On 02/27/2018 01:52 AM, Daniel Borkmann wrote:
On 02/27/2018 01:32 AM, Tushar Dave wrote:Hello, I am writing sample eBPF kernel program that uses kprobe e.g. SEC("kprobe/xyz") int bpf_prog1(struct pt_regs *ctx) { . .. } And with pt_regs context I retrieved pointer to 'struct sk_buff_head'. From here on, I want to iterate over all skbs in the skb queue and print/gather packet data. This certainly involves loop and that causes my ebpf kernel program to fail with error, e.g. bpf_load_program() err=22 back-edge from insn 51 to 39 back-edge from insn 51 to 39 Any other alternative so that I can retrieve all packet data from skb queue? Apology as this is not pure xdp query but I feel it should be okay to ask here.Bounded loops are still wip in BPF core, but today you can make use of loop unrolling like the following when <X> is a known constant: #pragma unroll for (i = 0; i < <X>; i++) { [...] }
Ok. Thanks.
I presume you're walking the skb via bpf_probe_read() helper from tracing side, right? Other option could be to add a networking program (e.g. via cls_bpf) and dump the full skb to perf RB via bpf_skb_event_output() helper. Potentially if you already dump other data from tracing side via perf RB, then the networking program can reuse/share the very same perf event map as well.
yes I am using bpf_probe_read to walk over skb list. I will look into cls_bpf option you mentioned. Thanks for suggestion :) -Tushar
Cheers, Daniel
|