does not have the BPF program "pkt"

[katanatr]

hi @AltraMayor, i get this error when starting the service in gatekeeeper v1.2.0-dev version;

Main/0 2024-03-29 23:04:01 NOTICE cycles/second = 2197427895, cycles/millisecond = 2197427, cycles/nanoseconds = 2.197428, picosec/cycle = 455
resolve_xsym(1): EBPF_PSEUDO_CALL to external function: init_ctx_to_cookie
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/granted.bpf", sname="init") successfully creates 0x7f0404221000(jit={.func=0x7f0404220000,.sz=331});
resolve_xsym(1): EBPF_PSEUDO_CALL to external function: pkt_ctx_to_cookie
resolve_xsym(15): EBPF_PSEUDO_CALL to external function: pkt_ctx_to_pkt
resolve_xsym(33): EBPF_PSEUDO_CALL to external function: gk_bpf_prep_for_tx
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/granted.bpf", sname="pkt") successfully creates 0x7f040421f000(jit={.func=0x7f040421e000,.sz=201});
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/declined.bpf", sname="init") successfully creates 0x7f040421d000(jit={.func=0x7f040421c000,.sz=4});
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/declined.bpf", sname="pkt") successfully creates 0x7f040421b000(jit={.func=0x7f040421a000,.sz=8});
resolve_xsym(1): EBPF_PSEUDO_CALL to external function: init_ctx_to_cookie
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/grantedv2.bpf", sname="init") successfully creates 0x7f0404219000(jit={.func=0x7f0404218000,.sz=400});
resolve_xsym(1): EBPF_PSEUDO_CALL to external function: pkt_ctx_to_cookie
resolve_xsym(4): EBPF_PSEUDO_CALL to external function: pkt_ctx_to_pkt
resolve_xsym(34): EBPF_PSEUDO_CALL to external function: gk_bpf_prep_for_tx
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/grantedv2.bpf", sname="pkt") successfully creates 0x7f0404217000(jit={.func=0x7f0404216000,.sz=384});
resolve_xsym(1): EBPF_PSEUDO_CALL to external function: init_ctx_to_cookie
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/web.bpf", sname="init") successfully creates 0x7f0404215000(jit={.func=0x7f0404214000,.sz=400});
resolve_xsym(1): EBPF_PSEUDO_CALL to external function: pkt_ctx_to_cookie
resolve_xsym(4): EBPF_PSEUDO_CALL to external function: pkt_ctx_to_pkt
resolve_xsym(147): EBPF_PSEUDO_CALL to external function: gk_bpf_prep_for_tx
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/web.bpf", sname="pkt") successfully creates 0x7f0404213000(jit={.func=0x7f0404212000,.sz=1008});
resolve_xsym(1): EBPF_PSEUDO_CALL to external function: init_ctx_to_cookie
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/tcp-services.bpf", sname="init") successfully creates 0x7f0404085000(jit={.func=0x7f0404084000,.sz=858});
resolve_xsym(1): EBPF_PSEUDO_CALL to external function: pkt_ctx_to_cookie
resolve_xsym(4): EBPF_PSEUDO_CALL to external function: pkt_ctx_to_pkt
resolve_xsym(, 1288) error code: -2
rte_bpf_elf_load(fname="/etc/gatekeeper/bpf/tcp-services.bpf", sname="pkt") failed, error code: 2
Main/0 2024-03-29 23:04:01 ERR gk_load_bpf_flow_handler(): file "/etc/gatekeeper/bpf/tcp-services.bpf" does not have the BPF program "pkt"; rte_errno = 2: No such file or directory
Main/0 2024-03-29 23:04:01 ERR config: /etc/gatekeeper/gk.lua:112: Failed to load BPF program: /etc/gatekeeper/bpf/tcp-services.bpf
Main/0 2024-03-29 23:04:01 ERR Failed to configure Gatekeeper

tcp-services.bpf section list;

~/gatekeeper/bpf$ readelf -S tcp-services.bpf
There are 27 section headers, starting at offset 0x8030:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .strtab           STRTAB           0000000000000000  00007d52
       00000000000002dd  0000000000000000           0     0     1
  [ 2] .text             PROGBITS         0000000000000000  00000040
       0000000000000200  0000000000000000  AX       0     0     8
  [ 3] init              PROGBITS         0000000000000000  00000240
       00000000000005c8  0000000000000000  AX       0     0     8
  [ 4] .relinit          REL              0000000000000000  00005f90
       0000000000000030  0000000000000010   I      26     3     8
  [ 5] pkt               PROGBITS         0000000000000000  00000808
       0000000000000710  0000000000000000  AX       0     0     8
  [ 6] .relpkt           REL              0000000000000000  00005fc0
       0000000000000060  0000000000000010   I      26     5     8
  [ 7] .debug_loclists   PROGBITS         0000000000000000  00000f18
       000000000000022a  0000000000000000           0     0     1
  [ 8] .debug_abbrev     PROGBITS         0000000000000000  00001142
       00000000000002e1  0000000000000000           0     0     1
  [ 9] .debug_info       PROGBITS         0000000000000000  00001423
       0000000000000bcc  0000000000000000           0     0     1
  [10] .rel.debug_info   REL              0000000000000000  00006020
       0000000000000060  0000000000000010   I      26     9     8
  [11] .debug_rnglists   PROGBITS         0000000000000000  00001fef
       0000000000000053  0000000000000000           0     0     1
  [12] .debug_str_o[...] PROGBITS         0000000000000000  00002042
       00000000000003b4  0000000000000000           0     0     1
  [13] .rel.debug_s[...] REL              0000000000000000  00006080
       0000000000000eb0  0000000000000010   I      26    12     8
  [14] .debug_str        PROGBITS         0000000000000000  000023f6
       0000000000000a7c  0000000000000001  MS       0     0     1
  [15] .debug_addr       PROGBITS         0000000000000000  00002e72
       00000000000000b0  0000000000000000           0     0     1
  [16] .rel.debug_addr   REL              0000000000000000  00006f30
       0000000000000150  0000000000000010   I      26    15     8
  [17] .BTF              PROGBITS         0000000000000000  00002f24
       000000000000192d  0000000000000000           0     0     4
  [18] .BTF.ext          PROGBITS         0000000000000000  00004854
       0000000000000b60  0000000000000000           0     0     4
  [19] .rel.BTF.ext      REL              0000000000000000  00007080
       0000000000000b20  0000000000000010   I      26    18     8
  [20] .debug_frame      PROGBITS         0000000000000000  000053b8
       0000000000000058  0000000000000000           0     0     8
  [21] .rel.debug_frame  REL              0000000000000000  00007ba0
       0000000000000060  0000000000000010   I      26    20     8
  [22] .debug_line       PROGBITS         0000000000000000  00005410
       0000000000000446  0000000000000000           0     0     1
  [23] .rel.debug_line   REL              0000000000000000  00007c00
       0000000000000150  0000000000000010   I      26    22     8
  [24] .debug_line_str   PROGBITS         0000000000000000  00005856
       00000000000000ef  0000000000000001  MS       0     0     1
  [25] .llvm_addrsig     LOOS+0xfff4c03   0000000000000000  00007d50
       0000000000000002  0000000000000000   E      26     0     1
  [26] .symtab           SYMTAB           0000000000000000  00005948
       0000000000000648  0000000000000018           1    59     8

also if I do not use 'make LDFLAGS="-Wl,--allow-multiple-definition"' at compile time I get the following error

gatekeeper$ sudo make
CC      build/main/main.o
CC      build/config/static.o
CC      build/config/dynamic.o
CC      build/cps/main.o
CC      build/cps/kni.o
CC      build/cps/elf.o
CC      build/cps/rd.o
CC      build/ggu/main.o
CC      build/gk/main.o
CC      build/gk/rt.o
CC      build/gk/bpf.o
CC      build/gt/main.o
CC      build/gt/lua_lpm.o
CC      build/lls/main.o
CC      build/lls/cache.o
CC      build/lls/arp.o
CC      build/lls/nd.o
CC      build/sol/main.o
CC      build/lib/mailbox.o
CC      build/lib/net.o
CC      build/lib/flow.o
CC      build/lib/ipip.o
CC      build/lib/launch.o
CC      build/lib/rib.o
CC      build/lib/fib.o
CC      build/lib/acl.o
CC      build/lib/varip.o
CC      build/lib/l2.o
CC      build/lib/ratelimit.o
CC      build/lib/memblock.o
CC      build/lib/log_ratelimit.o
CC      build/lib/coro.o
LINK    build/gatekeeper
/usr/bin/ld: build/config/static.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/config/dynamic.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/cps/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/cps/kni.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/cps/elf.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/cps/rd.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/ggu/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/gk/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/gk/rt.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/gk/bpf.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/gt/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/gt/lua_lpm.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lls/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lls/cache.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lls/arp.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lls/nd.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/sol/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lib/net.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lib/flow.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lib/ipip.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lib/acl.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
/usr/bin/ld: build/lib/l2.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: multiple definition of `iface'; build/main/main.o:/home/acme/gatekeeper/include/gatekeeper_net.h:104: first defined here
collect2: error: ld returned 1 exit status
make: *** [Makefile:65: build/gatekeeper] Error 1

[AltraMayor]

Which platform are you using? Gatekeeper is being developed and tested on Ubuntu 20.04 LTS. We're going to move to Ubuntu 24.04 LTS before the final release of Gatekeeper v1.2.

[katanatr]

Which platform are you using? Gatekeeper is being developed and tested on Ubuntu 20.04 LTS. We're going to move to Ubuntu 24.04 LTS before the final release of Gatekeeper v1.2.

Debian 12

[katanatr]

I don't think it is operating system related. maybe compiler problem? @AltraMayor

[AltraMayor]

The problems above can come from different versions of compilers and/or libraries. A Linux distribution is a combination of compilers and libraries, and this combination changes between distributions and between versions of the same distribution. I'll likely need to deal with issues like those once I focus on porting Gatekeeper v1.2 to Ubuntu 24.04 LTS.

The problems above can certainly be addressed, but no one in our community is doing so. You can port Gatekeeper yourself or install Ubuntu on your Gatekeeper and Grantor servers.

[katanatr]

Which version of GCC and LLVM do you recommend for Ubuntu 24.04 LTS @AltraMayor ? Like GCC 9.3.0 and LLVM 11?

[AltraMayor]

I recommend installing Ubuntu 20.04 LTS and following the steps in the README.md file to compile Gatekeeper.

Ubuntu 24.04 LTS has not been officially released. I'll update the README.md file once I port Gatekeeper.