Add support for CgroupAttachFlags.

This change allows an eBPF program to attach when an existing program is
in place, such as via the "ALLOW_MULTI" flag.

aya/src/maps/mod.rs

@@ -31,13 +31,13 @@
 //! # }
 //! # let mut bpf = aya::Ebpf::load(&[])?;
 //! use aya::maps::SockMap;
-//! use aya::programs::SkMsg;
+//! use aya::programs::{CgroupAttachFlags, SkMsg};
 //!
 //! let intercept_egress = SockMap::try_from(bpf.map_mut("INTERCEPT_EGRESS").unwrap())?;
 //! let map_fd = intercept_egress.fd().try_clone()?;
 //! let prog: &mut SkMsg = bpf.program_mut("intercept_egress_packet").unwrap().try_into()?;
 //! prog.load()?;
-//! prog.attach(&map_fd)?;
+//! prog.attach(&map_fd, CgroupAttachFlags::empty())?;
 //!
 //! # Ok::<(), Error>(())
 //! ```

aya/src/maps/sock/sock_hash.rs

@@ -45,14 +45,14 @@ use crate::{
 /// use std::net::TcpStream;
 /// use std::os::fd::AsRawFd;
 /// use aya::maps::SockHash;
-/// use aya::programs::SkMsg;
+/// use aya::programs::{CgroupAttachFlags, SkMsg};
 ///
 /// let mut intercept_egress = SockHash::<_, u32>::try_from(bpf.map("INTERCEPT_EGRESS").unwrap())?;
 /// let map_fd = intercept_egress.fd().try_clone()?;
 ///
 /// let prog: &mut SkMsg = bpf.program_mut("intercept_egress_packet").unwrap().try_into()?;
 /// prog.load()?;
-/// prog.attach(&map_fd)?;
+/// prog.attach(&map_fd, CgroupAttachFlags::empty())?;
 ///
 /// let mut client = TcpStream::connect("127.0.0.1:1234")?;
 /// let mut intercept_egress = SockHash::try_from(bpf.map_mut("INTERCEPT_EGRESS").unwrap())?;

aya/src/maps/sock/sock_map.rs

@@ -39,14 +39,14 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use aya::maps::SockMap;
-/// use aya::programs::SkSkb;
+/// use aya::programs::{CgroupAttachFlags, SkSkb};
 ///
 /// let intercept_ingress = SockMap::try_from(bpf.map("INTERCEPT_INGRESS").unwrap())?;
 /// let map_fd = intercept_ingress.fd().try_clone()?;
 ///
 /// let prog: &mut SkSkb = bpf.program_mut("intercept_ingress_packet").unwrap().try_into()?;
 /// prog.load()?;
-/// prog.attach(&map_fd)?;
+/// prog.attach(&map_fd, CgroupAttachFlags::empty())?;
 ///
 /// # Ok::<(), Error>(())
 /// ```

aya/src/programs/cgroup_device.rs

@@ -5,8 +5,8 @@ use std::os::fd::AsFd;
 use crate::{
  generated::{bpf_attach_type::BPF_CGROUP_DEVICE, bpf_prog_type::BPF_PROG_TYPE_CGROUP_DEVICE},
  programs::{
- bpf_prog_get_fd_by_id, define_link_wrapper, load_program, query, FdLink, Link,
- ProgAttachLink, ProgramData, ProgramError, ProgramFd,
+ bpf_prog_get_fd_by_id, define_link_wrapper, load_program, query, CgroupAttachFlags, FdLink,
+ Link, ProgAttachLink, ProgramData, ProgramError, ProgramFd,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -38,12 +38,12 @@ use crate::{
 /// # Ebpf(#[from] aya::EbpfError)
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
-/// use aya::programs::CgroupDevice;
+/// use aya::programs::{CgroupAttachFlags, CgroupDevice};
 ///
 /// let cgroup = std::fs::File::open("/sys/fs/cgroup/unified")?;
 /// let program: &mut CgroupDevice = bpf.program_mut("cgroup_dev").unwrap().try_into()?;
 /// program.load()?;
-/// program.attach(cgroup)?;
+/// program.attach(cgroup, CgroupAttachFlags::empty())?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -61,7 +61,11 @@ impl CgroupDevice {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupDevice::detach]
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupDeviceLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ flags: CgroupAttachFlags,
+ ) -> Result<CgroupDeviceLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
@@ -72,7 +76,7 @@ impl CgroupDevice {
  LinkTarget::Fd(cgroup_fd),
  BPF_CGROUP_DEVICE,
  None,
- 0,
+ flags.bits(),
  )
  .map_err(|(_, io_error)| SyscallError {
  call: "bpf_link_create",
@@ -84,7 +88,7 @@ impl CgroupDevice {
  FdLink::new(link_fd),
  )))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE, flags.bits())?;
 
  self.data
  .links

aya/src/programs/cgroup_skb.rs

@@ -8,7 +8,8 @@ use crate::{
  bpf_prog_type::BPF_PROG_TYPE_CGROUP_SKB,
  },
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachFlags, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -43,12 +44,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::{CgroupSkb, CgroupSkbAttachType};
+/// use aya::programs::{CgroupAttachFlags, CgroupSkb, CgroupSkbAttachType};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let egress: &mut CgroupSkb = bpf.program_mut("egress_filter").unwrap().try_into()?;
 /// egress.load()?;
-/// egress.attach(file, CgroupSkbAttachType::Egress)?;
+/// egress.attach(file, CgroupSkbAttachType::Egress, CgroupAttachFlags::empty())?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -87,6 +88,7 @@ impl CgroupSkb {
  &mut self,
  cgroup: T,
  attach_type: CgroupSkbAttachType,
+ flags: CgroupAttachFlags,
  ) -> Result<CgroupSkbLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
@@ -97,18 +99,24 @@ impl CgroupSkb {
  CgroupSkbAttachType::Egress => BPF_CGROUP_INET_EGRESS,
  };
  if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
- let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, None, 0)
- .map_err(|(_, io_error)| SyscallError {
- call: "bpf_link_create",
- io_error,
- })?;
+ let link_fd = bpf_link_create(
+ prog_fd,
+ LinkTarget::Fd(cgroup_fd),
+ attach_type,
+ None,
+ flags.bits(),
+ )
+ .map_err(|(_, io_error)| SyscallError {
+ call: "bpf_link_create",
+ io_error,
+ })?;
  self.data
  .links
  .insert(CgroupSkbLink::new(CgroupSkbLinkInner::Fd(FdLink::new(
  link_fd,
  ))))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type, flags.bits())?;
 
  self.data
  .links

aya/src/programs/cgroup_sock.rs

@@ -7,7 +7,8 @@ pub use aya_obj::programs::CgroupSockAttachType;
 use crate::{
  generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK,
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachFlags, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -41,12 +42,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::{CgroupSock, CgroupSockAttachType};
+/// use aya::programs::{CgroupAttachFlags, CgroupSock, CgroupSockAttachType};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let bind: &mut CgroupSock = bpf.program_mut("bind").unwrap().try_into()?;
 /// bind.load()?;
-/// bind.attach(file)?;
+/// bind.attach(file, CgroupAttachFlags::empty())?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -66,24 +67,34 @@ impl CgroupSock {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupSock::detach].
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupSockLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ flags: CgroupAttachFlags,
+ ) -> Result<CgroupSockLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
  let attach_type = self.data.expected_attach_type.unwrap();
  if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
- let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, None, 0)
- .map_err(|(_, io_error)| SyscallError {
- call: "bpf_link_create",
- io_error,
- })?;
+ let link_fd = bpf_link_create(
+ prog_fd,
+ LinkTarget::Fd(cgroup_fd),
+ attach_type,
+ None,
+ flags.bits(),
+ )
+ .map_err(|(_, io_error)| SyscallError {
+ call: "bpf_link_create",
+ io_error,
+ })?;
  self.data
  .links
  .insert(CgroupSockLink::new(CgroupSockLinkInner::Fd(FdLink::new(
  link_fd,
  ))))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type, flags.bits())?;
 
  self.data
  .links

aya/src/programs/cgroup_sock_addr.rs

@@ -7,7 +7,8 @@ pub use aya_obj::programs::CgroupSockAddrAttachType;
 use crate::{
  generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachFlags, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -42,12 +43,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::{CgroupSockAddr, CgroupSockAddrAttachType};
+/// use aya::programs::{CgroupAttachFlags, CgroupSockAddr, CgroupSockAddrAttachType};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let egress: &mut CgroupSockAddr = bpf.program_mut("connect4").unwrap().try_into()?;
 /// egress.load()?;
-/// egress.attach(file)?;
+/// egress.attach(file, CgroupAttachFlags::empty())?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -67,24 +68,34 @@ impl CgroupSockAddr {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupSockAddr::detach].
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupSockAddrLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ flags: CgroupAttachFlags,
+ ) -> Result<CgroupSockAddrLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
  let attach_type = self.data.expected_attach_type.unwrap();
  if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
- let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, None, 0)
- .map_err(|(_, io_error)| SyscallError {
- call: "bpf_link_create",
- io_error,
- })?;
+ let link_fd = bpf_link_create(
+ prog_fd,
+ LinkTarget::Fd(cgroup_fd),
+ attach_type,
+ None,
+ flags.bits(),
+ )
+ .map_err(|(_, io_error)| SyscallError {
+ call: "bpf_link_create",
+ io_error,
+ })?;
  self.data
  .links
  .insert(CgroupSockAddrLink::new(CgroupSockAddrLinkInner::Fd(
  FdLink::new(link_fd),
  )))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type, flags.bits())?;
 
  self.data.links.insert(CgroupSockAddrLink::new(
  CgroupSockAddrLinkInner::ProgAttach(link),

aya/src/programs/cgroup_sockopt.rs

@@ -7,7 +7,8 @@ pub use aya_obj::programs::CgroupSockoptAttachType;
 use crate::{
  generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCKOPT,
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachFlags, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -39,12 +40,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::CgroupSockopt;
+/// use aya::programs::{CgroupAttachFlags, CgroupSockopt};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let program: &mut CgroupSockopt = bpf.program_mut("cgroup_sockopt").unwrap().try_into()?;
 /// program.load()?;
-/// program.attach(file)?;
+/// program.attach(file, CgroupAttachFlags::empty())?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -64,24 +65,34 @@ impl CgroupSockopt {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupSockopt::detach].
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupSockoptLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ flags: CgroupAttachFlags,
+ ) -> Result<CgroupSockoptLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
  let attach_type = self.data.expected_attach_type.unwrap();
  if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
- let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, None, 0)
- .map_err(|(_, io_error)| SyscallError {
- call: "bpf_link_create",
- io_error,
- })?;
+ let link_fd = bpf_link_create(
+ prog_fd,
+ LinkTarget::Fd(cgroup_fd),
+ attach_type,
+ None,
+ flags.bits(),
+ )
+ .map_err(|(_, io_error)| SyscallError {
+ call: "bpf_link_create",
+ io_error,
+ })?;
  self.data
  .links
  .insert(CgroupSockoptLink::new(CgroupSockoptLinkInner::Fd(
  FdLink::new(link_fd),
  )))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type, flags.bits())?;
 
  self.data
  .links