Stack Overflow
Stack Overflow

Questions tagged [bpf]

The Berkeley Packet Filter (BPF, or cBPF) was initially introduced to provide a raw interface to data link layers in a protocol independent fashion, on BSD systems and then on Linux. More recently, it has been reworked on Linux to give birth to the extended BPF, or eBPF. The latter can be used for network processing at several levels, as well as for security applications, or even tracing and monitoring use cases. This tag is for all cBPF/eBPF questions.

The Berkeley Packet Filter was initially introduced to provide a raw interface to data link layers in a protocol independent fashion, first on BSD systems in the early 90s, then on Linux a few years later. All packets on the network, even those destined for other hosts, would be accessible through this mechanism.

Since 2013, the older BPF subsystem (or cBPF, for classic BPF) has led to the creation to an extended BPF version, or eBPF, on Linux. eBPF has a different architecture. It is more efficient, more flexible, introduces new features (maps, tail calls, helper functions from kernel, etc.). And programs can be attached to a variety of hooks in the kernel, for networking (sockets, as before, but also TC (traffic control) interface, XDP…), for security (cgroups) or for tracing and monitoring the kernel (kprobes, tracepoints, …).

449 questions
-1
votes
1 answer

Berkeley Packet Filters for VLAN priority

I need to filter priority into VLAN header to ensure Voice priority value. Using BPF filtering is possible to evaluate which packets contains priority bits value into VLAN header are equals to five ? Regards Vincenzo
Vincenzo Marrazzo
  • 119
  • 12
-1
votes
1 answer

Trying to create map with char array field invalid field error

I like to know how to create ebpf map with char array value I tried like this struct { __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY); __uint(key_size, sizeof(int)); __uint(value_size, sizeof(char)*10); __uint(max_entries, 2); } my_map…
user786
  • 3,902
  • 4
  • 40
  • 72
-1
votes
1 answer

compiling extended berkley packet filters program in ubuntu clang and llvm installed with libbpf also installed bt helper func not found& formar error

So I have llvm, kernel headers(5.14.1), clang, and also libbpf along with that I copied bpf_helpers.h in ebpf program directory from linux source. This is a simple program that I like to get it loaded and run when execve system get called from any…
user786
  • 3,902
  • 4
  • 40
  • 72
-1
votes
1 answer

bpf verifier log is truncated, how to get the full log?

As the following, bpf verifier log is truncated at the last. How could I get the full log ? 368=mmmmmmmm fp-376=mmmmmmmm fp-432=mmmmmmmm fp-440=inv fp-448=inv fp-456=map_value fp-464=inv 389: (73) *(u8 *)(r3 +322) = r1 390: (71) r1 = *(u8 *)(r2…
hi_glenn
  • 67
  • 1
  • 5
-1
votes
1 answer

Is there a String size limit when sending strings back to BPF code and back to userspace?

I am sending this sentence through my BPF code through a BPF Char Array here: jmommyijsadifjasdijfa, hello, world And when I print out my output, I only seem to get this output jmommyij I seem to be hitting some kind of String size limit. Is…
maxterthrowaway
  • 53
  • 5
-1
votes
1 answer

Header not found error when adding stdint.h to my C code when compiling with Clang on Raspberry Pi

Here's the error that I am getting and none of the online solutions are effectively fixing the issues that I am having. Just adding #include breaks the compilation of my code. I tried installing multilib but the library seems to have no…
Zarif Rahman
  • 79
  • 1
  • 8
-1
votes
2 answers

ebpf packet filter on payload matching

I am new in ebpf & xdp topic and want to do learn it. My question is how to use ebpf filter to filter the packet on specific payload matching? for example, if the data(payload) of the packet is 1234 its passes to the network stack otherwise it…
Linux baby
  • 21
  • 1
  • 5
-1
votes
1 answer

verifier failure for a xdp code computing icmp checksum?

I am using xdp(use XDP_TX action) to construct an icmp resv packets. linux: centos8 kernel 4.18.0-80.el8.x86_64 llvm: 7.0.1 clang: clang version 7.0.1 (tags/RELEASE_701/final) Here is my code: SEC("xdp_icmp") int _xdp_icmp(struct xdp_md *xdp) { …
Vector
  • 67
  • 1
  • 5
-1
votes
1 answer

ISC dhcrelay is not forwarding the DISCOVER packets to dhcp server

I am doing DHCP relay POC. I have setup as following. DHCP Client(VX-works) ----------- DHCP Relay----------- DHCP Server (VXworks) In this setup, DHCP Client is sending the DICOVER packets, but relay agent was not receiving the packet. I looked…
Webster
  • 79
  • 8
-1
votes
1 answer

Building bcc in alpine, "does not name a type" error

I'm trying to build bcc bcc Alpine. This is the Dockerfile I wrote to compile bcc: FROM alpine:3.7 RUN apk add --update \ git \ llvm-dev \ llvm-static \ clang-dev \ clang-static \ cmake \ flex-dev \ bison \ luajit-dev \ …
oldhomemovie
  • 14,621
  • 13
  • 64
  • 99
-1
votes
2 answers

How to access a kernel variable using BPF?

For example, to access the skb variable in function ip_rcv: int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) { ... } I searched the Internet but cannot find any example.
tonysok
  • 627
  • 1
  • 7
  • 13
-2
votes
1 answer

Use bcc SKB to drop TCP packet

Intention: To drop tcp/port packet using bcc tools I stumbled upon this code int drop(struct __sk_buff *skb) { const int l3_off = ETH_HLEN; // IP header offset const int l4_off = l3_off + sizeof(struct iphdr); // TCP…
zexapod
  • 45
  • 6
-2
votes
1 answer

Printing Hello World using uBPF?

I am messing around with uBPF recently and have noticed that I can't seem to implement any print functions within uBPF. I tried adding my code directly to test.c within the VM folder but and have it as a registered function but I am left with…
maxterthrowaway
  • 53
  • 5
1 2 3
29
30