search

iovisor / bcc

BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
Apache License 2.0
20.61k stars 3.89k forks source link

Tcprtt fails verification when given an address #5090

Open e-dant opened 3 months ago

e-dant commented 3 months ago 
$ tcprtt -a 192.168.1.1
libbpf: prog 'tcp_rcv': BPF program load failed: Permission denied
libbpf: prog 'tcp_rcv': -- BEGIN PROG LOAD LOG --
reg type unsupported for arg#0 function tcp_rcv#20
0: R1=ctx(off=0,imm=0) R10=fp0
; int BPF_PROG(tcp_rcv, struct sock *sk)
0: (79) r6 = *(u64 *)(r1 +0)
func 'tcp_rcv_established' arg0 has btf_id 806 type STRUCT 'sock'
1: R1=ctx(off=0,imm=0) R6_w=ptr_sock(off=0,imm=0)
; if (targ_sport && targ_sport != inet->inet_sport)
1: (18) r1 = 0xffffaa7640163004       ; R1_w=map_value(off=4,ks=4,vs=17,imm=0)
3: (69) r2 = *(u16 *)(r1 +0)          ; R1_w=map_value(off=4,ks=4,vs=17,imm=0) R2_w=0
; if (targ_sport && targ_sport != inet->inet_sport)
4: (15) if r2 == 0x0 goto pc+3        ; R2_w=0
; if (targ_dport && targ_dport != sk->__sk_common.skc_dport)
8: (18) r1 = 0xffffaa7640163006       ; R1_w=map_value(off=6,ks=4,vs=17,imm=0)
10: (69) r2 = *(u16 *)(r1 +0)         ; R1_w=map_value(off=6,ks=4,vs=17,imm=0) R2_w=0
; if (targ_dport && targ_dport != sk->__sk_common.skc_dport)
11: (15) if r2 == 0x0 goto pc+3       ; R2_w=0
; if (targ_saddr && targ_saddr != inet->inet_saddr)
15: (18) r1 = 0xffffaa7640163008      ; R1_w=map_value(off=8,ks=4,vs=17,imm=0)
17: (61) r2 = *(u32 *)(r1 +0)         ; R1_w=map_value(off=8,ks=4,vs=17,imm=0) R2_w=16885952
; if (targ_saddr && targ_saddr != inet->inet_saddr)
18: (15) if r2 == 0x0 goto pc+3       ; R2_w=16885952
; if (targ_saddr && targ_saddr != inet->inet_saddr)
19: (61) r1 = *(u32 *)(r1 +0)         ; R1_w=16885952
; if (targ_saddr && targ_saddr != inet->inet_saddr)
20: (61) r2 = *(u32 *)(r6 +784)
access beyond struct sock at off 784 size 4
processed 12 insns (limit 1000000) max_states_per_insn 0 total_states 1 peak_states 1 mark_read 1
-- END PROG LOAD LOG --
libbpf: prog 'tcp_rcv': failed to load: -13
libbpf: failed to load object 'tcprtt_bpf'
libbpf: failed to load BPF skeleton 'tcprtt_bpf': -13
failed to load BPF object: -13
ZhangYet commented 2 months ago

Could you provide the kernel, os, and the bcc version?

e-dant commented 2 months ago

libbpf-tools version: Version: 0.26.0+ds-1 (via apt)

$ uname -v    
#1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15)

Stuff from os-release

NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
yonghong-song commented 2 months ago

The error message: access beyond struct sock at off 784 size 4

Are you using correct header files for bcc?

e-dant commented 2 months ago

I'm not sure which headers are being used. They're from whatever Debian is packaging -- I didn't compile this program

If time allows I can see if things work as expected after compiling from source here

e-dant commented 2 months ago

The current master branch doesn't have this issue (git pull && cd libbpf-tools && make && sudo ./tcprtt -a 192.168.1.1 works ok)

Is this a Debian packaging issue?