bpf: fix error propagation for bpf syscalls

Currently, interaction with BPF maps via syscalls (open, lookup) might result in log messages of the following form, where the error detail is `success`: ``` [info][filter] [cilium/conntrack.cc:229] cilium.bpf_metadata: IPv4 conntrack map global lookup failed: Success ``` This is due to the fact that BPF maps are accessed in the starter process. Hence, the syscalls are also executed in this separate process and the variable `errno` is never set in the Envoy process where the log is written.. Therefore, this commit fixes the error propagation by setting the variable `errno` after retrieving the response from the privileged client doing the call to the starter process. Fixes: cilium#315 Fixes: cilium#470 Signed-off-by: Marco Hofstetter <[email protected]>
mhofstetter · Apr 3, 2024 · a5b4e00 · a5b4e00
1 parent e150595
commit a5b4e00
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/cilium/bpf.cc b/cilium/bpf.cc
@@ -1,5 +1,7 @@
 #include "cilium/bpf.h"
 
+#include <errno.h>
+
 #include "source/common/common/utility.h"
 
 #include "cilium/privileged_service_client.h"
@@ -92,12 +94,21 @@ bool Bpf::open(const std::string& path) {
               Envoy::errorDetails(ret.errno_));
   }
 
+  errno = ret.errno_;
+
   return false;
 }
 
 bool Bpf::lookup(const void* key, void* value) {
   auto& cilium_calls = PrivilegedService::Singleton::get();
-  return cilium_calls.bpf_lookup(fd_, key, key_size_, value, value_size_).return_value_ == 0;
+  auto result = cilium_calls.bpf_lookup(fd_, key, key_size_, value, value_size_);
+
+  if (result.return_value_ == 0) {
+    return true;
+  }
+
+  errno = result.errno_;
+  return false;
 }
 
 } // namespace Cilium