Hello, I'm working on integrating ebpf cluster load balancing for AF_PACKET and I've got some problem to get real code inside the EBPF filter.
I've tried different command lines in the build process. One of them is: clang-3.9 -Wall -O2 -emit-llvm -c hash_ports.c -o - | llc-3.9 -march=bpf -filetype=obj -o hash_ports.bpf If I use that one, then the generated code is almost void. If I remove the -O2 then I've got a generated code that fails during load. When not using -O2, I manage to load a trivial filter (return of static value). The C code is the following (a derivative of http-simple-filter.c used for testing): int filter(struct __sk_buff *skb) { uint8_t *cursor = 0; struct ethernet_t *ethernet = cursor_advance(cursor, sizeof(*ethernet)); if (!(ethernet->type == (unsigned int)0x0800)) { goto DEFAULT; } struct ip_t *ip = cursor_advance(cursor, sizeof(*ip)); if (ip->nextp != IP_TCP) { goto DEFAULT; } return 1; DEFAULT: return 0; } And error is as follows bpf: Permission denied bpf verifier: 0: (7b) *(u64 *)(r10 -16) = r1 1: (b7) r1 = 0 2: (7b) *(u64 *)(r10 -24) = r1 3: (7b) *(u64 *)(r10 -40) = r1 4: (79) r2 = *(u64 *)(r10 -24) 5: (07) r2 += 14 6: (7b) *(u64 *)(r10 -24) = r2 7: (79) r2 = *(u64 *)(r10 -40) 8: (7b) *(u64 *)(r10 -48) = r2 9: (7b) *(u64 *)(r10 -32) = r2 10: (71) r3 = *(u8 *)(r2 +12) R2 invalid mem access 'inv' This has been tested with a 4.6.0 kernel and a 4.5.x kernel. What did I miss here ? BR, -- Eric Leblond <e...@regit.org> Blog: https://home.regit.org/