xdpcap & bcc/llvm error: Assertion `Val && "isa<> used on a null pointer"' failed.

[tvsanthoshkumar]

Hi,

I started exploring for tcpdump kind of tool for XDP programs and came across this tool and blog. I am really happy to see this tool which simplifies the debugging process with XDP code. Thanks you for making life easy.

I have developed the XDP code using bcc project. I want to explore this xdpcap with the developed sample code. But it is throwing continuous null pointers exception. The Code and error details are as follows.

Code:
`
from bcc import BPF, libbcc
import time
import sys

code = """
#include <uapi/linux/bpf.h>
#include "../hook.h"

int tail_call(void *ctx, void *map, int index);
BPF_TABLE("array", int, int, xdp_hooks, 5);
BPF_TABLE("array", uint32_t, long, packet_counter, 1);

int counter(struct xdp_md *ctx) {
uint32_t index = 0;
long *value = packet_counter.lookup(&index);
if (value)
*value += 1;
return xdpcap_exit(ctx, &xdp_hooks, XDP_PASS);
}
"""
device="eth0"
pin_path="/sys/fs/bpf/xdp_hooks"
mode = BPF.XDP
ctxtype = "xdp_md"

b = BPF(text = code, cflags=["-w", "-DCTXTYPE=%s" % ctxtype])
fn = b.load_func("counter", mode)

print("Program loaded \n")

b.attach_xdp(device, fn, 0)
counter = b.get_table("packet_counter")

xdp_hooks = b.get_table("xdp_hooks")
print("map fd: {}".format(counter.map_fd))
ret = libbcc.lib.bpf_obj_pin(xdp_hooks.map_fd, ctypes.c_char_p(pin_path))
if ret != 0:
raise Exception("Failed to pin map")
print("Pinned at: {}".format(pin_path))

print("Hit CTRL+C to stop")
while True:
try:
print(counter[0].value)
time.sleep(1)
except KeyboardInterrupt:
print("Removing filter from device")
break
b.remove_xdp(device, flags)
`
Error:

python: /usr/lib/llvm-6.0/include/llvm/Support/Casting.h:106: static bool llvm::isa_impl_cl<To, const From*>::doit(const From*) [with To = clang::VarDecl; From = clang::Decl]: Assertion `Val && "isa<> used on a null pointer"' failed.
Aborted (core dumped)

---

I tried this code using llvm-6.0 and llvm7-0. I am getting the same error again and again. I mounted the filesystem also.

Environment Details:
OS: Ubuntu 18.04
Kernel : 5.3

Also tested this code another environment also
OS: Debian 10
Kernel: 5.4

Can you help me to resolve this issue?

[arthurfabre]

It seems bcc has an issue with the xdpcap_exit() function, using the bcc helper directly seems to work though. The xdp_hooks map also needs to be declared as a BPF_PROG_ARRAY:

code = """
#include <uapi/linux/bpf.h>

BPF_PROG_ARRAY(xdp_hooks, 5);
BPF_TABLE("array", uint32_t, long, packet_counter, 1);

int counter(struct xdp_md *ctx) {
        uint32_t index = 0;
        long *value = packet_counter.lookup(&index);
        if (value)
                *value += 1;
        xdp_hooks.call(ctx, XDP_PASS);
        return XDP_PASS;
}
"""

[tvsanthoshkumar]

It is working. Thanks @arthurfabre. Really helpful.

I am thinking of using this tool in high throughput systems. Can you please help me to understand little more details on xdpcap?

1. As per the blog, the code is using tail calls. This means that, it is going to process the live packets in data path. What's the processing overhead of xdpcap tail calls?
2. I saw one of the comment that it is using perf ring buffer to transfer the packet to user space. Whats the overhead(in terms of latencies, hardware resources) of passing this filtered data to ring buffer?
3. Will xdpcap unload the xdp_hooks map entries after the termination of xdpcap?

• I verified through sample program. XDP tail call entries are removed upon xdpcap termination.

4. Can multiple users use xdpcap in the same machine concurrently?

• No, only one user can execute xdpcap (whoever runs xdpcap last) in one server.