bpf: Failed to load program: Permission denied

Jacob Steadman


I'm new to BPF. I'm trying to write a program that analyses the structure o= f DNS requests. I keep getting the following error (bellow) at a certain point in the code (bellow).

The error only occurs when I try to "return -1;" (i.e. allow the packet). I= f I remove this line the program executes as expected.

I wonder if it could be an issue with the kernel version rather than the co= de? (Ubuntu 16.04.4 LTS, Kernel version 4.4.0-87-generic)

bpf: Failed to load program: Permission denied
R2 invalid mem access 'inv'

HINT: The invalid mem access 'inv' error can happen if you try to dereferen= ce memory without first using bpf_probe_read() to copy it to the BPF stack.=  Sometimes the bpf_probe_read is automatic by the bcc rewriter, other times=  you'll need to be explicit.

Traceback (most recent call last):
  File "dns_matching.py", line 57, in <module>
    function_dns_matching =3D bpf.load_func("dns_exfil_detection_v2", BPF.S=
  File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 379, in loa= d_func
    (func_name, errstr))
Exception: Failed to load BPF program dns_exfil_detection_v2: Permission de= nied

        #pragma unroll
        for(i =3D 0; i<255;i++){
                c =3D cursor_advance(cursor, 1);

                if (c->c =3D=3D 0)

key.p[i] =3D c->c;

                //**ensure this is the correct max length of a subdomain**
                if(c->c < 0x0f){
                                subdomLengths[subdomainCount] =3D (u16) c->= c;
                                subdomainCount =3D subdomainCount +1;

*** if(subdomLengths[subdomainCount] =3D=3D 2 && subdomLengths[subdomainCou= nt-1]  =3D=3D2 && subdomainCount <4 ){
***         return -1;
*** }