yinjiping
commented
1 month ago 对于小于4.14的内核:
- verify还不完善,加载时很难过它的verify,对于大型的ebpf兼容这些低版本的内核是不小的挑战,版本越高ebpf就越健全,可以避免很多问题。(即使4.14我们在开发中,也遇到了很多问题,解决它花费不少的时间)
- 还有一个原因,指令数量限制
| eBPF特性 | 值 | 内核版本 | 备注 |
|---|---|---|---|
| 指令数量限制 | 98304 | < 4.14 | BPF_COMPLEXITY_LIMIT_INSNS |
| 131072 | 4.14 ~ 5.2 | ||
| 1000000 | 5.2+ | 1M insns |
PS:例如:在4.14+可以正常运行的程序,在4.12会加载失败:
bpf: Failed to load program: Invalid argument
0: (bf) r6 = r1
1: (b7) r1 = 0
2: (63) *(u32 *)(r10 -8) = r1
3: (bf) r2 = r10
4: (07) r2 += -8
5: (18) r1 = 0xffff88007a934c00
7: (85) call bpf_map_lookup_elem#1
8: (15) if r0 == 0x0 goto pc+2
R0=map_value(ks=4,vs=80,id=0),min_value=0,max_value=0 R6=ctx R10=fp
9: (71) r1 = *(u8 *)(r0 +0)
10: (55) if r1 != 0x0 goto pc+1
R0=map_value(ks=4,vs=80,id=0),min_value=0,max_value=0 R1=inv56,min_value=0,max_value=0 R6=ctx R10=fp
11: (05) goto pc+38
50: (b7) r0 = 0
51: (95) exit
from 10 to 12: R0=map_value(ks=4,vs=80,id=0),min_value=0,max_value=0 R1=inv56 R6=ctx R10=fp
12: (85) call bpf_get_current_pid_tgid#14
13: (7b) *(u64 *)(r10 -8) = r0
14: (77) r0 >>= 32
15: (63) *(u32 *)(r10 -12) = r0
16: (bf) r2 = r10
17: (07) r2 += -12
18: (18) r1 = 0xffff8800365bd400
20: (85) call bpf_map_lookup_elem#1
21: (15) if r0 == 0x0 goto pc+28
R0=map_value(ks=4,vs=64,id=0),min_value=0,max_value=0 R6=ctx R10=fp
22: (69) r7 = *(u16 *)(r0 +4)
23: (61) r1 = *(u32 *)(r0 +0)
24: (a5) if r1 (null) 0x11100 goto pc+3
invalid BPF_JMP opcode a0BPF 指令:(a5) if r1 (null) 0x11100 goto pc+3,它使用了无效的 BPF_JMP 操作码(a0),因此导致了 invalid BPF_JMP opcode 错误。看到4.12内核,在ebpf操作码上存在欠缺,很难做到兼容。
Search before asking
Description
日志中的报错如下: [2024-10-11 13:41:32.485075 +08:00] INFO [src/ebpf/mod.rs:721] [eBPF] WARN func check_kernel_version() [user/tracer.c:167] [eBPF Kernel Adapt] The current kernel version (4.12.14-122.153-default) does not support eBPF. It requires kernel version of 4.14+ or 3.10.0-940+ (for linux 3.10.0 kernel, the revision number must be greater than or equal to 940).
想问一下,ebpf是支持4.12内核的操作系统的,为什么deepflow不支持呢? 想知道是否可以改造成可以支持4.12版本操作系统。
Use case
No response
Related issues
No response
Are you willing to submit a PR?
Code of Conduct