Highest Voted 'bcc-bpf' Questions

5

votes

0 answers

maximum number of uprobe using bcc/bpf

I use bcc to trace userspace program with uprobe. However, I cannot attach more than 500 uprobe. I am wondering is there a limit of how many uprobe can be attached at the same time? Or is there a kernel config that I can change?

asked Nov 17 '20 at 15:56

戴均維

101
5

4

votes

1 answer

"Program too large" threshold greater than actual instruction count

I've written a couple production BPF agents, but my approach is very iterative until I please the verifier and can move on. I've reached my limit again. Here's a program that works if I have one fewer && condition -- and breaks otherwise. The…

bpf ebpf bcc-bpf

asked Nov 28 '21 at 21:07

coxley

339
2
12

4

votes

0 answers

full path for open / openat relative filenames

Using the opensnoop.py from iovisor/bcc, I'm trying to extend the ebpf code to handle extraction of full paths from a relative one. For example, running opensnoop.py and in another terminal running cat anything.txt, the output in opensnoop will show…

ebpf bcc-bpf

asked Jul 03 '21 at 23:12

Chris White

29,949
4
71
93

4

votes

1 answer

Reading sk_buff with ebpf inside dev_queue_xmit yields questionable data

I'm trying to capture outgoing ethernet frames on the local host before they are sent by inserting a kprobe into __dev_queue_xmit(). However, the bytes I extract from the sk_buff structure do not match the subsequently captured packets. I only…

linux-kernel ebpf bcc-bpf

asked May 27 '21 at 08:23

Jolly

199
6

4

votes

1 answer

while installing bcc, can't find package bpfcc

I am trying to install bcc module on my Linux machine so I can code BPF programs. I've been following up with the page https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration to build a kernel and install bcc module. However,…

bpf ebpf bcc-bpf

asked Feb 27 '19 at 14:05

Rosè

345
2
13

3

votes

2 answers

ebpf kprobe argument not matching the syscall

I'm learning eBPF and I'm playing with it in order to understand it better while following the docs but there's something I don't understand why it's not working... I have this very simple code that stops the code and returns 5. int main() { …

python linux-kernel ebpf bcc-bpf

asked May 25 '23 at 00:20

somerandomdrunkcoder

43
9

3

votes

0 answers

eBPF program in Android

How do I compile eBPF program in Android? Do I need to use adeb and bcc to compile the bpf program? I'm very confused from the Android documentation on eBPF Android documentation. Thank you!

android ebpf bcc-bpf

asked Sep 30 '21 at 08:58

jalee0606

31
1

3

votes

1 answer

How to share a ebpf map between interfaces

Is it possible to share an ebpf Map between two network interfaces. I want to write an XDP program and hook it on two devices namely eth0 and eth1. The implementation requires that they both use the same map. Is it possible to load the same program,…

bpf ebpf xdp-bpf bcc-bpf

asked Jan 10 '21 at 18:16

WIOUW

113
1
2
7

3

votes

2 answers

bcc: ImportError cannot import name BPF

I am getting the following error when trying run the example hello_world.py. Traceback (most recent call last): File "/usr/share/bcc/examples/hello_world.py", line 9, in from bcc import BPF ImportError: cannot import name BPF I…

bpf ebpf bcc-bpf

asked Sep 24 '20 at 12:42

Sagar Rakshe

2,682
1
20
25

3

votes

1 answer

Generate a executable from bcc python script

bcc uses python to compile ebpf programs, is there any convenient way to generate a executable file from these python scripts so that I can run these tracing programs on servers where clang and llvm environment are not installed?

bpf ebpf bcc-bpf

asked Feb 27 '20 at 17:29

Cauchy Schwarz

747
3
10
27

3

votes

1 answer

How to trace a go function with BPF (BCC)

I have some go-code (myclient). It looks somehow like this (here only the mypackage is relevant): package mypackage import ( ... func (o *Client) CreateUser(ctx context.Context, user *User, ...) (User, error) { ... if err != nil ... …

debugging go trace ebpf bcc-bpf

asked Dec 03 '19 at 21:00

x4k3p

1,598
2
22
42

2

votes

1 answer

What is the difference between syscalls openat and sys_enter_openat?

I see for python BCC implementation the syscall __x64_sys_openat is used to attach a kprobe, however in libbpf implementation a kprobe is attached to sys_enter_openat. It seems both capture openat() syscall, I tested it with cat file.txt. What is…

system-calls ebpf bcc-bpf libbpf

asked Mar 29 '22 at 21:17

phoxd

1,546
3
12
26

2

votes

1 answer

cannot read arguements properly from ebpf kprobe

I wrote a simple ebpf program (using libbpf) in which I hooked sendto syscall libbpf version: SEC("kprobe/sendto") int BPF_KPROBE(entry_sendto, int sockfd, char* buf, size_t len) { bpf_printk("libbpf - entry_sendto - 0 %p", ctx); …

linux-kernel system-calls bpf ebpf bcc-bpf

asked Nov 04 '21 at 16:31

Guy Arbitman

21
1
1

2

votes

1 answer

Keep getting bpf: Failed to load program: Permission denied when trying to run eBPF code

Sorry, I am really new to writing eBPF code, so I came upon an error that I can't seem to shake off. Running in sudo does not seem to help. And I wrote a slower crc32 program that compiles but this one does not want to execute no matter what. I am…

ebpf bcc-bpf

asked May 24 '21 at 21:24

Zarif Rahman

79
1
8

2

votes

0 answers

Instrument functions called in eBPF program using eBPF

I would like to write an eBPF program in order to track the functions being called in a separate running eBPF program. Also, I would like to count the number of times the respective functions have been called. Is this possible? And if so, could…

linux-kernel trace bpf ebpf bcc-bpf

asked Apr 19 '21 at 18:11

b0gd4n

39
2

Questions tagged [bcc-bpf]