[英]eBPF: How to use `bpf_map_update_elem` to send data from kernel space?
我正在尝试通过运行以下 BPF 程序将数据(IP 地址)从 kernel 空间发送到用户空间:
struct bpf_map_def EVENTS = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
};
SEC("xdp")
int _xdp_ip_filter(struct xdp_md *ctx) {
bpf_printk("got a packet\n");
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
// check packet size
if (eth + 1 > data_end) {
return XDP_PASS;
}
// get the source address of the packet
struct iphdr *iph = data + sizeof(struct ethhdr);
if (iph + 1 > data_end) {
return XDP_PASS;
}
__u32 ip_src = iph->saddr;
bpf_printk("source ip address is %u\n", ip_src);
// key of the maps
__u32 key = 0;
bpf_printk("starting xdp ip filter\n");
// send the ip to the userspace program.
bpf_map_update_elem(&EVENTS, &key, &ip_src, BPF_ANY);
return XDP_PASS;
}
Makefile:
CLANG ?= clang
LLC ?= llc
OPT ?= opt
DIS ?= llvm-dis
ARCH ?= $(shell uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/x86/')
KERNEL ?= /usr/src/linux
CFLAGS += \
-O2 -g -emit-llvm \
-D__KERNEL__ \
-D__BPF_TRACING__ \
-Wno-unused-value \
-Wno-pointer-sign \
-Wno-compare-distinct-pointer-types \
-Wno-address-of-packed-member \
-Wno-tautological-compare \
-Wno-unknown-warning-option \
-Wno-gnu-variable-sized-type-not-at-end \
-fno-asynchronous-unwind-tables
bytecode.$(ARCH).o: bytecode.c
$(CLANG) $(CFLAGS) -c $< -o - | \
$(OPT) -O2 -mtriple=bpf-pc-linux | \
$(DIS) | \
$(LLC) -march=bpf $(LLC_FLAGS) -filetype=obj -o $@
但是我不断收到以下错误:
58: (85) call bpf_map_update_elem#2
R1 type=map_value expected=map_ptr
verification time 272 usec
谁能帮我理解这个错误? 另外我在哪里可以看到bpf_printk消息?
我怀疑 make 生成的文件不包含EVENTS map.. 但我不确定如何修复它 - 如果我在 map 上方添加一个SEC("maps") ,则 Z50484C19F1AFDAF3841A0D821ED3 的部分确实无法找到 all
你错过了:
SEC("maps") (如您所料)。#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <bpf/bpf_helpers.h>
struct bpf_map_def SEC("maps") EVENTS = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
};
SEC("xdp")
int _xdp_ip_filter(struct xdp_md *ctx) {
bpf_printk("got a packet\n");
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
// check packet size
if (eth + 1 > data_end) {
return XDP_PASS;
}
// get the source address of the packet
struct iphdr *iph = data + sizeof(struct ethhdr);
if (iph + 1 > data_end) {
return XDP_PASS;
}
__u32 ip_src = iph->saddr;
bpf_printk("source ip address is %u\n", ip_src);
// key of the maps
__u32 key = 0;
bpf_printk("starting xdp ip filter\n");
// send the ip to the userspace program.
bpf_map_update_elem(&EVENTS, &key, &ip_src, BPF_ANY);
return XDP_PASS;
}
char _license[] SEC("license") = "GPL";
我能够加载和附加:
make
sudo ip link set dev wlp59s0 xdp obj ./bytecode.o sec xdp
“bpf_map_update_elem”等bps API map helper的详细流程是什么?
[英]what is the detailed process of bps API map helpers like "bpf_map_update_elem"?
如果我有 bpf_map object,如何使用 bpf_object__find_map_by_name(bpf_object,"hash_map") 获取 map fd 和 max extries; ebpf
[英]how to get map fd and max extries if I have bpf_map object by using bpf_object__find_map_by_name(bpf_object,"hash_map"); ebpf
bpf_map_lookup_elem 中的空值,而“bpftool map dump”确实如此
[英]Empty value from bpf_map_lookup_elem while 'bpftool map dump' does
如何在 EBPF 程序中使用 bpf_probe_read() 复制可变长度数据?
[英]How do I copy variable length data using bpf_probe_read() in EBPF programs?
eBPF 映射一个元素。 映射类型和内核/用户空间通信
[英]eBPF maps for one element. Map type and kernel/user space communication
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.