A logging library for eBPF programs.

Related tags

Logging rust logging ebpf
Overview

aya-log - a logging library for eBPF programs

Overview

aya-log is a logging library for eBPF programs written using aya. Think of it as the log crate for eBPF.

Installation

User space

Add aya-log to Cargo.toml:

[dependencies]
aya-log = { git = "https://github.com/aya-rs/aya-log", branch = "main" }

eBPF side

Add aya-log-ebpf and ufmt to Cargo.toml:

[dependencies]
aya-log-ebpf = { git = "https://github.com/aya-rs/aya-log", branch = "main" }

Example

Here's an example that uses aya-log in conjunction with the simplelog crate to log eBPF messages to the terminal.

User space code

use aya_log::BpfLogger;
use simplelog::{ColorChoice, ConfigBuilder, LevelFilter, TermLogger, TerminalMode};

BpfLogger::init(
    &mut bpf,
    TermLogger::new(
        LevelFilter::Trace,
        ConfigBuilder::new()
            .set_target_level(LevelFilter::Error)
            .set_location_level(LevelFilter::Error)
            .build(),
        TerminalMode::Mixed,
        ColorChoice::Auto,
    ),
).unwrap();

eBPF code

use aya_log_ebpf::info;

fn try_xdp_firewall(ctx: XdpContext) -> Result<u32, ()> {
    if let Some(port) = tcp_dest_port(&ctx)? {
        if block_port(port) {
            info!(&ctx, "❌ blocked incoming connection on port: {}", port);
            return Ok(XDP_DROP);
        }
    }

    Ok(XDP_PASS)
}
Comments
  • Refactor to do all formatting in userspace

    Refactor to do all formatting in userspace

    Per discussion on Discord, we're interested in refactoring aya-log to something more defmt-like, performing all formatting in userspace rather than using ufmt. I'm filing this as a tracking issue so we can discuss progress.

    opened by willfindlay 10
  • Invalid BPF programs generated when using aya-log

    Invalid BPF programs generated when using aya-log

    Not sure if this belongs here or in the main aya repo, but I can move it over if needed.

    I tried doing something similar to the simple example presented in the README, but the resulting BPF program fails the verifier checks for allegedly not terminating with an exit or jump instruction as follows on Linux 5.14:

    Error: the BPF_PROG_LOAD syscall failed. Verifier output: func#0 @0
func#1 @217
func#2 @218
last insn is not an exit or jmp
verification time 3 usec
stack depth 0+0+0
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

    Here's my minimal example:

    #![no_std]
#![no_main]

use aya_bpf::{helpers::bpf_get_current_pid_tgid, macros::kprobe, programs::ProbeContext};
use aya_log_ebpf::info;

#[kprobe(name = "kprobe_test")]
pub fn kprobe_test(ctx: ProbeContext) -> u32 {
    match unsafe { try_kprobe_test(ctx) } {
        Ok(ret) => ret,
        Err(ret) => ret,
    }
}

unsafe fn try_kprobe_test(ctx: ProbeContext) -> Result<u32, u32> {
    info!(&ctx, "Hello world");
    Ok(0)
}

#[panic_handler]
fn panic(_info: &core::panic::PanicInfo) -> ! {
    unreachable!()
}

    And my relevant configuration:

    • Kernel 5.14
    • bpf-linker 0.9.2
    • rustc 1.56.0-nightly (492723897 2021-07-29)
    • aya-log v0.1.1 (https://github.com/aya-rs/aya-log#5aa5eb5b)
    • aya-bpf v0.1.0 (http://github.com/aya-rs/aya?branch=main#4152e8b1)

    Here's a dump of the generated BPF bytecode with llvm-objdump -S (seems odd to me since I do see an exit instruction at the end as expected):

    0000000000000000 <kprobe_test>:
       0:       bf 16 00 00 00 00 00 00 r6 = r1
       1:       b7 09 00 00 00 00 00 00 r9 = 0
       2:       63 9a 78 ff 00 00 00 00 *(u32 *)(r10 - 136) = r9
       3:       bf a2 00 00 00 00 00 00 r2 = r10
       4:       07 02 00 00 78 ff ff ff r2 += -136
       5:       18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r1 = 0 ll
       7:       85 00 00 00 01 00 00 00 call 1
       8:       7b 0a 60 ff 00 00 00 00 *(u64 *)(r10 - 160) = r0
       9:       15 00 cd 00 00 00 00 00 if r0 == 0 goto +205 <LBB1_19>
      10:       7b 6a 58 ff 00 00 00 00 *(u64 *)(r10 - 168) = r6
      11:       b7 01 00 00 03 00 00 00 r1 = 3
      12:       7b 1a 68 ff 00 00 00 00 *(u64 *)(r10 - 152) = r1
      13:       b7 02 00 00 1b 00 00 00 r2 = 27
      14:       63 2a 74 ff 00 00 00 00 *(u32 *)(r10 - 140) = r2
      15:       bf a2 00 00 00 00 00 00 r2 = r10
      16:       07 02 00 00 74 ff ff ff r2 += -140
      17:       7b 2a e0 ff 00 00 00 00 *(u64 *)(r10 - 32) = r2
      18:       b7 02 00 00 05 00 00 00 r2 = 5
      19:       7b 2a f8 ff 00 00 00 00 *(u64 *)(r10 - 8) = r2
      20:       7b 2a d8 ff 00 00 00 00 *(u64 *)(r10 - 40) = r2
      21:       b7 02 00 00 0b 00 00 00 r2 = 11
      22:       7b 2a d0 ff 00 00 00 00 *(u64 *)(r10 - 48) = r2
      23:       18 02 00 00 33 00 00 00 00 00 00 00 00 00 00 00 r2 = 51 ll
      25:       7b 2a c8 ff 00 00 00 00 *(u64 *)(r10 - 56) = r2
      26:       b7 02 00 00 04 00 00 00 r2 = 4
      27:       7b 2a e8 ff 00 00 00 00 *(u64 *)(r10 - 24) = r2
      28:       7b 2a c0 ff 00 00 00 00 *(u64 *)(r10 - 64) = r2
      29:       7b 1a a8 ff 00 00 00 00 *(u64 *)(r10 - 88) = r1
      30:       b7 01 00 00 08 00 00 00 r1 = 8
      31:       7b 1a a0 ff 00 00 00 00 *(u64 *)(r10 - 96) = r1
      32:       bf a1 00 00 00 00 00 00 r1 = r10
      33:       07 01 00 00 68 ff ff ff r1 += -152
      34:       7b 1a 98 ff 00 00 00 00 *(u64 *)(r10 - 104) = r1
      35:       18 02 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 r2 = 62 ll
      37:       7b 2a b0 ff 00 00 00 00 *(u64 *)(r10 - 80) = r2
      38:       7b 2a 80 ff 00 00 00 00 *(u64 *)(r10 - 128) = r2
      39:       b7 03 00 00 0d 00 00 00 r3 = 13
      40:       7b 3a b8 ff 00 00 00 00 *(u64 *)(r10 - 72) = r3
      41:       7b 3a 88 ff 00 00 00 00 *(u64 *)(r10 - 120) = r3
      42:       b7 05 00 00 01 00 00 00 r5 = 1
      43:       7b 5a 78 ff 00 00 00 00 *(u64 *)(r10 - 136) = r5
      44:       b7 06 00 00 02 00 00 00 r6 = 2
      45:       7b 6a 90 ff 00 00 00 00 *(u64 *)(r10 - 112) = r6
      46:       bf a7 00 00 00 00 00 00 r7 = r10
      47:       07 07 00 00 a0 ff ff ff r7 += -96
      48:       05 00 15 00 00 00 00 00 goto +21 <LBB1_2>

0000000000000188 <LBB1_5>:
      49:       07 01 00 00 10 00 00 00 r1 += 16
      50:       85 10 00 00 ff ff ff ff call -1
      51:       0f 98 00 00 00 00 00 00 r8 += r9
      52:       15 06 57 00 06 00 00 00 if r6 == 6 goto +87 <LBB1_13>
      53:       7b 6a f0 ff 00 00 00 00 *(u64 *)(r10 - 16) = r6
      54:       79 75 f0 ff 00 00 00 00 r5 = *(u64 *)(r7 - 16)
      55:       15 05 54 00 07 00 00 00 if r5 == 7 goto +84 <LBB1_13>
      56:       07 06 00 00 01 00 00 00 r6 += 1
      57:       bf 71 00 00 00 00 00 00 r1 = r7
      58:       07 01 00 00 18 00 00 00 r1 += 24
      59:       79 72 f8 ff 00 00 00 00 r2 = *(u64 *)(r7 - 8)
      60:       79 73 00 00 00 00 00 00 r3 = *(u64 *)(r7 + 0)
      61:       bf 17 00 00 00 00 00 00 r7 = r1
      62:       bf 89 00 00 00 00 00 00 r9 = r8
      63:       b7 01 00 00 01 04 00 00 r1 = 1025
      64:       2d 81 05 00 00 00 00 00 if r1 > r8 goto +5 <LBB1_2>
      65:       bf 81 00 00 00 00 00 00 r1 = r8
      66:       b7 02 00 00 00 04 00 00 r2 = 1024
      67:       18 03 00 00 48 00 00 00 00 00 00 00 00 00 00 00 r3 = 72 ll
      69:       85 10 00 00 04 00 00 00 call 4

0000000000000230 <LBB1_2>:
      70:       b7 04 00 00 00 04 00 00 r4 = 1024
      71:       1f 94 00 00 00 00 00 00 r4 -= r9
      72:       bf 38 00 00 00 00 00 00 r8 = r3
      73:       07 08 00 00 10 00 00 00 r8 += 16
      74:       2d 48 8c 00 00 00 00 00 if r8 > r4 goto +140 <LBB1_19>
      75:       79 a1 60 ff 00 00 00 00 r1 = *(u64 *)(r10 - 160)
      76:       0f 91 00 00 00 00 00 00 r1 += r9
      77:       bf 50 00 00 00 00 00 00 r0 = r5
      78:       77 00 00 00 38 00 00 00 r0 >>= 56
      79:       73 01 07 00 00 00 00 00 *(u8 *)(r1 + 7) = r0
      80:       bf 50 00 00 00 00 00 00 r0 = r5
      81:       77 00 00 00 30 00 00 00 r0 >>= 48
      82:       73 01 06 00 00 00 00 00 *(u8 *)(r1 + 6) = r0
      83:       bf 50 00 00 00 00 00 00 r0 = r5
      84:       77 00 00 00 28 00 00 00 r0 >>= 40
      85:       73 01 05 00 00 00 00 00 *(u8 *)(r1 + 5) = r0
      86:       bf 50 00 00 00 00 00 00 r0 = r5
      87:       77 00 00 00 20 00 00 00 r0 >>= 32
      88:       73 01 04 00 00 00 00 00 *(u8 *)(r1 + 4) = r0
      89:       bf 50 00 00 00 00 00 00 r0 = r5
      90:       77 00 00 00 18 00 00 00 r0 >>= 24
      91:       73 01 03 00 00 00 00 00 *(u8 *)(r1 + 3) = r0
      92:       bf 50 00 00 00 00 00 00 r0 = r5
      93:       77 00 00 00 10 00 00 00 r0 >>= 16
      94:       73 01 02 00 00 00 00 00 *(u8 *)(r1 + 2) = r0
      95:       73 51 00 00 00 00 00 00 *(u8 *)(r1 + 0) = r5
      96:       77 05 00 00 08 00 00 00 r5 >>= 8
      97:       73 51 01 00 00 00 00 00 *(u8 *)(r1 + 1) = r5
      98:       b7 05 00 00 f9 03 00 00 r5 = 1017
      99:       2d 95 05 00 00 00 00 00 if r5 > r9 goto +5 <LBB1_11>
     100:       b7 01 00 00 08 00 00 00 r1 = 8
     101:       bf 42 00 00 00 00 00 00 r2 = r4
     102:       18 03 00 00 60 00 00 00 00 00 00 00 00 00 00 00 r3 = 96 ll
     104:       85 10 00 00 04 00 00 00 call 4

0000000000000348 <LBB1_11>:
     105:       bf 34 00 00 00 00 00 00 r4 = r3
     106:       77 04 00 00 38 00 00 00 r4 >>= 56
     107:       73 41 0f 00 00 00 00 00 *(u8 *)(r1 + 15) = r4
     108:       bf 34 00 00 00 00 00 00 r4 = r3
     109:       77 04 00 00 30 00 00 00 r4 >>= 48
     110:       73 41 0e 00 00 00 00 00 *(u8 *)(r1 + 14) = r4
     111:       bf 34 00 00 00 00 00 00 r4 = r3
     112:       77 04 00 00 28 00 00 00 r4 >>= 40
     113:       73 41 0d 00 00 00 00 00 *(u8 *)(r1 + 13) = r4
     114:       bf 34 00 00 00 00 00 00 r4 = r3
     115:       77 04 00 00 20 00 00 00 r4 >>= 32
     116:       73 41 0c 00 00 00 00 00 *(u8 *)(r1 + 12) = r4
     117:       bf 34 00 00 00 00 00 00 r4 = r3
     118:       77 04 00 00 18 00 00 00 r4 >>= 24
     119:       73 41 0b 00 00 00 00 00 *(u8 *)(r1 + 11) = r4
     120:       bf 34 00 00 00 00 00 00 r4 = r3
     121:       77 04 00 00 10 00 00 00 r4 >>= 16
     122:       73 41 0a 00 00 00 00 00 *(u8 *)(r1 + 10) = r4
     123:       73 31 08 00 00 00 00 00 *(u8 *)(r1 + 8) = r3
     124:       bf 34 00 00 00 00 00 00 r4 = r3
     125:       77 04 00 00 08 00 00 00 r4 >>= 8
     126:       73 41 09 00 00 00 00 00 *(u8 *)(r1 + 9) = r4
     127:       b7 04 00 00 f1 03 00 00 r4 = 1009
     128:       2d 94 06 00 00 00 00 00 if r4 > r9 goto +6 <LBB1_3>
     129:       b7 02 00 00 f8 03 00 00 r2 = 1016
     130:       1f 92 00 00 00 00 00 00 r2 -= r9
     131:       b7 01 00 00 08 00 00 00 r1 = 8
     132:       18 03 00 00 78 00 00 00 00 00 00 00 00 00 00 00 r3 = 120 ll
     134:       85 10 00 00 04 00 00 00 call 4

0000000000000438 <LBB1_3>:
     135:       b7 04 00 00 f0 03 00 00 r4 = 1008
     136:       1f 94 00 00 00 00 00 00 r4 -= r9
     137:       2d 34 a7 ff 00 00 00 00 if r4 > r3 goto -89 <LBB1_5>
     138:       bf 43 00 00 00 00 00 00 r3 = r4
     139:       05 00 a5 ff 00 00 00 00 goto -91 <LBB1_5>

0000000000000460 <LBB1_13>:
     140:       b7 01 00 00 01 04 00 00 r1 = 1025
     141:       2d 81 05 00 00 00 00 00 if r1 > r8 goto +5 <LBB1_15>
     142:       bf 81 00 00 00 00 00 00 r1 = r8
     143:       b7 02 00 00 00 04 00 00 r2 = 1024
     144:       18 03 00 00 18 00 00 00 00 00 00 00 00 00 00 00 r3 = 24 ll
     146:       85 10 00 00 04 00 00 00 call 4

0000000000000498 <LBB1_15>:
     147:       b7 03 00 00 f0 03 00 00 r3 = 1008
     148:       1f 83 00 00 00 00 00 00 r3 -= r8
     149:       b7 02 00 00 0b 00 00 00 r2 = 11
     150:       79 a1 58 ff 00 00 00 00 r1 = *(u64 *)(r10 - 168)
     151:       2d 32 3f 00 00 00 00 00 if r2 > r3 goto +63 <LBB1_19>
     152:       b7 02 00 00 e6 03 00 00 r2 = 998
     153:       2d 82 04 00 00 00 00 00 if r2 > r8 goto +4 <LBB1_18>
     154:       b7 02 00 00 00 04 00 00 r2 = 1024
     155:       1f 82 00 00 00 00 00 00 r2 -= r8
     156:       b7 01 00 00 1b 00 00 00 r1 = 27
     157:       85 10 00 00 ff ff ff ff call -1

00000000000004f0 <LBB1_18>:
     158:       79 a4 60 ff 00 00 00 00 r4 = *(u64 *)(r10 - 160)
     159:       bf 45 00 00 00 00 00 00 r5 = r4
     160:       0f 85 00 00 00 00 00 00 r5 += r8
     161:       bf 52 00 00 00 00 00 00 r2 = r5
     162:       07 02 00 00 10 00 00 00 r2 += 16
     163:       18 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r3 = 0 ll
     165:       71 30 00 00 00 00 00 00 r0 = *(u8 *)(r3 + 0)
     166:       73 02 00 00 00 00 00 00 *(u8 *)(r2 + 0) = r0
     167:       71 30 01 00 00 00 00 00 r0 = *(u8 *)(r3 + 1)
     168:       73 02 01 00 00 00 00 00 *(u8 *)(r2 + 1) = r0
     169:       71 30 02 00 00 00 00 00 r0 = *(u8 *)(r3 + 2)
     170:       73 02 02 00 00 00 00 00 *(u8 *)(r2 + 2) = r0
     171:       71 30 03 00 00 00 00 00 r0 = *(u8 *)(r3 + 3)
     172:       73 02 03 00 00 00 00 00 *(u8 *)(r2 + 3) = r0
     173:       71 30 04 00 00 00 00 00 r0 = *(u8 *)(r3 + 4)
     174:       73 02 04 00 00 00 00 00 *(u8 *)(r2 + 4) = r0
     175:       71 30 05 00 00 00 00 00 r0 = *(u8 *)(r3 + 5)
     176:       73 02 05 00 00 00 00 00 *(u8 *)(r2 + 5) = r0
     177:       71 30 06 00 00 00 00 00 r0 = *(u8 *)(r3 + 6)
     178:       73 02 06 00 00 00 00 00 *(u8 *)(r2 + 6) = r0
     179:       71 30 07 00 00 00 00 00 r0 = *(u8 *)(r3 + 7)
     180:       73 02 07 00 00 00 00 00 *(u8 *)(r2 + 7) = r0
     181:       71 30 08 00 00 00 00 00 r0 = *(u8 *)(r3 + 8)
     182:       73 02 08 00 00 00 00 00 *(u8 *)(r2 + 8) = r0
     183:       71 30 09 00 00 00 00 00 r0 = *(u8 *)(r3 + 9)
     184:       73 02 09 00 00 00 00 00 *(u8 *)(r2 + 9) = r0
     185:       71 30 0a 00 00 00 00 00 r0 = *(u8 *)(r3 + 10)
     186:       73 02 0a 00 00 00 00 00 *(u8 *)(r2 + 10) = r0
     187:       bf 42 00 00 00 00 00 00 r2 = r4
     188:       0f 82 00 00 00 00 00 00 r2 += r8
     189:       b7 03 00 00 06 00 00 00 r3 = 6
     190:       73 32 00 00 00 00 00 00 *(u8 *)(r2 + 0) = r3
     191:       b7 03 00 00 00 00 00 00 r3 = 0
     192:       73 32 07 00 00 00 00 00 *(u8 *)(r2 + 7) = r3
     193:       73 32 06 00 00 00 00 00 *(u8 *)(r2 + 6) = r3
     194:       73 32 05 00 00 00 00 00 *(u8 *)(r2 + 5) = r3
     195:       73 32 04 00 00 00 00 00 *(u8 *)(r2 + 4) = r3
     196:       73 32 03 00 00 00 00 00 *(u8 *)(r2 + 3) = r3
     197:       73 32 02 00 00 00 00 00 *(u8 *)(r2 + 2) = r3
     198:       73 32 01 00 00 00 00 00 *(u8 *)(r2 + 1) = r3
     199:       b7 02 00 00 0b 00 00 00 r2 = 11
     200:       73 25 08 00 00 00 00 00 *(u8 *)(r5 + 8) = r2
     201:       73 35 0e 00 00 00 00 00 *(u8 *)(r5 + 14) = r3
     202:       73 35 0f 00 00 00 00 00 *(u8 *)(r5 + 15) = r3
     203:       73 35 0c 00 00 00 00 00 *(u8 *)(r5 + 12) = r3
     204:       73 35 0d 00 00 00 00 00 *(u8 *)(r5 + 13) = r3
     205:       73 35 0a 00 00 00 00 00 *(u8 *)(r5 + 10) = r3
     206:       73 35 0b 00 00 00 00 00 *(u8 *)(r5 + 11) = r3
     207:       73 35 09 00 00 00 00 00 *(u8 *)(r5 + 9) = r3
     208:       07 08 00 00 1b 00 00 00 r8 += 27
     209:       18 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 r2 = 0 ll
     211:       18 03 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 r3 = 4294967295 ll
     213:       bf 85 00 00 00 00 00 00 r5 = r8
     214:       85 00 00 00 19 00 00 00 call 25

00000000000006b8 <LBB1_19>:
     215:       b7 00 00 00 00 00 00 00 r0 = 0
     216:       95 00 00 00 00 00 00 00 exit
    opened by willfindlay 4
  • Format arguments in userspace

    Format arguments in userspace

    This change moves away argument formatting from eBPF to the userspace. eBPF part of aya-log writes unformatted log message and all arguments to the perf buffer and the userspace part of aya-log is formatting the message after receiving all arguments.

    Aya-based project to test this change:

    https://github.com/vadorovsky/aya-log-example

    Fixes: #4 Signed-off-by: Michal Rostecki [email protected]

    opened by vadorovsky 3
  • Logging signed integers smaller than i64 fails unless opt-level is set to 3

    Logging signed integers smaller than i64 fails unless opt-level is set to 3

    Logging signed integers smaller than i64 with aya-log causes the following verifier error on Linux 5.14:

    /* Lots of output, truncated to save space */
349: (71) r5 = *(u8 *)(r5 +0)
invalid read from stack off -20+0 size 1
verification time 4497 usec
stack depth 40+20+0
processed 557 insns (limit 1000000) max_states_per_insn 3 total_states 9 peak_states 9 mark_read 8
: Permission denied (os error 13)

    Here's a minimal repro with latest aya-bpf:

    #![no_std]
#![no_main]

use aya_bpf::{macros::lsm, programs::LsmContext};
use aya_log_ebpf as log;

#[lsm(name = "task_alloc")]
pub fn task_alloc(ctx: LsmContext) -> i32 {
    match unsafe { try_task_alloc(ctx) } {
        Ok(ret) => ret,
        Err(ret) => ret,
    }
}

unsafe fn try_task_alloc(ctx: LsmContext) -> Result<i32, i32> {
    let clone_flags: i32 = ctx.arg(1); // This would normally be an i64, but let's just take i32 for sake of argument

    log::info!(
        &ctx,
        "task_alloc called with flags {}",
        clone_flags
    );

    Ok(0)
}

#[panic_handler]
fn panic(_info: &core::panic::PanicInfo) -> ! {
    unsafe { core::hint::unreachable_unchecked() }
}

    Curiously, it works if we set opt-level = 3 instead of 2 in the Cargo.toml of the eBPF program.

    opened by willfindlay 1
  • Fix the log buffer bounds

    Fix the log buffer bounds

    Change 150ee798e609 removed the size > buf.len() check, which was a mistake, because we might write to a subslice of the whole buffer, so then buf can be lower than LOG_BUF_CAPACITY.

    This change compares size with min::(buf.len(), LOG_BUF_CAPACITY) instead.

    Fixes: 150ee798e609 ("Ensure log buffer bounds") Signed-off-by: Michal Rostecki [email protected]

    opened by vadorovsky 0
  • Ensure log buffer bounds

    Ensure log buffer bounds

    This change adds checks in TagLenValue.write() to ensure that the size of written data doesn't exceed the buffer size.

    Verifier in recent kernel versions requires the bound to be a constant value, so using buf.len() does not work.

    Signed-off-by: Michal Rostecki [email protected]

    opened by vadorovsky 0
  • lib: Add display hints

    lib: Add display hints

    This change adds optional display hints:

    • {:x}, {:X} - for hex representation of numbers
    • {:ipv4}, {:IPv4} - for IPv4 addresses
    • {:ipv6}, {:IPv6} - for IPv6 addresses

    It also gets rid of dyn-fmt and instead comes with our own parser implementation.

    Tested on: https://github.com/vadorovsky/aya-examples/tree/main/tc

    Signed-off-by: Michal Rostecki [email protected]

    opened by vadorovsky 0
  • lib: Add display hint for IPv4 addresses

    lib: Add display hint for IPv4 addresses

    This change adds optional display hints {:ipv4} and {:IPv4} for displaying u32 as IPv4 addresses. It also gets rid of dyn-fmt and instead comes with our own parser implementation.

    Signed-off-by: Michal Rostecki [email protected]

    opened by vadorovsky 0
  • Update aya requirement from 0.10.7 to 0.11.0

    Update aya requirement from 0.10.7 to 0.11.0

    Updates the requirements on aya to permit the latest version.

    Release notes

    Sourced from aya's releases.

    aya-v0.11.0

    🚀 Features

    • aya: rework links
    • aya: Implement forget_link
    • Add support for BPF_PROG_TYPE_CGROUP_SYSCTL
    • Add Support for BPF_PROG_TYPE_CGROUP_SOCK_ADDR
    • Add support for BPF_PROG_TYPE_CGROUP_SOCKOPT
    • Add riscv64 architecture support to xtask/codegen
    • riscv scaffolding for codegen
    • Add riscv64 bindings
    • Add support for BPF_PROG_TYPE_SK_LOOKUP
    • Program unload API

    🐛 Fixes and 🤏 Small Changes

    • aya: perf_buffer: call BytesMut::reserve() internally
    • aya: Support multiple maps in map sections
    • aya-gen: Disable Debug derive for BTF types
    • aya: Relocate maps using symbol_index
    • Set attach type during load for BPF_PROG_TYPE_CGROUP_SKB
    • aya: Export program modules
    • Getters be gone
    • Codegen changes for RingBuf
    • aya: Rename forget_link to take_link

    🤝 Dependencies and 🤖 Generated Code

    • Update libbpf to 3a4e26307d0f9b227e3ebd28b443a1a715e4e17d
    • xtask: Add bpf_.* instead of bpf_map_.* to allowed type

    ... (truncated)

    Commits
    • d85b36f (cargo-release) version 0.11.0
    • 4ae5bc4 Merge pull request #306 from dave-tucker/take_link
    • b2a6f00 aya: Rename forget_link to take_link
    • 79e06f2 Merge pull request #299 from aya-rs/revert-298-fix-docs
    • de4e97a Revert "docs: Merge search indexes"
    • f275ce0 Merge pull request #298 from dave-tucker/fix-docs
    • a00d16d docs: Merge search indexes
    • de8ab7f Merge pull request #296 from aya-rs/codegen
    • bbb34b3 [codegen] Update libbpf to 4eb6485c08867edaa5a0a81c64ddb23580420340Update lib...
    • 934da6e Merge pull request #295 from ishitatsuyuki/ringbuf-codegen
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Add Unit Tests, CI, Dependabot and Linting

    Add Unit Tests, CI, Dependabot and Linting

    This is a big PR (sorry)... but I ended up adding all of this so I could debug what's happening with format parameters like :#x from BPF -> Userspace. Looks like dyn-fmt is missing some features.... Nevertheless, CI and tests here are probably good anyway!

    opened by dave-tucker 0
  • ebpf: Ensure the bounds of log buffer

    ebpf: Ensure the bounds of log buffer

    eBPF verifier rejects programs which are not checking the bounds of the log buffer before writing any arguments. This change ensures that written log arguments.

    In practice, it means that doing this kind of checks is not going to be needed in eBPF program code anymore:

    https://github.com/alessandrod/aya-echo-tracepoint/blob/33a1aee2eaa7503615a444ffa574dfba2be943f9/echo-ebpf/src/main.rs#L47

    Tested on:

    https://github.com/vadorovsky/aya-echo-tracepoint/tree/876f8b45511d0818b683de9a2196e8103b92e1a7

    Signed-off-by: Michal Rostecki [email protected]

    opened by vadorovsky 0
Owner
null
GitHub
Structured, contextual, extensible, composable logging for Rust

Getting started Introduction FAQ Crate list slog-rs - The Logging for Rust Introduction (please read) slog is an ecosystem of reusable components for

slog-rs 1.4k Jan 3, 2023
A highly configurable logging framework for Rust

log4rs log4rs is a highly configurable logging framework modeled after Java's Logback and log4j libraries. Warning If you are using the file rotation

null 753 Jan 8, 2023
defmt is a highly efficient logging framework that targets resource-constrained devices, like microcontrollers

defmt defmt ("de format", short for "deferred formatting") is a highly efficient logging framework that targets resource-constrained devices, like mic

Knurling 476 Jan 2, 2023
Task-based logging for rust

task_log task_log is a task-based logger. Installing Just add task_log = 0.1.4 to your Cargo.toml's dependency section. Example Let's get right to the

Matt Gleich 2 Feb 28, 2022
💬 A couple of functions to make logging in Rust easier.

Rust logging ⛔ ?? A couple of functions to make logging in Rust easier. Installation ?? Just add the code of code.rs to your project. You can copy/pas

Skwal 2 Apr 7, 2022
A rust library for creating and managing logs of arbitrary binary data

A rust library for creating and managing logs of arbitrary binary data. Presently it's used to collect sensor data. But it should generally be helpful in cases where you need to store timeseries data, in a nearly (but not strictly) append-only fashion.

Yusuf Simonson 1 May 9, 2022
A cool log library built using rust-lang

RustLog A cool log library built using rust-lang Installation: Cargo.toml rustlog = { git = "https://github.com/krishpranav/rustlog" } log = "0.4.17"

Krisna Pranav 2 Jul 21, 2022
Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

null 294 Dec 23, 2022
A Rust library for managing eBPF programs.

oxidebpf oxidebpf is a permissive licensed Rust library for managing eBPF programs. Motivation The motivation behind oxidebpf is to create a permissiv

Red Canary 92 Jan 1, 2023
suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.

suidsnoop Log suid binaries and enforce per-uid suid policy. suidsnoop is a tool for logging whenever a suid binary is executed on your system and opt

William Findlay 11 Dec 22, 2022
Rust library for building and running BPF/eBPF modules

RedBPF A Rust eBPF toolchain. Overview The redbpf project is a collection of tools and libraries to build eBPF programs using Rust. It includes: redbp

foniod 1.5k Jan 1, 2023
Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.

Aya API docs | Chat | Aya-Related Projects Overview eBPF is a technology that allows running user-supplied programs inside the Linux kernel. For more

null 1.5k Jan 6, 2023
A super simple but lightweight logging library that tries to capture the most important (status) information.

Hackerlog A super simple but lightweight logging library that tries to capture the most important (status) information. The following is supported: Lo

434b 3 Aug 22, 2023
A beautiful, tiny traceback and logging library supporting #![no_std] rust.

breadcrumbs Breadcrumbs is a beautiful, tiny traceback and logging library for Rust that offers seamless integration with #![no_std], multi-threading

Michael 18 Nov 21, 2023
EXPERIMENTAL: Bitcoin Core Prometheus exporter based on User-Space, Statically Defined Tracing and eBPF.

bitcoind-observer An experimental Prometheus metric exporter for Bitcoin Core based on Userspace, Statically Defined Tracing and eBPF. This demo is ba

0xB10C 24 Nov 8, 2022
Dropping GFW DNS contaminated packets based on Rust + eBPF

Dropping GFW DNS contaminated packets based on Rust + eBPF

ihc童鞋@提不起劲 1k Jan 3, 2023
Fox Ear is a Linux process behavior trace tool powered by eBPF

Fox Ear Fox Ear is a Linux process behavior trace tool powered by eBPF. Banner image by Birger Strahl on Unsplash. Features Log process and its subpro

Rui Li 77 Dec 5, 2022
eBPF terminal editor

TBM - Terminal Blueprint Meddler A TUI application for fooling around inside eBPF files. Installation cargo install tbm Usage Currently, only prints

Rafael Ortiz 1 Jan 18, 2022
A security-focused telemetry agent written in Rust using eBPF.

Vesper A security-focused telemetry agent written in Rust using eBPF. Important: While public, this project is an educational endeavor and is not mean

Brian Celenza 2 Oct 23, 2022
A demo app covering building an eBPF load-balancer in Rust

eBPF Rust UDP LoadBalancer Demo This is an example of creating a UDP load-balancer in Rust as an eXpress Data Path (XDP) type eBPF program using the a

Shane Utt 17 Jan 5, 2023