Can't get ebpf program jitted output using bpftool

1
votes

When I run sudo bpftool prog show I get the following output

39: socket_filter  name bpfprog1  tag e29cda32ba011d7f  gpl
    loaded_at 2019-09-08T14:21:57+0200  uid 1000
    xlated 248B  jited 169B  memlock 4096B  map_ids 30

but If I try to get the program jitted output with the following command

 sudo bpftool prog dump jited tag e29cda32ba011d7f

I get an error message, as reported below:

Error: can't get prog info (3): Bad address

QUESTION: what am I doing wrong? XD

1
bpfebpf
Interesting. Might be a bug. I don't think many people actually use tags in commands, maybe it broke at some point. Does it work if you try to dump the program by using its id? Does it reproduce for other programs? - Qeole
Yes after some attempts I've seen that in the other examples id was used to refer to programs and maps so I tried with id and it worked fine. I wanted to see the difference between the version rewritten by the kernel (as you state in the description in a tweet they differs) and the original one (_kern.o). I tried sudo echo 2 > /proc/sys/net/core/bpf_jit_enable in order to use bpf_jit_asm but I can't echo in that file . I get bash: echo: write error: Invalid argument - Maicake
Can you please tell what your kernel version is? I'll try to have a look tomorrow if I can. - Qeole
Documentation/networking/filter.txt says: “When CONFIG_BPF_JIT_ALWAYS_ON is enabled, bpf_jit_enable is permanently set to 1 and setting any other value than that will return in failure. This is even the case for setting bpf_jit_enable to 2, since dumping the final JIT image into the kernel log is discouraged and introspection through bpftool (under tools/bpf/bpftool/) is the generally recommended approach instead.” Regarding accessing the program by tag, it works for me with a recent bpftool and kernel, so I'd need more data to troubleshoot :/. - Qeole

1 Answers

1
votes

You most certainly use a bpftool version compiled from Linux 4.20 or older, and hit a bug that was fixed in version 5.0. Update bpftool, and dumping programs by tags should work again.

As a side note, I usually use program IDs or pinned path, as I find it more useful to retrieve the program I want. Depending on your use case, tags might make sense, especially if you often load the same programs without changes (so you would be sure to keep the same tags) and do not have them pinned.