bpf-feature 0.1.1

A library for eBPF feature detection
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

use bpf_feature::{
    bpf::BpfError,
    detect,
    kernel_config::{ConfigValue, KernelConfig, KERNEL_CONFIG_KEYS},
    misc::Misc,
    DetectOpts,
};
use bpf_rs::{BpfHelper, MapType, ProgramType};

fn main() {
    let features = detect(DetectOpts::default());

    println!("Scanning system configuration...");
    match features.runtime {
        Err(_) => {
            println!("/* procfs not mounted, skipping related probes */");
        }
        Ok(runtime) => {
            match runtime.unprivileged_disabled {
                Ok(prop) => match prop {
                    0 => println!("bpf() syscall for unprivileged users is enabled"),
                    1 => {
                        println!("bpf() syscall restricted to privileged users (without recovery)")
                    }
                    2 => {
                        println!("bpf() syscall restricted to privileged users (admin can change)")
                    }
                    unknown => println!("bpf() syscall restriction has unknown value: {}", unknown),
                },
                Err(_) => println!("Unable to retrieve required privileges for bpf() syscall"),
            };

            match runtime.jit_enable {
                Ok(prop) => match prop {
                    0 => println!("JIT compiler is disabled"),
                    1 => println!("JIT compiler is enabled"),
                    2 => println!("JIT compiler is enabled with debugging traces in kernel logs"),
                    unknown => println!("JIT compiler status has unknown value: {}", unknown),
                },
                Err(_) => println!("Unable to retrieve JIT-compiler status"),
            }

            match runtime.jit_harden {
                Ok(prop) => match prop {
                    0 => println!("JIT compiler hardening is disabled"),
                    1 => println!("JIT compiler hardening is enabled for unprivileged users"),
                    2 => println!("JIT compiler hardening is enabled for all users"),
                    unknown => println!("JIT hardening status has unknown value: {}", unknown),
                },
                Err(_) => println!("Unable to retrieve JIT hardening status"),
            }

            match runtime.jit_kallsyms {
                Ok(prop) => match prop {
                    0 => println!("JIT compiler kallsyms exports are disabled"),
                    1 => println!("JIT compiler kallsyms exports are enabled for root"),
                    unknown => {
                        println!("JIT kallsyms exports status has unknown value: {}", unknown)
                    }
                },
                Err(_) => println!("Unable to retrieve JIT kallsyms export status"),
            }

            match runtime.jit_limit {
                Ok(prop) => println!("Global memory limit for JIT compiler for unprivileged users is {} bytes", prop),
                Err(_) => println!("Unable to retrieve global memory limit for JIT compiler for unprivileged users"),
            }
        }
    }

    match features.kernel_config {
        Ok(KernelConfig { values }) => KERNEL_CONFIG_KEYS.iter().for_each(|&key| {
            match values.get(key) {
                Some(value) => match value {
                    ConfigValue::NotSet => println!("{} is not set", key),
                    _ => println!("{} is set to {}", key, value),
                },
                None => println!("{} is not set", key),
            };
        }),
        Err(err) => println!("skipping kernel config, {}", err),
    }

    println!("\nScanning system call availability...");
    match features.bpf {
        Ok(bpf) => {
            println!("bpf() syscall is available");
            println!("\nScanning eBPF program types...");
            ProgramType::iter().for_each(|ref program_type| {
                match bpf.program_types.get(program_type) {
                    Some(Ok(true)) => println!("eBPF program_type {} is available", program_type),
                    _ => println!("eBPF program_type {} is NOT available", program_type),
                };
            });

            println!("\nScanning eBPF map types...");
            MapType::iter().for_each(|ref map_type| match bpf.map_types.get(map_type) {
                Some(Ok(true)) => println!("eBPF map_type {} is available", map_type),
                _ => println!("eBPF map_type {} is NOT available", map_type),
            });

            println!("\nScanning eBPF helper functions...");
            ProgramType::iter().for_each(|ref program_type| {
                println!("eBPF helpers supported for program type {}:", program_type);
                match bpf.program_types.get(program_type) {
                    Some(Ok(true)) => match bpf.helpers.get(program_type) {
                        Some(probes) => {
                            let (successes, failures): (
                                Vec<&Result<BpfHelper, BpfError>>,
                                Vec<&Result<BpfHelper, BpfError>>,
                            ) = probes.iter().partition(|probe| probe.is_ok());
                            if successes.len() == 0 && failures.len() > 0 {
                                println!("\tCould not determine which helpers are available");
                            } else {
                                successes.iter().for_each(|&helper| {
                                    println!("\t- {}", helper.as_ref().unwrap());
                                });
                            }
                        }
                        _ => {
                            println!("\tCould not determine which helpers are available");
                        }
                    },
                    Some(Ok(false)) => {
                        println!("\tProgram type not supported");
                    }
                    _ => {
                        println!("\tCould not determine which helpers are available");
                    }
                };
            });
        }
        Err(_) => println!("bpf() syscall is NOT available"),
    }

    println!("\nScanning miscellaneous eBPF features...");
    let Misc {
        large_insn_limit,
        bounded_loops,
        isa_v2_ext,
        isa_v3_ext,
    } = features.misc;
    println!(
        "Large program size limit {} available",
        if large_insn_limit { "is" } else { "is NOT" }
    );
    println!(
        "Bounded loop support {} available",
        if bounded_loops { "is" } else { "is NOT" }
    );
    println!(
        "ISA extension v2 {} available",
        if isa_v2_ext { "is" } else { "is NOT" }
    );
    println!(
        "ISA extension v3 {} available",
        if isa_v3_ext { "is" } else { "is NOT" }
    );
}