Questions related to the development of BPF tools through the use of the bcc (BPF Compiler Collection) framework.
Questions related to the development of BPF tools through the use of the bcc (BPF Compiler Collection) framework.
Questions tagged [bcc-bpf]
121 questions
0
votes
1 answer
How to get syscall table address with eBPF (BCC)
I want to use Kprobe in eBPF to fetch the syscall addresses from the syscall table. How can I perform this task?
I wrote, but I do not know how to find the symbol table corresponding to the kernel.
bbpfuser
- 1
0
votes
1 answer
Couldn't get the arguments of "echo" bash builtin function by uprobe
Sample code as follows. I use python BCC library and write a simple BPF function and try to attach uprobe on echo bash builtin function.
from bcc import BPF
prog = """
#include
int echo_catch(struct pt_regs *ctx){
char…
WKali
- 17
- 4
0
votes
0 answers
Why does the timestamp from context switch traces using eBPF on Ubuntu 20.04 jump in value throughout the job execution?
I'm using eBPF to trace context switches on a bare metal Ubuntu 20.04 server. For some reason, the timestamp from the traces jumps in value during the job execution, and I'm not sure why. My eBPF program to trace is as follows:
!/usr/bin/python
#
#…
Jawand S.
- 148
- 10
0
votes
1 answer
Counting Byte Occurrence in Read Files in BPF
I am relatively new to BPF and trying to write a program that counts the occurrence of each byte read from a file (later will calculate entropy).
The idea is to have two BPF_PERCPU_ARRAYS to circumvent stack size limitations. To one, I will copy the…
johannes
- 11
- 2
0
votes
1 answer
Implementing bcc's killsnoop in C
I'm trying to implement the killsnoop.py program in bcc in C. When executing the program, I'm getting a failed to load: -13 error. Can someone help me to debug this?
Note: For compilation, I've taken the libbpf-bootstrap example from Andrii…
Yogaraj
- 322
- 1
- 4
- 17
0
votes
0 answers
How to use stackcount bcc tool with Rust?
I would like to create a memory flamegraph of a process using bcc/eBPF as seen here and using:
sudo ./stackcount-bpfcc -p -U -r ".*malloc.*" -v -d
Doesn't seem to write anything interesting in stdout, just have this:
cannot attach kprobe,…
elmattic
- 12,046
- 5
- 43
- 79
0
votes
1 answer
Can I access the intermediate C code generated by BCC (BPF Compiler Collection)?
I'm developing eBPF programs for kernel tracing using BCC. Once I got the following error message when running my code:
/virtual/main.c:16:36: error: member reference type 'struct Qdisc *' is a pointer; did you mean to use '->'?
…
sk_buff
- 81
- 7
0
votes
0 answers
Update destination port with bcc and xdp
I am running an application in port 80 in a container. Now I want to call it by using port 90 and xdp will change the port from 90 to 80. But for some reason, I am getting any response or server is not getting any call either. Here is my ebf…
Omar Faroque Anik
- 2,531
- 1
- 29
- 42
0
votes
1 answer
share information between function(BPF/XDP)
Objective: If process id/name = xxx then drop the packet
So, I am bit confused. So far I know you can't extract process information from XDP but bpf trace allows you to trace it.
Here's my probable solution, use bpf hash maps to share information…
CureofQuarantine
- 25
- 4
0
votes
1 answer
eBPF bcctools get contents from tracepipe
This is small program that traces communication in tracepipe. My question is how do I access the contents of tracepipe using bcctools.
I tried manually reading the file using fopen but that does not work, is there any function I am not aware…
zexapod
- 45
- 6
0
votes
1 answer
Is there a function to get process via bpf_trace?
Context: I am trying to trace packet of a particular port and redirect it but for a particular process. Right now it traces throughout the interface.
#define KBUILD_MODNAME "filter"
#include
#include
#include…
zexapod
- 45
- 6
0
votes
0 answers
What are the differences between CGO invocations in the main package vs a module?
I have written a BPF program that I can install using gobpf, i.e. using their bcc tooling. While this works alright from a main package, this breaks as soon as I move it into a package for importing it as a module.
To clarify: It works with all code…
debugloop
- 1
- 1
0
votes
1 answer
Colon functions and $ variables in c++?
I'm still a bit new to c++ and I'm having trouble understanding what this piece of code is doing:
#include
BEGIN
{
printf("%-8s %-6s %-16s %-2s %-16s %-5s\n", "TIME", "PID", "COMM",
"IP", "RADDR",…
Tamoor Hamid
- 25
- 3
0
votes
1 answer
Trying to count the correct number of characters in a string in BPF
I am trying to count a passed in pointer string in BPF but I am left with this really long error that I am unable to understand. I am basically trying to recreate strlen within BPF to count the size of my passed in string*. The interesting area from…
maxterthrowaway
- 53
- 5
0
votes
1 answer
Sending strings to BPF Map Space and printing them out
I have a small txt file that I would like to write to BPF here. Here is what my python code looks like for BPF but I am unable to print out anything as of now. I keep ending up with a Failed to load program: Invalid argument with a bunch of register…
maxterthrowaway
- 53
- 5