Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

load bpf failed #211

Open
vortexilation opened this issue Dec 12, 2024 · 7 comments
Open

load bpf failed #211

vortexilation opened this issue Dec 12, 2024 · 7 comments

Comments

@vortexilation
Copy link

vortexilation commented Dec 12, 2024
edited
Loading

Describe the bug

Failed to run ptcpdump properly with the following error :

root@router:~# ptcpdump -i any port 5353
2024-12-13 04:53:18 WARN skip Docker Engine integration due to Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
2024-12-13 04:53:20 WARN skip containerd integration due to failed to dial "/run/containerd/containerd.sock": context deadline exceeded: connection error: desc = "transport: error while dialing: dial unix:///run/containerd/containerd.sock: timeout"
2024-12-13 04:53:20 WARN skip kubernetes integration due to [connect using endpoint /var/run/dockershim.sock: no such file or directory, connect using endpoint /var/run/cri-dockerd.sock: no such file or directory, connect using endpoint /run/crio/crio.sock: no such file or directory, connect using endpoint /run/containerd/containerd.sock: no such file or directory]
2024-12-13 04:53:21 FATAL cmd/log.go:23] load bpf failed: bpf load and assign: field FentryNfNatManipPkt: program fentry__nf_nat_manip_pkt: attach Tracing/TraceFEntry: find target for fentry nf_nat_manip_pkt: find target in modules: parse types for module cast_common: can't read type names: string table is empty

How to reproduce it

Run ptcpdump in OpenWrt x86_64 glibc

Expected behavior

Running without any error.

Environment

  • ptcpdump version:
    7d71bb8 or compiled amd64 x86_64 from here, the same fatal error being logged.

  • OS:
    OpenWrt x86_64 glibc

  • Kernel:
    Linux Router 6.12.4 #0 SMP Tue Dec 3 16:34:36 2024 x86_64 GNU/Linux

Additional context
@vortexilation
Copy link
Author

@mozillazg
Do you have any clue?, my kernel config already containing the following :

CONFIG_BPF=y
CONFIG_NET_CLS_BPF=y
CONFIG_NET_ACT_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
CONFIG_PROBE_EVENTS_BTF_ARGS=y
CONFIG_HAVE_BPF_JIT=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_HAVE_CBPF_JIT=y
CONFIG_BPF_EVENTS=y
CONFIG_PERF_EVENTS=y
CONFIG_HAVE_PERF_EVENTS=y
CONFIG_DEBUG_INFO_BTF=y
CONFIG_PAHOLE_HAS_SPLIT_BTF=y
CONFIG_DEBUG_INFO_BTF_MODULES=y
CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
CONFIG_CGROUP_BPF=y
CONFIG_BPFILTER=y
CONFIG_BPFILTER_UMH=y
CONFIG_NET_CLS_BPF=y
CONFIG_NET_ACT_BPF=y
CONFIG_BPF_STREAM_PARSER=y
CONFIG_LWTUNNEL_BPF=y
CONFIG_NETFILTER_XT_MATCH_BPF=y
CONFIG_IPV6_SEG6_BPF=y
CONFIG_KPROBE_EVENTS=y
CONFIG_KPROBES=y
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
CONFIG_KPROBES_ON_FTRACE=y
CONFIG_FPROBE=y
CONFIG_BPF_KPROBE_OVERRIDE=y
CONFIG_UPROBE_EVENTS=y
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_UPROBES=y
CONFIG_MMU=y
CONFIG_TRACEPOINTS=y
CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
CONFIG_BPF_LSM=y
CONFIG_BPF_LIRC_MODE2=y
CONFIG_FTRACE_SYSCALLS=y
CONFIG_FUNCTION_TRACER=y
CONFIG_HAVE_DYNAMIC_FTRACE=y
CONFIG_DYNAMIC_FTRACE=y
CONFIG_FPROBE_EVENTS=y
# CONFIG_FTRACE_VALIDATE_RCU_IS_WATCHING is not set
CONFIG_DEBUG_INFO_DWARF5=y
CONFIG_KALLSYMS_ALL=y

@mozillazg
Copy link
Owner

@vortexilation I'm unsure why the error occurred. I cannot reproduce it yet because a version of OpenWrt supporting kernel 6.12.4 hasn't been released.

@vortexilation
Copy link
Author

@mozillazg
Thanks for joining in, I have found publicly available 3rd party hosted kernel 6.12.4 inside it, you could also compiling it on your own (github actions) from here.

I am experiencing the same error as my own OpenWrt image above.

@mozillazg
Copy link
Owner

@mozillazg Thanks for joining in, I have found publicly available 3rd party hosted kernel 6.12.4 inside it, you could also compiling it on your own (github actions) from here.

I am experiencing the same error as my own OpenWrt image above.

@vortexilation Please try again with the fixed version: https://github.com/mozillazg/ptcpdump/actions/runs/12331133363 (download ptcpdump from the Artifacts section)

@vortexilation
Copy link
Author

vortexilation commented Dec 14, 2024
edited
Loading

@mozillazg
Thank you but still the same error :

2024-12-14 22:50:42 FATAL cmd/log.go:22] load bpf failed: bpf load and assign: field FentryNfNatManipPkt: program fentry__nf_nat_manip_pkt: attach Tracing/TraceFEntry: find target for fentry nf_nat_manip_pkt: find target in modules: parse types for module cast_common: can't read type names: string table is empty

[EDIT]

It seem works on public 24.10 image above but doesn't work on my custom build OpenWrt. Is there any hardcoded mechanism based on hostname ?

@mozillazg
Copy link
Owner

mozillazg commented Dec 15, 2024
edited
Loading

@vortexilation The previous version had the release ID (openwrt) hardcoded. This following version fixes that: https://github.com/mozillazg/ptcpdump/actions/runs/12334825963

@vortexilation
Copy link
Author

Great news, it's also working in my OpenWrt build, thanks a lot, great program btw. ptcpdump helped me figuring out which process doing mysterious dns queries.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mozillazg @vortexilation