Logo

dev-resources.site

for different kinds of informations.

Aya Rust tutorial Part One

Published at
5/9/2024
Categories
ebpf
rust
linux
networking
Author
stevelatif
Categories
4 categories in total
ebpf
open
rust
open
linux
open
networking
open
Author
10 person written this
stevelatif
open
Aya Rust tutorial Part One

© steve latif

Getting started with Aya and eBPF Part 1

Introduction

This is the first in a series of posts looking at eBPF and the
Rust Aya crate. eBPF can run sandboxed programs inside the kernel.
Aya can create the byte code for both the kernel space
programs, and the corresponding userland programs to load the eBPF byte code.

The Extended Berkeley Packet Filter came out as a development on
the Berkeley Packet Filter
dating back to the early 1990s.
BPF based tools tcpdump, ethereal and
the libpcap libraries were used to capture
network packets on the wire, filter them, even inject faults.
Doing anything other than monitoring packets was a time intensive and tricky
operation. More information on eBPF can be found here: https://ebpf.io/

Rust has been around for several years and works well as a system and
general programming language. There are many fine introductions to the language,
a good place to start is here: https://www.rust-lang.org/

In this series of articles we will be looking at
aya-rs, a rust interface to eBPF https://aya-rs.dev/

Two past projects act as motivation for my work with
eBPF and aya.

Scenario 1 SMB Traffic generation

The network interface on
a storage filer was locking up after having
mounted 255 SMB network shares.
To emulate this we had a lab that consisted of:

  • a linux client box
  • smbclient, an FTP like interface to Samba
  • Maxwell Pro from Interworking Labs (iwl.com) to rewrite ethernet headers.

Quick side note on the Maxwell Pro, it
consists of a linux box with two ethernet cards, packets coming in are passed to
a user space application, where they can be modified or have their headers
rewritten, they are then passed out from the other interface.

Image description

This had to be thrown together in a few days using whatever was at hand.

Here's a schematic of the setup, bear in mind that this is Linux circa 2004,
Linux networking was more limited in its capabilities.

Image description

This would simulate from several hundred, to several thousand windows computers
mounting a network share. The share requests would come in from distinct IP and MAC
addresses.

There are 3 hosts:

  • a linux client
    • Depending on the test, this will have between 300 - 5000 virtual IP addresses, each with a unique IP
  • An IWL Maxwell Pro to rewrite the ethernet headers (iwl.com)
  • The device under test: An SMB server

The procedure:

  • A C wrapper script would run multiple invocations of smbclient

    • each smblcient invocation would have it's socket call intercepted and bound to one of the IP addresses using the dynamic linking loader https://man7.org/linux/man-pages/man3/dlopen.3.html
    • The Maxwell Pro would rewrite the outgoing MAC address to one based on the IP address
    • SMB server would respond to the smbclient request
    • The response packets would be intercepted by the Maxwell Pro which would rewrite the SMB server response so that the MAC address was the actual MAC on the linux client

If we were to try to get this working now, could we do it in a more robust manner and not have:

  • The Maxwell Pro
  • Manipulating the dynamic linking loader
  • All the virtual interfaces

Using eBPFs packet parsing and rewriting abilities we could might be able
to do all or some of these.

One of the major headaches with the original project was that it had several disparate
elements implemented in different languages. This was a result of the ad hoc nature of the project.
Being able to build it in a consistent and robust manner would be a major plus.

Scenario 2 Wan Simulation

In this case the ask was to build a wan simulator between two servers to
test acceleration algorithms. The product was a server that might sit in
a remote office and communicate with a similar server in a corporate
data center. Traffic would between the two boxes tunneled and cached
to deal with low bandwidth lossy links.
From the networking perspective this
was more straight forward as it involved using a traffic shaping and
firewalling tool to simulate different WAN scenarios. Most of the work
ended up being in the reporting side of the project.

The traffic shaper/firewall was a FreeBSD tool called dummynet: http://info.iet.unipi.it/~luigi/dummynet/

There were many combinations to test the algorithms in. Stability and consistency
was always a concern.

Image description

Why Use eBPF and Aya?

Both these projects had rapid turnarounds from conception to implementation,
but parts of them were quite fragile. My regret was that I didn't have
full access to the networking stack to manipulate packets as they passed
through the stack. eBPF goes a long way to giving us this ability with some
restrictions.
The SMB trafiic generator had small pieces of code in C for running smbclient,
Perl for setting up the networking environment, C++ for running
in the Maxwell Pro to rewrite the ethernet headers. Building and testing
these small programs could only be done on the hosts where they would run
for the most part. Deployment involved using rsync/sftp to move files around.
Not having a consistent build CI pipeline incurs overhead.
There was a similar situation for the WAN emulator. The traffic shaping tool
was part of the FreeBSD kernel which required a kernel rebuild to deploy it
and could only be tested once in place.

Aya allows you to use eBPF, but also build both your userspace and kernel
code with one command using Cargo. Testing and deployments are now
much easier. There are other language bindings to use eBPF, several
of which are relatively mature. Rust does have more stringent requirements
during the compilation phase for code hygiene. This can only be a good thing
when generating code that will be run with escalated privileges.

Next Steps

The first goal will be to learn enough about Aya and eBPF to see if we can
implement, or at least think of implementing some parts of the traffic
generator and traffic shaper. These are esoteric tools
but the ideas that we will need for implementing them will mean that
we can talk about

  • firewalls
  • load balancers
  • networking protocols
ebpf Article's
30 articles in total
Favicon
Unlocking Cloud-Native Security with Cilium and eBPF
Favicon
Let’s Get Into the Weeds: The OSI Model and Why it Still Matters
Favicon
Expanding eBPF Compile Once, Run Everywhere(CO-RE) to Userspace Compatibility
Favicon
eBPF Practical Tutorial: Using eBPF to Trace Go Routine States
Favicon
Measuring Function Latency with eBPF
Favicon
The use of eBPF – in Netflix, GPU infrastructure, Windows programs and more
Favicon
eBPF Tutorial by Example 21: Programmable Packet Processing with XDP
Favicon
eBPF Tutorial by Example: Capturing TCP Information with XDP
Favicon
eBPF Development Practice: Modifying System Call Arguments with eBPF
Favicon
eBPF Developer Tutorial: XDP Load Balancer
Favicon
Using eBPF to Trace Nginx Requests
Favicon
Fast Packet IO
Favicon
eBPF: Revolutionizing Linux Kernel Programming
Favicon
Cilium no EKS [Lab Session]
Favicon
Fooling Port Scanners: Simulating Open Ports with eBPF and Rust
Favicon
Simple Firewall with Rust and Aya
Favicon
Aya Rust Tutorial part 5: Using Maps
Favicon
Aya Rust tutorial Part Four XDP Hello World
Favicon
eBPF, sidecars, and the future of the service mesh
Favicon
eBPF: Unleashing Kernel Magic for Modern Infrastructure
Favicon
Aya Rust tutorial Part Two - Setting up
Favicon
Aya Rust tutorial Part Three XDP Pass
Favicon
Aya Rust tutorial Part One
Favicon
Unveiling the Simplicity of Cluster Mesh for Kubernetes Deployments
Favicon
Beyond the Buzz: Embracing the Magic of eBPF in Kubernetes
Favicon
Wednesday Links - Edition 2023-03-13
Favicon
Why context matters in Kubernetes security 
Favicon
Programmability and Performance in the Linux Kernel by eBPF.
Favicon
eBPF, Service Mesh and Sidecar
Favicon
eBPF Tutorial by Example 16: Monitoring Memory Leaks

Featured ones: