bpf

问题 When I run the following code I get an error. #include <uapi/linux/utsname.h> #include <linux/pid_namespace.h> struct uts_namespace { struct kref kref; struct new_utsname name; }; static __always_inline char * get_task_uts_name(struct task_struct *task){ return task->nsproxy->uts_ns->name.nodename; } int cmpNamespace(void *ctx) { struct task_struct *task; task = (struct task_struct *)bpf_get_current_task(); if (strcmp(get_task_uts_name(task),"namespace")==0){ ... } return 0; } Error: bpf:

问题 When I run the following code I get an error. #include <uapi/linux/utsname.h> #include <linux/pid_namespace.h> struct uts_namespace { struct kref kref; struct new_utsname name; }; static __always_inline char * get_task_uts_name(struct task_struct *task){ return task->nsproxy->uts_ns->name.nodename; } int cmpNamespace(void *ctx) { struct task_struct *task; task = (struct task_struct *)bpf_get_current_task(); if (strcmp(get_task_uts_name(task),"namespace")==0){ ... } return 0; } Error: bpf:

问题 I am trying to run a simple bpf program that I wrote. But I am not able to run it as non root user. Below is the program I am trying to load, It basically gets the pointer to my map whose fd is map_fd (I am not showing the code where I create the map). It works as root but for some reason fails with non root user. Output of uname -a Linux 5.8.0-38-generic #43~20.04.1-Ubuntu SMP Tue Jan 12 16:39:47 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux BPF program BPF_MOV64_IMM(BPF_REG_0, 0), BPF_STX_MEM(BPF

问题 I'm trying to write a simple socket filter eBPF program that can access the socket buffer data. #include <linux/bpf.h> #include <linux/if_ether.h> #define SEC(NAME) __attribute__((section(NAME), used)) SEC("socket_filter") int myprog(struct __sk_buff *skb) { void *data = (void *)(long)skb->data; void *data_end = (void *)(long)skb->data_end; struct ethhdr *eth = data; if ((void*)eth + sizeof(*eth) > data_end) return 0; return 1; } And I'm compiling using clang: clang -I./ -I/usr/include/x86_64

问题 I'm trying to write a simple socket filter eBPF program that can access the socket buffer data. #include <linux/bpf.h> #include <linux/if_ether.h> #define SEC(NAME) __attribute__((section(NAME), used)) SEC("socket_filter") int myprog(struct __sk_buff *skb) { void *data = (void *)(long)skb->data; void *data_end = (void *)(long)skb->data_end; struct ethhdr *eth = data; if ((void*)eth + sizeof(*eth) > data_end) return 0; return 1; } And I'm compiling using clang: clang -I./ -I/usr/include/x86_64

问题 I trying a design a load balancer using ebpf. I want to transmit the incoming packet to different destinations (devices connected in the same network). Although I have used the clone_bpf_redirect helper function to redirect the packet to real/ virtual interfaces and its working fine. Now I want to broadcast/unicast the packet to other devices connected in the same network. XDP does not support it, as far as I know. Therefore, using tc bpf hook. Is there any helper function or which action

问题 From bpf man page: eBPF programs can be written in a restricted C that is compiled (using the clang compiler) into eBPF bytecode. Various features are omitted from this restricted C, such as loops, global variables, variadic functions, floating-point numbers, and passing structures as function arguments. AFAIK the man page it's not updated. I'd like to know what is exactly forbidden when using restricted C to write an eBPF program? Is what the man page says still true? 回答1: It is not really a

问题 From bpf man page: eBPF programs can be written in a restricted C that is compiled (using the clang compiler) into eBPF bytecode. Various features are omitted from this restricted C, such as loops, global variables, variadic functions, floating-point numbers, and passing structures as function arguments. AFAIK the man page it's not updated. I'd like to know what is exactly forbidden when using restricted C to write an eBPF program? Is what the man page says still true? 回答1: It is not really a

问题 Is it possible to share ebpf maps between different program types. I need to share a map between a tc-bpf program and a cgroup bpf program. This should be possible if the map is pinned to file system that act as global namespace. But, I haven't got this working. The map is created by tc-bpf program and pinned to global namespace. Since it is tc-bpf program, the map is of type struct bpf_elf_map. This bpf program is loaded via iproute2. Now, I have a cgroup bpf program that should be accessing

问题 sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &f, sizeof (f)) With this simple BPF/LPF attach code, when I try to receive packet on the socket, will get some wrong packets that doesn't match with the filter. Seems those packets got into the socket before I call setsockopt(). Seems like should first create the AF_PACKET SOCK_RAW socket, then attach the filter, then flush the socket to get rid of those wrong packets. So the question is, how