-
|
I write a tc ebpf prog and attach it to some nic's egress, but when I call bpf_probe_read_kernel() to get the process id, it always return 0 and the pid was setted to zero. __u32 pid = 1; The code run correctly on ubuntu, but incorrectly on centos, the kernel version is 5.10.25. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Are you compiling the bpf program on one machine and loading the program on another? Struct layouts vary with kernel versions and compile-time configs. CO-RE provides a way of dealing with that, take a look at https://nakryiko.com/posts/bpf-core-reference-guide. |
Beta Was this translation helpful? Give feedback.
-
|
bpf_probe_read_kernel() helper is only allowed in eBPF trace progs (e.g., krpobe, tracepoint, perf event). Other prog types like XDP/socket filter are not allowed to call bpf_probe_read_xx() or bpf_probe_write_xx() helpers. Besides, the overhead of bpf_probe_read_kernel() helper is so big that will significantly reduce the datapath performance. That's why it is not allowed in network hookpoints. |
Beta Was this translation helpful? Give feedback.
bpf_probe_read_kernel() helper is only allowed in eBPF trace progs (e.g., krpobe, tracepoint, perf event). Other prog types like XDP/socket filter are not allowed to call bpf_probe_read_xx() or bpf_probe_write_xx() helpers. Besides, the overhead of bpf_probe_read_kernel() helper is so big that will significantly reduce the datapath performance. That's why it is not allowed in network hookpoints.