derive(Debug, Parser)]
|
||||
struct Opt {
|
||||
#[clap(short, long, default_value = "eth0")]
|
||||
iface: String,
|
||||
}
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() -> Result<(), anyhow::Error> {
|
||||
let opt = Opt::parse();
|
||||
|
||||
env_logger::init();
|
||||
|
||||
// Bump the memlock rlimit. This is needed for older kernels that don't use the
|
||||
// new memcg based accounting, see https://lwn.net/Articles/837122/
|
||||
let rlim = libc::rlimit {
|
||||
rlim_cur: libc::RLIM_INFINITY,
|
||||
rlim_max: libc::RLIM_INFINITY,
|
||||
};
|
||||
let ret = unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) };
|
||||
if ret != 0 {
|
||||
debug!("remove limit on locked memory failed, ret is: {}", ret);
|
||||
}
|
||||
|
||||
// This will include your eBPF object file as raw bytes at compile-time and load it at
|
||||
// runtime. This approach is recommended for most real-world use cases. If you would
|
||||
// like to specify the eBPF program at runtime rather than at compile-time, you can
|
||||
// reach for `Bpf::load_file` instead.
|
||||
#[cfg(debug_assertions)]
|
||||
let mut bpf = Bpf::load(include_bytes_aligned!(
|
||||
"../../target/bpfel-unknown-none/debug/aya-playground"
|
||||
))?;
|
||||
#[cfg(not(debug_assertions))]
|
||||
let mut bpf = Bpf::load(include_bytes_aligned!(
|
||||
"../../target/bpfel-unknown-none/release/aya-playground"
|
||||
))?;
|
||||
if let Err(e) = BpfLogger::init(&mut bpf) {
|
||||
// This can happen if you remove all log statements from your eBPF program.
|
||||
warn!("failed to initialize eBPF logger: {}", e);
|
||||
}
|
||||
let program: &mut Xdp = bpf.program_mut("aya_playground").unwrap().try_into()?;
|
||||
program.load()?;
|
||||
program.attach(&opt.iface, XdpFlags::default())
|
||||
.context("failed to attach the XDP program with default flags - try changing XdpFlags::default() to XdpFlags::SKB_MODE")?;
|
||||
|
||||
info!("Waiting for Ctrl-C...");
|
||||
signal::ctrl_c().await?;
|
||||
info!("Exiting...");
|
||||
|
||||
Ok(())
|
||||
}
|
8
xtask/Cargo.toml
Normal file
8
xtask/Cargo.toml
Normal file
@ -0,0 +1,8 @@
|
||||
[package]
|
||||
name = "xtask"
|
||||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
anyhow = "1"
|
||||
clap = { version = "4.1", features = ["derive"] }
|
67
xtask/src/build_ebpf.rs
Normal file
67
xtask/src/build_ebpf.rs
Normal file
@ -0,0 +1,67 @@
|
||||
use std::{path::PathBuf, process::Command};
|
||||
|
||||
use clap::Parser;
|
||||
|
||||
#[derive(Debug, Copy, Clone)]
|
||||
pub enum Architecture {
|
||||
BpfEl,
|
||||
BpfEb,
|
||||
}
|
||||
|
||||
impl std::str::FromStr for Architecture {
|
||||
type Err = String;
|
||||
|
||||
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
||||
Ok(match s {
|
||||
"bpfel-unknown-none" => Architecture::BpfEl,
|
||||
"bpfeb-unknown-none" => Architecture::BpfEb,
|
||||
_ => return Err("invalid target".to_owned()),
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl std::fmt::Display for Architecture {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
f.write_str(match self {
|
||||
Architecture::BpfEl => "bpfel-unknown-none",
|
||||
Architecture::BpfEb => "bpfeb-unknown-none",
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Parser)]
|
||||
pub struct Options {
|
||||
/// Set the endianness of the BPF target
|
||||
#[clap(default_value = "bpfel-unknown-none", long)]
|
||||
pub target: Architecture,
|
||||
/// Build the release target
|
||||
#[clap(long)]
|
||||
pub release: bool,
|
||||
}
|
||||
|
||||
pub fn build_ebpf(opts: Options) -> Result<(), anyhow::Error> {
|
||||
let dir = PathBuf::from("aya-playground-ebpf");
|
||||
let target = format!("--target={}", opts.target);
|
||||
let mut args = vec![
|
||||
"build",
|
||||
target.as_str(),
|
||||
"-Z",
|
||||
"build-std=core",
|
||||
];
|
||||
if opts.release {
|
||||
args.push("--release")
|
||||
}
|
||||
|
||||
// Command::new creates a child process which inherits all env variables. This means env
|
||||
// vars set by the cargo xtask command are also inherited. RUSTUP_TOOLCHAIN is removed
|
||||
// so the rust-toolchain.toml file in the -ebpf folder is honored.
|
||||
|
||||
let status = Command::new("cargo")
|
||||
.current_dir(dir)
|
||||
.env_remove("RUSTUP_TOOLCHAIN")
|
||||
.args(&args)
|
||||
.status()
|
||||
.expect("failed to build bpf program");
|
||||
assert!(status.success());
|
||||
Ok(())
|
||||
}
|
33
xtask/src/main.rs
Normal file
33
xtask/src/main.rs
Normal file
@ -0,0 +1,33 @@
|
||||
mod build_ebpf;
|
||||
mod run;
|
||||
|
||||
use std::process::exit;
|
||||
|
||||
use clap::Parser;
|
||||
|
||||
#[derive(Debug, Parser)]
|
||||
pub struct Options {
|
||||
#[clap(subcommand)]
|
||||
command: Command,
|
||||
}
|
||||
|
||||
#[derive(Debug, Parser)]
|
||||
enum Command {
|
||||
BuildEbpf(build_ebpf::Options),
|
||||
Run(run::Options),
|
||||
}
|
||||
|
||||
fn main() {
|
||||
let opts = Options::parse();
|
||||
|
||||
use Command::*;
|
||||
let ret = match opts.command {
|
||||
BuildEbpf(opts) => build_ebpf::build_ebpf(opts),
|
||||
Run(opts) => run::run(opts),
|
||||
};
|
||||
|
||||
if let Err(e) = ret {
|
||||
eprintln!("{e:#}");
|
||||
exit(1);
|
||||
}
|
||||
}
|
70
xtask/src/run.rs
Normal file
70
xtask/src/run.rs
Normal file
@ -0,0 +1,70 @@
|
||||
use std::process::Command;
|
||||
|
||||
use anyhow::Context as _;
|
||||
use clap::Parser;
|
||||
|
||||
use crate::build_ebpf::{build_ebpf, Architecture, Options as BuildOptions};
|
||||
|
||||
#[derive(Debug, Parser)]
|
||||
pub struct Options {
|
||||
/// Set the endianness of the BPF target
|
||||
#[clap(default_value = "bpfel-unknown-none", long)]
|
||||
pub bpf_target: Architecture,
|
||||
/// Build and run the release target
|
||||
#[clap(long)]
|
||||
pub release: bool,
|
||||
/// The command used to wrap your application
|
||||
#[clap(short, long, default_value = "sudo -E")]
|
||||
pub runner: String,
|
||||
/// Arguments to pass to your application
|
||||
#[clap(name = "args", last = true)]
|
||||
pub run_args: Vec<String>,
|
||||
}
|
||||
|
||||
/// Build the project
|
||||
fn build(opts: &Options) -> Result<(), anyhow::Error> {
|
||||
let mut args = vec!["build"];
|
||||
if opts.release {
|
||||
args.push("--release")
|
||||
}
|
||||
let status = Command::new("cargo")
|
||||
.args(&args)
|
||||
.status()
|
||||
.expect("failed to build userspace");
|
||||
assert!(status.success());
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Build and run the project
|
||||
pub fn run(opts: Options) -> Result<(), anyhow::Error> {
|
||||
// build our ebpf program followed by our application
|
||||
build_ebpf(BuildOptions {
|
||||
target: opts.bpf_target,
|
||||
release: opts.release,
|
||||
})
|
||||
.context("Error while building eBPF program")?;
|
||||
build(&opts).context("Error while building userspace application")?;
|
||||
|
||||
// profile we are building (release or debug)
|
||||
let profile = if opts.release { "release" } else { "debug" };
|
||||
let bin_path = format!("target/{profile}/aya-playground");
|
||||
|
||||
// arguments to pass to the application
|
||||
let mut run_args: Vec<_> = opts.run_args.iter().map(String::as_str).collect();
|
||||
|
||||
// configure args
|
||||
let mut args: Vec<_> = opts.runner.trim().split_terminator(' ').collect();
|
||||
args.push(bin_path.as_str());
|
||||
args.append(&mut run_args);
|
||||
|
||||
// run the command
|
||||
let status = Command::new(args.first().expect("No first argument"))
|
||||
.args(args.iter().skip(1))
|
||||
.status()
|
||||
.expect("failed to run the command");
|
||||
|
||||
if !status.success() {
|
||||
anyhow::bail!("Failed to run `{}`", args.join(" "));
|
||||
}
|
||||
Ok(())
|
||||
}
|
Loading…
Reference in New Issue
Block a user