BPF exceeds default net.core.optmem_max limit

[lmb]

If you try to run tests / use the filter on stock Ubuntu, you get the following error:

$ sudo -E go test 
--- FAIL: TestNew (0.08s)
    rakelimit_test.go:14: Can't create limiter: can't attach BPF to socket: cannot allocate memory

This is because SO_ATTACH_BPF checks the size of the program against net.core.optmem_max limit. The default value for that on my Ubuntu install is 20480. We currently need something > 32768 but < 65536.

We should try to get the filter size below the default value. See also #2.

[kckeiks]

I am getting the following when running tests without sudo:

Can't load program field FilterIpv4: ....: operation not permitted (MEMLOCK may be too low, consider rlimit.RemoveMemlock)

The tests seem to fail when calling loadRakeObjects. I see that it's a EPERM error (I'm using cilium/ebpf v0.8).

There is no error when using the filter but it does not load per bpftool prog list. Everything works when I run sudo. Is this related? I'm not too familiar with the error/issue you posted and this one.

[lmb]

No, these two are probably not related. It's either MEMLOCK as the error message suggests, or https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#unprivileged-bpf-disabled