* Using pinned maps within a network namespace
@ 2020-09-15 17:00 John McDowall
2020-09-16 5:11 ` Y Song
2020-09-16 9:22 ` Quentin Monnet
0 siblings, 2 replies; 7+ messages in thread
From: John McDowall @ 2020-09-15 17:00 UTC (permalink / raw)
To: xdp-newbies
Hi everyone,
This may be a dumb question, I have set up a simple test environment
with multiple network namespaces running on a ubuntu 20.04 vagrant
box, with the latest github libbpf.
I want to use a pinned map, I can make /sys/fs/bpf shared by:
$ mount mount --make-shared /sys/fs/bpf
$ mount --bind /sys/fs/bpf /sys/fs/bpf
but when I try access the maps from a C program running in a namespace
using bpf I get
Access to /sys/fs/bpf/lwtconfig map failed obj_pin errno: No such
file or directory
The code snippet is:
mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH);
if (mapfd < 0) {
jed_info(jed_logfile,"Access to %s map failed obj_pin ",
CONFIG_MAP_PATH);
pin_fd = bpf_obj_get(CONFIG_MAP_PATH);
if (pin_fd < 0){
jed_error(jed_logfile,"Access to %s map failed with
obj_get ", CONFIG_MAP_PATH);
}
}
Is this possible, and if so what am I missing?
Regards
John
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: Using pinned maps within a network namespace 2020-09-15 17:00 Using pinned maps within a network namespace John McDowall @ 2020-09-16 5:11 ` Y Song 2020-09-16 14:49 ` John McDowall 2020-09-25 22:54 ` John McDowall 2020-09-16 9:22 ` Quentin Monnet 1 sibling, 2 replies; 7+ messages in thread From: Y Song @ 2020-09-16 5:11 UTC (permalink / raw) To: John McDowall; +Cc: xdp-newbies On Tue, Sep 15, 2020 at 11:46 AM John McDowall <jmcdowall@paloaltonetworks.com> wrote: > > Hi everyone, > > This may be a dumb question, I have set up a simple test environment > with multiple network namespaces running on a ubuntu 20.04 vagrant > box, with the latest github libbpf. > > I want to use a pinned map, I can make /sys/fs/bpf shared by: > > $ mount mount --make-shared /sys/fs/bpf > $ mount --bind /sys/fs/bpf /sys/fs/bpf Similar commands `mount --bind /sys/fs/bpf /sys/fs/bpf1` in the same namespace works fine. Maybe there are restrictions related to namespace? Maybe it becomes readonly? Could you print out the error code below? > > but when I try access the maps from a C program running in a namespace > using bpf I get > > Access to /sys/fs/bpf/lwtconfig map failed obj_pin errno: No such > file or directory > > The code snippet is: > > mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); > if (mapfd < 0) { > jed_info(jed_logfile,"Access to %s map failed obj_pin ", > CONFIG_MAP_PATH); > pin_fd = bpf_obj_get(CONFIG_MAP_PATH); > if (pin_fd < 0){ > jed_error(jed_logfile,"Access to %s map failed with > obj_get ", CONFIG_MAP_PATH); > } > } > > Is this possible, and if so what am I missing? > > Regards > > John ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Using pinned maps within a network namespace 2020-09-16 5:11 ` Y Song @ 2020-09-16 14:49 ` John McDowall 2020-09-25 22:54 ` John McDowall 1 sibling, 0 replies; 7+ messages in thread From: John McDowall @ 2020-09-16 14:49 UTC (permalink / raw) To: Y Song; +Cc: xdp-newbies Song, I think it is something to do with the namespace, when I run the same code on the host os (not in a network namespace) it works fine and creates the map and writes to it. The error coming back from bpf_pin_obj is errno: No such file or directory I can see /sys/fs/bpf in the namespace after I do. $ mount --make-shared /sys/fs/bpf but just cannot access it. Thanks for the help Regards John On Tue, Sep 15, 2020 at 10:12 PM Y Song <ys114321@gmail.com> wrote: > > On Tue, Sep 15, 2020 at 11:46 AM John McDowall > <jmcdowall@paloaltonetworks.com> wrote: > > > > Hi everyone, > > > > This may be a dumb question, I have set up a simple test environment > > with multiple network namespaces running on a ubuntu 20.04 vagrant > > box, with the latest github libbpf. > > > > I want to use a pinned map, I can make /sys/fs/bpf shared by: > > > > $ mount mount --make-shared /sys/fs/bpf > > $ mount --bind /sys/fs/bpf /sys/fs/bpf > > Similar commands `mount --bind /sys/fs/bpf /sys/fs/bpf1` in the same namespace > works fine. > > Maybe there are restrictions related to namespace? Maybe it becomes readonly? > Could you print out the error code below? > > > > > but when I try access the maps from a C program running in a namespace > > using bpf I get > > > > Access to /sys/fs/bpf/lwtconfig map failed obj_pin errno: No such > > file or directory > > > > The code snippet is: > > > > mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); > > if (mapfd < 0) { > > jed_info(jed_logfile,"Access to %s map failed obj_pin ", > > CONFIG_MAP_PATH); > > pin_fd = bpf_obj_get(CONFIG_MAP_PATH); > > if (pin_fd < 0){ > > jed_error(jed_logfile,"Access to %s map failed with > > obj_get ", CONFIG_MAP_PATH); > > } > > } > > > > Is this possible, and if so what am I missing? > > > > Regards > > > > John ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Using pinned maps within a network namespace 2020-09-16 5:11 ` Y Song 2020-09-16 14:49 ` John McDowall @ 2020-09-25 22:54 ` John McDowall 2020-09-28 17:23 ` Y Song 1 sibling, 1 reply; 7+ messages in thread From: John McDowall @ 2020-09-25 22:54 UTC (permalink / raw) To: Y Song; +Cc: xdp-newbies Song, You are right the issue is that in a new namespace /sys/fs/bpf is readonly. On host system (Centos 8.2) [jmcdowall@jed102 framework]$ ls -al /sys/fs total 0 drwxr-xr-x. 9 root root 0 Jul 15 16:01 . dr-xr-xr-x. 13 root root 0 Jul 15 16:02 .. drwx-----T. 2 root root 0 Jul 15 16:01 bpf drwxr-xr-x. 14 root root 360 Jul 15 16:01 cgroup drwxr-xr-x. 4 root root 0 Jul 22 11:58 ext4 drwxr-xr-x. 3 root root 0 Jul 16 11:05 fuse drwxr-x---. 2 root root 0 Jul 15 16:01 pstore drwxr-xr-x. 7 root root 0 Jul 15 16:01 selinux drwxr-xr-x. 5 root root 0 Jul 29 18:58 xfs [jmcdowall@jed102 framework]$ Then create a network namespace [jmcdowall@jed102 framework]$ sudo ip netns add test [sudo] password for jmcdowall: [jmcdowall@jed102 framework]$ sudo ip netns exec test ls -la /sys/fs total 0 drwxr-xr-x. 9 root root 0 Sep 25 14:31 . dr-xr-xr-x. 13 root root 0 Jul 15 16:02 .. dr-xr-xr-x. 2 root root 0 Sep 25 14:31 bpf dr-xr-xr-x. 2 root root 0 Sep 25 14:31 cgroup drwxr-xr-x. 4 root root 0 Sep 25 14:31 ext4 drwxr-xr-x. 3 root root 0 Sep 25 14:31 fuse dr-xr-xr-x. 2 root root 0 Sep 25 14:31 pstore dr-xr-xr-x. 2 root root 0 Sep 25 14:31 selinux drwxr-xr-x. 5 root root 0 Sep 25 14:31 xfs [jmcdowall@jed102 framework]$ and the bpf directory is readonly. There does not seem to be a way to make the directory writable. Does anyone have any ideas? Regards John On Tue, Sep 15, 2020 at 10:12 PM Y Song <ys114321@gmail.com> wrote: > > On Tue, Sep 15, 2020 at 11:46 AM John McDowall > <jmcdowall@paloaltonetworks.com> wrote: > > > > Hi everyone, > > > > This may be a dumb question, I have set up a simple test environment > > with multiple network namespaces running on a ubuntu 20.04 vagrant > > box, with the latest github libbpf. > > > > I want to use a pinned map, I can make /sys/fs/bpf shared by: > > > > $ mount mount --make-shared /sys/fs/bpf > > $ mount --bind /sys/fs/bpf /sys/fs/bpf > > Similar commands `mount --bind /sys/fs/bpf /sys/fs/bpf1` in the same namespace > works fine. > > Maybe there are restrictions related to namespace? Maybe it becomes readonly? > Could you print out the error code below? > > > > > but when I try access the maps from a C program running in a namespace > > using bpf I get > > > > Access to /sys/fs/bpf/lwtconfig map failed obj_pin errno: No such > > file or directory > > > > The code snippet is: > > > > mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); > > if (mapfd < 0) { > > jed_info(jed_logfile,"Access to %s map failed obj_pin ", > > CONFIG_MAP_PATH); > > pin_fd = bpf_obj_get(CONFIG_MAP_PATH); > > if (pin_fd < 0){ > > jed_error(jed_logfile,"Access to %s map failed with > > obj_get ", CONFIG_MAP_PATH); > > } > > } > > > > Is this possible, and if so what am I missing? > > > > Regards > > > > John ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Using pinned maps within a network namespace 2020-09-25 22:54 ` John McDowall @ 2020-09-28 17:23 ` Y Song 0 siblings, 0 replies; 7+ messages in thread From: Y Song @ 2020-09-28 17:23 UTC (permalink / raw) To: John McDowall; +Cc: xdp-newbies On Fri, Sep 25, 2020 at 3:54 PM John McDowall <jmcdowall@paloaltonetworks.com> wrote: > > Song, > > You are right the issue is that in a new namespace /sys/fs/bpf is readonly. > > On host system (Centos 8.2) > > [jmcdowall@jed102 framework]$ ls -al /sys/fs > total 0 > drwxr-xr-x. 9 root root 0 Jul 15 16:01 . > dr-xr-xr-x. 13 root root 0 Jul 15 16:02 .. > drwx-----T. 2 root root 0 Jul 15 16:01 bpf You probably called mount -t bpf bpf /sys/fs/bpf with additional mode options to mount bffs. > drwxr-xr-x. 14 root root 360 Jul 15 16:01 cgroup > drwxr-xr-x. 4 root root 0 Jul 22 11:58 ext4 > drwxr-xr-x. 3 root root 0 Jul 16 11:05 fuse > drwxr-x---. 2 root root 0 Jul 15 16:01 pstore > drwxr-xr-x. 7 root root 0 Jul 15 16:01 selinux > drwxr-xr-x. 5 root root 0 Jul 29 18:58 xfs > [jmcdowall@jed102 framework]$ > > Then create a network namespace > > [jmcdowall@jed102 framework]$ sudo ip netns add test > [sudo] password for jmcdowall: > [jmcdowall@jed102 framework]$ sudo ip netns exec test ls -la /sys/fs > total 0 > drwxr-xr-x. 9 root root 0 Sep 25 14:31 . > dr-xr-xr-x. 13 root root 0 Jul 15 16:02 .. > dr-xr-xr-x. 2 root root 0 Sep 25 14:31 bpf This is just the default directory. It is not mounted with bpffs. > dr-xr-xr-x. 2 root root 0 Sep 25 14:31 cgroup > drwxr-xr-x. 4 root root 0 Sep 25 14:31 ext4 > drwxr-xr-x. 3 root root 0 Sep 25 14:31 fuse > dr-xr-xr-x. 2 root root 0 Sep 25 14:31 pstore > dr-xr-xr-x. 2 root root 0 Sep 25 14:31 selinux > drwxr-xr-x. 5 root root 0 Sep 25 14:31 xfs > [jmcdowall@jed102 framework]$ > > and the bpf directory is readonly. > > There does not seem to be a way to make the directory writable. > > Does anyone have any ideas? somethings like this may help. mkdir /tmp/t mount -t bpf bpf /tmp/t ip netns exec test mount --bind /root/t /tmp/t ip netns exec test mount | grep bpf none on /root/t type bpf (rw,relatime) Now inside namespace, you will have a bpffs. Based on my experience, you cannot create bpffs (like `mount -t bpf bpf <...>`) inside the net namespace. > > Regards > > John > > > > On Tue, Sep 15, 2020 at 10:12 PM Y Song <ys114321@gmail.com> wrote: > > > > On Tue, Sep 15, 2020 at 11:46 AM John McDowall > > <jmcdowall@paloaltonetworks.com> wrote: > > > > > > Hi everyone, > > > > > > This may be a dumb question, I have set up a simple test environment > > > with multiple network namespaces running on a ubuntu 20.04 vagrant > > > box, with the latest github libbpf. > > > > > > I want to use a pinned map, I can make /sys/fs/bpf shared by: > > > > > > $ mount mount --make-shared /sys/fs/bpf > > > $ mount --bind /sys/fs/bpf /sys/fs/bpf > > > > Similar commands `mount --bind /sys/fs/bpf /sys/fs/bpf1` in the same namespace > > works fine. > > > > Maybe there are restrictions related to namespace? Maybe it becomes readonly? > > Could you print out the error code below? > > > > > > > > but when I try access the maps from a C program running in a namespace > > > using bpf I get > > > > > > Access to /sys/fs/bpf/lwtconfig map failed obj_pin errno: No such > > > file or directory > > > > > > The code snippet is: > > > > > > mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); > > > if (mapfd < 0) { > > > jed_info(jed_logfile,"Access to %s map failed obj_pin ", > > > CONFIG_MAP_PATH); > > > pin_fd = bpf_obj_get(CONFIG_MAP_PATH); > > > if (pin_fd < 0){ > > > jed_error(jed_logfile,"Access to %s map failed with > > > obj_get ", CONFIG_MAP_PATH); > > > } > > > } > > > > > > Is this possible, and if so what am I missing? > > > > > > Regards > > > > > > John ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Using pinned maps within a network namespace 2020-09-15 17:00 Using pinned maps within a network namespace John McDowall 2020-09-16 5:11 ` Y Song @ 2020-09-16 9:22 ` Quentin Monnet 2020-09-16 14:53 ` John McDowall 1 sibling, 1 reply; 7+ messages in thread From: Quentin Monnet @ 2020-09-16 9:22 UTC (permalink / raw) To: John McDowall, xdp-newbies On 15/09/2020 18:00, John McDowall wrote: > Hi everyone, > > This may be a dumb question, I have set up a simple test environment > with multiple network namespaces running on a ubuntu 20.04 vagrant > box, with the latest github libbpf. > > I want to use a pinned map, I can make /sys/fs/bpf shared by: > > $ mount mount --make-shared /sys/fs/bpf > $ mount --bind /sys/fs/bpf /sys/fs/bpf > > but when I try access the maps from a C program running in a namespace > using bpf I get > > Access to /sys/fs/bpf/lwtconfig map failed obj_pin errno: No such > file or directory > > The code snippet is: > > mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); > if (mapfd < 0) { > jed_info(jed_logfile,"Access to %s map failed obj_pin ", > CONFIG_MAP_PATH); Hi, from your log message ("obj_pin") it looks like the error occurs when you try to pin the map, not when you try to access it. The way you try to pin it: mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); looks suspicious. If I remember correctly, bpf_obj_pin() returns 0 on success, it does not return a fd. It does use a file descriptor to the map as a first argument, can you double check that this is what "pin_fd" contains? How did you retrieve this fd? It looks to me like "pin_fd" does not point to an existing map, and that the kernel fails to find the map to pin. Good luck, Quentin ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Using pinned maps within a network namespace 2020-09-16 9:22 ` Quentin Monnet @ 2020-09-16 14:53 ` John McDowall 0 siblings, 0 replies; 7+ messages in thread From: John McDowall @ 2020-09-16 14:53 UTC (permalink / raw) To: Quentin Monnet; +Cc: xdp-newbies Quentin, You're right, my code is a little messy but it does what you suggested, as I mentioned to Song it works on the host system just not in the network namespace. The error from bpf_obj_pin is errno: No such file or directory Here is a larger code segment: pin_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(uint32_t), sizeof(config_data),1, 0); if (pin_fd < 0){ jed_error(jed_logfile,"Failed to create map ", CONFIG_MAP_PATH); } ret = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); if (ret < 0) { jed_info(jed_logfile,"Access to %s map failed obj_pin ", CONFIG_MAP_PATH); pin_fd = bpf_obj_get(CONFIG_MAP_PATH); if (pin_fd < 0){ jed_error(jed_logfile,"Access to %s map failed with obj_get ", CONFIG_MAP_PATH); } } key = 0; ret = bpf_map_update_elem(pin_fd, &key, &config_data, 0); if (ret < 0) { jed_error(jed_logfile,"bpf_map_update_elem %s ",CONFIG_MAP_PATH); } Thanks for your help Regards John On Wed, Sep 16, 2020 at 2:22 AM Quentin Monnet <quentin@isovalent.com> wrote: > > On 15/09/2020 18:00, John McDowall wrote: > > Hi everyone, > > > > This may be a dumb question, I have set up a simple test environment > > with multiple network namespaces running on a ubuntu 20.04 vagrant > > box, with the latest github libbpf. > > > > I want to use a pinned map, I can make /sys/fs/bpf shared by: > > > > $ mount mount --make-shared /sys/fs/bpf > > $ mount --bind /sys/fs/bpf /sys/fs/bpf > > > > but when I try access the maps from a C program running in a namespace > > using bpf I get > > > > Access to /sys/fs/bpf/lwtconfig map failed obj_pin errno: No such > > file or directory > > > > The code snippet is: > > > > mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); > > if (mapfd < 0) { > > jed_info(jed_logfile,"Access to %s map failed obj_pin ", > > CONFIG_MAP_PATH); > > Hi, from your log message ("obj_pin") it looks like the error occurs > when you try to pin the map, not when you try to access it. The way you > try to pin it: > > mapfd = bpf_obj_pin(pin_fd,CONFIG_MAP_PATH); > > looks suspicious. If I remember correctly, bpf_obj_pin() returns 0 on > success, it does not return a fd. It does use a file descriptor to the > map as a first argument, can you double check that this is what "pin_fd" > contains? How did you retrieve this fd? It looks to me like "pin_fd" > does not point to an existing map, and that the kernel fails to find the > map to pin. > > Good luck, > Quentin ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-09-28 17:24 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-09-15 17:00 Using pinned maps within a network namespace John McDowall 2020-09-16 5:11 ` Y Song 2020-09-16 14:49 ` John McDowall 2020-09-25 22:54 ` John McDowall 2020-09-28 17:23 ` Y Song 2020-09-16 9:22 ` Quentin Monnet 2020-09-16 14:53 ` John McDowall
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).