diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 1d33734..743d4dc 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -29,7 +29,9 @@ jobs: - name: Install dependencies run: dnf install -y cargo clang clippy kernel-devel libbpf-devel llvm-devel rustfmt - name: Copy vmlinux.h - run: cp $(rpm -ql kernel-devel | grep '/vmlinux.h$' | tail -1) agent/src/bpf + run: | + cp $(rpm -ql kernel-devel | grep '/vmlinux.h$' | tail -1) agent/src/bpf + cp $(rpm -ql kernel-devel | grep '/vmlinux.h$' | tail -1) agent/tests/agenttest/src/bpf - name: Build run: cargo build --verbose - name: Run tests diff --git a/Cargo.lock b/Cargo.lock index 3d73ae8..be1dea4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -135,6 +135,12 @@ version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" +[[package]] +name = "base64" +version = "0.21.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" + [[package]] name = "bindgen" version = "0.63.0" @@ -369,7 +375,7 @@ dependencies = [ [[package]] name = "crypto-auditing" -version = "0.1.0" +version = "0.2.0" dependencies = [ "anyhow", "bindgen", @@ -378,7 +384,7 @@ dependencies = [ "libc", "serde", "serde_cbor", - "serde_with", + "serde_with 3.4.0", "thiserror", "tokio", "tokio-serde", @@ -389,7 +395,7 @@ dependencies = [ [[package]] name = "crypto-auditing-agent" -version = "0.1.0" +version = "0.2.0" dependencies = [ "agenttest", "anyhow", @@ -418,7 +424,7 @@ dependencies = [ [[package]] name = "crypto-auditing-client" -version = "0.1.0" +version = "0.2.0" dependencies = [ "anyhow", "clap 4.4.2", @@ -434,7 +440,7 @@ dependencies = [ [[package]] name = "crypto-auditing-event-broker" -version = "0.1.0" +version = "0.2.0" dependencies = [ "anyhow", "clap 4.4.2", @@ -455,7 +461,7 @@ dependencies = [ [[package]] name = "crypto-auditing-log-parser" -version = "0.1.0" +version = "0.2.0" dependencies = [ "anyhow", "clap 4.4.2", @@ -464,7 +470,7 @@ dependencies = [ "serde", "serde_cbor", "serde_json", - "serde_with", + "serde_with 2.3.3", ] [[package]] @@ -830,6 +836,7 @@ checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d" dependencies = [ "equivalent", "hashbrown 0.14.0", + "serde", ] [[package]] @@ -1520,13 +1527,30 @@ version = "2.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07ff71d2c147a7b57362cead5e22f772cd52f6ab31cfcd9edcd7f6aeb2a0afbe" dependencies = [ - "base64", + "base64 0.13.1", + "chrono", + "hex", + "indexmap 1.9.3", + "serde", + "serde_json", + "serde_with_macros 2.3.3", + "time", +] + +[[package]] +name = "serde_with" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64cd236ccc1b7a29e7e2739f27c0b2dd199804abc4290e32f59f3b68d6405c23" +dependencies = [ + "base64 0.21.5", "chrono", "hex", "indexmap 1.9.3", + "indexmap 2.0.0", "serde", "serde_json", - "serde_with_macros", + "serde_with_macros 3.4.0", "time", ] @@ -1542,6 +1566,18 @@ dependencies = [ "syn 2.0.32", ] +[[package]] +name = "serde_with_macros" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93634eb5f75a2323b16de4748022ac4297f9e76b6dced2be287a099f41b5e788" +dependencies = [ + "darling", + "proc-macro2", + "quote", + "syn 2.0.32", +] + [[package]] name = "sha2" version = "0.10.7" diff --git a/Cargo.toml b/Cargo.toml index 1083647..4bbce47 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,4 +1,48 @@ [workspace] - -members = ["agent", "client", "crypto-auditing", "event-broker", "log-parser"] +members = [ + "agent", + "agent/tests/agenttest", + "client", + "crypto-auditing", + "event-broker", + "log-parser" +] resolver = "2" + +[workspace.package] +version = "0.2.0" +edition = "2021" +license = "GPL-3.0-or-later" +authors = ["The crypto-auditing developers"] + +[workspace.dependencies] +anyhow = "1.0" +bindgen = "0.63" +bytes = "1.2" +clap = "4" +crypto-auditing = { version = "=0.2.0", path = "crypto-auditing" } +futures = "0.3" +hex = "0.4" +inotify = "0.10.2" +libbpf-rs = { version = "0.21", features = ["novendor"] } +libbpf-cargo = { version = "0.21", features = ["novendor"] } +libc = "0.2" +nix = "0.26" +openssl = "0.10" +page_size = "0.6" +probe = "0.5" +plain = "0.2" +serde = { version = "1.0", features = ["derive"] } +serde_cbor = "0.11" +serde_json = "1.0" +serde_with = "3" +tempfile = "3" +thiserror = "1.0" +time = "0.3" +tokio = "1.23" +tokio-serde = { version = "0.8", features = ["cbor"] } +tokio-stream = "0.1" +tokio-util = { version = "0.7", features = ["codec"] } +toml = "0.7" +tracing = "0.1" +tracing-subscriber = "0.3" diff --git a/GNUmakefile b/GNUmakefile index 4ab5f77..c6f76a6 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -28,10 +28,10 @@ conffiles = \ .PHONY: all all: $(programs) -agent/src/bpf/vmlinux.h: +agent/src/bpf/vmlinux.h agent/tests/agenttest/src/bpf/vmlinux.h: bpftool btf dump file /sys/kernel/btf/vmlinux format c > $@-t && mv $@-t $@ -$(programs): agent/src/bpf/vmlinux.h +$(programs): agent/src/bpf/vmlinux.h agent/tests/agenttest/src/bpf/vmlinux.h cargo build --target-dir="${TARGETDIR}" ${CARGO_ARGS} .PHONY: install-programs diff --git a/agent/Cargo.toml b/agent/Cargo.toml index 25edb89..ff7e773 100644 --- a/agent/Cargo.toml +++ b/agent/Cargo.toml @@ -1,39 +1,39 @@ [package] name = "crypto-auditing-agent" description = "Event collector agent for crypto-auditing project" -version = "0.1.0" -edition = "2021" -license = "GPL-3.0-or-later" -authors = ["The crypto-auditing developers"] +version.workspace = true +edition.workspace = true +license.workspace = true +authors.workspace = true [features] default = ["tokio-uring"] [dependencies] -anyhow = "1.0" -bytes = "1.2" -clap = { version = "4", features = ["cargo", "derive"] } -crypto-auditing = { version = "0.1", path = "../crypto-auditing" } -futures = "0.3" -libbpf-rs = { version = "0.20", features = ["novendor"] } -libc = "0.2" -nix = "0.26" -openssl = "0.10" -page_size = "0.5" -serde = "1.0" -serde_cbor = "0.11" -time = { version = "0.3", features = ["formatting", "local-offset", "macros"] } -tokio = { version = "1.23", features = ["fs", "io-util", "signal"] } +anyhow.workspace = true +bytes.workspace = true +clap = { workspace = true, features = ["cargo", "derive"] } +crypto-auditing.workspace = true +futures.workspace = true +libbpf-rs.workspace = true +libc.workspace = true +nix.workspace = true +openssl.workspace = true +page_size.workspace = true +serde.workspace = true +serde_cbor.workspace = true +time = { workspace = true, features = ["formatting", "local-offset", "macros"] } +tokio = { workspace = true, features = ["fs", "io-util", "signal"] } tokio-uring = { version = "0.4", optional = true } -toml = "0.6" -tracing = "0.1" -tracing-subscriber = { version = "0.3", features = ["env-filter"] } -probe = "0.3" +toml.workspace = true +tracing.workspace = true +tracing-subscriber = { workspace = true, features = ["env-filter"] } +probe.workspace = true [build-dependencies] -libbpf-cargo = { version = "0.20", features = ["novendor"] } +libbpf-cargo.workspace = true [dev-dependencies] -tempfile = "3" -plain = "0.2" +tempfile.workspace = true +plain.workspace = true agenttest = { path = "tests/agenttest" } diff --git a/agent/build.rs b/agent/build.rs index 15a12ba..166bd28 100644 --- a/agent/build.rs +++ b/agent/build.rs @@ -1,17 +1,41 @@ // SPDX-License-Identifier: GPL-2.0 use libbpf_cargo::SkeletonBuilder; -use std::{env, path::PathBuf}; - -const SRC: &str = "src/bpf/audit.bpf.c"; +use std::{ + env, + fs::{self, File}, + path::PathBuf, + process::Command, +}; fn main() { - let mut out = + let builddir = PathBuf::from(env::var_os("OUT_DIR").expect("OUT_DIR must be set in build script")); - out.push("audit.skel.rs"); + let srcdir = PathBuf::from( + env::var_os("CARGO_MANIFEST_DIR").expect("CARGO_MANIFEST_DIR must be set in build script"), + ); + + let vmlinux_h = srcdir.join("src").join("bpf").join("vmlinux.h"); + if vmlinux_h.exists() { + fs::copy(&vmlinux_h, &builddir.join("vmlinux.h")).expect("unable to copy vmlinux.h"); + } else { + let file = File::create(&builddir.join("vmlinux.h")).expect("unable to create vmlinux.h"); + Command::new("bpftool") + .arg("btf") + .arg("dump") + .arg("file") + .arg("/sys/kernel/btf/vmlinux") + .arg("format") + .arg("c") + .stdout(file) + .status() + .expect("unable to run bpftool"); + } + let src = srcdir.join("src").join("bpf").join("audit.bpf.c"); SkeletonBuilder::new() - .source(SRC) - .build_and_generate(&out) + .source(&src) + .clang_args(&format!("-I{}", builddir.display())) + .build_and_generate(&builddir.join("audit.skel.rs")) .unwrap(); - println!("cargo:rerun-if-changed={}", SRC); + println!("cargo:rerun-if-changed={}", src.display()); } diff --git a/agent/src/main.rs b/agent/src/main.rs index e93f9ca..85c46c6 100644 --- a/agent/src/main.rs +++ b/agent/src/main.rs @@ -5,6 +5,7 @@ use anyhow::{bail, Context as _, Result}; use bytes::BytesMut; use core::future::Future; use crypto_auditing::types::{ContextID, EventGroup}; +use libbpf_rs::skel::{OpenSkel, SkelBuilder}; use openssl::{ rand::rand_bytes, symm::{Cipher, Crypter, Mode}, diff --git a/agent/src/ringbuf.rs b/agent/src/ringbuf.rs index bf5f1e7..5f94c77 100644 --- a/agent/src/ringbuf.rs +++ b/agent/src/ringbuf.rs @@ -3,10 +3,10 @@ // Licensed under LGPL-2.1 or BSD-2-Clause. use core::task::{Context, Poll}; -use libbpf_rs::query::MapInfoIter; +use libbpf_rs::{query::MapInfoIter, Map}; use std::io::Result; use std::num::NonZeroUsize; -use std::os::unix::io::RawFd; +use std::os::fd::{AsFd, AsRawFd, RawFd}; use tokio::io::unix::AsyncFd; use tokio::io::{AsyncRead, ReadBuf}; @@ -23,7 +23,7 @@ pub struct RingBuffer { } impl RingBuffer { - pub fn new(map: &libbpf_rs::Map) -> Self { + pub fn new(map: &Map) -> Self { let mut max_entries = 0; for m in MapInfoIter::default() { if m.name == map.name() { @@ -31,13 +31,14 @@ impl RingBuffer { } } let psize = page_size::get(); + let fd = map.as_fd().as_raw_fd(); let consumer = unsafe { nix::sys::mman::mmap( None, NonZeroUsize::new(psize).expect("page size must not be zero"), nix::sys::mman::ProtFlags::PROT_WRITE | nix::sys::mman::ProtFlags::PROT_READ, nix::sys::mman::MapFlags::MAP_SHARED, - map.fd(), + fd, 0, ) .unwrap() @@ -49,7 +50,7 @@ impl RingBuffer { .expect("page size + 2 * max_entries must not be zero"), nix::sys::mman::ProtFlags::PROT_READ, nix::sys::mman::MapFlags::MAP_SHARED, - map.fd(), + fd, psize as i64, ) .unwrap() @@ -57,7 +58,7 @@ impl RingBuffer { RingBuffer { mask: (max_entries - 1) as u64, - async_fd: AsyncFd::with_interest(map.fd(), tokio::io::Interest::READABLE).unwrap(), + async_fd: AsyncFd::with_interest(fd, tokio::io::Interest::READABLE).unwrap(), consumer, producer, data: unsafe { producer.add(psize) }, diff --git a/agent/tests/agenttest/Cargo.toml b/agent/tests/agenttest/Cargo.toml index 15b6494..34f21ea 100644 --- a/agent/tests/agenttest/Cargo.toml +++ b/agent/tests/agenttest/Cargo.toml @@ -1,17 +1,18 @@ [package] name = "agenttest" -version = "0.1.0" -edition = "2021" -license = "GPL-3.0-or-later" -authors = ["The crypto-auditing developers"] +description = "Helper crate for agent integration tests" +version.workspace = true +edition.workspace = true +license.workspace = true +authors.workspace = true [dependencies] -anyhow = "1.0" -libbpf-rs = { version = "0.20", features = ["novendor"] } -libc = "0.2" -nix = "0.26" -tempfile = "3" -plain = "0.2" +anyhow.workspace = true +libbpf-rs.workspace = true +libc.workspace = true +nix.workspace = true +tempfile.workspace = true +plain.workspace = true [build-dependencies] -libbpf-cargo = { version = "0.20", features = ["novendor"] } +libbpf-cargo.workspace = true diff --git a/agent/tests/agenttest/build.rs b/agent/tests/agenttest/build.rs index ffbaf23..b1caf7a 100644 --- a/agent/tests/agenttest/build.rs +++ b/agent/tests/agenttest/build.rs @@ -1,17 +1,41 @@ // SPDX-License-Identifier: GPL-2.0 use libbpf_cargo::SkeletonBuilder; -use std::{env, path::PathBuf}; - -const SRC: &str = "src/bpf/agent.bpf.c"; +use std::{ + env, + fs::{self, File}, + path::PathBuf, + process::Command, +}; fn main() { - let mut out = + let builddir = PathBuf::from(env::var_os("OUT_DIR").expect("OUT_DIR must be set in build script")); - out.push("agent.skel.rs"); + let srcdir = PathBuf::from( + env::var_os("CARGO_MANIFEST_DIR").expect("CARGO_MANIFEST_DIR must be set in build script"), + ); + + let vmlinux_h = srcdir.join("src").join("bpf").join("vmlinux.h"); + if vmlinux_h.exists() { + fs::copy(&vmlinux_h, &builddir.join("vmlinux.h")).expect("unable to copy vmlinux.h"); + } else { + let file = File::create(&builddir.join("vmlinux.h")).expect("unable to create vmlinux.h"); + Command::new("bpftool") + .arg("btf") + .arg("dump") + .arg("file") + .arg("/sys/kernel/btf/vmlinux") + .arg("format") + .arg("c") + .stdout(file) + .status() + .expect("unable to run bpftool"); + } + let src = srcdir.join("src").join("bpf").join("agent.bpf.c"); SkeletonBuilder::new() - .source(SRC) - .build_and_generate(&out) + .source(&src) + .clang_args(&format!("-I{}", builddir.display())) + .build_and_generate(&builddir.join("agent.skel.rs")) .unwrap(); - println!("cargo:rerun-if-changed={}", SRC); + println!("cargo:rerun-if-changed={}", src.display()); } diff --git a/agent/tests/agenttest/src/bpf/vmlinux.h b/agent/tests/agenttest/src/bpf/vmlinux.h deleted file mode 120000 index 71c5aea..0000000 --- a/agent/tests/agenttest/src/bpf/vmlinux.h +++ /dev/null @@ -1 +0,0 @@ -../../../../src/bpf/vmlinux.h \ No newline at end of file diff --git a/agent/tests/agenttest/src/lib.rs b/agent/tests/agenttest/src/lib.rs index 86995a2..c52d791 100644 --- a/agent/tests/agenttest/src/lib.rs +++ b/agent/tests/agenttest/src/lib.rs @@ -2,7 +2,10 @@ // Copyright (C) 2023 The crypto-auditing developers. use anyhow::{bail, Result}; -use libbpf_rs::{Link, Map, Object, RingBufferBuilder}; +use libbpf_rs::{ + skel::{OpenSkel, SkelBuilder}, + Link, Map, Object, RingBufferBuilder, +}; use std::path::Path; use std::process::Child; use std::time::Duration; diff --git a/client/Cargo.toml b/client/Cargo.toml index 8f6da06..2e9f29a 100644 --- a/client/Cargo.toml +++ b/client/Cargo.toml @@ -1,21 +1,19 @@ [package] name = "crypto-auditing-client" description = "Event broker client for crypto-auditing project" -version = "0.1.0" -edition = "2021" -license = "GPL-3.0-or-later" -authors = ["The crypto-auditing developers"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html +version.workspace = true +edition.workspace = true +license.workspace = true +authors.workspace = true [dependencies] -anyhow = "1.0" -clap = { version = "4", features = ["cargo", "derive"] } -crypto-auditing = { version = "0.1", path = "../crypto-auditing" } -futures = "0.3" -serde_cbor = "0.11" -serde_json = "1.0" -tokio = { version = "1.23", features = ["macros", "rt-multi-thread", "signal"] } -toml = "0.6" -tracing = "0.1" -tracing-subscriber = { version = "0.3", features = ["env-filter"] } +anyhow.workspace = true +clap = { workspace = true, features = ["cargo", "derive"] } +crypto-auditing.workspace = true +futures.workspace = true +serde_cbor.workspace = true +serde_json.workspace = true +tokio = { workspace = true, features = ["macros", "rt-multi-thread", "signal"] } +toml.workspace = true +tracing.workspace = true +tracing-subscriber = { workspace = true, features = ["env-filter"] } diff --git a/crypto-auditing/Cargo.toml b/crypto-auditing/Cargo.toml index 20b22b0..0f8d98d 100644 --- a/crypto-auditing/Cargo.toml +++ b/crypto-auditing/Cargo.toml @@ -1,30 +1,31 @@ [package] name = "crypto-auditing" description = "Client library for crypto-auditing project" -version = "0.1.0" -edition = "2021" -license = "GPL-3.0-or-later" -authors = ["The crypto-auditing developers"] +version.workspace = true +edition.workspace = true +license.workspace = true +authors.workspace = true [dependencies] -futures = "0.3" -libc = "0.2" -serde = { version = "1.0", features = ["derive"] } -serde_cbor = "0.11" -serde_with = "2.2" -thiserror = "1.0" -tokio = { version = "1.23", features = ["net", "rt"] } -tokio-serde = { version = "0.8", features = ["cbor"] } -tokio-stream = "0.1" -tokio-util = { version = "0.7", features = ["codec"] } -tracing = "0.1" +futures.workspace = true +libc.workspace = true +serde.workspace = true +serde_cbor.workspace = true +serde_with.workspace = true +thiserror.workspace = true +tokio = { workspace = true, features = ["net", "rt"] } +tokio-serde.workspace = true +tokio-stream.workspace = true +tokio-util.workspace = true +tracing.workspace = true [build-dependencies] -bindgen = "0.63" +bindgen.workspace = true [dev-dependencies] -anyhow = "1.0" -clap = { version = "4", features = ["derive"] } +anyhow.workspace = true +clap = { workspace = true, features = ["derive"] } +tokio = { workspace = true, features = ["macros", "rt-multi-thread", "signal"] } [[example]] name = "client" diff --git a/event-broker/Cargo.toml b/event-broker/Cargo.toml index 8b28aa4..a7195a5 100644 --- a/event-broker/Cargo.toml +++ b/event-broker/Cargo.toml @@ -1,31 +1,29 @@ [package] name = "crypto-auditing-event-broker" description = "Event broker for crypto-auditing project" -version = "0.1.0" -edition = "2021" -license = "GPL-3.0-or-later" -authors = ["The crypto-auditing developers"] - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html +version.workspace = true +edition.workspace = true +license.workspace = true +authors.workspace = true [features] default = ["libsystemd"] [dependencies] -anyhow = "1.0" -clap = { version = "4", features = ["cargo", "derive"] } -crypto-auditing = { version = "0.1", path = "../crypto-auditing" } -futures = "0.3" -inotify = "0.10.2" -libsystemd = { version = "0.6", optional = true } -serde_cbor = "0.11" -tokio = { version = "1.23", features = ["macros", "rt-multi-thread"] } -tokio-serde = { version = "0.8", features = ["cbor"] } -tokio-stream = "0.1" -tokio-util = "0.7" -toml = "0.6" -tracing = "0.1" -tracing-subscriber = { version = "0.3", features = ["env-filter"] } +anyhow.workspace = true +clap = { workspace = true, features = ["cargo", "derive"] } +crypto-auditing.workspace = true +futures.workspace = true +inotify.workspace = true +libsystemd = { version = "0.7", optional = true } +serde_cbor.workspace = true +tokio = { workspace = true, features = ["macros", "rt-multi-thread"] } +tokio-serde.workspace = true +tokio-stream.workspace = true +tokio-util.workspace = true +toml.workspace = true +tracing.workspace = true +tracing-subscriber = { workspace = true, features = ["env-filter"] } [dev-dependencies] -tempfile = "3" +tempfile.workspace = true diff --git a/log-parser/Cargo.toml b/log-parser/Cargo.toml index 4fb0dfd..d94e853 100644 --- a/log-parser/Cargo.toml +++ b/log-parser/Cargo.toml @@ -1,17 +1,17 @@ [package] name = "crypto-auditing-log-parser" description = "Event log parser for crypto-auditing project" -version = "0.1.0" -edition = "2021" -license = "GPL-3.0-or-later" -authors = ["The crypto-auditing developers"] +version.workspace = true +edition.workspace = true +license.workspace = true +authors.workspace = true [dependencies] -anyhow = "1.0" -clap = { version = "4", features=["derive"] } -crypto-auditing = { version = "0.1", path = "../crypto-auditing" } -hex = "0.4" -serde = { version = "1.0", features = ["derive", "rc"] } -serde_cbor = "0.11" -serde_json = "1.0" -serde_with = { version = "2.2", features = ["hex"] } +anyhow.workspace = true +clap = { workspace = true, features=["derive"] } +crypto-auditing.workspace = true +hex.workspace = true +serde = { workspace = true, features = ["rc"] } +serde_cbor.workspace = true +serde_json.workspace = true +serde_with = { workspace = true, features = ["hex"] }