[PATCH] net/tap: Modified TAP BPF program as per the new Kernel-version upgrade requirements.
Stephen Hemminger
stephen at networkplumber.org
Thu Jan 4 21:57:05 CET 2024
On Thu, 4 Jan 2024 22:57:56 +0530
madhuker.mythri at oracle.com wrote:
> ------------------------
>
> RCA: These errors started coming after from the Kernel-5.15 version, in which lots of new BPF verification restrictions were added for safe execution of byte-code on to the Kernel, due to which existing BPF program verification does not pass.
> Here are the major BPF verifier restrictions observed:
> 1) Need to use new BPF maps structure.
> 2) Kernel SKB data pointer access not allowed.
I noticed you are now using bpf_skb_load_bytes(), but the bpf helper man page
implies it is not needed.
long bpf_skb_load_bytes(const void *skb, u32 offset, void *to,
u32 len)
Description
This helper was provided as an easy way to load
data from a packet. It can be used to load len
bytes from offset from the packet associated to
skb, into the buffer pointed by to.
Since Linux 4.7, usage of this helper has mostly
been replaced by "direct packet access", enabling
packet data to be manipulated with skb->data and
skb->data_end pointing respectively to the first
byte of packet data and to the byte after the last
byte of packet data. However, it remains useful if
one wishes to read large quantities of data at once
from a packet into the eBPF stack.
Return 0 on success, or a negative error in case of
More information about the dev
mailing list