Skip to content

tools/tcpaccept: Fix tcpaccept on recent kernel #5405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 4, 2025
Merged

tools/tcpaccept: Fix tcpaccept on recent kernel #5405

merged 1 commit into from
Nov 4, 2025

Conversation

@jeromemarchand
Copy link
Contributor

@jeromemarchand jeromemarchand commented Oct 7, 2025

The tcpaccept use the relative offset of gso_max_segs and sk_lingertime_offset to check whether sk_protocol is its own field of part of a bitfield and find it's location. This is not very robust.

Use BPF.kernel_struct_has_field() to find out whether it's its own field and revert to the old workaround if it's part of a bitfield.

Closes: #5316

ekyooo
ekyooo reviewed Oct 15, 2025
View reviewed changes
tools/tcpaccept.py
bpf_text = bpf_text.replace('##FILTER_FAMILY##',
'if (family != AF_INET6) { return 0; }')

if BPF.kernel_struct_has_field("sock", "sk_protocol") == 1:
Copy link
Collaborator

@ekyooo ekyooo Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the existing offset == 2 fallback still necessary for cases where the sk_protocol field exists, but the absence of BTF information causes the kernel_struct_has_field() check to fail?

Copy link
Contributor Author

@jeromemarchand jeromemarchand Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I didn't think of that.

@jeromemarchand
tools/tcpaccept: Fix tcpaccept on recent kernel
cccbbb4 
The tcpaccept use the relative offset of gso_max_segs and
sk_lingertime_offset to check whether sk_protocol is its own field of
part of a bitfield and find it's location. This is not very robust.

Use BPF.kernel_struct_has_field() to find out whether it's its own
field and revert to the old workaround if it's part of a bitfield or
BTF is unavailable.

Closes: iovisor#5316

Signed-off-by: Jerome Marchand <[email protected]>
@chenhengqi
Copy link
Collaborator

chenhengqi commented Oct 17, 2025

Thanks for the fix.

But I think at some point we may retire all python-based tools.
The libbpf-tools are production ready and can be shipped without extra dependencies.
These kind of issues raised by kernel breaking changes can also be fixed by CO-RE easily.

@ekyooo ekyooo merged commit c208d0e into iovisor:master Nov 4, 2025
1 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ekyooo ekyooo ekyooo approved these changes

@chenhengqi chenhengqi Awaiting requested review from chenhengqi chenhengqi is a code owner

@yonghong-song yonghong-song Awaiting requested review from yonghong-song yonghong-song is a code owner

@brendangregg brendangregg Awaiting requested review from brendangregg brendangregg is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

the bitfield calculation of sk_protocol is wrong due to which tools like 'tcpaccept' are not working

3 participants

@jeromemarchand @chenhengqi @ekyooo