Skip to content

Setup the extended Berkeley Packet Filter (eBPF) Environment

The extended Berkeley Packet Filter (eBPF) allows filtering/processing packets in kernel in an efficient and customizable way. This article introduces setting up the eBPF environment under an Ubuntu 20.04 system.

Overall, to setup the eBPF environment, 1) first it needs to turn on the BPF kernel option; 2) then we used the self-test scripts provided by the linux kernel source tree to verify the eBPF installation. The installation process references the guideline1.

1.Compile and Install Kernel

First, upgrade the Ubuntu system to latest

$ sudo apt update && sudo apt full-upgrade

Then download the latest kernel source tree

$ cd ~/Downloads/
$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git --depth=1

# copy the kernel config file
$ cd net-next/
$ cp /boot/config-`uname -r`* .config
# configure kernel compile options
$ make menuconfig

Under [General Setup] –> [Networking support] –> [Networking options] –> [BPF based packet filtering framework (BPFILTER)], turn on the BPF option.

After finishing the configuration, the config file should look as

$ grep "BPF" .config
CONFIG_BPF=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y
# BPF subsystem
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_JIT_DEFAULT_ON=y
# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
# CONFIG_BPF_PRELOAD is not set
# CONFIG_BPF_LSM is not set
# end of BPF subsystem
CONFIG_CGROUP_BPF=y
CONFIG_IPV6_SEG6_BPF=y
CONFIG_NETFILTER_XT_MATCH_BPF=m
CONFIG_BPFILTER=y
CONFIG_BPFILTER_UMH=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_ACT_BPF=m
CONFIG_BPF_STREAM_PARSER=y
CONFIG_LWTUNNEL_BPF=y
CONFIG_BPF_EVENTS=y
CONFIG_BPF_KPROBE_OVERRIDE=y
CONFIG_TEST_BPF=m

Then compile and install the new kernel

$ make -j2
$ sudo make modules_install install
$ sudo update-grub2

If everything goes well, reboot the OS and now the kernel should be the new compiled version.

$ uname -r
5.15.0-rc1+

2.Verify eBPF Installation

The downloaded linux kernel source tree includes some self-test scripts (located in net-next/tools/testing/selftests/bpf/) to verify if the eBPF can function properly. But there occurred some errors during the compilation as follows.

  1. Error: failed to load BTF from …/vmlinux
# compile self-test scripts
cd net-next/tools/testing/selftests/bpf/ make
...
Auto-detecting system features:
...                        libbfd: [ OFF ]
...        disassembler-four-args: [ OFF ]
...                          zlib: [ on  ]
...                        libcap: [ on  ]
...               clang-bpf-co-re: [ on  ]
...
Error: failed to load BTF from /home/ntwrk/Downloads/net-next/vmlinux: No such file or directory
make[1]: *** [Makefile:158: /home/ntwrk/Downloads/net-next/tools/testing/selftests/bpf/tools/build/bpftool/vmlinux.h] Error 2
make: *** [Makefile:208: /home/ntwrk/Downloads/net-next/tools/testing/selftests/bpf/tools/sbin/bpftool] Error 2

After googling, it is due to Re: BPF selftests build failures

That’s bpftool complaining that BTF is not present in vmlinux.
You need CONFIG_DEBUG_INFO_BTF=y and pahole >= v1.16
You also need llvm 10 to build bpf progs.

After reconfigured the kernel and installed latest pahole, the error had been fixed.

  1. fatal error: error in backend: line 27: Invalid usage of the XADD return value
$ make
...
  CLNG-BPF [test_maps] atomics.o
fatal error: error in backend: line 27: Invalid usage of the XADD return value
...

It’s due the llvm version according to Re: Issues compiling selftests XADD – “Invalid usage of the XADD return value”. After switched to llvm13+, the error had been fixed.

  1. Error: rst2man not found, but required to generate man pages
$ make
...
Makefile.docs:76: *** "rst2man not found, but required to generate man pages".  Stop.
make: *** [Makefile:217: docs] Error 2

The error message is pretty clear as Install rst2man failed for varnish agent [fix]. The error had been fixed after installed the rst2man.

Finally the compilation complained without any error, and run the selftests scripts as

$ sudo ./test_verifier
...
Summary: 1764 PASSED, 0 SKIPPED, 0 FAILED

All test cases passed, the result showed that the eBPF seems functions properly.

Reference

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *