bpf: fix error propagation for bpf syscalls

Currently, interaction with BPF maps via syscalls (open, lookup) might result
in log messages of the following form, where the error detail is `success`:

```
[info][filter] [cilium/conntrack.cc:229] cilium.bpf_metadata: IPv4 conntrack map global lookup failed: Success
```

This is due to the fact that BPF maps are accessed in the starter process. Hence,
the syscalls are also executed in this separate process and the variable `errno` is never set
in the Envoy process where the log is written..

Therefore, this commit fixes the error propagation by setting the variable `errno` after
retrieving the response from the privileged client doing the call to the starter
process.

Fixes: cilium#315
Fixes: cilium#470

Signed-off-by: Marco Hofstetter <[email protected]>

cilium/bpf.cc

@@ -1,5 +1,7 @@
 #include "cilium/bpf.h"
 
+#include <errno.h>
+
 #include "source/common/common/utility.h"
 
 #include "cilium/privileged_service_client.h"
@@ -87,17 +89,24 @@ bool Bpf::open(const std::string& path) {
   } else if (ret.errno_ == ENOENT && log_on_error) {
     ENVOY_LOG(debug, "cilium.bpf_metadata: bpf syscall for map {} failed: {}", path,
               Envoy::errorDetails(ret.errno_));
+    errno = ret.errno_;
   } else if (log_on_error) {
     ENVOY_LOG(warn, "cilium.bpf_metadata: bpf syscall for map {} failed: {}", path,
               Envoy::errorDetails(ret.errno_));
+    errno = ret.errno_;
   }
 
   return false;
 }
 
 bool Bpf::lookup(const void* key, void* value) {
   auto& cilium_calls = PrivilegedService::Singleton::get();
-  return cilium_calls.bpf_lookup(fd_, key, key_size_, value, value_size_).return_value_ == 0;
+  auto result = cilium_calls.bpf_lookup(fd_, key, key_size_, value, value_size_);
+  if (result.return_value_ < 0) {
+    errno = result.errno_;
+  }
+
+  return result.return_value_ == 0;
 }
 
 } // namespace Cilium