I'm trying to send data (IP address) from the kernel space to the user space, by running the following BPF prorgam:
struct bpf_map_def EVENTS = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
};
SEC("xdp")
int _xdp_ip_filter(struct xdp_md *ctx) {
bpf_printk("got a packet\n");
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
// check packet size
if (eth 1 > data_end) {
return XDP_PASS;
}
// get the source address of the packet
struct iphdr *iph = data sizeof(struct ethhdr);
if (iph 1 > data_end) {
return XDP_PASS;
}
__u32 ip_src = iph->saddr;
bpf_printk("source ip address is %u\n", ip_src);
// key of the maps
__u32 key = 0;
bpf_printk("starting xdp ip filter\n");
// send the ip to the userspace program.
bpf_map_update_elem(&EVENTS, &key, &ip_src, BPF_ANY);
return XDP_PASS;
}
Makefile:
CLANG ?= clang
LLC ?= llc
OPT ?= opt
DIS ?= llvm-dis
ARCH ?= $(shell uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/x86/')
KERNEL ?= /usr/src/linux
CFLAGS = \
-O2 -g -emit-llvm \
-D__KERNEL__ \
-D__BPF_TRACING__ \
-Wno-unused-value \
-Wno-pointer-sign \
-Wno-compare-distinct-pointer-types \
-Wno-address-of-packed-member \
-Wno-tautological-compare \
-Wno-unknown-warning-option \
-Wno-gnu-variable-sized-type-not-at-end \
-fno-asynchronous-unwind-tables
bytecode.$(ARCH).o: bytecode.c
$(CLANG) $(CFLAGS) -c $< -o - | \
$(OPT) -O2 -mtriple=bpf-pc-linux | \
$(DIS) | \
$(LLC) -march=bpf $(LLC_FLAGS) -filetype=obj -o $@
However I keep getting the following err:
58: (85) call bpf_map_update_elem#2
R1 type=map_value expected=map_ptr
verification time 272 usec
Can anyone help me understand this error? In addition where can I see the bpf_printk
messages?
I suspect the file generated by make does not include the EVENTS
map.. But am not sure how to fix it - if I add a SEC("maps")
above the map the kernel verifier does fails to locate the section at all..
CodePudding user response:
You are missing:
SEC("maps")
in the map declaration (as you had guessed).- The license declaration.
#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <bpf/bpf_helpers.h>
struct bpf_map_def SEC("maps") EVENTS = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
};
SEC("xdp")
int _xdp_ip_filter(struct xdp_md *ctx) {
bpf_printk("got a packet\n");
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
// check packet size
if (eth 1 > data_end) {
return XDP_PASS;
}
// get the source address of the packet
struct iphdr *iph = data sizeof(struct ethhdr);
if (iph 1 > data_end) {
return XDP_PASS;
}
__u32 ip_src = iph->saddr;
bpf_printk("source ip address is %u\n", ip_src);
// key of the maps
__u32 key = 0;
bpf_printk("starting xdp ip filter\n");
// send the ip to the userspace program.
bpf_map_update_elem(&EVENTS, &key, &ip_src, BPF_ANY);
return XDP_PASS;
}
char _license[] SEC("license") = "GPL";
I was able to load and attach with:
make
sudo ip link set dev wlp59s0 xdp obj ./bytecode.o sec xdp