I am testing a nat program using ebpf. But the ebpf prog loader throws a error message:
221: (85) call bpf_l4_csum_replace#11
unknown func bpf_l4_csum_replace#11
What does it mean ? How to solve it ?
Thanks.
A similar message could mean that your kernel does not know the BPF helper you are trying to use, because e.g. your kernel is too old or the helper has been compiled out based on the kernel configuration options. But in those cases, you would not see the name of the function in the verifier logs.
What is probably happening here is that your kernel does support the BPF helper, but the type of the BPF program you are trying to load is not compatible with that helper. For example, if your program is of type socket_filter, you cannot use this helper (see function sk_filter_func_proto() used for the check). If your program was a TC classifier instead, you would be able to use it.
Related
Do we have mechanism to invoke functions defined in ebpf/xdp from kernel.
callbacks or RPC(Remote procedural calls) from kernel.
In my current project, we need to invoke ebpf/xdp functions from kernel functionality.
Please let me know, is there mechanism exists. any ideas/pointers how to go about.
Thanks in advance!
I have implemented xdp ebpf helper functions to communicate from xdp to kernel. It is successful and working fine.
Now i need to do communicate from kernel to xdp as per project requirement.
Thanks
What would be the bare minimum CSR requirements for a RV32I capable of running machine code generated with GCC?
I'm thinking of a simple fpga-based (embedded) implementation. No virtual memory or linux support is required.
Also, what GCC flags should I use in order to prevent it from using unimplemented CSR related instructions?
I'm still quite confused after scanning through the RISCV Privileged ISA Specification.
Thanks!
Have a look at the RARS simulator as an example of a simple RISC V implementation. It implements sufficient CSRs (e.g. the exception cause, processor status, exception pc, vector table address, etc..) that you can program an interrupt handler.
You'll need:
utvec — sets the exception handler address
ustatus — to enable/disable interrupts,
uscratch — needed by software exception handler,
ucause — tells the reason for exception
uepc — tells the address of uncompleted instruction at exception
And some others. In RARS, you can see the registers implemented in the register display, Control and Status tab.
I believe RARS supports the timer, so has some
CSRs for that. It also provides a floating point unit, so some CSRs
for exceptions for that as well as rounding configuration. For
handling memory access exceptions, it has utval. And then it
offers some counters. See also table 2.2 in Document Version
20190608-Priv-MSU-Ratified
I would think that your usage of CSRs would be restricted to standalone application configuration, e.g. initial bootup, and interrupt handling, both of which would be written in assembly.
Hard to imagine that compiled C code (object files, .o's) would touch the CSRs in any way. If you have an example of that, please share it.
In some environments, the C implementation allows for standalone (e.g. unhosted) programs. It is possible that such a program created by some compiler includes startup configuration and an exception handler though more likely that these would be user supplied. See, for example, http://cs107e.github.io/guides/gcc/
Sometimes I have observed, when an application is run or calls any kernel module functions, respective kernel module is loaded automatically.
I want to build a similar kernel module which will be loaded automatically when my application executes and calls its ioctls.
Actually i want to know, what I need to write in my kernel module so that it will be loaded automatically by my application at runtime.
I looked for it a lot but didn't find anything that is satisfactory.
The keyword to search for is kmod, being the part of the Linux kernel which handles requests for loading kernel modules on the fly.
There are too many details to list in an answer here, but have a look at Linux Device Drivers, 2nd Edition' book, chapter 11 which goes into detail about kernel module autoloading.
Note that module load requests must come from within the kernel. So, if you have a device driver in a custom module but it's not loaded, the kernel has no way of knowing how to match up an ioctl request to your driver. But let's say you have a driver and some ioctl functions split into different modules A and B, it would be possible to insert the main module A to provide the device interface, and then when ioctls were requested of driver A, it could auto load the additional module B containing the ioctl functions using the kmod mechanism
Can anybody tell me how can i hook from kernel driver function only for single process. For example ZwQueryInformationProcess.
Thanks!
You can't do that in windows kernel. ZwXXX functions of ntoskrnl are native APIs. They are global common functions. All processes in user mode are using one copy of the function. There is no copy-on-write or something else in kernel.
You can implement this by using this way:
hook ZwQueryInformationProcess of ntdll.dll of special process in
user mode.
Add a filter in your hook function in kernel mode. If
current process context is not what you wanted. Pass through it.
That's all.
Thanks.
I'm writing a DDoS firewall by netfilter, I want to send a socket packet to another computer under kernel mode. But the compiler warned me that the symbol "sys_sendto" was undefined. So how can I use these sys_socketcalls in my module? Thank you for your help.
Instead of calling the sys_sendto system call, you might be able to use the sock_sendmsg function, which is how sys_sendto is implemented.