Add the option to support multiple and overrideable programs per cgroup

aya/src/programs/cgroup_device.rs

@@ -5,8 +5,8 @@ use std::os::fd::AsFd;
 use crate::{
  generated::{bpf_attach_type::BPF_CGROUP_DEVICE, bpf_prog_type::BPF_PROG_TYPE_CGROUP_DEVICE},
  programs::{
- bpf_prog_get_fd_by_id, define_link_wrapper, load_program, query, FdLink, Link,
- ProgAttachLink, ProgramData, ProgramError, ProgramFd,
+ bpf_prog_get_fd_by_id, define_link_wrapper, load_program, query, CgroupAttachMode, FdLink,
+ Link, ProgAttachLink, ProgramData, ProgramError, ProgramFd,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -38,12 +38,12 @@ use crate::{
 /// # Ebpf(#[from] aya::EbpfError)
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
-/// use aya::programs::CgroupDevice;
+/// use aya::programs::{CgroupAttachMode, CgroupDevice};
 ///
 /// let cgroup = std::fs::File::open("/sys/fs/cgroup/unified")?;
 /// let program: &mut CgroupDevice = bpf.program_mut("cgroup_dev").unwrap().try_into()?;
 /// program.load()?;
-/// program.attach(cgroup)?;
+/// program.attach(cgroup, CgroupAttachMode::Single)?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -61,7 +61,11 @@ impl CgroupDevice {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupDevice::detach]
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupDeviceLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ mode: CgroupAttachMode,
+ ) -> Result<CgroupDeviceLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
@@ -72,7 +76,7 @@ impl CgroupDevice {
  LinkTarget::Fd(cgroup_fd),
  BPF_CGROUP_DEVICE,
  None,
- 0,
+ mode.into(),
  )
  .map_err(|(_, io_error)| SyscallError {
  call: "bpf_link_create",
@@ -84,7 +88,7 @@ impl CgroupDevice {
  FdLink::new(link_fd),
  )))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, BPF_CGROUP_DEVICE, mode)?;
 
  self.data
  .links

aya/src/programs/cgroup_skb.rs

@@ -8,7 +8,8 @@ use crate::{
  bpf_prog_type::BPF_PROG_TYPE_CGROUP_SKB,
  },
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachMode, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -43,12 +44,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::{CgroupSkb, CgroupSkbAttachType};
+/// use aya::programs::{CgroupAttachMode, CgroupSkb, CgroupSkbAttachType};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let egress: &mut CgroupSkb = bpf.program_mut("egress_filter").unwrap().try_into()?;
 /// egress.load()?;
-/// egress.attach(file, CgroupSkbAttachType::Egress)?;
+/// egress.attach(file, CgroupSkbAttachType::Egress, CgroupAttachMode::Single)?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -87,6 +88,7 @@ impl CgroupSkb {
  &mut self,
  cgroup: T,
  attach_type: CgroupSkbAttachType,
+ mode: CgroupAttachMode,
  ) -> Result<CgroupSkbLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
@@ -97,18 +99,24 @@ impl CgroupSkb {
  CgroupSkbAttachType::Egress => BPF_CGROUP_INET_EGRESS,
  };
  if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
- let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, None, 0)
- .map_err(|(_, io_error)| SyscallError {
- call: "bpf_link_create",
- io_error,
- })?;
+ let link_fd = bpf_link_create(
+ prog_fd,
+ LinkTarget::Fd(cgroup_fd),
+ attach_type,
+ None,
+ mode.into(),
+ )
+ .map_err(|(_, io_error)| SyscallError {
+ call: "bpf_link_create",
+ io_error,
+ })?;
  self.data
  .links
  .insert(CgroupSkbLink::new(CgroupSkbLinkInner::Fd(FdLink::new(
  link_fd,
  ))))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type, mode)?;
 
  self.data
  .links

aya/src/programs/cgroup_sock.rs

@@ -7,7 +7,8 @@ pub use aya_obj::programs::CgroupSockAttachType;
 use crate::{
  generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK,
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachMode, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -41,12 +42,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::{CgroupSock, CgroupSockAttachType};
+/// use aya::programs::{CgroupAttachMode, CgroupSock, CgroupSockAttachType};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let bind: &mut CgroupSock = bpf.program_mut("bind").unwrap().try_into()?;
 /// bind.load()?;
-/// bind.attach(file)?;
+/// bind.attach(file, CgroupAttachMode::Single)?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -66,24 +67,34 @@ impl CgroupSock {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupSock::detach].
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupSockLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ mode: CgroupAttachMode,
+ ) -> Result<CgroupSockLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
  let attach_type = self.data.expected_attach_type.unwrap();
  if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
- let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, None, 0)
- .map_err(|(_, io_error)| SyscallError {
- call: "bpf_link_create",
- io_error,
- })?;
+ let link_fd = bpf_link_create(
+ prog_fd,
+ LinkTarget::Fd(cgroup_fd),
+ attach_type,
+ None,
+ mode.into(),
+ )
+ .map_err(|(_, io_error)| SyscallError {
+ call: "bpf_link_create",
+ io_error,
+ })?;
  self.data
  .links
  .insert(CgroupSockLink::new(CgroupSockLinkInner::Fd(FdLink::new(
  link_fd,
  ))))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type, mode)?;
 
  self.data
  .links

aya/src/programs/cgroup_sock_addr.rs

@@ -7,7 +7,8 @@ pub use aya_obj::programs::CgroupSockAddrAttachType;
 use crate::{
  generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachMode, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -42,12 +43,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::{CgroupSockAddr, CgroupSockAddrAttachType};
+/// use aya::programs::{CgroupAttachMode, CgroupSockAddr, CgroupSockAddrAttachType};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let egress: &mut CgroupSockAddr = bpf.program_mut("connect4").unwrap().try_into()?;
 /// egress.load()?;
-/// egress.attach(file)?;
+/// egress.attach(file, CgroupAttachMode::Single)?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -67,24 +68,34 @@ impl CgroupSockAddr {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupSockAddr::detach].
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupSockAddrLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ mode: CgroupAttachMode,
+ ) -> Result<CgroupSockAddrLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
  let attach_type = self.data.expected_attach_type.unwrap();
  if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
- let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, None, 0)
- .map_err(|(_, io_error)| SyscallError {
- call: "bpf_link_create",
- io_error,
- })?;
+ let link_fd = bpf_link_create(
+ prog_fd,
+ LinkTarget::Fd(cgroup_fd),
+ attach_type,
+ None,
+ mode.into(),
+ )
+ .map_err(|(_, io_error)| SyscallError {
+ call: "bpf_link_create",
+ io_error,
+ })?;
  self.data
  .links
  .insert(CgroupSockAddrLink::new(CgroupSockAddrLinkInner::Fd(
  FdLink::new(link_fd),
  )))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type, mode)?;
 
  self.data.links.insert(CgroupSockAddrLink::new(
  CgroupSockAddrLinkInner::ProgAttach(link),

aya/src/programs/cgroup_sockopt.rs

@@ -7,7 +7,8 @@ pub use aya_obj::programs::CgroupSockoptAttachType;
 use crate::{
  generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCKOPT,
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachMode, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -39,12 +40,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::CgroupSockopt;
+/// use aya::programs::{CgroupAttachMode, CgroupSockopt};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let program: &mut CgroupSockopt = bpf.program_mut("cgroup_sockopt").unwrap().try_into()?;
 /// program.load()?;
-/// program.attach(file)?;
+/// program.attach(file, CgroupAttachMode::Single)?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -64,24 +65,34 @@ impl CgroupSockopt {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupSockopt::detach].
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupSockoptLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ mode: CgroupAttachMode,
+ ) -> Result<CgroupSockoptLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
  let attach_type = self.data.expected_attach_type.unwrap();
  if KernelVersion::current().unwrap() >= KernelVersion::new(5, 7, 0) {
- let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, None, 0)
- .map_err(|(_, io_error)| SyscallError {
- call: "bpf_link_create",
- io_error,
- })?;
+ let link_fd = bpf_link_create(
+ prog_fd,
+ LinkTarget::Fd(cgroup_fd),
+ attach_type,
+ None,
+ mode.into(),
+ )
+ .map_err(|(_, io_error)| SyscallError {
+ call: "bpf_link_create",
+ io_error,
+ })?;
  self.data
  .links
  .insert(CgroupSockoptLink::new(CgroupSockoptLinkInner::Fd(
  FdLink::new(link_fd),
  )))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, attach_type, mode)?;
 
  self.data
  .links

aya/src/programs/cgroup_sysctl.rs

@@ -5,7 +5,8 @@ use std::{hash::Hash, os::fd::AsFd};
 use crate::{
  generated::{bpf_attach_type::BPF_CGROUP_SYSCTL, bpf_prog_type::BPF_PROG_TYPE_CGROUP_SYSCTL},
  programs::{
- define_link_wrapper, load_program, FdLink, Link, ProgAttachLink, ProgramData, ProgramError,
+ define_link_wrapper, load_program, CgroupAttachMode, FdLink, Link, ProgAttachLink,
+ ProgramData, ProgramError,
  },
  sys::{bpf_link_create, LinkTarget, SyscallError},
  util::KernelVersion,
@@ -36,12 +37,12 @@ use crate::{
 /// # }
 /// # let mut bpf = aya::Ebpf::load(&[])?;
 /// use std::fs::File;
-/// use aya::programs::CgroupSysctl;
+/// use aya::programs::{CgroupAttachMode, CgroupSysctl};
 ///
 /// let file = File::open("/sys/fs/cgroup/unified")?;
 /// let program: &mut CgroupSysctl = bpf.program_mut("cgroup_sysctl").unwrap().try_into()?;
 /// program.load()?;
-/// program.attach(file)?;
+/// program.attach(file, CgroupAttachMode::Single)?;
 /// # Ok::<(), Error>(())
 /// ```
 #[derive(Debug)]
@@ -59,7 +60,11 @@ impl CgroupSysctl {
  /// Attaches the program to the given cgroup.
  ///
  /// The returned value can be used to detach, see [CgroupSysctl::detach].
- pub fn attach<T: AsFd>(&mut self, cgroup: T) -> Result<CgroupSysctlLinkId, ProgramError> {
+ pub fn attach<T: AsFd>(
+ &mut self,
+ cgroup: T,
+ mode: CgroupAttachMode,
+ ) -> Result<CgroupSysctlLinkId, ProgramError> {
  let prog_fd = self.fd()?;
  let prog_fd = prog_fd.as_fd();
  let cgroup_fd = cgroup.as_fd();
@@ -70,7 +75,7 @@ impl CgroupSysctl {
  LinkTarget::Fd(cgroup_fd),
  BPF_CGROUP_SYSCTL,
  None,
- 0,
+ mode.into(),
  )
  .map_err(|(_, io_error)| SyscallError {
  call: "bpf_link_create",
@@ -82,7 +87,7 @@ impl CgroupSysctl {
  FdLink::new(link_fd),
  )))
  } else {
- let link = ProgAttachLink::attach(prog_fd, cgroup_fd, BPF_CGROUP_SYSCTL)?;
+ let link = ProgAttachLink::attach(prog_fd, cgroup_fd, BPF_CGROUP_SYSCTL, mode)?;
 
  self.data
  .links