Replies: 2 comments
-
Are you compiling the bpf program on one machine and loading the program on another? Struct layouts vary with kernel versions and compile-time configs. CO-RE provides a way of dealing with that, take a look at https://nakryiko.com/posts/bpf-core-reference-guide. |
Beta Was this translation helpful? Give feedback.
-
bpf_probe_read_kernel() helper is only allowed in eBPF trace progs (e.g., krpobe, tracepoint, perf event). Other prog types like XDP/socket filter are not allowed to call bpf_probe_read_xx() or bpf_probe_write_xx() helpers. Besides, the overhead of bpf_probe_read_kernel() helper is so big that will significantly reduce the datapath performance. That's why it is not allowed in network hookpoints. |
Beta Was this translation helpful? Give feedback.
-
I write a tc ebpf prog and attach it to some nic's egress, but when I call bpf_probe_read_kernel() to get the process id, it always return 0 and the pid was setted to zero.
__u32 pid = 1;
struct task_struct *curr_task = (struct task_struct *) bpf_get_current_task();
long ret = bpf_probe_read_kernel(&pid, sizeof(__u32), &(curr_task->pid));
bpf_printk("ret = %d, pid = %d", ret, pid);
The code run correctly on ubuntu, but incorrectly on centos, the kernel version is 5.10.25.
Beta Was this translation helpful? Give feedback.
All reactions