[iovisor-dev] bpf: Failed to load program: Permission denied

Wed, 13 Mar 2019 05:13:28 -0700 

Hi,

I'm new to BPF. I'm trying to write a program that analyses the structure o= f 
DNS requests. I keep getting the following error (bellow) at a certain point in 
the code (bellow).

The error only occurs when I try to "return -1;" (i.e. allow the packet). I= f 
I remove this line the program executes as expected.

I wonder if it could be an issue with the kernel version rather than the co= 
de? (Ubuntu 16.04.4 LTS, Kernel version 4.4.0-87-generic)

Error***************************************
bpf: Failed to load program: Permission denied
...
...
R2 invalid mem access 'inv'

HINT: The invalid mem access 'inv' error can happen if you try to dereferen= ce 
memory without first using bpf_probe_read() to copy it to the BPF stack.=  
Sometimes the bpf_probe_read is automatic by the bcc rewriter, other times=  
you'll need to be explicit.

Traceback (most recent call last):
  File "dns_matching.py", line 57, in <module>
    function_dns_matching =3D bpf.load_func("dns_exfil_detection_v2", BPF.S=
OCKET_FILTER)
  File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 379, in loa= 
d_func
    (func_name, errstr))
Exception: Failed to load BPF program dns_exfil_detection_v2: Permission de= 
nied
********************************************

Code****************************************
        #pragma unroll
        for(i =3D 0; i<255;i++){
                c =3D cursor_advance(cursor, 1);

                if (c->c =3D=3D 0)
                                break;

key.p[i] =3D c->c;

                //**ensure this is the correct max length of a subdomain**
                if(c->c < 0x0f){
                                subdomLengths[subdomainCount] =3D (u16) c->= c;
                                subdomainCount =3D subdomainCount +1;
                 }
        }

*** if(subdomLengths[subdomainCount] =3D=3D 2 && subdomLengths[subdomainCou= 
nt-1]  =3D=3D2 && subdomainCount <4 ){
***         return -1;
*** }
*********************************************

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#1609): https://lists.iovisor.org/g/iovisor-dev/message/1609
Mute This Topic: https://lists.iovisor.org/mt/30415133/21656
Group Owner: [email protected]
Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub  
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to