xref: /DragonOS/user/apps/test_ebpf/src/main.rs (revision fae6e9ade46a52976ad5d099643d51cc20876448) 
1*fae6e9adSlinfeng use aya::maps::HashMap;
2*fae6e9adSlinfeng use aya::programs::KProbe;
3*fae6e9adSlinfeng use aya::{include_bytes_aligned, Ebpf};
4*fae6e9adSlinfeng use aya_log::EbpfLogger;
5*fae6e9adSlinfeng use log::{info, warn};
6*fae6e9adSlinfeng use std::error::Error;
7*fae6e9adSlinfeng use tokio::task::yield_now;
8*fae6e9adSlinfeng use tokio::{signal, time};
9*fae6e9adSlinfeng 
10*fae6e9adSlinfeng #[tokio::main(flavor = "current_thread")]
main() -> Result<(), Box<dyn Error>>11*fae6e9adSlinfeng async fn main() -> Result<(), Box<dyn Error>> {
12*fae6e9adSlinfeng     env_logger::builder()
13*fae6e9adSlinfeng         .filter_level(log::LevelFilter::Warn)
14*fae6e9adSlinfeng         .format_timestamp(None)
15*fae6e9adSlinfeng         .init();
16*fae6e9adSlinfeng 
17*fae6e9adSlinfeng     let mut bpf = Ebpf::load(include_bytes_aligned!(
18*fae6e9adSlinfeng         "../syscall_ebpf/target/bpfel-unknown-none/release/syscall_ebpf"
19*fae6e9adSlinfeng     ))?;
20*fae6e9adSlinfeng 
21*fae6e9adSlinfeng     // create a async task to read the log
22*fae6e9adSlinfeng     if let Err(e) = EbpfLogger::init(&mut bpf) {
23*fae6e9adSlinfeng         // This can happen if you remove all log statements from your eBPF program.
24*fae6e9adSlinfeng         warn!("failed to initialize eBPF logger: {}", e);
25*fae6e9adSlinfeng     }
26*fae6e9adSlinfeng 
27*fae6e9adSlinfeng     let program: &mut KProbe = bpf.program_mut("syscall_ebpf").unwrap().try_into()?;
28*fae6e9adSlinfeng     program.load()?;
29*fae6e9adSlinfeng     program.attach("dragonos_kernel::syscall::Syscall::handle", 0)?;
30*fae6e9adSlinfeng 
31*fae6e9adSlinfeng     info!("attacch the kprobe to dragonos_kernel::syscall::Syscall::handle");
32*fae6e9adSlinfeng 
33*fae6e9adSlinfeng     // print the value of the blocklist per 5 seconds
34*fae6e9adSlinfeng     tokio::spawn(async move {
35*fae6e9adSlinfeng         let blocklist: HashMap<_, u32, u32> =
36*fae6e9adSlinfeng             HashMap::try_from(bpf.map("SYSCALL_LIST").unwrap()).unwrap();
37*fae6e9adSlinfeng         let mut now = time::Instant::now();
38*fae6e9adSlinfeng         loop {
39*fae6e9adSlinfeng             let new_now = time::Instant::now();
40*fae6e9adSlinfeng             let duration = new_now.duration_since(now);
41*fae6e9adSlinfeng             if duration.as_secs() >= 5 {
42*fae6e9adSlinfeng                 println!("------------SYSCALL_LIST----------------");
43*fae6e9adSlinfeng                 let iter = blocklist.iter();
44*fae6e9adSlinfeng                 for item in iter {
45*fae6e9adSlinfeng                     if let Ok((key, value)) = item {
46*fae6e9adSlinfeng                         println!("syscall: {:?}, count: {:?}", key, value);
47*fae6e9adSlinfeng                     }
48*fae6e9adSlinfeng                 }
49*fae6e9adSlinfeng                 println!("----------------------------------------");
50*fae6e9adSlinfeng                 now = new_now;
51*fae6e9adSlinfeng             }
52*fae6e9adSlinfeng             yield_now().await;
53*fae6e9adSlinfeng         }
54*fae6e9adSlinfeng     });
55*fae6e9adSlinfeng 
56*fae6e9adSlinfeng     info!("Waiting for Ctrl-C...");
57*fae6e9adSlinfeng     signal::ctrl_c().await?;
58*fae6e9adSlinfeng     info!("Exiting...");
59*fae6e9adSlinfeng     Ok(())
60*fae6e9adSlinfeng }
61