load_elf.rs 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
  1. // SPDX-License-Identifier: (Apache-2.0 OR MIT)
  2. // Copyright 2016 6WIND S.A. <quentin.monnet@6wind.com>
  3. #![allow(clippy::unreadable_literal)]
  4. extern crate elf;
  5. use std::path::PathBuf;
  6. extern crate rbpf;
  7. use rbpf::helpers;
  8. // The following example uses an ELF file that has been compiled from the C program available in
  9. // `load_elf__block_a_port.c` in the same directory.
  10. //
  11. // It was compiled with the following command:
  12. //
  13. // ```bash
  14. // clang -O2 -emit-llvm -c load_elf__block_a_port.c -o - | \
  15. // llc -march=bpf -filetype=obj -o load_elf__block_a_port.o
  16. // ```
  17. //
  18. // Once compiled, this program can be injected into Linux kernel, with tc for instance. Sadly, we
  19. // need to bring some modifications to the generated bytecode in order to run it: the three
  20. // instructions with opcode 0x61 load data from a packet area as 4-byte words, where we need to
  21. // load it as 8-bytes double words (0x79). The kernel does the same kind of translation before
  22. // running the program, but rbpf does not implement this.
  23. //
  24. // In addition, the offset at which the pointer to the packet data is stored must be changed: since
  25. // we use 8 bytes instead of 4 for the start and end addresses of the data packet, we cannot use
  26. // the offsets produced by clang (0x4c and 0x50), the addresses would overlap. Instead we can use,
  27. // for example, 0x40 and 0x50.
  28. //
  29. // These change were applied with the following script:
  30. //
  31. // ```bash
  32. // xxd load_elf__block_a_port.o | sed '
  33. // s/6112 5000 0000 0000/7912 5000 0000 0000/ ;
  34. // s/6111 4c00 0000 0000/7911 4000 0000 0000/ ;
  35. // s/6111 2200 0000 0000/7911 2200 0000 0000/' | xxd -r > load_elf__block_a_port.tmp
  36. // mv load_elf__block_a_port.tmp load_elf__block_a_port.o
  37. // ```
  38. //
  39. // The eBPF program was placed into the `.classifier` ELF section (see C code above), which means
  40. // that you can retrieve the raw bytecode with `readelf -x .classifier load_elf__block_a_port.o` or
  41. // with `objdump -s -j .classifier load_elf__block_a_port.o`.
  42. //
  43. // Once the bytecode has been edited, we can load the bytecode directly from the ELF object file.
  44. fn main() {
  45. let filename = "examples/load_elf__block_a_port.elf";
  46. let path = PathBuf::from(filename);
  47. let file = match elf::File::open_path(path) {
  48. Ok(f) => f,
  49. Err(e) => panic!("Error: {:?}", e),
  50. };
  51. let text_scn = match file.get_section(".classifier") {
  52. Some(s) => s,
  53. None => panic!("Failed to look up .classifier section"),
  54. };
  55. let prog = &text_scn.data;
  56. let packet1 = &mut [
  57. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x08,
  58. 0x00, // ethertype
  59. 0x45, 0x00, 0x00, 0x3b, // start ip_hdr
  60. 0xa6, 0xab, 0x40, 0x00, 0x40, 0x06, 0x96, 0x0f, 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00,
  61. 0x01,
  62. // Program matches the next two bytes: 0x9999 returns 0xffffffff, else return 0.
  63. 0x99, 0x99, 0xc6, 0xcc, // start tcp_hdr
  64. 0xd1, 0xe5, 0xc4, 0x9d, 0xd4, 0x30, 0xb5, 0xd2, 0x80, 0x18, 0x01, 0x56, 0xfe, 0x2f, 0x00,
  65. 0x00, 0x01, 0x01, 0x08, 0x0a, // start data
  66. 0x00, 0x23, 0x75, 0x89, 0x00, 0x23, 0x63, 0x2d, 0x71, 0x64, 0x66, 0x73, 0x64, 0x66, 0x0au8,
  67. ];
  68. let packet2 = &mut [
  69. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x08,
  70. 0x00, // ethertype
  71. 0x45, 0x00, 0x00, 0x3b, // start ip_hdr
  72. 0xa6, 0xab, 0x40, 0x00, 0x40, 0x06, 0x96, 0x0f, 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00,
  73. 0x01,
  74. // Program matches the next two bytes: 0x9999 returns 0xffffffff, else return 0.
  75. 0x98, 0x76, 0xc6, 0xcc, // start tcp_hdr
  76. 0xd1, 0xe5, 0xc4, 0x9d, 0xd4, 0x30, 0xb5, 0xd2, 0x80, 0x18, 0x01, 0x56, 0xfe, 0x2f, 0x00,
  77. 0x00, 0x01, 0x01, 0x08, 0x0a, // start data
  78. 0x00, 0x23, 0x75, 0x89, 0x00, 0x23, 0x63, 0x2d, 0x71, 0x64, 0x66, 0x73, 0x64, 0x66, 0x0au8,
  79. ];
  80. let mut vm = rbpf::EbpfVmFixedMbuff::new(Some(prog), 0x40, 0x50).unwrap();
  81. vm.register_helper(helpers::BPF_TRACE_PRINTK_IDX, helpers::bpf_trace_printf)
  82. .unwrap();
  83. let res = vm.execute_program(packet1).unwrap();
  84. println!("Packet #1, program returned: {res:?} ({res:#x})");
  85. assert_eq!(res, 0xffffffff);
  86. #[cfg(not(windows))]
  87. {
  88. vm.jit_compile().unwrap();
  89. let res = unsafe { vm.execute_program_jit(packet2).unwrap() };
  90. println!("Packet #2, program returned: {res:?} ({res:#x})");
  91. assert_eq!(res, 0);
  92. }
  93. #[cfg(windows)]
  94. {
  95. let res = vm.execute_program(packet2).unwrap();
  96. println!("Packet #2, program returned: {:?} ({:#x})", res, res);
  97. assert_eq!(res, 0);
  98. }
  99. }