Hi,
I'm new to BPF. I'm trying to write a program that analyses the structure o= f DNS requests. I keep getting the following error (bellow) at a certain point in the code (bellow).
The error only occurs when I try to "return -1;" (i.e. allow the packet). I= f I remove this line the program executes as expected.
I wonder if it could be an issue with the kernel version rather than the co= de? (Ubuntu 16.04.4 LTS, Kernel version 4.4.0-87-generic)
Error***************************************
bpf: Failed to load program: Permission denied
...
...
R2 invalid mem access 'inv'
HINT: The invalid mem access 'inv' error can happen if you try to dereferen= ce memory without first using bpf_probe_read() to copy it to the BPF stack.= Sometimes the bpf_probe_read is automatic by the bcc rewriter, other times= you'll need to be explicit.
Traceback (most recent call last):
File "dns_matching.py", line 57, in <module>
function_dns_matching =3D bpf.load_func("dns_exfil_detection_v2", BPF.S=
OCKET_FILTER)
File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 379, in loa= d_func
(func_name, errstr))
Exception: Failed to load BPF program dns_exfil_detection_v2: Permission de= nied
********************************************
Code****************************************
#pragma unroll
for(i =3D 0; i<255;i++){
c =3D cursor_advance(cursor, 1);
if (c->c =3D=3D 0)
break;
key.p[i] =3D c->c;
//**ensure this is the correct max length of a subdomain**
if(c->c < 0x0f){
subdomLengths[subdomainCount] =3D (u16) c->= c;
subdomainCount =3D subdomainCount +1;
}
}
*** if(subdomLengths[subdomainCount] =3D=3D 2 && subdomLengths[subdomainCou= nt-1] =3D=3D2 && subdomainCount <4 ){
*** return -1;
*** }
*********************************************
