wuzongyo@xxxxxxxxxxxxxxxx writes:
> Hi,
>
> I wrote a simple tc-bpf program like that:
>
> #include <linux/bpf.h>
> #include <linux/pkt_cls.h>
> #include <linx/types.h>
> #include <bpf/bpf_helpers.h>
>
> struct {
> __uint(type, BPF_MAP_TYPE_HASH);
> __uint(max_entries, 1);
> __type(key, int);
> __type(value, int);
> } hmap SEC(".maps");
>
> SEC("classifier")
> int _classifier(struct __sk_buff *skb)
> {
> int key = 0;
> int *val;
>
> val = bpf_map_lookup_elem(&hmap, &key);
> if (!val)
> return TC_ACT_OK;
> return TC_ACT_OK;
> }
>
> char __license[] SEC("license") = "GPL";
>
> Then I tried to use tc to load the program:
>
> tc qdisc add dev eth0 clsact
> tc filter add dev eth0 egress bpf da obj test_bpf.o
>
> But the program loading failed with error messages:
> Prog section 'classifier' rejected: Permission denied (13)!
> - Type: 3
> - Instructions: 9 (0 over limit
> - License: GPL
>
> Verifier analysis:
>
> Error fetching program/map!
> Unable to load program
>
> I tried to replace the map definition with the following code and the program is loaded successfully!
>
> struct bpf_map_def SEC("maps") hmap = {
> .type = BPF_MAP_TYPE_HASH,
> .key_size = sizeof(int),
> .value_size = sizeof(int),
> .max_entries = 1,
> };
>
> With bpftrace, I can find that the errno -EACCES is returned by function do_check(). But I am still confused what's wrong with it.
>
> Linux Version: 5.17.0-rc3+ with CONFIG_DEBUG_INFO_BTF=y
> TC Version: 5.14.0
>
> Any suggestion will be appreciated!
If the latter works but the former doesn't, my guess would be that
iproute2 is compiled without libbpf support (in which case it would not
support BTF-defined maps either). If it does have libbpf support, that
(and the version of libbpf used) will be included in the output of `tc
-v`.
You could recompile iproute2 with enable libbpf support enabled, or as
Andrii suggests you can write your own loader using libbpf...
-Toke
