Add Support For Flow Dissector Programs

[azenna]

Adds support for flow dissector programs. Only (1/5) know what I am doing and would appreciate feedback!
#216

---

This change is 

[netlify]

✅ Deploy Preview for aya-rs-docs ready!

Built without sensitive environment variables

Name	Link
🔨 Latest commit	8d1e906
🔍 Latest deploy log	https://app.netlify.com/sites/aya-rs-docs/deploys/67c8cb5aae4c390009833a9d
😎 Deploy Preview	https://deploy-preview-802--aya-rs-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[vadorovsky]

Looks great so far!

Apart from one comment I posted, it would be nice to add an integration test.

[azenna]

Added a integration test that's mostly a clone of the basic_uprobe integration test. Is this the right test or do we want something more comprehensive?

[mergify]

Hey @alessandrod, this pull request changes the Aya Public API and requires your review.

[mergify]

@azenna, this pull request is now in conflict and requires a rebase.

[mergify]

Hey @alessandrod, this pull request changes the Aya Public API and requires your review.

[mergify]

@azenna, this pull request is now in conflict and requires a rebase.

[mergify]

@azenna, this pull request is now in conflict and requires a rebase.

[tamird]

Rebased, marking ready for review. Hope @dave-tucker can take a look.

[chenhengqi]

LGTM overall.

[dave-tucker]

Reviewed 1 of 14 files at r1.
Reviewable status: 0 of 18 files reviewed, 8 unresolved discussions (waiting on @alessandrod and @vadorovsky)

---

aya-bpf-macros/src/lib.rs line 612 at r1 (raw file):

/// Marks a function as an eBPF Flow Dissector program that can be attached to
/// a network namespace.
///

Some description here about expected return values would be helpful.
See: https://elixir.bootlin.com/linux/v6.13.5/source/include/uapi/linux/bpf.h#L6311

---

aya/src/programs/flow_dissector.rs line 11 at r1 (raw file):

};

/// A program that can be attached as a Flow Dissector routine

/// A program that can be attached as a Flow Dissector routine.

Missing .

---

aya/src/programs/flow_dissector.rs line 14 at r1 (raw file):

///
/// ['FlowDissector'] programs operate on an __sk_buff.
/// However, only the limited set of fields is allowed: data, data_end and flow_keys.

Please reconcile the description you've provided against the eBPF documentation: https://docs.ebpf.io/linux/program-type/BPF_PROG_TYPE_FLOW_DISSECTOR/
There are some inconsistencies. i.e Minimum Kernel Version being 4.20, not 4.2
The docs description describes the purpose of the program and what it should do (set flow_keys).

---

aya/src/programs/flow_dissector.rs line 67 at r1 (raw file):

        let netns_fd = netns.as_fd();

        let link_fd = bpf_link_create(

We should support attachment via BPF_PROG_ATTACH also for kernels < 5.7.
See cgroup_device.rs for an example of how to do this.

---

bpf/aya-bpf/src/programs/flow_dissector.rs line 25 at r1 (raw file):

    #[inline]
    pub fn flow_keys(&self) -> usize {

Take a look at the sample program here to see how this program type should operate: https://elixir.bootlin.com/linux/v6.3/source/tools/testing/selftests/bpf/progs/bpf_flow.c

The API here for flow_keys would not be pleasant to work with - why force the caller to cast a usize to *mut bpf_flow_keys, when we could have returned that in this function.

Similarly, I feel we're missing helpers here - for example, load_bytes.

Please attempt to write a test flow_dissector program (based on the kernel selftest) and submit it as an integration test.
This should help us figure out what the ebpf-side API should look like.

---

test/integration-ebpf/src/test.rs line 38 at r1 (raw file):

#[flow_dissector]
pub fn test_flow(_ctx: FlowDissectorContext) -> u32 {

This is fine to test that the program loads, but it doesn't verify correct operation.
It would be better if you were able to provide an integration test that shows correct operation of a Flow Dissector program.

[tamird]

Let's see if @azenna wants to pick this up.

Reviewed 14 of 18 files at r2, all commit messages.
Reviewable status: 14 of 18 files reviewed, 8 unresolved discussions (waiting on @alessandrod, @azenna, @dave-tucker, and @vadorovsky)

---

aya/src/programs/flow_dissector.rs line 14 at r1 (raw file):

Previously, dave-tucker (Dave Tucker) wrote…

Please reconcile the description you've provided against the eBPF documentation: https://docs.ebpf.io/linux/program-type/BPF_PROG_TYPE_FLOW_DISSECTOR/
There are some inconsistencies. i.e Minimum Kernel Version being 4.20, not 4.2
The docs description describes the purpose of the program and what it should do (set flow_keys).

I did fix the version mismatch (probably while you were reviewing)

[tamird]

Reviewed 4 of 18 files at r2.
Dismissed @alessandrod and @vadorovsky from 2 discussions.
Reviewable status: all files reviewed, 6 unresolved discussions (waiting on @alessandrod, @azenna, @dave-tucker, and @vadorovsky)