aya icon indicating copy to clipboard operation
aya copied to clipboard

Published 20 hours ago verified publisher icon aya-rs

xdp: Add XdpContext method to access data as &[u8]

Open fcantournet opened this issue 3 years ago • 2 comments

This is a port of data_buffer and data_pointer from redbpf https://sourcegraph.com/github.com/rebpf/rebpf@50e235721228c1ece2c685f9357a954bd4a322d3/-/blob/rebpf/src/libbpf.rs?L547:12#tab=def

This allows code like this (with a fork of pdu to make it bpf compatible) :

#[inline(always)]
fn try_dns_snoop(ctx: XdpContext) -> Result<u32, Error> {
    let buf: &[u8] = if let Some(buf) = ctx.data_buffer() {
        buf
    } else {
        return Ok(xdp_action::XDP_PASS);
    };
    let (_, end) = ctx.data_pointer();
    let ether = EthernetPdu::new(buf, end)?;

    match ether.ethertype() {
        EtherType::IPV4 => {
          // do stuff
        },
        _ => return Ok(xdp_action::XDP_PASS),
    }
    Ok(xdp_action::XDP_PASS)
}

The API extension is not strictly necessary, you can get by with XdpContext:{data,data_end} but this seems to me like somewhat common usecase. see #100 for reference

fcantournet avatar Nov 05 '21 22:11 fcantournet

Thanks for the contribution @fcantournet! I'm not a big fan of this API, because data_buffer is going to allocate a slice on the stack, but our program stack space is limited to 512 bytes (256 bytes if we're using tail calls). This means that you need to be careful on what size packets you use this on. Awesome to see that you've got pdu working though, we could definitely use something like that.

dave-tucker avatar Nov 06 '21 09:11 dave-tucker

I think it doesn't allocate does it ? core::slice::from_raw_parts doesn't allocate if I understand correctly. I'm logging

IP packet 140.82.121.3:0 => 192.168.0.34:0 BUFFSIZE: 1458

Where BUFFSIZE is buf.len() in the code above.

As for pdu I'm looking into it but it seems adding a bpf feature is more complicated than only inlining every function and adding bounds checks. Still looking into it.

fcantournet avatar Nov 06 '21 10:11 fcantournet

Hi @fcantournet :wave:

In the community meeting today we were discussing some of these older PRs and wanted to check in. Did you end up implementing what you wanted in your own project, or as a separate crate somewhere? Are you still hoping to add this functionality here?

shaneutt avatar Dec 19 '22 21:12 shaneutt

Hey @shaneutt, I'm not using aya immediately, so you can close this PR, I think the issue opened is still a valid use case but I'm not sure this is enough to achieve the goals of the issue and it might be extending the API for nothing.

fcantournet avatar Jan 03 '23 16:01 fcantournet