Error: unknown eBPF opcode 0xc5 (insn #32)

Question

Error: unknown eBPF opcode 0xc5 (insn #32)

Closed this issue 7 years ago · 4 comments

On newer kernel fails with below error. Do you have a fix for this? Attached object file. Thanks.

docker run -v ${PWD}:/tmp scanf/ebpf-disasm -s from-overlay /tmp/bpf_overlay.o    
thread 'main' panicked at '[Disassembler] Error: unknown eBPF opcode 0xc5 (insn #32)', /root/.cargo/git/checkouts/rbpf-44f97f5da1828c73/f1e69a8/src/disassembler.rs:286
note: Run with `RUST_BACKTRACE=1` for a backtrace.

bpf_overlay.zip

Answer 1 · 2017-11-14T19:06:12.000Z

Pretty sure this has to do with the new (added in August) “lower than” or “lower or equal” conditional jumps added to eBPF (see kernel commit or update of the simplified instruction code list). ebpf-disasm probably does not support them yet?

Answer 2 · 2017-11-14T19:09:09.000Z

Ah, but ebpf-disasm relies if fact on rbpf (my own crate), so I'm the one to blame I suppose. I updated the crate a few days ago, @scanf could you try with the GitHub version of rbpf? The one from crates.io is certainly not up-to-date.

Answer 3 · 2017-11-14T19:18:10.000Z

Was thinking something had to be applied here and I would then rebase to get latest changes. Was simpler, just reran cargo and it pulled in your recent changes. Works as expected now. Thanks a lot.

Answer 4 · 2017-11-14T19:23:58.000Z

Great! You're welcome :)