On Thu, 4 Jan 2024 22:57:56 +0530
[email protected] wrote:
> ------------------------
>
> RCA: These errors started coming after from the Kernel-5.15 version, in
> which lots of new BPF verification restrictions were added for safe execution
> of byte-code on to the Kernel, due to which existing BPF program verification
> does not pass.
> Here are the major BPF verifier restrictions observed:
> 1) Need to use new BPF maps structure.
> 2) Kernel SKB data pointer access not allowed.
I noticed you are now using bpf_skb_load_bytes(), but the bpf helper man page
implies it is not needed.
long bpf_skb_load_bytes(const void *skb, u32 offset, void *to,
u32 len)
Description
This helper was provided as an easy way to load
data from a packet. It can be used to load len
bytes from offset from the packet associated to
skb, into the buffer pointed by to.
Since Linux 4.7, usage of this helper has mostly
been replaced by "direct packet access", enabling
packet data to be manipulated with skb->data and
skb->data_end pointing respectively to the first
byte of packet data and to the byte after the last
byte of packet data. However, it remains useful if
one wishes to read large quantities of data at once
from a packet into the eBPF stack.
Return 0 on success, or a negative error in case of
