-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission Denied: classifier_egress not load #49
Comments
Hello again, The error you are getting means that the eBPF verifier is rejecting the TC program because of not passing the checks it performs before being getting it loaded into the kernel. Specifically, it seems that it does not like the addition you are doing inside the if for checking the length of the packet. The verifier is picky and in my experience what is ok for one machine it does not pass for others. I myself just ran this program in Ubuntu 21.04 successfully tho, but you will have to modify the code for running it under 22.04. Also, you will probably get more verifier errors for other parts of the program, not only TC, so I encourage you to try and port it yourself to 22.04. Let me give you some context about what you are doing there and what you may try to solve it:
Some things you may try:
In general, try any variation of what I've done, sometimes it is something small and silly, others not. As a general rule of thumb for your task, be cautious about operations with pointers, loops and accessing the parameters of eBPF functions. Comment the rest of the code and ensure that each piece of the eBPF program can be loaded by itself. It may happen that the eBPF verifier is giving you that error at line 32, but it is because later in the program you are operating with |
You can also just use Ubuntu 21.04 which is what I used when I developed this, but if you want it for the latest Ubuntu version (and I assume you do given what you told me by email) then this is a task you'll have to do. Also, if you are going to do this, check out the following comment by me in another thread where I mention other problems you will encounter (seems that you got eBPF working tho, so ignore the first one) |
Thanks a lot! Then if i will try in Ubuntu 21.04 that will work? |
Yes it will |
I am closing the issue since we clarified what is going on already. If you have any problems when using 21.04 or you end up porting it to 22.04 and want some advice, you can open another one. |
Hi Marcos,
Ubuntu 21.04 is not supported
How can try TripleCross?
--
Inviato da Libero Mail
|
What do you mean? It is definitely supported, you can check the requirements here. If you are having any problem please open an issue |
Hi. I am moving your issue to a new thread since it is unrelated. Please check out #50 |
I can't get TripleCross working on my virtual machine, after running the command
sudo tc filter add dev enp0s3 egress bpf direct-action obj bin/tc.o sec classifier/egress
after running the commandsudo tc qdisc add dev enp0s3 clsact
This is the error
'libbpf: load bpf program failed: Permission denied
libbpf: -- BEGIN DUMP LOG ---
libbpf:
; int classifier_egress(struct __sk_buff *skb){
0: (bf) r6 = r1
; void *data_end = (void *)(__u64)skb->data_end;
1: (61) r5 = *(u32 *)(r6 +80)
; void *data = (void *)(__u64)skb->data;
2: (61) r7 = *(u32 *)(r6 +76)
; if ((void *)eth + sizeof(struct ethhdr) > data_end){
3: (bf) r8 = r7
4: (07) r8 += 14
; if ((void *)eth + sizeof(struct ethhdr) > data_end){
5: (3d) if r5 >= r8 goto pc+8'
.
.
.
'R2 pointer arithmetic with <<= operator prohibited
processed 628 insns (limit 1000000) max_states_per_insn 4 total_states 30 peak_states 26 mark_read 7
libbpf: -- END LOG --
libbpf: failed to load program 'classifier_egress'
libbpf: failed to load object 'bin/tc.o'
Unable to load program'
This is the system
'No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy'
5.15.0-58-generic
Thanks to anyone who replies
The text was updated successfully, but these errors were encountered: