Login/Register

ebpf Questions

3

Solved

I've seen that userspace version of ebpf (runtime, assembler, dissasembler) are being developped (uBPF, rbpf). Why is having an userspace version of eBPF interesting ? Do those alternatives focus o...
linux-kernelbpfebpf
Pomade asked 26/1, 2021 at 16:12

1

Solved

I found an eBPF sample which proxies requests, which filter which requests to filter based on the target port. I'm trying to filter by the process_id of the client instead of the target port and tr...
ebpfxdp-bpf
Stem asked 24/3, 2023 at 13:24

4

Is it possible to write a single general EBPF program that can read the unencrypted HTTPS request and response bodies of all user space programs? As I understand it, EBPF works with packets for la...
linuxhttpsnetwork-programmingbpfebpf
Co asked 2/1, 2020 at 21:40

1

Solved

I am getting into eBPF programming and want to use raw tracepoints, but I do not really understand, how to use them and how to access the arguments correctly. I would appreciate any help and hints ...
c++clinuxebpfbpf
Spireme asked 10/1, 2022 at 13:1

2

Solved

I am trying to start with BPF CO:RE Development. Using Ubuntu 20.04 LTS in a VM, I needed to recompile the kernel and install pahole (from apt install dwarves) so that BTF is enabled (I set CONFIG_...
c++linuxbpfebpf
Christi asked 24/11, 2021 at 9:45

2

Solved

I am developing an eBPF program on an Ubuntu machine: $ uname -a Linux ubuntu-bionic 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux To do th...
linuxlinux-kernelheader-filesbpfebpf
Counterstamp asked 30/3, 2019 at 22:28

1

Solved

I'm very confused on eBPF terminology that is used in the bpf syscall and libbpf functions. Could someone break down where my understanding of loading/attaching a process using bpf is wrong? My un...
linuxlinux-kernelcgroupsbpfebpf
Hydrostatic asked 6/7, 2021 at 22:43

2

Solved

I am learning BPF for my own fun, and I am having a hard time figuring out how to read argv and envp from the context passed to my eBPF program for sys_enter_execve I will show my BPF program here ...
linuxbpfebpf
Skellum asked 21/4, 2021 at 2:5

4

Solved

To simulate some behavior I would like to attach a probe to a syscall and modify the return value when certain parameters are passed. Alternatively, it would also be enough to modify the parameters...
linuxsystem-callsbpfebpf
Polenta asked 24/3, 2017 at 15:46

1

Solved

eBPF has become a prominent tool to easily and quickly monitor processes. However, I was not able to find how would one compute the impact of the probe itself on the performance. I'm sure if I hook...
performancemonitoringbpfebpf
Scram asked 10/2, 2021 at 8:29

0

As title, but the measurement result is unreasonable. Let me describe the current status. I'm using syscall getuid as measurement target, I started by measureing the complete overhead with two cloc...
linuxebpf
Redbud asked 16/1, 2021 at 19:1

2

Solved

I'm looking for an example of eBPF to write a seccomp filter, but I can't find none. Could someone tell me if is possible to use eBPF to write seccomp filter?
cbpfebpfseccomp
Scholem asked 29/8, 2019 at 14:59

1

Solved

In the kernel, eBPF maps can be defined as: struct bpf_map_def SEC("maps") my_map = { .type = BPF_MAP_TYPE_HASH, .key_size = sizeof(uint32_t), .value_size = sizeof(struct task_prov_str...
linux-kernelebpf
Callery asked 5/8, 2020 at 15:32

1

Solved

I'm trying to write a simple socket filter eBPF program that can access the socket buffer data. #include <linux/bpf.h> #include <linux/if_ether.h> #define SEC(NAME) __attribute__((sec...
linuxbpfebpf
Homotaxis asked 9/5, 2020 at 19:3

1

Solved

I do have some experience with DPDK but currently I'm reading many blogs about XDP. I am trying to compare both technologies and understand the differences between DPDK and XDP. This raises some qu...
cpudpdkebpfxdp-bpf
Worriment asked 7/5, 2020 at 19:56

1

Is it possible to share ebpf maps between different program types. I need to share a map between a tc-bpf program and a cgroup bpf program. This should be possible if the map is pinned to file syst...
linux-kernelelfbpfebpfiproute
Cartouche asked 18/10, 2019 at 17:28

2

Solved

From bpf man page: eBPF programs can be written in a restricted C that is compiled (using the clang compiler) into eBPF bytecode. Various features are omitted from this restricted C, such as l...
clinux-kernelmanpagebpfebpf
Chimney asked 28/8, 2019 at 8:44

2

Solved

I am thinking of a solution of replicating packets in the kernel and forward to 5 hosts (unicast). Planning to utilize eBPF/XDP for it. I am trying to loop for 5 times, and inside the loop I am pl...
llvm-clangbpfebpf
Outdare asked 13/5, 2019 at 7:15

1

Solved

I have been studying BPF recently, but it is not proceeding because of a very basic problem. I included linux/bpf.h as described in man bpf(2), but GCC can not find bpf function. This code is just...
bpfebpf
Giesser asked 22/2, 2019 at 7:27

2

Solved

After reading man bpf and a few other sources of documentation, I was under impression that a map can be only created by user process. However the following small program seems to magically create ...
linux-kernelbpfebpf
Hesione asked 2/1, 2018 at 20:5

1

Solved

While running some examples from samples/bpf I noticed that bpf_printk output is prepended with some extra information, e.g. : telnet-470 [001] .N.. 419421.045894: 0x00000001: BPF command: 2 BPF...
linux-kernelllvm-clangbpfebpf
Dishonor asked 20/12, 2017 at 20:54
1

© 2022 - 2024 — McMap. All rights reserved.