Hi,
I wrote a simple tc-bpf program like that:
#include <linux/bpf.h>
#include <linux/pkt_cls.h>
#include <linx/types.h>
#include <bpf/bpf_helpers.h>
struct {
__uint(type, BPF_MAP_TYPE_HASH);
__uint(max_entries, 1);
__type(key, int);
__type(value, int);
} hmap SEC(".maps");
SEC("classifier")
int _classifier(struct __sk_buff *skb)
{
int key = 0;
int *val;
val = bpf_map_lookup_elem(&hmap, &key);
if (!val)
return TC_ACT_OK;
return TC_ACT_OK;
}
char __license[] SEC("license") = "GPL";
Then I tried to use tc to load the program:
tc qdisc add dev eth0 clsact
tc filter add dev eth0 egress bpf da obj test_bpf.o
But the program loading failed with error messages:
Prog section 'classifier' rejected: Permission denied (13)!
- Type: 3
- Instructions: 9 (0 over limit
- License: GPL
Verifier analysis:
Error fetching program/map!
Unable to load program
I tried to replace the map definition with the following code and the program is loaded successfully!
struct bpf_map_def SEC("maps") hmap = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(int),
.value_size = sizeof(int),
.max_entries = 1,
};
With bpftrace, I can find that the errno -EACCES is returned by function do_check(). But I am still confused what's wrong with it.
Linux Version: 5.17.0-rc3+ with CONFIG_DEBUG_INFO_BTF=y
TC Version: 5.14.0
Any suggestion will be appreciated!
Thanks