Highest Voted 'bcc-bpf' Questions

0

votes

1 answer

python interaction with BPF maps

I'm wondering if there is an easy to to initialize BPF maps from python userspace. For my project, I'll have a scary looking NxN 2d array of floats for each process. For simplicity's sake, lets assume N is constant across processes (say 5). To…

asked Apr 23 '20 at 17:07

byrnesj1

189
1
14

0

votes

1 answer

How to drop skb_buff use ebpf/bcc?

I am running the bcc example /http_filter/http-parse-simple.c, in which a comment explains: /* eBPF program. Filter IP and TCP packets, having payload not empty and containing "HTTP", "GET", "POST" ... as first bytes of payload if the…

python linux-kernel bpf ebpf bcc-bpf

asked Jan 07 '20 at 03:32

Vector

67
1
5

0

votes

0 answers

EBPF probe for compiled inlined function

Id like to create an EBPF program for Golang that records when a function is entered and returns. Some issues I have: A. Functions are inlined. B. Closures are anonymous. C. Reading Golang structs. Questions: A. In my case its not possible to…

go bpf ebpf bcc-bpf

asked Jan 04 '20 at 22:49

zino

1,222
2
17
47

0

votes

2 answers

Exception: Failed to attach BPF to kprobe when executing sudo opensnoop-bpfcc

When I try to execute sudo opensnoop-bpfcc I get this message: In file included from /virtual/main.c:4: In file included from include/linux/sched.h:14: In file included from include/linux/pid.h:5: In file included from…

ebpf kprobe bcc-bpf

asked Jul 22 '19 at 16:38

Maicake

1,046
10
34

0

votes

1 answer

Error compiling eBPF C code out of kernel tree

I'm trying to build a BPF program written in C into the bpf bytecode needed to load it. I used this post to try to start me off: https://blogs.oracle.com/linux/notes-on-bpf-4 I do not want to use BCC due to the library dependency. I'm using ubuntu…

linux clang bpf ebpf bcc-bpf

asked Jul 10 '19 at 17:33

shaddow

405
1
4
19

0

votes

1 answer

Tried to learn eBPF tail call, fails to attach kprobe

Hi I'm trying to learn how to use eBPF maps so I tried to run the simple code I found on BCC document. import os import socket import time import logging import signal import sys import zmq import json import yaml import netifaces as ni from bcc…

linux ebpf bcc-bpf

asked Jun 30 '19 at 21:57

Rosè

345
2
13

0

votes

0 answers

eBPF(BCC) destination IP address from kernel space and user space doesn't match

I'm using eBPF and BCC to print out IP addresses of the packets I'm receiving. For the kernel, I've programmed a code to print out from ip_t -> dst; which I assume it's an address of the destination. For the user space, I've programmed a code to…

networking kernel ebpf bcc-bpf

asked Jun 18 '19 at 07:07

Rosè

345
2
13

0

votes

1 answer

headers not working at a kernel level on eBPF code

So I'm developing something on eBPF. I needed to use the unistd.h header because I wanted to use sleep function. However, I realized that when I type in #include these headers don't get included and I would get an error saying: warning…

c header kernel ebpf bcc-bpf

asked Mar 28 '19 at 15:19

Rosè

345
2
13

0

votes

1 answer

bpf/bcc reports error when trying to access `struct rq`

This is my bpf program to profile a kernel function pick_next_task_fiar. #include #include #include #include struct rq; // forward declaration struct val_t { …

linux kernel bpf ebpf bcc-bpf

asked Feb 08 '19 at 02:23

Chen Wei

392
2
12

0

votes

0 answers

bcc tools memleak for userspacel wide memory leak detection

Is there anyone who has used the memleak tool from bcc to profile userspace memory allocations? I've been trying to adapt it to do that, but it seems highly unreliable, ie the first batch of outstanding allocations seems fine when tested with a…

linux profiling bpf bcc-bpf

asked Aug 16 '18 at 21:47

Andrei Diaconu

1
1

0

votes

1 answer

Always get 0 session ID in BPF program

I am trying to write a BPF program that examines the session ID of any process that calls the tty_write kernel function. I am trying to do this by retrieving a field from the current task_struct struct. My code is as follows:…

bpf ebpf kprobe bcc-bpf

asked Feb 13 '18 at 23:04

dippynark

2,743
20
58

-1

votes

1 answer

adding code to bpf _kernel.c file for uprobe SEC routines (libbpf +c)

I am trying function count for given executable and pattern. trying to explore latest introduced API bpf_program__attach_uprobe_multi, couldn't find example for the same. below code failing with invalid argument. added prints in libbpf code, looks…

c ebpf bcc-bpf libbpf

asked Aug 23 '23 at 04:02

nullptr

5
3

-1

votes

1 answer

are bpf_probe_read's atomic?

Are bpf_probe_read functions etc, atomic ? And do they inc ref counts of the data structure they're are reading, because if the operation is not atomic while the read is going through the kernel deallocates that data structure can it not cause a…

ebpf bpf bcc-bpf libbpf

asked Feb 24 '23 at 09:00

vpidatala94

1

-1

votes

1 answer

Is there a String size limit when sending strings back to BPF code and back to userspace?

I am sending this sentence through my BPF code through a BPF Char Array here: jmommyijsadifjasdijfa, hello, world And when I print out my output, I only seem to get this output jmommyij I seem to be hitting some kind of String size limit. Is…

bpf ebpf bcc-bpf

asked Jul 29 '21 at 15:05

maxterthrowaway

53
5

-1

votes

1 answer

Failure to trace some syscalls with eBPF

I am using bcc to trace several syscalls, why is it that I can trace syscalls like write, close, fchown using a simple attach_kprobe but can't trace syscalls like stat, fstat? I assume that are other syscalls that I can't trace but haven't found…

ebpf bcc-bpf

asked Feb 13 '20 at 23:57

Nuno Lopes

57
1
7

Questions tagged [bcc-bpf]