Skip to content

aya: Set attach mode flag to 0 in bpf_link_create #1408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
mehnazyunus wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

aya: Set attach mode flag to 0 in bpf_link_create #1408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion aya/src/programs/cgroup_device.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ use std::os::fd::AsFd;
use aya_obj::generated::{
bpf_attach_type::BPF_CGROUP_DEVICE, bpf_prog_type::BPF_PROG_TYPE_CGROUP_DEVICE,
};
use log::warn;

use crate::{
programs::{
Expand Down Expand Up @@ -67,6 +68,11 @@ impl CgroupDevice {
/// Attaches the program to the given cgroup.
///
/// The returned value can be used to detach, see [CgroupDevice::detach]
///
/// # Warning
///
/// On kernels 5.7.0 and later, attach modes other than `CgroupAttachMode::default()` are not passed to `bpf_link_create`.
/// On older kernels (using `bpf_prog_attach`), the attach mode is honored.
pub fn attach<T: AsFd>(
&mut self,
cgroup: T,
Expand All @@ -77,11 +83,17 @@ impl CgroupDevice {
let cgroup_fd = cgroup.as_fd();

if KernelVersion::at_least(5, 7, 0) {
if mode != CgroupAttachMode::default() {
warn!(
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrase "passed on to" should be "passed to" for grammatical correctness.

Suggested change
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
"CgroupAttachMode {:?} will not be passed to bpf_link_create",

Copilot uses AI. Check for mistakes.
mode
);
}
let link_fd = bpf_link_create(
prog_fd,
LinkTarget::Fd(cgroup_fd),
BPF_CGROUP_DEVICE,
mode.into(),
0,
None,
)
.map_err(|io_error| SyscallError {
Expand Down
28 changes: 17 additions & 11 deletions aya/src/programs/cgroup_skb.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ use aya_obj::generated::{
bpf_attach_type::{BPF_CGROUP_INET_EGRESS, BPF_CGROUP_INET_INGRESS},
bpf_prog_type::BPF_PROG_TYPE_CGROUP_SKB,
};
use log::warn;

use crate::{
VerifierLogLevel,
Expand Down Expand Up @@ -86,6 +87,11 @@ impl CgroupSkb {
/// Attaches the program to the given cgroup.
///
/// The returned value can be used to detach, see [CgroupSkb::detach].
///
/// # Warning
///
/// On kernels 5.7.0 and later, attach modes other than `CgroupAttachMode::default()` are not passed to `bpf_link_create`.
/// On older kernels (using `bpf_prog_attach`), the attach mode is honored.
pub fn attach<T: AsFd>(
&mut self,
cgroup: T,
Expand All @@ -101,17 +107,17 @@ impl CgroupSkb {
CgroupSkbAttachType::Egress => BPF_CGROUP_INET_EGRESS,
};
if KernelVersion::at_least(5, 7, 0) {
let link_fd = bpf_link_create(
prog_fd,
LinkTarget::Fd(cgroup_fd),
attach_type,
mode.into(),
None,
)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
if mode != CgroupAttachMode::default() {
warn!(
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrase "passed on to" should be "passed to" for grammatical correctness.

Suggested change
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
"CgroupAttachMode {:?} will not be passed to bpf_link_create",

Copilot uses AI. Check for mistakes.
mode
);
}
let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
self.data
.links
.insert(CgroupSkbLink::new(CgroupSkbLinkInner::Fd(FdLink::new(
Expand Down
28 changes: 17 additions & 11 deletions aya/src/programs/cgroup_sock.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ use std::{hash::Hash, os::fd::AsFd, path::Path};

use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK;
pub use aya_obj::programs::CgroupSockAttachType;
use log::warn;

use crate::{
VerifierLogLevel,
Expand Down Expand Up @@ -70,6 +71,11 @@ impl CgroupSock {
/// Attaches the program to the given cgroup.
///
/// The returned value can be used to detach, see [CgroupSock::detach].
///
/// # Warning
///
/// On kernels 5.7.0 and later, attach modes other than `CgroupAttachMode::default()` are not passed to `bpf_link_create`.
/// On older kernels (using `bpf_prog_attach`), the attach mode is honored.
pub fn attach<T: AsFd>(
&mut self,
cgroup: T,
Expand All @@ -80,17 +86,17 @@ impl CgroupSock {
let cgroup_fd = cgroup.as_fd();
let attach_type = self.data.expected_attach_type.unwrap();
if KernelVersion::at_least(5, 7, 0) {
let link_fd = bpf_link_create(
prog_fd,
LinkTarget::Fd(cgroup_fd),
attach_type,
mode.into(),
None,
)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
if mode != CgroupAttachMode::default() {
warn!(
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrase "passed on to" should be "passed to" for grammatical correctness.

Suggested change
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
"CgroupAttachMode {:?} will not be passed to bpf_link_create",

Copilot uses AI. Check for mistakes.
mode
);
}
let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
self.data
.links
.insert(CgroupSockLink::new(CgroupSockLinkInner::Fd(FdLink::new(
Expand Down
28 changes: 17 additions & 11 deletions aya/src/programs/cgroup_sock_addr.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ use std::{hash::Hash, os::fd::AsFd, path::Path};

use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK_ADDR;
pub use aya_obj::programs::CgroupSockAddrAttachType;
use log::warn;

use crate::{
VerifierLogLevel,
Expand Down Expand Up @@ -71,6 +72,11 @@ impl CgroupSockAddr {
/// Attaches the program to the given cgroup.
///
/// The returned value can be used to detach, see [CgroupSockAddr::detach].
///
/// # Warning
///
/// On kernels 5.7.0 and later, attach modes other than `CgroupAttachMode::default()` are not passed to `bpf_link_create`.
/// On older kernels (using `bpf_prog_attach`), the attach mode is honored.
pub fn attach<T: AsFd>(
&mut self,
cgroup: T,
Expand All @@ -81,17 +87,17 @@ impl CgroupSockAddr {
let cgroup_fd = cgroup.as_fd();
let attach_type = self.data.expected_attach_type.unwrap();
if KernelVersion::at_least(5, 7, 0) {
let link_fd = bpf_link_create(
prog_fd,
LinkTarget::Fd(cgroup_fd),
attach_type,
mode.into(),
None,
)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
if mode != CgroupAttachMode::default() {
warn!(
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrase "passed on to" should be "passed to" for grammatical correctness.

Suggested change
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
"CgroupAttachMode {:?} will not be passed to bpf_link_create",

Copilot uses AI. Check for mistakes.
mode
);
}
let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
self.data
.links
.insert(CgroupSockAddrLink::new(CgroupSockAddrLinkInner::Fd(
Expand Down
28 changes: 17 additions & 11 deletions aya/src/programs/cgroup_sockopt.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ use std::{hash::Hash, os::fd::AsFd, path::Path};

use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCKOPT;
pub use aya_obj::programs::CgroupSockoptAttachType;
use log::warn;

use crate::{
VerifierLogLevel,
Expand Down Expand Up @@ -68,6 +69,11 @@ impl CgroupSockopt {
/// Attaches the program to the given cgroup.
///
/// The returned value can be used to detach, see [CgroupSockopt::detach].
///
/// # Warning
///
/// On kernels 5.7.0 and later, attach modes other than `CgroupAttachMode::default()` are not passed to `bpf_link_create`.
/// On older kernels (using `bpf_prog_attach`), the attach mode is honored.
pub fn attach<T: AsFd>(
&mut self,
cgroup: T,
Expand All @@ -78,17 +84,17 @@ impl CgroupSockopt {
let cgroup_fd = cgroup.as_fd();
let attach_type = self.data.expected_attach_type.unwrap();
if KernelVersion::at_least(5, 7, 0) {
let link_fd = bpf_link_create(
prog_fd,
LinkTarget::Fd(cgroup_fd),
attach_type,
mode.into(),
None,
)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
if mode != CgroupAttachMode::default() {
warn!(
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrase "passed on to" should be "passed to" for grammatical correctness.

Suggested change
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
"CgroupAttachMode {:?} will not be passed to bpf_link_create",

Copilot uses AI. Check for mistakes.
mode
);
}
let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
self.data
.links
.insert(CgroupSockoptLink::new(CgroupSockoptLinkInner::Fd(
Expand Down
14 changes: 13 additions & 1 deletion aya/src/programs/cgroup_sysctl.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ use std::{hash::Hash, os::fd::AsFd};
use aya_obj::generated::{
bpf_attach_type::BPF_CGROUP_SYSCTL, bpf_prog_type::BPF_PROG_TYPE_CGROUP_SYSCTL,
};
use log::warn;

use crate::{
programs::{
Expand Down Expand Up @@ -66,6 +67,11 @@ impl CgroupSysctl {
/// Attaches the program to the given cgroup.
///
/// The returned value can be used to detach, see [CgroupSysctl::detach].
///
/// # Warning
///
/// On kernels 5.7.0 and later, attach modes other than `CgroupAttachMode::default()` are not passed to `bpf_link_create`.
/// On older kernels (using `bpf_prog_attach`), the attach mode is honored.
pub fn attach<T: AsFd>(
&mut self,
cgroup: T,
Expand All @@ -76,11 +82,17 @@ impl CgroupSysctl {
let cgroup_fd = cgroup.as_fd();

if KernelVersion::at_least(5, 7, 0) {
if mode != CgroupAttachMode::default() {
warn!(
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrase "passed on to" should be "passed to" for grammatical correctness.

Suggested change
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
"CgroupAttachMode {:?} will not be passed to bpf_link_create",

Copilot uses AI. Check for mistakes.
mode
);
}
let link_fd = bpf_link_create(
prog_fd,
LinkTarget::Fd(cgroup_fd),
BPF_CGROUP_SYSCTL,
mode.into(),
0,
None,
)
.map_err(|io_error| SyscallError {
Expand Down
2 changes: 1 addition & 1 deletion aya/src/programs/links.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ pub trait Link: std::fmt::Debug + Eq + std::hash::Hash + 'static {
}

/// Program attachment mode.
#[derive(Clone, Copy, Debug, Default)]
#[derive(Clone, Copy, Debug, Default, PartialEq)]
pub enum CgroupAttachMode {
/// Allows only one BPF program in the cgroup subtree.
#[default]
Expand Down
28 changes: 17 additions & 11 deletions aya/src/programs/sock_ops.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ use std::os::fd::AsFd;
use aya_obj::generated::{
bpf_attach_type::BPF_CGROUP_SOCK_OPS, bpf_prog_type::BPF_PROG_TYPE_SOCK_OPS,
};
use log::warn;

use crate::{
programs::{
Expand Down Expand Up @@ -65,6 +66,11 @@ impl SockOps {
/// Attaches the program to the given cgroup.
///
/// The returned value can be used to detach, see [SockOps::detach].
///
/// # Warning
///
/// On kernels 5.7.0 and later, attach modes other than `CgroupAttachMode::default()` are not passed to `bpf_link_create`.
/// On older kernels (using `bpf_prog_attach`), the attach mode is honored.
pub fn attach<T: AsFd>(
&mut self,
cgroup: T,
Expand All @@ -75,17 +81,17 @@ impl SockOps {
let cgroup_fd = cgroup.as_fd();
let attach_type = BPF_CGROUP_SOCK_OPS;
if KernelVersion::at_least(5, 7, 0) {
let link_fd = bpf_link_create(
prog_fd,
LinkTarget::Fd(cgroup_fd),
attach_type,
mode.into(),
None,
)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
if mode != CgroupAttachMode::default() {
warn!(
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrase "passed on to" should be "passed to" for grammatical correctness.

Suggested change
"CgroupAttachMode {:?} will not be passed on to bpf_link_create",
"CgroupAttachMode {:?} will not be passed to bpf_link_create",

Copilot uses AI. Check for mistakes.
mode
);
}
let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
.map_err(|io_error| SyscallError {
call: "bpf_link_create",
io_error,
})?;
self.data
.links
.insert(SockOpsLink::new(SockOpsLinkInner::Fd(FdLink::new(link_fd))))
Expand Down
6 changes: 6 additions & 0 deletions xtask/public-api/aya.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4240,13 +4240,16 @@ pub aya::programs::links::CgroupAttachMode::AllowOverride
pub aya::programs::links::CgroupAttachMode::Single
impl core::clone::Clone for aya::programs::links::CgroupAttachMode
pub fn aya::programs::links::CgroupAttachMode::clone(&self) -> aya::programs::links::CgroupAttachMode
impl core::cmp::PartialEq for aya::programs::links::CgroupAttachMode
pub fn aya::programs::links::CgroupAttachMode::eq(&self, other: &aya::programs::links::CgroupAttachMode) -> bool
impl core::convert::From<aya::programs::links::CgroupAttachMode> for u32
pub fn u32::from(mode: aya::programs::links::CgroupAttachMode) -> Self
impl core::default::Default for aya::programs::links::CgroupAttachMode
pub fn aya::programs::links::CgroupAttachMode::default() -> aya::programs::links::CgroupAttachMode
impl core::fmt::Debug for aya::programs::links::CgroupAttachMode
pub fn aya::programs::links::CgroupAttachMode::fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result
impl core::marker::Copy for aya::programs::links::CgroupAttachMode
impl core::marker::StructuralPartialEq for aya::programs::links::CgroupAttachMode
impl core::marker::Freeze for aya::programs::links::CgroupAttachMode
impl core::marker::Send for aya::programs::links::CgroupAttachMode
impl core::marker::Sync for aya::programs::links::CgroupAttachMode
Expand Down Expand Up @@ -7834,13 +7837,16 @@ pub aya::programs::CgroupAttachMode::AllowOverride
pub aya::programs::CgroupAttachMode::Single
impl core::clone::Clone for aya::programs::links::CgroupAttachMode
pub fn aya::programs::links::CgroupAttachMode::clone(&self) -> aya::programs::links::CgroupAttachMode
impl core::cmp::PartialEq for aya::programs::links::CgroupAttachMode
pub fn aya::programs::links::CgroupAttachMode::eq(&self, other: &aya::programs::links::CgroupAttachMode) -> bool
impl core::convert::From<aya::programs::links::CgroupAttachMode> for u32
pub fn u32::from(mode: aya::programs::links::CgroupAttachMode) -> Self
impl core::default::Default for aya::programs::links::CgroupAttachMode
pub fn aya::programs::links::CgroupAttachMode::default() -> aya::programs::links::CgroupAttachMode
impl core::fmt::Debug for aya::programs::links::CgroupAttachMode
pub fn aya::programs::links::CgroupAttachMode::fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result
impl core::marker::Copy for aya::programs::links::CgroupAttachMode
impl core::marker::StructuralPartialEq for aya::programs::links::CgroupAttachMode
impl core::marker::Freeze for aya::programs::links::CgroupAttachMode
impl core::marker::Send for aya::programs::links::CgroupAttachMode
impl core::marker::Sync for aya::programs::links::CgroupAttachMode
Expand Down
Loading