eBPF:如何使用 `bpf_map_update_elem` 从内核 space 发送数据?
eBPF: How to use `bpf_map_update_elem` to send data from kernel space?
我正在尝试通过 运行 以下 BPF 程序从内核 space 向用户 space 发送数据(IP 地址):
struct bpf_map_def EVENTS = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
};
SEC("xdp")
int _xdp_ip_filter(struct xdp_md *ctx) {
bpf_printk("got a packet\n");
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
// check packet size
if (eth + 1 > data_end) {
return XDP_PASS;
}
// get the source address of the packet
struct iphdr *iph = data + sizeof(struct ethhdr);
if (iph + 1 > data_end) {
return XDP_PASS;
}
__u32 ip_src = iph->saddr;
bpf_printk("source ip address is %u\n", ip_src);
// key of the maps
__u32 key = 0;
bpf_printk("starting xdp ip filter\n");
// send the ip to the userspace program.
bpf_map_update_elem(&EVENTS, &key, &ip_src, BPF_ANY);
return XDP_PASS;
}
生成文件:
CLANG ?= clang
LLC ?= llc
OPT ?= opt
DIS ?= llvm-dis
ARCH ?= $(shell uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/x86/')
KERNEL ?= /usr/src/linux
CFLAGS += \
-O2 -g -emit-llvm \
-D__KERNEL__ \
-D__BPF_TRACING__ \
-Wno-unused-value \
-Wno-pointer-sign \
-Wno-compare-distinct-pointer-types \
-Wno-address-of-packed-member \
-Wno-tautological-compare \
-Wno-unknown-warning-option \
-Wno-gnu-variable-sized-type-not-at-end \
-fno-asynchronous-unwind-tables
bytecode.$(ARCH).o: bytecode.c
$(CLANG) $(CFLAGS) -c $< -o - | \
$(OPT) -O2 -mtriple=bpf-pc-linux | \
$(DIS) | \
$(LLC) -march=bpf $(LLC_FLAGS) -filetype=obj -o $@
但是我不断收到以下错误:
58: (85) call bpf_map_update_elem#2
R1 type=map_value expected=map_ptr
verification time 272 usec
谁能帮我理解这个错误?此外,我在哪里可以看到 bpf_printk 消息?
我怀疑 make 生成的文件不包含 EVENTS 映射。但是我不确定如何修复它 - 如果我在映射上方添加 SEC("maps") 内核验证程序确实失败完全找到该部分..
你还缺少:
SEC("maps") 在地图声明中(如您所料)。- 许可证声明。
#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <bpf/bpf_helpers.h>
struct bpf_map_def SEC("maps") EVENTS = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
};
SEC("xdp")
int _xdp_ip_filter(struct xdp_md *ctx) {
bpf_printk("got a packet\n");
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
// check packet size
if (eth + 1 > data_end) {
return XDP_PASS;
}
// get the source address of the packet
struct iphdr *iph = data + sizeof(struct ethhdr);
if (iph + 1 > data_end) {
return XDP_PASS;
}
__u32 ip_src = iph->saddr;
bpf_printk("source ip address is %u\n", ip_src);
// key of the maps
__u32 key = 0;
bpf_printk("starting xdp ip filter\n");
// send the ip to the userspace program.
bpf_map_update_elem(&EVENTS, &key, &ip_src, BPF_ANY);
return XDP_PASS;
}
char _license[] SEC("license") = "GPL";
我能够加载和附加:
make
sudo ip link set dev wlp59s0 xdp obj ./bytecode.o sec xdp
我正在尝试通过 运行 以下 BPF 程序从内核 space 向用户 space 发送数据(IP 地址):
struct bpf_map_def EVENTS = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
};
SEC("xdp")
int _xdp_ip_filter(struct xdp_md *ctx) {
bpf_printk("got a packet\n");
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
// check packet size
if (eth + 1 > data_end) {
return XDP_PASS;
}
// get the source address of the packet
struct iphdr *iph = data + sizeof(struct ethhdr);
if (iph + 1 > data_end) {
return XDP_PASS;
}
__u32 ip_src = iph->saddr;
bpf_printk("source ip address is %u\n", ip_src);
// key of the maps
__u32 key = 0;
bpf_printk("starting xdp ip filter\n");
// send the ip to the userspace program.
bpf_map_update_elem(&EVENTS, &key, &ip_src, BPF_ANY);
return XDP_PASS;
}
生成文件:
CLANG ?= clang
LLC ?= llc
OPT ?= opt
DIS ?= llvm-dis
ARCH ?= $(shell uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/x86/')
KERNEL ?= /usr/src/linux
CFLAGS += \
-O2 -g -emit-llvm \
-D__KERNEL__ \
-D__BPF_TRACING__ \
-Wno-unused-value \
-Wno-pointer-sign \
-Wno-compare-distinct-pointer-types \
-Wno-address-of-packed-member \
-Wno-tautological-compare \
-Wno-unknown-warning-option \
-Wno-gnu-variable-sized-type-not-at-end \
-fno-asynchronous-unwind-tables
bytecode.$(ARCH).o: bytecode.c
$(CLANG) $(CFLAGS) -c $< -o - | \
$(OPT) -O2 -mtriple=bpf-pc-linux | \
$(DIS) | \
$(LLC) -march=bpf $(LLC_FLAGS) -filetype=obj -o $@
但是我不断收到以下错误:
58: (85) call bpf_map_update_elem#2
R1 type=map_value expected=map_ptr
verification time 272 usec
谁能帮我理解这个错误?此外,我在哪里可以看到 bpf_printk 消息?
我怀疑 make 生成的文件不包含 EVENTS 映射。但是我不确定如何修复它 - 如果我在映射上方添加 SEC("maps") 内核验证程序确实失败完全找到该部分..
你还缺少:
SEC("maps")在地图声明中(如您所料)。- 许可证声明。
#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <bpf/bpf_helpers.h>
struct bpf_map_def SEC("maps") EVENTS = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
};
SEC("xdp")
int _xdp_ip_filter(struct xdp_md *ctx) {
bpf_printk("got a packet\n");
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
// check packet size
if (eth + 1 > data_end) {
return XDP_PASS;
}
// get the source address of the packet
struct iphdr *iph = data + sizeof(struct ethhdr);
if (iph + 1 > data_end) {
return XDP_PASS;
}
__u32 ip_src = iph->saddr;
bpf_printk("source ip address is %u\n", ip_src);
// key of the maps
__u32 key = 0;
bpf_printk("starting xdp ip filter\n");
// send the ip to the userspace program.
bpf_map_update_elem(&EVENTS, &key, &ip_src, BPF_ANY);
return XDP_PASS;
}
char _license[] SEC("license") = "GPL";
我能够加载和附加:
make
sudo ip link set dev wlp59s0 xdp obj ./bytecode.o sec xdp