RedBPF v2.3.0

Prevent some UB in probes

While compiling BPF programs, raise an error if both two conditions are
satisfied

1. alignment of a value of a BPF map is greater than 8 bytes
2. a BPF program calls get or get_mut method of the BPF map

Creating misaligned references by itself causes undefined behavior in Rust
language. The Linux kernel does not keep the alignment of value other than 8
byte alignment. Calling get or get_mut method of BPF maps creates
references of values stored at BPF maps. Thus, calling get or get_mut
creates misaligned references if the alignment of the value is greater than 8
bytes.

RedBPF prevents this situation.

Support ARM64(aarch64) architecture

Build tests for ARM64 architecture are prepared and they are executed to
check new commits are compiled correctly on both ARM64 and X86_64.

Support DevMap for XDP BPF programs

DevMap can be used when redirecting packets to another interface in XDP.

Support BTF for tc utility

Now BPF programs for tc can make use of BPF helpers that requires BTF. For
example, bpf_spin_lock helper function.

Bump up bindgen to 0.59.2

Now fields of which name is try in C can be converted to Rust
language. Some of the Linux kernel structures contain fields of which name is
try.

Add some safe wrappers of BPF helpers that never fail

Update BPF program template

Contributors

Thank you very much for your contribution.

• @ihciah
• @kriomant
• @rhdxmr
• @rsdy

v2.2.0 release

Here are the added features of v2.2.0 since the last release (v2.1.0)

Remove .text section from ELF relocatable file

The ELF relocatable files compiled by cargo-bpf had contained .text
section. This section is totally ignored by RedBPF runtime but it is bothersome
when users try loading the ELF relocatable file with tc utility. Because tc
rejects loading the ELF object file if the file has .text section.

Now .text section does not exist in the ELF relocatable file. So users who
try using tc_action don't need to strip the .text section in person.

• PR #224

Add PerCPuHashMap, LruHashMap and LruPerCpuHashMap

They are implemented both for BPF probes and userspace API in the redbpf_probes::maps and
in the redbpf.

• PR #215

Add redbpf::SkLookup

This structure can be used to attach BPF program for socket lookup to specific
network namespace.

Note that it is implemented only in the redbpf crate for userspace API. The
API for BPF probes is not supported yet. It is expected that probes API will be
added later.

• PR #216

Add redbpf::XDP::detach_xdp method

Now users can detach XDP BPF probes programmatically.

• PR #211

Update the tutorial

Some users had struggled with RedBPF because they had not enough background of
RedBPF. So some information that they should know before they were in trouble,
was updated into the tutorial.

Please let me know what part of RedBPF bothers you. I'll answer your question
and keep update the documentation.

• PR #217

Support the Linux kernel v5.15

Since the Linux kernel v5.15, the vmlinux includes struct bpf_timer. Before
v2.2.0, RedBPF failed to generate right rust bindings of Linux kernel v5.15
with vmlinux.

• PR #223

Use docs.rs

Packages uploaded to crates.io starts to give documentation URL of
docs.rs. docs.rs is regular place to serve crates' documentation.

• PR #225

Contributors

Thank you for showing your interest in RedBPF and contributing to it. I was
delighted to collaborate with you.

@eero-thia @raftario @rhdxmr @rsdy

Version 2.1.0

• Add BPF iterator for task struct
• Allow unsafe function as BPF programs
• Support recovering original function parameters in retprobe
• Allow defining multiple maps in maps section
• Support LLVM 13 to allow rust >= 1.56
• Fix for generating documentation in docs.rs
• Recompile redbpf-probes when KERNEL_SOURCE, KERNEL_VERSION and REDBPF_VMLINUX environments variables are changed

Contributors

@p-e-w @rhdxmr @rsdy

Support Rust 1.55

This release fixes build for Rust 1.55 and other minor documentation and build improvements.

Fix build issues

This is a tiny release that fixes build issues that arise in certain scenarios. For more information, look at #173 .

redBPF 2.0

The foniod community edition

This release marks our departure from the original home of the project, Red Sift. After the donation of redBPF and ingraind to the Cloud Native Computing Foundation, the two projects are now maintained by the foniod community. As part of the
CNCF, we are independent self-governed project, with no corporate affiliation.

Since April, development is also not sponsored by the orignal developer, Red Sift. We would like to thank everybody who supported and advocated for the transition, and those who continue to support the project with their time and effort to make this release possible.

foniod is named after fonio, an ancient grain. foniod marks a continuity with ingraind, the previous name. Very importantly, fonio was chosen just because it ends with IO.

Our new logo was kindly made by the CNCF's designer team.

Most of the code in this release is the work of Junyeong Jeong (@rhdxmr), and reviewed by Peter Parkanyi (@rsdy).

If you're keen to get involved, please reach us on matrix, or take a peek at our subreddit.

Now, let's move on to the meat of this release, and all the goods that are in it!

Support vmlinux for BTF information

In the past, the running Linux kernel's headers were necessary to generate Rust bindings for the kernel structs that BPF programs use.

With the new support for BTF, if build machines have a usable vmlinux kernel image, redBPF can generate Rust bindings from it and then BPF programs can be compiled without access to the source.

The required behaviour can be set using environment variables. If redBPF users do not set any environment variables during compilation, redBPF will first tries to find the kernel sources. If it fails, it will try to find the vmlinux image.

If REDBPF_VMLINUX is set, then redBPF tries compiling only with vmlinux.

If either KERNEL_SOURCE or KERNEL_VERSION variables are set, redBPF will use the path or version for generating bindings.

Refer to the documentation of redbpf-probes/lib.rs for more information.

Support BTF for BPF maps

redBPF can now parse a .BTF section in a relocatable ELF file to load BPF maps with BTF enabled. Users can now dump BPF map as JSON format when they use bpftool map dump command.

Pin maps with Map::pin

pin, unpin and from_pin_file methods were added to redbpf::Map. A BPF map can be pinned to a given file path under the BPF filesystem by calling Map::pin. It can then be unpinned by calling Map::unpin or by removing the file directly. Normally BPF filesystem is mounted at /sys/fs/bpf.

See sharemap example to learn how to use map pinning features.

Use LLVM 12

redBPF uses LLVM 12 as default. LLVM 11 can be used instead with enabling llvm11 and disabling default-features in Cargo.toml.

Add SockMap

A sockmap supports the redirection of packets to another socket.

#[stream_parser] can be used to define a stream parser and #[stream_verdict] is for a stream verdict.

See the echo example to learn how to use sockmap.

Add Array and PerCpuArray

Array is a kind of BPF map that can contain a fixed length of elements. PerCpuArray is the same except that it is allocated with per-CPU memory in the kernel so users do not need to worry about data races.

See the biolatpcts example to learn how to use PerCpuArray

Load a maps section created by libbpf

If a relocatable ELF file contains a maps, redBPF will assume that multiple maps are defined in that section. This is the structure
libbpf generates, and it helps with interoperability between the libraries.

Introduce ModuleBuilder

Using redbpf::Module::parse to parse a relocatable ELF file will load maps and programs. Now with the addition of
redbpf::ModuleBuilder, redBPF allows splitting the parsing and loading as separate steps, so users can manipulate maps or programs before loading them.

See the sharemap2 example to learn how to use ModuleBuilder.

Modify kprobe/uprobe detachable

redbpf::KProbe::detach_kprobe and redbpf::UProbe::detach_uprobe methods were added. kprobe/uprobe can be repeatedly attached and detached.

Fix TcAction variants

TcAction is updated. The variants were outdated because they referred to the old manpage.

Add TcHashMap

BPF program loaded by tc utility can handle BPF map using redbpf_probes::tc::maps::TcHashMap. Corresponding userspace programs that rely on redBPF can also communicate with the maps by loading them with Map::from_pin_file. See tc-map-share example to learn how to do that.

Check EUID

Examples require root privileges and it checks euid is zero, not uid.

Remove BCC dependency

redBPF had depended on BCC and libbpf. But BCC dependency is removed.

Support NixOS

redBPF can be used in NixOS

Support Alpine Linux

redBPF can be used in Alpine Linux

Upgrade Tokio to 1.0

redBPF depends on Tokio v1

Upgrade libbpf

redBPF now depends on the latest libbpf

Comply DCO

Contributors of redbpf must conform to Developer Certificate Origin for their commits to be accepted. So contributors should append Signed-off-by to commit messages.

Add more examples

To aid users to understand how to use redBPF, several examples are added.

Use tracing crate

redBPF now utilizes tracing crate to record debug or error logs. redBPF users can subscribe log messages using tracing_subscriber crate.

See any examples of example-userspace to learn how to subscribe to log messages of redBPF.

Contributors

Contribution stats after v1.3.0

• @rhdxmr Junyeong Jeong
• @Escapingbug Anciety
• @belltoy belltoy
• @jvns Julia Evans
• @kbknapp Kevin K
• @lwintermelon lwintermelon
• @p-e-w Philipp Emanuel Weidmann
• @rsdy Peter Parkanyi

2.0.0-rc3

Include libbpf in the published archive.

2.0.0-rc2

Test automated release process and fix 2.0.0-rc1 mishaps.

2.0.0-rc1

This is a test release to allow users to allow users to test new features and ensure our release process is in working order.

Improved loader, TC support, and faster builds!

This is a pretty exciting release with some long overdue improvements. First off, better handling of relocations in the loader make writing idiomatic programs a lot easier, thanks to the work of @alessandrod. To make development faster, there's also an awesome patchset by @kbknapp that speeds up the build.

On top of that, the TC/libbpf compatibility improved in this release, so you can manually add multiple maps to the same ELF section using an improved API, thanks to @kbknapp. Improved examples are also added to the repo through the work of @rhdxmr

Contributors:
@alessandrod
@kbknapp
@rhdxmr
@shun159

Thanks to everyone who contributed to this release!
Happy hacking!