The first release of the Aya library is presented, which allows you to create eBPF handlers in the Rust language that run inside the Linux kernel in a special virtual machine with JIT. Unlike other eBPF development tools, Aya does not use libbpf and the bcc compiler, but instead offers its own implementation written in Rust, which uses the libc crate package to directly access kernel system calls. Building Aya does not require C language tooling or kernel header files. The library code is distributed under the MIT and Apache 2.0 licenses.
Key features:
- Support for BTF (BPF Type Format), which provides type information in BPF pseudocode for type checking and mapping to types provided by the current kernel. The use of BTF makes it possible to create universal eBPF handlers that can be used without recompilation with different versions of the Linux kernel.
- Support for βbpf-to-bpfβ calls, global variables and initializers, which allows you to design programs for eBPF in a similar way to regular programs that use aya as a runtime that redefines functions taking into account work in eBPF.
- Support for various kernel types, including regular arrays, hashes maps, stacks, queues, stack traces, as well as socket and performance tracking structures.
- Ability to create various types of eBTF programs, including programs for filtering and managing traffic, cgroup handlers and various socket operations, XDP programs.
- Support for platforms for asynchronous request processing in non-blocking mode tokio and async-std.
- Fast assembly, without any connection to the kernel assembly and kernel header files.
The project is still considered experimental - the API has not yet been stabilized and continues to develop. Also, all planned opportunities have not yet been realized. By the end of the year, the developers expect to bring the functionality of Aya to parity with libbpf, and in January 2022 to create the first stable release. There are also plans to combine the parts of Aya needed to write Rust code for the Linux kernel with the user-space components used to load, attach, and interact with eBPF programs.
Let us recall that eBPF is a bytecode interpreter built into the Linux kernel, which allows you to create network operation handlers, monitor system operation, intercept system calls, control access, process events while maintaining timing, calculate the frequency and time of operations, perform tracing using kprobes/uprobes /tracepoints. Thanks to the use of JIT compilation, bytecode is translated on the fly into machine instructions and executed with the performance of native code. XDP provides tools for running BPF programs at the network driver level, with the ability to directly access the DMA packet buffer, which allows you to create high-performance processors for working under heavy network load.
Source: opennet.ru