我正在尝试编写一个可以访问套接字缓冲区数据的简单套接字过滤器 eBPF 程序。
#include <linux/bpf.h>
#include <linux/if_ether.h>
#define SEC(NAME) __attribute__((section(NAME), used))
SEC("socket_filter")
int myprog(struct __sk_buff *skb) {
void *data = (void *)(long)skb->data;
void *data_end = (void *)(long)skb->data_end;
struct ethhdr *eth = data;
if ((void*)eth + sizeof(*eth) > data_end)
return 0;
return 1;
}
我正在使用 clang 进行编译:
clang -I./ -I/usr/include/x86_64-linux-gnu/asm \
-I/usr/include/x86_64-linux-gnu/ -O2 -target bpf -c test.c -o test.elf
但是,当我尝试加载程序时,出现以下验证器错误:
invalid bpf_context access off=80 size=4
我对这个错误的理解是,当您尝试访问尚未检查为在 内的上下文数据时应该抛出它data_end,但是我的代码确实这样做了:
这是我的程序的说明
0000000000000000 packet_counter:
0: 61 12 50 00 00 00 00 00 …我正在尝试在我的 kubernetes 集群中引导一个 etcd 集群,这是 pod 定义的相关部分
- name: etcd
image: quay.io/coreos/etcd:v2.2.0
ports:
- containerPort: 2379
- containerPort: 2380
- containerPort: 4001
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
args:
- "-name"
- "etcd0"
- "-advertise-client-urls"
- http://${POD_IP}:2379,http://${POD_IP}:4001
- "-initial-advertise-peer-urls"
- "http://${POD_IP}:2380"
- "-listen-peer-urls"
- "http://0.0.0.0:2380"
- "-initial-cluster"
- 'etcd0=http://${POD_IP}:2380'
- "-initial-cluster-state"
- "new"
但是,当我应用 POD_IP 环境变量时,似乎被破坏了,日志证明了这一点:
advertise URLs of "etcd0" do not match in --initial-advertise-peer-urls [http://$%7BPOD_IP%7D:2380] and --initial-cluster [http://$%7BPOD_IP%7D:2380]
有没有人见过类似的东西?