ebpf

问题 When I run the following code I get an error. #include <uapi/linux/utsname.h> #include <linux/pid_namespace.h> struct uts_namespace { struct kref kref; struct new_utsname name; }; static __always_inline char * get_task_uts_name(struct task_struct *task){ return task->nsproxy->uts_ns->name.nodename; } int cmpNamespace(void *ctx) { struct task_struct *task; task = (struct task_struct *)bpf_get_current_task(); if (strcmp(get_task_uts_name(task),"namespace")==0){ ... } return 0; } Error: bpf:

问题 When I run the following code I get an error. #include <uapi/linux/utsname.h> #include <linux/pid_namespace.h> struct uts_namespace { struct kref kref; struct new_utsname name; }; static __always_inline char * get_task_uts_name(struct task_struct *task){ return task->nsproxy->uts_ns->name.nodename; } int cmpNamespace(void *ctx) { struct task_struct *task; task = (struct task_struct *)bpf_get_current_task(); if (strcmp(get_task_uts_name(task),"namespace")==0){ ... } return 0; } Error: bpf:

问题 As title, but the measurement result is unreasonable. Let me describe the current status. I'm using syscall getuid as measurement target, I started by measureing the complete overhead with two clock_gettime bounded around, then measure the entry (what SYSCALL instruction does before executing the actual getuid code) and leaving overhead saparately (with eBPF program hook onto the entry and leaving point). The result for the complete overhead is ~65ns, and regarding to the entry and leaving

问题 I am trying to run a simple bpf program that I wrote. But I am not able to run it as non root user. Below is the program I am trying to load, It basically gets the pointer to my map whose fd is map_fd (I am not showing the code where I create the map). It works as root but for some reason fails with non root user. Output of uname -a Linux 5.8.0-38-generic #43~20.04.1-Ubuntu SMP Tue Jan 12 16:39:47 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux BPF program BPF_MOV64_IMM(BPF_REG_0, 0), BPF_STX_MEM(BPF

问题 I'm trying to write a simple socket filter eBPF program that can access the socket buffer data. #include <linux/bpf.h> #include <linux/if_ether.h> #define SEC(NAME) __attribute__((section(NAME), used)) SEC("socket_filter") int myprog(struct __sk_buff *skb) { void *data = (void *)(long)skb->data; void *data_end = (void *)(long)skb->data_end; struct ethhdr *eth = data; if ((void*)eth + sizeof(*eth) > data_end) return 0; return 1; } And I'm compiling using clang: clang -I./ -I/usr/include/x86_64

问题 I'm trying to write a simple socket filter eBPF program that can access the socket buffer data. #include <linux/bpf.h> #include <linux/if_ether.h> #define SEC(NAME) __attribute__((section(NAME), used)) SEC("socket_filter") int myprog(struct __sk_buff *skb) { void *data = (void *)(long)skb->data; void *data_end = (void *)(long)skb->data_end; struct ethhdr *eth = data; if ((void*)eth + sizeof(*eth) > data_end) return 0; return 1; } And I'm compiling using clang: clang -I./ -I/usr/include/x86_64

问题 I trying a design a load balancer using ebpf. I want to transmit the incoming packet to different destinations (devices connected in the same network). Although I have used the clone_bpf_redirect helper function to redirect the packet to real/ virtual interfaces and its working fine. Now I want to broadcast/unicast the packet to other devices connected in the same network. XDP does not support it, as far as I know. Therefore, using tc bpf hook. Is there any helper function or which action

问题 From bpf man page: eBPF programs can be written in a restricted C that is compiled (using the clang compiler) into eBPF bytecode. Various features are omitted from this restricted C, such as loops, global variables, variadic functions, floating-point numbers, and passing structures as function arguments. AFAIK the man page it's not updated. I'd like to know what is exactly forbidden when using restricted C to write an eBPF program? Is what the man page says still true? 回答1: It is not really a

问题 From bpf man page: eBPF programs can be written in a restricted C that is compiled (using the clang compiler) into eBPF bytecode. Various features are omitted from this restricted C, such as loops, global variables, variadic functions, floating-point numbers, and passing structures as function arguments. AFAIK the man page it's not updated. I'd like to know what is exactly forbidden when using restricted C to write an eBPF program? Is what the man page says still true? 回答1: It is not really a

问题 Is it possible to share ebpf maps between different program types. I need to share a map between a tc-bpf program and a cgroup bpf program. This should be possible if the map is pinned to file system that act as global namespace. But, I haven't got this working. The map is created by tc-bpf program and pinned to global namespace. Since it is tc-bpf program, the map is of type struct bpf_elf_map. This bpf program is loaded via iproute2. Now, I have a cgroup bpf program that should be accessing