Hi,
Please let me know if it's broken in the recent kernel or not or any
workaround to attach to the function nf_nat_ipv4_manip_pkt using bpf?
I am still stuck on to find workaround.
On Mon, Dec 25, 2023 at 11:02 PM P K <pkopensrc@xxxxxxxxx> wrote:
>
> Hi,
>
> In recent debian kernel 6.1.66-1 kprobe to nf_nat_ipv4_manip_pkt or
> any nf_nat function is not working. It was working fine on 6.1.55-1
> kfunc is working fine.
>
> Any suggestions on how to fix this?
>
> Below are logs:
>
> Not working :
>
> / # bpftrace --info
> System
> OS: Linux 6.1.0-15-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian
> 6.1.66-1 (2023-12-09)
> Arch: x86_64
>
> Build
> version: v0.17.1
> LLVM: 16.0.3
> unsafe uprobe: no
> bfd: yes
> libdw (DWARF support): yes
>
> Kernel helpers
> probe_read: yes
> probe_read_str: yes
> probe_read_user: yes
> probe_read_user_str: yes
> probe_read_kernel: yes
> probe_read_kernel_str: yes
> get_current_cgroup_id: yes
> send_signal: yes
> override_return: no
> get_boot_ns: yes
> dpath: yes
> skboutput: no
>
> Kernel features
> Instruction limit: 1000000
> Loop support: yes
> btf: yes
> map batch: yes
> uprobe refcount (depends on Build:bcc bpf_attach_uprobe refcount): yes
>
> Map types
> hash: yes
> percpu hash: yes
> array: yes
> percpu array: yes
> stack_trace: yes
> perf_event_array: yes
>
> Probe types
> kprobe: yes
> tracepoint: yes
> perf_event: yes
> kfunc: yes
> iter:task: yes
> iter:task_file: yes
> kprobe_multi: no
> raw_tp_special: yes
>
> / #
>
> $ sudo bpftrace -l | grep "manip"
> kfunc:nf_nat:l4proto_manip_pkt
> kfunc:nf_nat:nf_nat_ipv4_manip_pkt
> kfunc:nf_nat:nf_nat_ipv6_manip_pkt
> kfunc:nf_nat:nf_nat_manip_pkt
> kprobe:l4proto_manip_pkt
> kprobe:nf_nat_ipv4_manip_pkt
> kprobe:nf_nat_ipv6_manip_pkt
> kprobe:nf_nat_manip_pkt
>
>
> / # bpftrace -e 'kprobe:nf_nat_ipv4_manip_pkt { printf("func called\n"); }'
> Attaching 1 probe...
> cannot attach kprobe, probe entry may not exist
> ERROR: Error attaching probe: 'kprobe:nf_nat_ipv4_manip_pkt'
>
>
> / # bpftrace -e 'kfunc:nf_nat:nf_nat_ipv4_manip_pkt { printf("func
> called\n"); }'
> Attaching 1 probe...
>
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> ^C
>
> / #
>
>
> Working:
> / # bpftrace --info
> System
> OS: Linux 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29)
> Arch: x86_64
>
> Build
> version: v0.17.1
> LLVM: 16.0.3
> unsafe uprobe: no
> bfd: yes
> libdw (DWARF support): yes
>
> Kernel helpers
> probe_read: yes
> probe_read_str: yes
> probe_read_user: yes
> probe_read_user_str: yes
> probe_read_kernel: yes
> probe_read_kernel_str: yes
> get_current_cgroup_id: yes
> send_signal: yes
> override_return: no
> get_boot_ns: yes
> dpath: yes
> skboutput: no
>
> Kernel features
> Instruction limit: 1000000
> Loop support: yes
> btf: yes
> map batch: yes
> uprobe refcount (depends on Build:bcc bpf_attach_uprobe refcount): yes
>
> Map types
> hash: yes
> percpu hash: yes
> array: yes
> percpu array: yes
> stack_trace: yes
> perf_event_array: yes
>
> Probe types
> kprobe: yes
> tracepoint: yes
> perf_event: yes
> kfunc: yes
> iter:task: yes
> iter:task_file: yes
> kprobe_multi: no
> raw_tp_special: yes
>
>
> / # bpftrace -l | grep "manip"
> kprobe:l4proto_manip_pkt
> kprobe:nf_nat_ipv4_manip_pkt
> kprobe:nf_nat_ipv6_manip_pkt
> kprobe:nf_nat_manip_pkt
> / #
>
>
> / # bpftrace --version
> bpftrace v0.17.1
> / # bpftrace -e 'kprobe:nf_nat_ipv4_manip_pkt { printf("func called\n"); }'
> Attaching 1 probe...
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> ^C
>
> / # bpftrace -e 'kfunc:nf_nat:nf_nat_ipv4_manip_pkt { printf("func
> called\n"); }'
> Attaching 1 probe...
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> func called
> func called
>
> ^C
> / #
