I have attached eBPF XDP program(port_filter_kern.c) in my network Interface.
port_filter_kern.c – It will drop the incoming traffic which comes to the specific ports(port numbers are present in "port_map" as key).
port_filter_user.c – It will load my eBPF program to the given interface and update the eBPF map "port_map" after reading the text file(which has port numbers).
map_fd = bpf_object__find_map_fd_by_name(obj, "port_map"); printf("map_fd %d ",map_fd); //to see the map fd integer int result = bpf_map_update_elem(map_fd, &portkey, &value, BPF_ANY);
Now, I want to access the same map "port_map" using another user space program (port_filter_runtime.c) which will get the port numbers from user/text file during run time and need to update the same map "port_map", to drop the incoming traffic which comes to the newly given port number.
I have tried below ways to find same map FD. I didnt get correct FD,(verified through the FD, which is printed in first user space program port_filter_user.c).
struct bpf_object *obj = bpf_object__open_file("port_filter_kern.o", NULL); struct bpf_map *map = bpf_object__find_map_by_name(obj, "port_map"); int map_fd = bpf_map__fd(map); printf("map_fd %d ",map_fd); //to see the map fd integer
and tried with below code also,
struct bpf_object *obj = bpf_object__open_file("port_filter_kern.o", NULL); int map_fd = bpf_object__find_map_fd_by_name(obj, "port_map"); printf("map_fd %d ",map_fd); //to see the map fd integer
If I gets the same map FD, I can use that to update my map.
Any guidance? Thanks in Advance…
The file descriptor is an integer value that only makes sense in the context of its process. You cannot just share the value with any process and expect that it will point to the same resource.
Typically you would share a reference between processes by pinning the map (in the user space program that created it) to the bpffs (
/sys/fs/bpf/), then retrieving the file descriptor in the other program from the pinned path with a
bpf() syscall (see for example
int bpf_obj_pin(int fd, const char *pathname), and then
int bpf_obj_get(const char *pathname) from libbpf).
Once you have the file descriptor in your second process, you can assign it to the map in the
struct bpf_object with libbpf’s
Answered By – Qeole