Rust library for building and running BPF/eBPF modules
While compiling BPF programs, raise an error if both two conditions are satisfied
get or get_mut method of the BPF mapCreating misaligned references by itself causes undefined behavior in Rust
language. The Linux kernel does not keep the alignment of value other than 8
byte alignment. Calling get or get_mut method of BPF maps creates
references of values stored at BPF maps. Thus, calling get or get_mut
creates misaligned references if the alignment of the value is greater than 8
bytes.
RedBPF prevents this situation.
Build tests for ARM64 architecture are prepared and they are executed to check new commits are compiled correctly on both ARM64 and X86_64.
DevMap can be used when redirecting packets to another interface in XDP.
tc utilityNow BPF programs for tc can make use of BPF helpers that requires BTF. For
example, bpf_spin_lock helper function.
Now fields of which name is try in C can be converted to Rust
language. Some of the Linux kernel structures contain fields of which name is
try.
Thank you very much for your contribution.
Here are the added features of v2.2.0 since the last release (v2.1.0)
.text section from ELF relocatable fileThe ELF relocatable files compiled by cargo-bpf had contained .text
section. This section is totally ignored by RedBPF runtime but it is bothersome
when users try loading the ELF relocatable file with tc utility. Because tc
rejects loading the ELF object file if the file has .text section.
Now .text section does not exist in the ELF relocatable file. So users who
try using tc_action don't need to strip the .text section in person.
PerCPuHashMap, LruHashMap and LruPerCpuHashMapThey are implemented both for BPF probes and userspace API in the redbpf_probes::maps and
in the redbpf.
redbpf::SkLookupThis structure can be used to attach BPF program for socket lookup to specific network namespace.
Note that it is implemented only in the redbpf crate for userspace API. The
API for BPF probes is not supported yet. It is expected that probes API will be
added later.
redbpf::XDP::detach_xdp methodNow users can detach XDP BPF probes programmatically.
Some users had struggled with RedBPF because they had not enough background of RedBPF. So some information that they should know before they were in trouble, was updated into the tutorial.
Please let me know what part of RedBPF bothers you. I'll answer your question and keep update the documentation.
Since the Linux kernel v5.15, the vmlinux includes struct bpf_timer. Before
v2.2.0, RedBPF failed to generate right rust bindings of Linux kernel v5.15
with vmlinux.
Packages uploaded to crates.io starts to give documentation URL of
docs.rs. docs.rs is regular place to serve crates' documentation.
Thank you for showing your interest in RedBPF and contributing to it. I was delighted to collaborate with you.
@eero-thia @raftario @rhdxmr @rsdy
unsafe function as BPF programsretprobe
maps sectionredbpf-probes when KERNEL_SOURCE, KERNEL_VERSION and REDBPF_VMLINUX environments variables are changed@p-e-w @rhdxmr @rsdy
This release fixes build for Rust 1.55 and other minor documentation and build improvements.
This is a tiny release that fixes build issues that arise in certain scenarios. For more information, look at #173 .
This release marks our departure from the original home of the project, Red Sift. After the donation of redBPF and ingraind to the Cloud Native Computing Foundation, the two projects are now maintained by the foniod community. As part of the
CNCF, we are independent self-governed project, with no corporate affiliation.
Since April, development is also not sponsored by the orignal developer, Red Sift. We would like to thank everybody who supported and advocated for the transition, and those who continue to support the project with their time and effort to make this release possible.
foniod is named after fonio, an ancient grain. foniod marks a continuity with ingraind, the previous name. Very importantly, fonio was chosen just because it ends with IO.
Our new logo was kindly made by the CNCF's designer team.
Most of the code in this release is the work of Junyeong Jeong (@rhdxmr), and reviewed by Peter Parkanyi (@rsdy).
If you're keen to get involved, please reach us on matrix, or take a peek at our subreddit.
Now, let's move on to the meat of this release, and all the goods that are in it!
vmlinux for BTF informationIn the past, the running Linux kernel's headers were necessary to generate Rust bindings for the kernel structs that BPF programs use.
With the new support for BTF, if build machines have a usable vmlinux kernel image, redBPF can generate Rust bindings from it and then BPF programs can be compiled without access to the source.
The required behaviour can be set using environment variables. If redBPF users do not set any environment variables during compilation, redBPF will first tries to find the kernel sources. If it fails, it will try to find the vmlinux image.
If REDBPF_VMLINUX is set, then redBPF tries compiling only with vmlinux.
If either KERNEL_SOURCE or KERNEL_VERSION variables are set, redBPF will use the path or version for generating bindings.
Refer to the documentation of redbpf-probes/lib.rs for more information.
redBPF can now parse a .BTF section in a relocatable ELF file to load BPF maps with BTF enabled. Users can now dump BPF map as JSON format when they use bpftool map dump command.
Map::pinpin, unpin and from_pin_file methods were added to redbpf::Map. A BPF map can be pinned to a given file path under the BPF filesystem by calling Map::pin. It can then be unpinned by calling Map::unpin or by removing the file directly. Normally BPF filesystem is mounted at /sys/fs/bpf.
See sharemap example to learn how to use map pinning features.
redBPF uses LLVM 12 as default. LLVM 11 can be used instead with enabling llvm11 and disabling default-features in Cargo.toml.
SockMapA sockmap supports the redirection of packets to another socket.
#[stream_parser] can be used to define a stream parser and #[stream_verdict] is for a stream verdict.
See the echo example to learn how to use sockmap.
Array and PerCpuArrayArray is a kind of BPF map that can contain a fixed length of elements. PerCpuArray is the same except that it is allocated with per-CPU memory in the kernel so users do not need to worry about data races.
See the biolatpcts example to learn how to use PerCpuArray
maps section created by libbpfIf a relocatable ELF file contains a maps, redBPF will assume that multiple maps are defined in that section. This is the structure
libbpf generates, and it helps with interoperability between the libraries.
ModuleBuilderUsing redbpf::Module::parse to parse a relocatable ELF file will load maps and programs. Now with the addition of
redbpf::ModuleBuilder, redBPF allows splitting the parsing and loading as separate steps, so users can manipulate maps or programs before loading them.
See the sharemap2 example to learn how to use ModuleBuilder.
redbpf::KProbe::detach_kprobe and redbpf::UProbe::detach_uprobe methods were added. kprobe/uprobe can be repeatedly attached and detached.
TcAction variantsTcAction is updated. The variants were outdated because they referred to the old manpage.
TcHashMapBPF program loaded by tc utility can handle BPF map using redbpf_probes::tc::maps::TcHashMap. Corresponding userspace programs that rely on redBPF can also communicate with the maps by loading them with Map::from_pin_file. See tc-map-share example to learn how to do that.
Examples require root privileges and it checks euid is zero, not uid.
BCC dependencyredBPF had depended on BCC and libbpf. But BCC dependency is removed.
NixOSredBPF can be used in NixOS
Alpine LinuxredBPF can be used in Alpine Linux
Tokio to 1.0redBPF depends on Tokio v1
libbpfredBPF now depends on the latest libbpf
DCOContributors of redbpf must conform to Developer Certificate Origin for their commits to be accepted. So contributors should append Signed-off-by to commit messages.
To aid users to understand how to use redBPF, several examples are added.
tracing crateredBPF now utilizes tracing crate to record debug or error logs. redBPF users can subscribe log messages using tracing_subscriber crate.
See any examples of example-userspace to learn how to subscribe to log messages of redBPF.
Contribution stats after v1.3.0
Include libbpf in the published archive.
Test automated release process and fix 2.0.0-rc1 mishaps.
This is a test release to allow users to allow users to test new features and ensure our release process is in working order.
This is a pretty exciting release with some long overdue improvements. First off, better handling of relocations in the loader make writing idiomatic programs a lot easier, thanks to the work of @alessandrod. To make development faster, there's also an awesome patchset by @kbknapp that speeds up the build.
On top of that, the TC/libbpf compatibility improved in this release, so you can manually add multiple maps to the same ELF section using an improved API, thanks to @kbknapp. Improved examples are also added to the repo through the work of @rhdxmr
Contributors: @alessandrod @kbknapp @rhdxmr @shun159
Thanks to everyone who contributed to this release! Happy hacking!