Highest Voted 'libbpf' Questions

3

votes

1 answer

How to make eBPF program sleepable

I've been reading about sleepable eBPF programs, specifically this article provides a nice introduction. However I am struggling to find any documentation or examples on how to actually achieve this in code. Any tips or links to documentation are…

asked Mar 28 '23 at 18:19

nela

429
5
13

3

votes

1 answer

Thread safe operations on XDP

I was able to confirm from the documentation that bpf_map_update_elem is an atomic operation if done on HASH_MAPs. Source (https://man7.org/linux/man-pages/man2/bpf.2.html). [Cite: map_update_elem() replaces existing elements atomically] My question…

ebpf bpf xdp-bpf xdp-ebpf libbpf

asked May 10 '22 at 18:31

Rishab

73
4

2

votes

1 answer

How to release a BPF map that was created by the bpftool?

I am a complete novice at anything ebpf but trying out some random ideas to get some knowledge. I've built the libbpf library downloaded from (https://github.com/libbpf/libbpf-bootstrap) and test bpftool at first. And then I tried to create a map by…

ebpf bpf libbpf

asked Aug 15 '23 at 16:39

Leo Lang

21
1

2

votes

1 answer

What is the difference between syscalls openat and sys_enter_openat?

I see for python BCC implementation the syscall __x64_sys_openat is used to attach a kprobe, however in libbpf implementation a kprobe is attached to sys_enter_openat. It seems both capture openat() syscall, I tested it with cat file.txt. What is…

system-calls ebpf bcc-bpf libbpf

asked Mar 29 '22 at 21:17

phoxd

1,546
3
12
26

2

votes

0 answers

why bpf ringbuf can not use in uprobe of libbpf?

Recently, I am trying to use bpf ringbuf in uprobe example of libbpf. But when running, error occurred which is "libbpf: load bpf program failed: Invalid argument". I have no idea why this happened. Could anyone help? Below is my test code. Kernel…

bpf libbpf

asked Feb 07 '22 at 16:05

Hankin

45
4

1

vote

1 answer

BPF tracepoint args and why they're different in different example code

I've done a lot of searching for information about writing a BPF program for tracepoints and I seem to be missing an important nugget of information that I can't find a definitive answer for. Let's take tracepoint/syscalls/sys_enter_open as an…

ebpf bpf bcc-bpf libbpf

asked Aug 03 '23 at 18:23

Greg Brown

43
5

1

vote

1 answer

eBPF program execution context

I'm experimenting with writing eBPF using libbpf but the documentation is very sparse and I'm having troubles understanding even some basic things related to eBPF program execution. I'm mostly interested in BPF_PROG_TYPE_PERF_EVENT program type, in…

linux linux-kernel perf ebpf libbpf

asked Jul 15 '23 at 08:59

Eyjafl

1,046
6
14

1

vote

1 answer

Extract packet data using BPF from struct msghr

I am trying to hook to sock_sendmsg and print the packet data. Here is my code. #include "vmlinux.h" #include #include #include #define IP_169_254_169_254 0xFEA9FEA #define TASK_COMM_LEN…

ebpf bpf libbpf

asked Jun 15 '23 at 16:31

ayushman999

511
3
6
16

1

vote

1 answer

invalid access to memory, R3 min value is outside of the allowed memory range

I am trying to write a BPF TC program to filter network packets based on its payload. I extract first few bytes of the payload into a buffer and try to do a substring search in that buffer. However my BPF program fails verification with…

ebpf libbpf

asked May 03 '23 at 06:27

unmukt jain

11
2

1

vote

0 answers

Retrieving user friendly TSC from a bpf program

Is there any way to correlate user accessible timestamps like RDTSC with timestamps from bpf_ktime_get_ns() in a bpf program? The reason of asking is that the kernel time is not related to time that user can get. So I need to find out a graceful…

ebpf libbpf

asked Mar 24 '23 at 12:31

vtsymbal

21
2

1

vote

1 answer

A bpf program is loaded but not found: how to debug it

Short description of problem/question In bpf samples, the libbpf calls in user program were successful: bpf_object__open_file bpf_object__load But the following ones failed: bpf_object__find_program_by_name bpf_object__find_map_fd_by_name Ho to…

ebpf libbpf

asked Mar 07 '23 at 21:43

vtsymbal

21
2

1

vote

0 answers

Can't compile linux kernel 5.10 with BTF type info enabled

I am want to compile linux 5.10.162 with CONFIG_DEBUG_INFO_BTF=y, the end goal being to enable bpf CO-RE. However, the build is failing with: + ./tools/bpf/resolve_btfids/resolve_btfids vmlinux FAILED unresolved symbol udp_sock I first thought it…

linux-kernel ebpf bpf libbpf

asked Feb 17 '23 at 10:01

Ivan Kalchev

345
1
4
9

1

vote

1 answer

How to access user space function arguments in bpf?

I am trying to instrument a user space nginx function by using libbpf. I am able to attach a uprobe it, and print pid, tid and so on from the probe. However, I am having great issues whenever I try to parse function argument data. I have been able…

linux-kernel ebpf bpf libbpf

asked Dec 06 '22 at 14:07

nela

429
5
13

1

vote

1 answer

Sharing maps between same eBPF programs loaded onto different interfaces with libbpf

I want to load the same eBPF program for XDP hook onto different interfaces of a switch and all the programs should share the same map. I have gone through the post (exactly my target) post 1 and post 2. However, I could not get things up and…

ebpf bpf xdp-bpf libbpf

asked Nov 30 '22 at 22:16

hundredmiles

61
6

1

vote

1 answer

Is it possible to create and send a packet from a bpf program?

Idea: The first way is to create a brand-new packet in the bpf program and send it to the specified receiver. The second way is to copy a packet. To make it easy to distinguish, below I call the packet I get from copying as packet_copy. Then I can…

ebpf libbpf

asked Sep 20 '22 at 08:09

luke zou

21
4

Questions tagged [libbpf]