Questions related to the development of BPF tools through the use of the bcc (BPF Compiler Collection) framework.
Questions related to the development of BPF tools through the use of the bcc (BPF Compiler Collection) framework.
Questions tagged [bcc-bpf]
121 questions
1
vote
1 answer
How to get the name, or the ID, of the System Call that was detected with BCC/eBPF
I have this code, which is largely inspired by the syscount.py tool present in BCC:
BPF_HASH(data, u32, u64);
TRACEPOINT_PROBE(raw_syscalls,sys_exit){
u64 pid_tgid = bpf_get_current_pid_tgid();
u32 key = pid_tgid >> 32;
u32 tid = (u32)pid_tgid;
u64…
Afonso Pinto
- 65
- 7
1
vote
0 answers
Combined stack size too large error while loading eBPF program
I am trying to collect simple flow level statistics using eBPF program.
I define a map as follows:
struct {
__uint(type, BPF_MAP_TYPE_HASH);
__type(key, struct network_tuple_xdp);
__type(value, struct flow_state_xdp);
…
hundredmiles
- 61
- 6
1
vote
1 answer
How can an ebpf program change kernel execution flow or call kernel functions?
I'm trying to figure out how an ebpf program can change the outcome of a function (not a syscall, in my case) in kernel space. I've found numerous articles and blog posts about how ebpf turns the kernel into a programmable kernel, but it seems like…
hfingler
- 1,931
- 4
- 29
- 36
1
vote
0 answers
ebpf unknown opcode comparing strings
I currently try to filter calls to a function by command. I try to do so with the following code where ##REPLACE_comm## is replaced by python by the command name. The double backslash are cause I am using bcc. The following code throws an error when…
johannes
- 11
- 2
1
vote
0 answers
Read highmemory page address in a BPF program
Could someone provide a replacement for kmap_load_page(page) or kmap_atomic(page) so that page memory can be read with an offset, i.e. how can the following be done in the BPF program?
struct request *req;
struct bio *bio = req->bio;
struct bio_vec…
randomcoder
- 11
- 2
1
vote
0 answers
How to write an eBPF program for a customer kernel?
I would like to be able to write eBPF programs for my customer kernel.
The problem is when I modify the kernel and add trace points for example, I won't be able to install bpfcc-tools package because they do not have that package built for my custom…
feeling_lonely
- 6,665
- 4
- 27
- 53
1
vote
0 answers
cannt able to compile bcc
I have tried many times to build bcc with LLVM but always failed.
CMake Error at CMakeLists.txt:99 (find_package):
Could not find a package configuration file provided by "LLVM" with any of
the following…
abhi
- 21
- 2
1
vote
0 answers
Recording information about block IO writes performed by user processes
I am trying to collect some block layer information related to writes performed by some target processes on the block devices. Specifically, I want to find: (1) the starting sector that needs to be written to, (2) the number of sectors written and…
Tez_Nikka
- 115
- 7
1
vote
0 answers
Increasing the size limit of my struct char array to pass in larger strings
I am passing in Strings from userspace to my BPF code and was wondering if it's possible to go beyond the size limit that is possible from my char struct array. Is it possible to put in my lines one by one to a Map and bypass the stack size limit?…
maxterthrowaway
- 53
- 5
1
vote
1 answer
Bad address error when comparing Strings within BPF
I have an example program I am running here to see if the substring matches the string and then print them out. So far, I am having trouble running the program due to a bad address. I am wondering if there is a way to fix this problem? I have…
maxterthrowaway
- 53
- 5
1
vote
0 answers
Can bpf_attach_kprobe() specify kernel module name of the function to attach?
I have a case where the same function appears in different kernel modules,
in /proc/kallsyms, something like,
address1 t function [module1]
address2 t function [module2]
Both modules are loaded on same machine. Then I want to trace the function with…
Brian Xu
- 11
- 1
1
vote
1 answer
Register errors when trying to separate strings and print them using BCC
I would like to separate some strings and print them out one by one but it seems almost impossible due to these errors. Trying to change const char str[] to const char *str seems to just net me an opcode 00 error. It seems like I am heading down the…
maxterthrowaway
- 53
- 5
1
vote
1 answer
BPF map find the number of elements
How do you find the number of elements in a BPF map? I can't find any useful information in the bcc reference guide.
veryconfusedrobot
- 75
- 1
- 1
- 8
1
vote
0 answers
"SMP is not supported on this platform"
I am currently trying to use an eBPF program on a Raspberry Pi 3 Model B V1.2, that has Ubuntu installed. For managing the compilation, system calls and all that, I use the BPF compiler collection.
Whenever BCC tries to compile the program, I get a…
ObiBabobi
- 63
- 4
1
vote
1 answer
How to trace a java process with eBPF (BCC)
I want to use Uprobe in eBPF to trace the Java program I wrote, but I do not know how to find the symbol table corresponding to the Java program. In C language, platform-related executable files will be generated after compilation, and the…
KuangSanSAMA
- 11
- 2