Errata
The errata list is a list of errors and their corrections that were found after the product was released.
The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.
Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update
| Version | Location | Description | Submitted by | Date submitted |
|---|---|---|---|---|
| 00 See description |
Chapter 3. BPF Maps - Working with BFP Maps - Iterating Over Elements in a BPF Map |
Loic | Jan 17, 2020 | |
| 00 Chapter 3. BPF Maps - Concurrent Access to Map Elements - 4th paragraph |
This map must be annotated with BPF Type Format (BTF) so the verifier knows how to intepret the structure -> typo "intepret" -> "interpret" |
Loic | Jan 18, 2020 | |
| 1 Ch.8, in Seccomp is cbpf |
"zeccomp" is used instead of "seccomp" |
Maxime Guerreiro | Nov 09, 2019 | |
| Printed | Page 1 2nd paragraph |
In first sentence - "approaches this problem from an different angle" - "an" should be "a" |
Weston Steimel | Jan 15, 2020 |
| Printed | Page 2 2nd paragraph |
"raise in popularity" should be "rise in popularity" |
Weston Steimel | Jan 15, 2020 |
| 4 Chapter 4 : Tracing with BPF, First source code listing in URETPROBES section |
The code listing to demonstrate use of URETPROBES in a go program is explained via numbered annotations below the listing. |
Anadi | Nov 26, 2019 | |
| 4 Chapter 4 : Tracing with BPF, All source code listings using python and BCC |
The signature of fn_name argument supplied to bpf.attach_kprobe does not work with latest bcc version. The bcc samples here (https://github.com/iovisor/bcc/tree/master/examples/tracing) actually require 'the one and only' void* ctx parameter. |
Anadi | Nov 26, 2019 | |
| Printed | Page 8 1st paragraph |
Typo: "circustances" instead of "circumstances" |
Hans Wippel | Dec 20, 2019 |
| Page 9 Last code snippet |
The command to build the BPF loader specifies the library "elf" to be linked, but if I'm right the required library is "bpf". So the command should specify "-l bpf" instead of the current "-l elf". |
Anonymous | Nov 13, 2019 | |
| Page 13, 14 and 156 3rd, 4th and 3rd paragraph, correspondingly |
Typo using the name of the project Cilium (https://cilium.io), double 'L' is being used, whereas only one should be used. |
Anonymous | Nov 12, 2019 | |
| Printed | Page 13 Paragraph 3 |
The claim that BPF_PROG_TYPE_CGROUP_SKB "is similar to BPF_PROG_TYPE_SOCKET_FILTER" seems wrong, since the socket filters are read-only but cgroup programs can re-route packets. Perhaps it meant to say they are similar to BPF_PROG_TYPE_XDP. |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 14 3rd paragraph |
The description in this paragraph sounds like RTO should stand for "retransmission time out". |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 17 Fourth paragraph of the BPF Verifier section |
DAG stands for Directed Acyclic Graph and not Direct Acyclic Graph |
CEll | Dec 01, 2019 |
| Printed | Page 17 5th paragraph |
The paragraph mentions that conditions for rejecting the code follow, but the bullet points below mention the conditions the code has to fulfill for not getting rejected. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 19 Paragraph 1 |
"The way a program structured" is missing "is". |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 19 Paragraph 2 |
Text refers to a ".BFT" metadata section. That looks like a typo for ".BTF". If it is not, that confusing difference should be called out in the text. This same likely typo is on page 82, second to last paragraph, "all of the BFT types". |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 22 3rd paragraph |
"unsigned integers" should be "signed integers" to better match the following example code. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 22 Code example 1 |
The comment saying "size of the keys" should be "size of the key" and "size of the values" should be "size of the value". The difference is subtle but important, to distinguish between the size of one element from the size of the whole map. |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 23 Section header |
Section header reads "Working with BFP Maps". It should be: "Working with BPF maps" |
CEll | Dec 02, 2019 |
| Printed | Page 28 3rd paragraph |
This paragraph suggest that multiple operations exist and some are described in the following two sections. Then, the next section starts with "The final operation we look at in this section". |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 31 4th paragraph |
Typo: "semaphone" should be "semaphore" |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 33 5th paragraph |
In the last code example on this page, "key.v4_addr = ip4;" should be "key.v4_addr = ipv4;". |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 35 3rd paragraph |
With the colon, the paragraph suggests that the map is declared below this paragraph and not above it. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 36 3rd paragraph |
Should ".value_size = sizeof(u32);" be ".value_size = sizeof(struct data_t);"? |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 36 Third code block |
This code block right-shifts the result of bpf_get_current_pid_tgid(). About half the examples in this book do this, and about half don't. Why? See examples on pages 54, 58, 64, 68. |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 36 Code block 2 |
Why does the events map have max_entries = 2? |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 38 Penultimate sentence of the first paragraph |
"...as long as you don't mind loosing elements...": should be "losing" instead of "loosing" |
CEll | Dec 03, 2019 |
| Printed | Page 39 last paragraph of the section LPM Trie Maps |
The book states that IP 192.168.1.1/32 matches both ranges 192.168.0.0/24 and 192.168.1.0/24. I think that the authors meant ranges 192.168.1.0/24 and 192.168.0.0/16 |
Mikolaj Pawlikowski | Dec 06, 2019 |
| Printed | Page 41 Paragraph 4 |
"read the rest elements in the map" is missing "of the". |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 42 Last paragraph |
Because stack maps use last-in, first-out, I believe "retrieve them in the same order in which we inserted them" should be something like "retrieve them in the reverse of insertion order" |
Weston Steimel | Jan 15, 2020 |
| Printed | Page 44 6th paragraph |
The last paragraph before the code example mentions that the map is populated with several elements, but in the example only one element is inserted. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 44 6th paragraph |
Is the bpf_create_map() helper new here and needs more explanation? |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 45 1st paragraph |
The bullet (1) explaining the example code mentions that the map size is one. The bpf_create_map() parameters look like the map size could be 100. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 45 2nd paragraph |
Typo: "pbf_obj_pin" should be "bpf_obj_pin". |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 45 2nd paragraph |
The directory listing shows a file called "/sys/fs/bpf/my_map", but in the example code the file_path is "/sys/fs/bpf/my_array". |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 50 1st paragraph |
In the first code example, bullet (4) should be one line further down to match the description below. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 53 2nd paragraph |
In the description of bullet (2), "pbf_prog_load" should be "bpf_prog_load. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 54 Bullet point 2 |
The statement "This call needs to know that the object we want to trace, hello-bpf, is the absolute path to the object file." is ambiguous and apparently false, since the code referenced contains no absolute paths. What is it trying to say? |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 59 Paragraph 5 |
"there is only a Ruby process running on our machine" should say "there is only ONE Ruby process running on our machine". As written, nothing but that Ruby process is running on the machine, which is obviously false. |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 60 Paragraph 2 |
The text should state that it is switching from Ruby back to Python for the next code snippet. It took me awhile to figure out what was going on. |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 65 Code example 2 |
The python code iterates through a variable "cache" which has not been defined in Python, only in the string of C code, so how can that loop work? |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 65 Code block 2 |
The test of stack_id contains a redundant clause. Either check for < 0 or check for == -errno.EFAULT, but checking for both is redundant. Also, the initialization line = [] could be moved into the else clause. |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 67 5th paragraph |
In the code example, bullets (1), (2), and (3) are on the wrong line. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 68 Code block |
Why is the parameter "void ctx" instead of "void *ctx"? Also on page 70, "void filename, void argv, void envp" looks like the asterisks are missing. |
David MacKenzie | Dec 07, 2021 |
| Page 69 Second paragraph , notation written for marker numeric two |
"pbf_prog_load" this text has to be changed to "bpf_prog_load" |
Bhaskar Chowdhury | Dec 02, 2019 | |
| Printed | Page 70 1st paragraph |
The paragraph mentions that a python library is imported in the code example, but that is in the next code example. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 71 1st paragraph |
The descriptions of the bullets (1), (2), (3), (4), and (5) do not match the positions of the bullets in the code example. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 85 Second to last paragraph |
"You can also associate update elements in those maps" doesn't make sense, with two verbs in a row; the word "associate" seems to be spurious. |
David MacKenzie | Dec 07, 2021 |
| Printed | Page 95 7th paragraph |
In the description of "jset #0x1fff jt 12 6", should "13 bytes of data" be "13 bits of data"? |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 106 Paragraph below bolded section Classless qdiscs mid page |
In the first sentence "A classless qdiscs is a qdisc" qdiscs should be singular "qdisc" |
Weston Steimel | Jan 23, 2020 |
| Printed | Page 106 Page 106 Paragraph below bolded section Classless qdiscs mid page |
Second sentence "This means that is not possible to attach filters to classless qdiscs" "is" should be "it's" |
Weston Steimel | Jan 23, 2020 |
| Printed | Page 108 3rd paragraph |
In the code example, "h_proto" is not set. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 109 3rd paragraph |
In the last code example, what are the values of "ip_total_length", "ip_hlen", "tcp_hlen", and "poffset"? What is the function header? |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 110 3rd paragraph |
This paragraph first mentions we can compile the program as we did before. But then, it mentions that we cannot compile this program in the same way. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 117 3rd paragraph |
In Figure 7-1, are RX and TX swapped? |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 124 Code block 1 |
The nmap example output shows TCP port 22 (ssh) still reachable, but the XDP program installed on that interface on the previous page drops all TCP packets, which includes the ssh port. |
David MacKenzie | Dec 10, 2021 |
| Printed | Page 131 3rd paragraph |
The paragraph mentions that TCP packets are always dropped with XDP_DROP. But the next paragraph mentions another check for the destination port. Maybe, the "always do XDP_DROP" part should be removed. |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 133 6th paragraph |
In the load balancing use case, what about XDP redirect? |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 142 4th paragraph |
Typo: "part contains our the list" should be "part contains the list", |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 143 6th paragraph |
In the "Seccomp Is cBPF" info box, "you might wondering" should be "you might be wondering". |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 143 6th paragraph |
In the "Seccomp Is cBPF" info box, in the first bullet list item, "registries" should be "registers". |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 145 5th paragraph |
The paragraphs contains a question about Seccomp with eBPF instead of cBPF. Is something missing in this section? Is it related to LSM hooks somehow, because they are mentioned in the following paragraph? |
Hans Wippel | Dec 20, 2019 |
| Printed | Page 153 1st paragraph |
In the third item of the bullet list, "and in Kubernetes, and a service virtual IP" should be "and in Kubernetes, a service virtual IP". |
Hans Wippel | Dec 20, 2019 |