Highest Voted 'bcc-bpf' Questions

2

votes

1 answer

What should I do if "sudo /usr/share/bcc/tools/execsnoop" fails after build BCC from source?

After building BCC from source and running the test "sudo /usr/share/bcc/tools/execsnoop", I got the following output: Traceback (most recent call last): File "/usr/share/bcc/tools/execsnoop", line 21, in from bcc import BPF ImportError: No module…

asked Nov 27 '20 at 20:26

SuperSim135

135
1
10

2

votes

1 answer

Listing and using custom Linux kernel tracepoints

I followed the tutorial at https://www.kernel.org/doc/Documentation/trace/tracepoints.txt to create a custom tracepoint in the kernel core (i.e. not in a loadable module). But, I don't see the tracepoint listed in the outputs of perf list or tplist…

linux linux-kernel perf bcc-bpf tracepoint

asked Sep 13 '20 at 17:47

fpkvdw

71
5

2

votes

2 answers

How to modify userspace memory using eBPF?

I'm trying to write a sample code and see how it works practically. As said here and discussed here. If everything is correct the output should be: $ cat foo1 this is foo1 content $ cat foo2 this is foo2 content $ sudo bcc_mangle_open.py & [1]…

linux-kernel bpf ebpf bcc-bpf

asked Jul 27 '20 at 11:15

avsr

143
3
15

2

votes

2 answers

How to compile BCC on Ubuntu 20.04?

I am trying to compile the BCC BPF framework (https://github.com/iovisor/bcc) on Ubuntu 20.04. I followed all the instructions for 18.04, but of course; they fail. The issue i have seems to be clang-related though In file included from…

linux-kernel clang bpf bcc-bpf

asked May 23 '20 at 20:27

horseyguy

29,455
20
103
145

2

votes

1 answer

How to build and deploy BPF BCC C++ apps?

There's plenty of docs for python developers, but as a C++ developer very new to BCC/BPF i'm finding it very difficult to determine where to start in building and deploying BCC-based C++ apps. Where do i start? I've looked at the examples but they…

linux-kernel bpf bcc-bpf

asked May 23 '20 at 13:43

horseyguy

29,455
20
103
145

2

votes

1 answer

Can eBPF's perf_submit() be used in a socket_filter program as well?

So I was trying to send some data from the kernel space program to the user space program using perf_submit. I've done some studies and here(https://github.com/iovisor/bcc/issues/2423), yonghong-song answered(the last comment) that a socket_filter…

bpf ebpf bcc-bpf

asked Jan 07 '20 at 07:52

Rosè

345
2
13

2

votes

1 answer

bpftrace: uprobe target file does not exist or is not executable

I want to use bpftrace to trace functions inside libasan library, which is inside /usr/lib/x86_64-linux-gnu/. However sudo bpftrace -e 'uretprobe:/usr/lib/x86_64-linux-gnu/libasan.so.4: __interceptor_malloc { printf("pid: %d, malloc %p\n", pid,…

linux address-sanitizer bpf dynamic-analysis bcc-bpf

asked Dec 25 '19 at 14:43

Clover Ye

253
3
8

2

votes

2 answers

XDP offloaded mode flags set is not working with bcc

I'm trying to run this tutorial XDP code that is provided in the bcc. The code I use is this script: bcc/examples/networking/xdp/xdp_drop_count.py. and to my understanding, XDP flag works as follows (from that question): #define XDP_FLAGS_SKB_MODE…

bpf ebpf bcc-bpf

asked Aug 07 '19 at 01:35

Rosè

345
2
13

2

votes

0 answers

Detach bpf object from event?

I want to be able to detach my BPF objects from an attached event. Is the only way to detach from an event to destroy the BPF object? I'm trying to avoid having to create/destroy objects everytime a new program that I want to trace is launched…

ebpf bcc-bpf

asked Apr 29 '19 at 01:45

belgarn

21
2

2

votes

1 answer

Why is a kretprobe on sys_futex called less often than a corresponding kprobe?

I am doing some tracing of various kernel functions and system calls, and establishing patterns between them which can be used for certain performance profiling. One thing that I noticed is that sometimes, even in my simple testing application which…

linux-kernel bpf ebpf kprobe bcc-bpf

asked Feb 07 '19 at 18:17

Ashley Davies

1,873
1
23
42

2

votes

1 answer

How do I access xmm registers in an eBPF program

I am trying to use bcc-tools to trace a user process using uprobe, but some functions take floating point arguments. According to x86_64 ABI, these values are normally passed in the xmm registers. The eBPF functions in bcc takes a struct pt_regs *…

x86-64 trace bpf ebpf bcc-bpf

asked Jan 16 '19 at 13:13

filijokus

105
2

2

votes

1 answer

failing to attach eBPF `kretprobes` to `napi_poll()` with bcc tools

Idea is to use argdist to measure latency duration of napi_poll() which returns number of packet processed (called work). Ratio of execution latency of napi_poll() to number of packets processed would give me average amount of time it took to…

linux-kernel bpf ebpf bcc-bpf

asked Dec 24 '17 at 19:37

Valmik Roy

57
1
7

1

vote

1 answer

Output from trace pipe and perf_output are different

Im trying to get the IHL and Version fields from an IP header using XDP, and when I output these values to the trace pipe using bpf_trace_printk the values appear correct but using perf_output i get invalid values such as IPV = 0, IHL = 69. Code is…

networking ebpf xdp-bpf bcc-bpf

asked Aug 14 '23 at 18:50

Afonso Pinto

65
7

1

vote

1 answer

BPF tracepoint args and why they're different in different example code

I've done a lot of searching for information about writing a BPF program for tracepoints and I seem to be missing an important nugget of information that I can't find a definitive answer for. Let's take tracepoint/syscalls/sys_enter_open as an…

ebpf bpf bcc-bpf libbpf

asked Aug 03 '23 at 18:23

Greg Brown

43
5

1

vote

0 answers

How to remove a eBPF function attached by BCC toolkit?

Using bpftool prog show, I can see a list of eBPF programs. 3: cgroup_skb tag 6deef7357e7b4530 gpl loaded_at 2023-04-20T05:19:04-0400 uid 0 xlated 64B jited 54B memlock 4096B 4: cgroup_skb tag 6deef7357e7b4530 gpl …

ebpf bcc-bpf kprobe

asked Apr 24 '23 at 13:17

akastack

75
7

Questions tagged [bcc-bpf]