bvm_filter 0.0.0

Virtual machine and JIT compiler for eBPF programs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

// Copyright 2017 6WIND S.A. <quentin.monnet@6wind.com>
//
// Licensed under the Apache License, Version 2.0 <http://www.apache.org/licenses/LICENSE-2.0> or
// the MIT license <http://opensource.org/licenses/MIT>, at your option. This file may not be
// copied, modified, or distributed except according to those terms.

#![allow(clippy::deprecated_cfg_attr)]
#![cfg_attr(rustfmt, rustfmt_skip)]

extern crate bvm_filter;
use bvm_filter::helpers;
use bvm_filter::{EbpfVmNoData};

// The main objectives of this example is to show:
//
// * the use of EbpfVmNoData function,
// * and the use of a helper.
//
// The two eBPF programs are independent and are not related to one another.
fn main() {
    let prog1 = &[
        0xb4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // mov32 r0, 0
        0xb4, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, // mov32 r1, 2
        0x04, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, // add32 r0, 1
        0x0c, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // add32 r0, r1
        0x95, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00  // exit and return r0
    ];

    // We use helper `bpf_time_getns()`, which is similar to helper `bpf_ktime_getns()` from Linux
    // kernel. Hence helpers module provides the index of this in-kernel helper as a
    // constant, so that we can remain compatible with programs for the kernel. Here we also cast
    // it to a u8 so as to use it directly in program instructions.
    let hkey = helpers::BPF_KTIME_GETNS_IDX as u8;
    let prog2 = &[
        0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // mov64 r1, 0
        0xb7, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // mov64 r1, 0
        0xb7, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // mov64 r1, 0
        0xb7, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // mov64 r1, 0
        0xb7, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // mov64 r1, 0
        0x85, 0x00, 0x00, 0x00, hkey, 0x00, 0x00, 0x00, // call helper <hkey>
        0x95, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00  // exit and return r0
    ];

    // Create a VM: this one takes no data. Load prog1 in it.
    let mut vm = EbpfVmNoData::new(Some(prog1)).unwrap();
    // Execute prog1.
    assert_eq!(vm.execute_program().unwrap(), 0x3);

    // As struct EbpfVmNoData does not takes any memory area, its return value is mostly
    // deterministic. So we know prog1 will always return 3. There is an exception: when it uses
    // helpers, the latter may have non-deterministic values, and all calls may not return the same
    // value.
    //
    // In the following example we use a helper to get the elapsed time since boot time: we
    // reimplement uptime in eBPF, in Rust. Because why not.

    vm.set_program(prog2).unwrap();
    vm.register_helper(helpers::BPF_KTIME_GETNS_IDX, helpers::bpf_time_getns).unwrap();

    let time;

    #[cfg(not(windows))]
    {
        vm.jit_compile().unwrap();

        time = unsafe { vm.execute_program_jit().unwrap() };
    }

    #[cfg(windows)]
    {
        time = vm.execute_program().unwrap();
    }

    let days    =  time / 10u64.pow(9)  / 60   / 60  / 24;
    let hours   = (time / 10u64.pow(9)  / 60   / 60) % 24;
    let minutes = (time / 10u64.pow(9)  / 60 ) % 60;
    let seconds = (time / 10u64.pow(9)) % 60;
    let nanosec =  time % 10u64.pow(9);

    println!("Uptime: {:#x} ns == {} days {:02}:{:02}:{:02}, {} ns",
             time, days, hours, minutes, seconds, nanosec);
}