Expand description
Procedural macros to help writing eBPF programs using the redbpf-probes
crate.
§Overview
redbpf-macros is part of the redbpf project. Together with
redbpf-probes, it provides an idiomatic Rust API to
write programs that can be compiled to eBPF bytecode and executed by the linux
in-kernel eBPF virtual machine.
To streamline the process of working with eBPF programs even further, redbpf
also provides cargo-bpf - a cargo subcommand to simplify
creating and building eBPF programs.
§Example
#![no_std]
#![no_main]
use redbpf_probes::xdp::prelude::*;
// configure kernel version compatibility and license
program!(0xFFFFFFFE, "GPL");
#[xdp]
fn example_xdp_probe(ctx: XdpContext) -> XdpResult {
// do something here
Ok(XdpAction::Pass)
}Macros§
- program
- Generates program metadata.
Attribute Macros§
- kprobe
- Attribute macro that must be used to define
kprobes. - kretprobe
- Attribute macro that must be used to define
kretprobes. - map
- Attribute macro that must be used when creating eBPF maps.
- socket_
filter - Attribute macro that must be used to define
socket filterprobes. - stream_
parser - Attribute macro for defining BPF programs of
stream parsers. Asockmapcan be attached to the stream parser. The role of stream parsers is to find a message boundary of TCP stream and return the length of a message. If it returns proper length of a message then astream verdictBPF program will be called. - stream_
verdict - Attribute macro for defining BPF programs of
stream verdicts. Asockmapcan be attached to the stream verdict. The role of stream verdicts is to predicate to which socket a message should be redirected. - task_
iter - Attribute macro for defining a BPF iterator of
task - tc_
action - Define tc action BPF programs
- uprobe
- Attribute macro that must be used to define
uprobes. - uretprobe
- Attribute macro that must be used to define
uretprobes. - xdp
- Attribute macro that must be used to define
XDPprobes.