Crate redbpf_macros

Procedural macros to help writing eBPF programs using the redbpf-probes crate.

Overview

redbpf-macros is part of the redbpf project. Together with redbpf-probes, it provides an idiomatic Rust API to write programs that can be compiled to eBPF bytecode and executed by the linux in-kernel eBPF virtual machine.

To streamline the process of working with eBPF programs even further, redbpf also provides cargo-bpf - a cargo subcommand to simplify creating and building eBPF programs.

Example

#![no_std]
#![no_main]
use redbpf_probes::xdp::prelude::*;

// configure kernel version compatibility and license
program!(0xFFFFFFFE, "GPL");

#[xdp]
fn example_xdp_probe(ctx: XdpContext) -> XdpResult {

    // do something here

    Ok(XdpAction::Pass)
}

Macros

• program
  Generates program metadata.

Attribute Macros

• kprobe
  Attribute macro that must be used to define kprobes.
• kretprobe
  Attribute macro that must be used to define kretprobes.
• map
  Attribute macro that must be used when creating eBPF maps.
• socket_filter
  Attribute macro that must be used to define socket filter probes.
• stream_parser
  Attribute macro for defining BPF programs of stream parsers. A sockmap can be attached to the stream parser. The role of stream parsers is to find a message boundary of TCP stream and return the length of a message. If it returns proper length of a message then a stream verdict BPF program will be called.
• stream_verdict
  Attribute macro for defining BPF programs of stream verdicts. A sockmap can be attached to the stream verdict. The role of stream verdicts is to predicate to which socket a message should be redirected.
• task_iter
  Attribute macro for defining a BPF iterator of task
• tc_action
  Define tc action BPF programs
• uprobe
  Attribute macro that must be used to define uprobes.
• uretprobe
  Attribute macro that must be used to define uretprobes.
• xdp
  Attribute macro that must be used to define XDP probes.