Now i want to modify something of the skb with the ebpf in the prog_type kprobe.
However, the help function `bpf_skb_store_bytes` is not supported with the
prog_type BPF_PROG_TYPE_KPROBE.
I test it with the error `unknow func`
And I want to ask is there a way to modify skb with ebpf in kprobe
This is the problem:
static inline uint16_t parse_tcp_pld(void *data, u64 nh_off, void *data_end) {
uint16_t *pld = data + nh_off;
if ((void*)[1] > data_end)
return 0;
return pld;
}
return value should be "void *" or "uint16_t *".
In the future, we will try to add more diagnostic
If I just copy your swapu16 function into my code (and it looks very similar to
mine) the result continues to be the same (error).
Here is a gist with python and c-components of my program
https://gist.github.com/ibaldin/716d70d490b44e05d15db59ee983c0c0
Looking at the BPF byte code print out
Thank you! Let me run a gap analysis to see what’s different.
-ilya
Ilya Baldin
Director, Networking Research and Infrastructure
RENCI/UNC Chapel Hill
http://www.renci.org
On Aug 24, 2017, at 3:32 PM, Brenden Blanco
> wrote:
On Thu, Aug 24, 2017 at
I’m staring at the BPF ‘pseudocode’ now. I wouldn’t put it past me to do
something stupid.
-ilya
Ilya Baldin
On Aug 24, 2017, at 3:25 PM, Y Song
> wrote:
On Thu, Aug 24, 2017 at 12:17 PM, Ilya Baldin
>
On Thu, Aug 24, 2017 at 12:25 PM, Y Song wrote:
> On Thu, Aug 24, 2017 at 12:17 PM, Ilya Baldin wrote:
>> Thank you, everyone for the replies. This explains about bpf_probe_read.
>>
>> I tried the approach below (changed the check to offset +1) however that
Thank you, everyone for the replies. This explains about bpf_probe_read.
I tried the approach below (changed the check to offset +1) however that didn’t
help, I still get the same error and BCC refuses to load the program
R0=inv,min_value=2,max_value=65537,min_align=1,aux_off_align=2
CC to bcc mailing list as well.
bpf_probe_read is not allowed in XDP programs.
Your comparison may need to comparison not just starting offset, but
also including the memory size so the
whole write won't fall beyond the "data_end".
Regarding to bcc translates "start[off2]" to bpf_probe_read, it