Hello,
I'm working on integrating ebpf cluster load balancing for AF_PACKET
and I've got some problem to get real code inside the EBPF filter.
I've tried different command lines in the build process. One of them
is:
clang-3.9 -Wall -O2 -emit-llvm -c hash_ports.c -o - | llc-3.9 -march=bpf
-filetype=obj -o hash_ports.bpf
If I use that one, then the generated code is almost void. If I remove
the -O2 then I've got a generated code that fails during load. When not
using -O2, I manage to load a trivial filter (return of static value).
The C code is the following (a derivative of http-simple-filter.c used
for testing):
int filter(struct __sk_buff *skb) {
uint8_t *cursor = 0;
struct ethernet_t *ethernet = cursor_advance(cursor, sizeof(*ethernet));
if (!(ethernet->type == (unsigned int)0x0800)) {
goto DEFAULT;
}
struct ip_t *ip = cursor_advance(cursor, sizeof(*ip));
if (ip->nextp != IP_TCP) {
goto DEFAULT;
}
return 1;
DEFAULT:
return 0;
}
And error is as follows
bpf: Permission denied
bpf verifier:
0: (7b) *(u64 *)(r10 -16) = r1
1: (b7) r1 = 0
2: (7b) *(u64 *)(r10 -24) = r1
3: (7b) *(u64 *)(r10 -40) = r1
4: (79) r2 = *(u64 *)(r10 -24)
5: (07) r2 += 14
6: (7b) *(u64 *)(r10 -24) = r2
7: (79) r2 = *(u64 *)(r10 -40)
8: (7b) *(u64 *)(r10 -48) = r2
9: (7b) *(u64 *)(r10 -32) = r2
10: (71) r3 = *(u8 *)(r2 +12)
R2 invalid mem access 'inv'
This has been tested with a 4.6.0 kernel and a 4.5.x kernel.
What did I miss here ?
BR,
--
Eric Leblond <e...@regit.org>
Blog: https://home.regit.org/
