SeaBee
Loading...
Searching...
No Matches
logging.h
Go to the documentation of this file.
1// SPDX-License-Identifier: GPL-2.0-only
2#ifndef LOGGING_H_
3#define LOGGING_H_
8#include <bpf/vmlinux.h>
9#include <bpf/bpf_helpers.h>
10
11#include "logging_types.h"
12#include "shared_rust_types.h"
13
15#define DEFAULT_RINGBUF_SIZE (256 * 1024)
16
18struct log_ringbuf {
20 __uint(type, BPF_MAP_TYPE_RINGBUF);
22 __uint(max_entries, DEFAULT_RINGBUF_SIZE);
23};
24
26extern u32 log_level;
28extern struct log_ringbuf log_ringbuf;
29
41static inline void *log_buf(enum LogLevel level, enum LogReason reason,
42 enum EventType type, size_t size,
43 unsigned long pol_id)
44{
45 if (level > log_level)
46 return NULL;
47
48 void *log = bpf_ringbuf_reserve(&log_ringbuf, size, 0);
49 if (!log) {
50 bpf_printk("seabee log_buf: unable to reserve from ringbuf of size %lu",
51 size);
52 return NULL;
53 }
54
55 struct log_hdr *hdr = (struct log_hdr *)log;
56 hdr->level = level;
57 hdr->type = type;
58 hdr->reason = reason;
59 // kernel tgid == user space process id
60 // kernel pid == user space thread id
61 u64 pid_tgid = bpf_get_current_pid_tgid();
62 hdr->pid = pid_tgid >> 32;
63 hdr->tid = pid_tgid & 0xFFFFFFFF;
64 hdr->uid = bpf_get_current_uid_gid() & 0xFFFFFFFF;
65 hdr->pol_id = pol_id;
66 bpf_get_current_comm(hdr->comm, sizeof(hdr->comm));
67 return log;
68}
69
70static inline void log_generic(enum LogLevel level, enum LogReason reason,
71 enum EventType type, unsigned int pol_id)
72{
73 void *log = log_buf(level, reason, type, sizeof(struct log_hdr), pol_id);
74 if (log) {
75 bpf_ringbuf_submit(log, 0);
76 }
77}
78
89static inline void log_generic_msg(enum LogLevel level, enum LogReason reason,
90 const char *fmt, __u64 *data, __u32 data_len)
91{
92 struct generic_msg_log *log;
93 log = log_buf(level, reason, EVENT_TYPE_MSG, sizeof(*log), NO_POL_ID);
94 if (log) {
95 long ret = bpf_snprintf((char *)log->msg, sizeof(log->msg), fmt, data,
96 data_len);
97 if (ret < 0) {
98 bpf_printk("Error: log_generic_msg: bpf_snprintf failed");
99 }
100 bpf_ringbuf_submit(log, 0);
101 }
102}
103
104#endif // LOGGING_H_
DEFAULT_RINGBUF_SIZE
#define DEFAULT_RINGBUF_SIZE
256KB is the default, but can be set in the skeleton before load
Definition logging.h:15
log_level
u32 log_level
Defined in each .bpf.c file. Specifies which logs to output to the ringbuf.
Definition label_file.bpf.c:21
logging_types.h
EventType
EventType
The link between a program's log structure and the logging system.
Definition logging_types.h:52
LogReason
LogReason
Standard reasons as to why a log is being output.
Definition logging_types.h:36
LogLevel
LogLevel
Standard log levels indicating the severity of the message.
Definition logging_types.h:21
generic_msg_log
Generic log with a message field.
Definition logging_types.h:108
generic_msg_log::msg
unsigned char msg[MAX_STR_LEN]
a 128 character message
Definition logging_types.h:112
log_hdr
Header attached to every log message.
Definition logging_types.h:88
log_hdr::pid
unsigned long pid
process id that is triggering the hook
Definition logging_types.h:96
log_hdr::reason
unsigned char reason
alias for LogReason
Definition logging_types.h:92
log_hdr::level
unsigned char level
alias for LogLevel
Definition logging_types.h:90
log_hdr::comm
unsigned char comm[COMM_LEN]
same as /proc/{pid}/comm
Definition logging_types.h:104
log_hdr::type
unsigned short type
alias for EventType
Definition logging_types.h:94
log_hdr::tid
unsigned long tid
thread id that is triggering the hook
Definition logging_types.h:98
log_hdr::pol_id
unsigned long pol_id
policy id for this object
Definition logging_types.h:102
log_hdr::uid
unsigned long uid
effective user id of the process
Definition logging_types.h:100
log_ringbuf
Ring buffer structure that the user space will read logs from.
Definition logging.h:18
log_ringbuf::max_entries
unsigned int max_entries
Can be updated with OpenMap::set_max_entries()
Definition logging.h:22
log_ringbuf::type
unsigned int type
Ringbuffer map type.
Definition logging.h:20
Generated by doxygen 1.9.8