Release 0.2.0

.github/workflows/rust.yml

@@ -29,7 +29,9 @@ jobs:
     - name: Install dependencies
       run: dnf install -y cargo clang clippy kernel-devel libbpf-devel llvm-devel rustfmt
     - name: Copy vmlinux.h
-      run: cp $(rpm -ql kernel-devel | grep '/vmlinux.h$' | tail -1) agent/src/bpf
+      run: |
+        cp $(rpm -ql kernel-devel | grep '/vmlinux.h$' | tail -1) agent/src/bpf
+        cp $(rpm -ql kernel-devel | grep '/vmlinux.h$' | tail -1) agent/tests/agenttest/src/bpf
     - name: Build
       run: cargo build --verbose
     - name: Run tests

Cargo.toml

@@ -1,4 +1,48 @@
 [workspace]
-
-members = ["agent", "client", "crypto-auditing", "event-broker", "log-parser"]
+members = [
+    "agent",
+    "agent/tests/agenttest",
+    "client",
+    "crypto-auditing",
+    "event-broker",
+    "log-parser"
+]
 resolver = "2"
+
+[workspace.package]
+version = "0.2.0"
+edition = "2021"
+license = "GPL-3.0-or-later"
+authors = ["The crypto-auditing developers"]
+
+[workspace.dependencies]
+anyhow = "1.0"
+bindgen = "0.63"
+bytes = "1.2"
+clap = "4"
+crypto-auditing = { version = "=0.2.0", path = "crypto-auditing" }
+futures = "0.3"
+hex = "0.4"
+inotify = "0.10.2"
+libbpf-rs = { version = "0.21", features = ["novendor"] }
+libbpf-cargo = { version = "0.21", features = ["novendor"] }
+libc = "0.2"
+nix = "0.26"
+openssl = "0.10"
+page_size = "0.6"
+probe = "0.5"
+plain = "0.2"
+serde = { version = "1.0", features = ["derive"] }
+serde_cbor = "0.11"
+serde_json = "1.0"
+serde_with = "3"
+tempfile = "3"
+thiserror = "1.0"
+time = "0.3"
+tokio = "1.23"
+tokio-serde = { version = "0.8", features = ["cbor"] }
+tokio-stream = "0.1"
+tokio-util = { version = "0.7", features = ["codec"] }
+toml = "0.7"
+tracing = "0.1"
+tracing-subscriber = "0.3"

GNUmakefile

@@ -28,10 +28,10 @@ conffiles = \
 .PHONY: all
 all: $(programs)
 
-agent/src/bpf/vmlinux.h:
+agent/src/bpf/vmlinux.h agent/tests/agenttest/src/bpf/vmlinux.h:
 	bpftool btf dump file /sys/kernel/btf/vmlinux format c > $@-t && mv $@-t $@
 
-$(programs): agent/src/bpf/vmlinux.h
+$(programs): agent/src/bpf/vmlinux.h agent/tests/agenttest/src/bpf/vmlinux.h
 	cargo build --target-dir="${TARGETDIR}" ${CARGO_ARGS}
 
 .PHONY: install-programs

agent/Cargo.toml

@@ -1,39 +1,39 @@
 [package]
 name = "crypto-auditing-agent"
 description = "Event collector agent for crypto-auditing project"
-version = "0.1.0"
-edition = "2021"
-license = "GPL-3.0-or-later"
-authors = ["The crypto-auditing developers"]
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
 
 [features]
 default = ["tokio-uring"]
 
 [dependencies]
-anyhow = "1.0"
-bytes = "1.2"
-clap = { version = "4", features = ["cargo", "derive"] }
-crypto-auditing = { version = "0.1", path = "../crypto-auditing" }
-futures = "0.3"
-libbpf-rs = { version = "0.20", features = ["novendor"] }
-libc = "0.2"
-nix = "0.26"
-openssl = "0.10"
-page_size = "0.5"
-serde = "1.0"
-serde_cbor = "0.11"
-time = { version = "0.3", features = ["formatting", "local-offset", "macros"] }
-tokio = { version = "1.23", features = ["fs", "io-util", "signal"] }
+anyhow.workspace = true
+bytes.workspace = true
+clap = { workspace = true, features = ["cargo", "derive"] }
+crypto-auditing.workspace = true
+futures.workspace = true
+libbpf-rs.workspace = true
+libc.workspace = true
+nix.workspace = true
+openssl.workspace = true
+page_size.workspace = true
+serde.workspace = true
+serde_cbor.workspace = true
+time = { workspace = true, features = ["formatting", "local-offset", "macros"] }
+tokio = { workspace = true, features = ["fs", "io-util", "signal"] }
 tokio-uring = { version = "0.4", optional = true }
-toml = "0.6"
-tracing = "0.1"
-tracing-subscriber = { version = "0.3", features = ["env-filter"] }
-probe = "0.3"
+toml.workspace = true
+tracing.workspace = true
+tracing-subscriber = { workspace = true, features = ["env-filter"] }
+probe.workspace = true
 
 [build-dependencies]
-libbpf-cargo = { version = "0.20", features = ["novendor"] }
+libbpf-cargo.workspace = true
 
 [dev-dependencies]
-tempfile = "3"
-plain = "0.2"
+tempfile.workspace = true
+plain.workspace = true
 agenttest = { path = "tests/agenttest" }

agent/build.rs

@@ -1,17 +1,41 @@
 // SPDX-License-Identifier: GPL-2.0
 
 use libbpf_cargo::SkeletonBuilder;
-use std::{env, path::PathBuf};
-
-const SRC: &str = "src/bpf/audit.bpf.c";
+use std::{
+    env,
+    fs::{self, File},
+    path::PathBuf,
+    process::Command,
+};
 
 fn main() {
-    let mut out =
+    let builddir =
         PathBuf::from(env::var_os("OUT_DIR").expect("OUT_DIR must be set in build script"));
-    out.push("audit.skel.rs");
+    let srcdir = PathBuf::from(
+        env::var_os("CARGO_MANIFEST_DIR").expect("CARGO_MANIFEST_DIR must be set in build script"),
+    );
+
+    let vmlinux_h = srcdir.join("src").join("bpf").join("vmlinux.h");
+    if vmlinux_h.exists() {
+        fs::copy(&vmlinux_h, &builddir.join("vmlinux.h")).expect("unable to copy vmlinux.h");
+    } else {
+        let file = File::create(&builddir.join("vmlinux.h")).expect("unable to create vmlinux.h");
+        Command::new("bpftool")
+            .arg("btf")
+            .arg("dump")
+            .arg("file")
+            .arg("/sys/kernel/btf/vmlinux")
+            .arg("format")
+            .arg("c")
+            .stdout(file)
+            .status()
+            .expect("unable to run bpftool");
+    }
+    let src = srcdir.join("src").join("bpf").join("audit.bpf.c");
     SkeletonBuilder::new()
-        .source(SRC)
-        .build_and_generate(&out)
+        .source(&src)
+        .clang_args(&format!("-I{}", builddir.display()))
+        .build_and_generate(&builddir.join("audit.skel.rs"))
         .unwrap();
-    println!("cargo:rerun-if-changed={}", SRC);
+    println!("cargo:rerun-if-changed={}", src.display());
 }

agent/src/main.rs

@@ -5,6 +5,7 @@ use anyhow::{bail, Context as _, Result};
 use bytes::BytesMut;
 use core::future::Future;
 use crypto_auditing::types::{ContextID, EventGroup};
+use libbpf_rs::skel::{OpenSkel, SkelBuilder};
 use openssl::{
     rand::rand_bytes,
     symm::{Cipher, Crypter, Mode},

agent/src/ringbuf.rs

@@ -3,10 +3,10 @@
 // Licensed under LGPL-2.1 or BSD-2-Clause.
 
 use core::task::{Context, Poll};
-use libbpf_rs::query::MapInfoIter;
+use libbpf_rs::{query::MapInfoIter, Map};
 use std::io::Result;
 use std::num::NonZeroUsize;
-use std::os::unix::io::RawFd;
+use std::os::fd::{AsFd, AsRawFd, RawFd};
 use tokio::io::unix::AsyncFd;
 use tokio::io::{AsyncRead, ReadBuf};
 
@@ -23,21 +23,22 @@ pub struct RingBuffer {
 }
 
 impl RingBuffer {
-    pub fn new(map: &libbpf_rs::Map) -> Self {
+    pub fn new(map: &Map) -> Self {
         let mut max_entries = 0;
         for m in MapInfoIter::default() {
             if m.name == map.name() {
                 max_entries = m.max_entries;
             }
         }
         let psize = page_size::get();
+        let fd = map.as_fd().as_raw_fd();
         let consumer = unsafe {
             nix::sys::mman::mmap(
                 None,
                 NonZeroUsize::new(psize).expect("page size must not be zero"),
                 nix::sys::mman::ProtFlags::PROT_WRITE | nix::sys::mman::ProtFlags::PROT_READ,
                 nix::sys::mman::MapFlags::MAP_SHARED,
-                map.fd(),
+                fd,
                 0,
             )
             .unwrap()
@@ -49,15 +50,15 @@ impl RingBuffer {
                     .expect("page size + 2 * max_entries must not be zero"),
                 nix::sys::mman::ProtFlags::PROT_READ,
                 nix::sys::mman::MapFlags::MAP_SHARED,
-                map.fd(),
+                fd,
                 psize as i64,
             )
             .unwrap()
         };
 
         RingBuffer {
             mask: (max_entries - 1) as u64,
-            async_fd: AsyncFd::with_interest(map.fd(), tokio::io::Interest::READABLE).unwrap(),
+            async_fd: AsyncFd::with_interest(fd, tokio::io::Interest::READABLE).unwrap(),
             consumer,
             producer,
             data: unsafe { producer.add(psize) },