dave-tucker · November 10, 2021 22:27
diff --git a/main-ebpf.rs b/main-ebpf.rs
 #![no_std]
 #![no_main]

 use aya_bpf::{
    bindings::sk_action,
    macros::{map, stream_parser, stream_verdict},
    maps::{SockMap},
    programs::{SkSkbContext}};

 #[map(name = "sockmap")]
 static mut SOCKMAP: SockMap= SockMap::with_max_entries(1, 0);

 #[stream_parser(name="my_parser")]
 fn my_parser(ctx: SkSkbContext) -> u32 {
    match { try_stream_parser(ctx) } {
        Ok(ret) => ret,
        Err(ret) => ret,
    }
 }

 fn try_stream_parser(ctx: SkSkbContext) -> Result<u32, u32> {
    Ok(ctx.len())
 }

 #[stream_verdict(name="my_verdict")]
 fn my_verdict(ctx: SkSkbContext) -> u32 {
    match unsafe { try_stream_verdict(ctx) }{
        Ok(_) => sk_action::SK_PASS,
        Err(_) => sk_action::SK_DROP,
    }
 }

 unsafe fn try_stream_verdict(ctx: SkSkbContext) -> Result<u32, u32> {
    match SOCKMAP.redirect_skb(&ctx, 0, 0) as u32 {
        sk_action::SK_PASS=> Ok(sk_action::SK_PASS),
        sk_action::SK_DROP => Err(sk_action::SK_DROP),
        _=> Err(sk_action::SK_DROP),
    }
 }

 #[panic_handler]b
 fn panic(_info: &core::panic::PanicInfo) -> ! {
    unsafe { core::hint::unreachable_unchecked() }
 }
diff --git a/main.rs b/main.rs
 use aya::maps::{MapRefMut, SockMap};
 use aya::programs::SkSkb;
 use aya::Bpf;
 use tokio::io::AsyncReadExt;

 use std::convert::{TryFrom, TryInto};
 use structopt::StructOpt;

 use tokio::net::TcpListener;

 #[derive(Debug, StructOpt)]
 struct Opt {
    #[structopt(short, long)]
    path: String,
 }

 #[tokio::main]
 async fn main() -> Result<(), anyhow::Error> {
    let opt = Opt::from_args();
    let mut bpf = Bpf::load_file(&opt.path)?;
    let mut sock_map = SockMap::<MapRefMut>::try_from(bpf.map_mut("sockmap")?)?;

    let parser: &mut SkSkb = bpf.program_mut("my_parser")?.try_into()?;
    parser.load()?;
    parser.attach(&sock_map)?;

    let verdict: &mut SkSkb = bpf.program_mut("my_verdict")?.try_into()?;
    verdict.load()?;
    verdict.attach(&sock_map)?;

    let listener = TcpListener::bind("127.0.0.1:65000").await?;

    println!("Server Listening on {}", listener.local_addr().unwrap());

    loop {
        println!("waiting for connections... use nc localhost 65000");
        let (mut socket, _) = listener.accept().await?;
        println!("connected! adding socket to map");
        sock_map.set(0, &socket, 0)?;
        println!("ready to echo data");
        tokio::spawn(async move {
            let mut buf = [0; 0];
            // Even though it awaits for something to read, it only
            // ends after the connection is hung up. Because all data
            // is echo-ed by BPF program, the user level socket does
            // not receive anything.
            socket.read(&mut buf[..]).await.unwrap();
            println!("connection closed!");
        });
    }
 }
	#![no_std]
	#![no_main]

	use aya_bpf::{
	bindings::sk_action,
	macros::{map, stream_parser, stream_verdict},
	maps::{SockMap},
	programs::{SkSkbContext}};

	#[map(name = "sockmap")]
	static mut SOCKMAP: SockMap= SockMap::with_max_entries(1, 0);

	#[stream_parser(name="my_parser")]
	fn my_parser(ctx: SkSkbContext) -> u32 {
	match { try_stream_parser(ctx) } {
	Ok(ret) => ret,
	Err(ret) => ret,
	}
	}

	fn try_stream_parser(ctx: SkSkbContext) -> Result<u32, u32> {
	Ok(ctx.len())
	}

	#[stream_verdict(name="my_verdict")]
	fn my_verdict(ctx: SkSkbContext) -> u32 {
	match unsafe { try_stream_verdict(ctx) }{
	Ok(_) => sk_action::SK_PASS,
	Err(_) => sk_action::SK_DROP,
	}
	}

	unsafe fn try_stream_verdict(ctx: SkSkbContext) -> Result<u32, u32> {
	match SOCKMAP.redirect_skb(&ctx, 0, 0) as u32 {
	sk_action::SK_PASS=> Ok(sk_action::SK_PASS),
	sk_action::SK_DROP => Err(sk_action::SK_DROP),
	_=> Err(sk_action::SK_DROP),
	}
	}

	#[panic_handler]b
	fn panic(_info: &core::panic::PanicInfo) -> ! {
	unsafe { core::hint::unreachable_unchecked() }
	}
	use aya::maps::{MapRefMut, SockMap};
	use aya::programs::SkSkb;
	use aya::Bpf;
	use tokio::io::AsyncReadExt;

	use std::convert::{TryFrom, TryInto};
	use structopt::StructOpt;

	use tokio::net::TcpListener;

	#[derive(Debug, StructOpt)]
	struct Opt {
	#[structopt(short, long)]
	path: String,
	}

	#[tokio::main]
	async fn main() -> Result<(), anyhow::Error> {
	let opt = Opt::from_args();
	let mut bpf = Bpf::load_file(&opt.path)?;
	let mut sock_map = SockMap::<MapRefMut>::try_from(bpf.map_mut("sockmap")?)?;

	let parser: &mut SkSkb = bpf.program_mut("my_parser")?.try_into()?;
	parser.load()?;
	parser.attach(&sock_map)?;

	let verdict: &mut SkSkb = bpf.program_mut("my_verdict")?.try_into()?;
	verdict.load()?;
	verdict.attach(&sock_map)?;

	let listener = TcpListener::bind("127.0.0.1:65000").await?;

	println!("Server Listening on {}", listener.local_addr().unwrap());

	loop {
	println!("waiting for connections... use nc localhost 65000");
	let (mut socket, _) = listener.accept().await?;
	println!("connected! adding socket to map");
	sock_map.set(0, &socket, 0)?;
	println!("ready to echo data");
	tokio::spawn(async move {
	let mut buf = [0; 0];
	// Even though it awaits for something to read, it only
	// ends after the connection is hung up. Because all data
	// is echo-ed by BPF program, the user level socket does
	// not receive anything.
	socket.read(&mut buf[..]).await.unwrap();
	println!("connection closed!");
	});
	}
	}