Permission Denied: classifier_egress not load about triplecross HOT 10 CLOSED

from triplecross.

Hello again,

The error you are getting means that the eBPF verifier is rejecting the TC program because of not passing the checks it performs before being getting it loaded into the kernel. Specifically, it seems that it does not like the addition you are doing inside the if for checking the length of the packet.

The verifier is picky and in my experience what is ok for one machine it does not pass for others. I myself just ran this program in Ubuntu 21.04 successfully tho, but you will have to modify the code for running it under 22.04. Also, you will probably get more verifier errors for other parts of the program, not only TC, so I encourage you to try and port it yourself to 22.04.

Let me give you some context about what you are doing there and what you may try to solve it:

• Any TC program needs to check the format of the packet before performing any operation over it (e.g. reading, writing). First, I am checking the length of the packet (defined by data and data_end pointer), and whether it contains an ethernet frame. This is a necessary step, and it will not work if you remove it.
• Once you have check the boundaries of ethernet header, you have to check the boundaries of each network layer header in order (ip, tcp). After that, you can safely access the packet.

Some things you may try:

• Perform the if clause in some other way. Instead of
  if((void*)eth + sizeof(struct ethhdr) > data_end)
  try separating it:
  void* eth_end = (void*)eth + sizeof(struct ethhdr); if((void*)eth_end > data_end)
• Try using sizeof(eth) instead of sizeof(struct ethhdr)

In general, try any variation of what I've done, sometimes it is something small and silly, others not. As a general rule of thumb for your task, be cautious about operations with pointers, loops and accessing the parameters of eBPF functions. Comment the rest of the code and ensure that each piece of the eBPF program can be loaded by itself. It may happen that the eBPF verifier is giving you that error at line 32, but it is because later in the program you are operating with eth and it does not like it. So my advice for porting this is that you start from a TC program from scratch and then one by one start writing the functionality I have in my program.

from triplecross.

You can also just use Ubuntu 21.04 which is what I used when I developed this, but if you want it for the latest Ubuntu version (and I assume you do given what you told me by email) then this is a task you'll have to do.

Also, if you are going to do this, check out the following comment by me in another thread where I mention other problems you will encounter (seems that you got eBPF working tho, so ignore the first one)
#41 (comment)

from triplecross.

Thanks a lot! Then if i will try in Ubuntu 21.04 that will work?

from triplecross.

Yes it will

from triplecross.

I am closing the issue since we clarified what is going on already. If you have any problems when using 21.04 or you end up porting it to 22.04 and want some advice, you can open another one.

from triplecross.

from triplecross.

What do you mean? It is definitely supported, you can check the requirements here. If you are having any problem please open an issue

from triplecross.

I solved! but now it gives me error when I try to run sudo ./bin/kit -t enp0s3
These are the mistakes

from triplecross.

Hi. I am moving your issue to a new thread since it is unrelated. Please check out #50

from triplecross.