Add -fno-stack-protector to eBPF program compile line#42
Merged
Conversation
The ebpf programs aren't getting linked against the extra run-time helpers, so they don't have access to extended features like stack protection. This was causing a build error that is fixed by adding -fno-stack-protector to the compilation line.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When compiling with this feature enabled for the project, we don't want it to be enabled on the stand-alone ebpf programs, because they don't have access to the C runtime bits needed to be linked in to support this (as, ostensibly, the kernel would implement its own facilities for this). Add
-fno-stack-protectorto the eBPF program compilation only so that it always turns the feature off when building the eBPF programlets.Additionally, this PR contains a stylistic change to pre-initialize
emptyto zeroes inNetworkTrackerSeenAccept(...), which silences a compiler warning about potential use of a value prior to initialization.