liiir1985 7f62dcda9f | ||
---|---|---|
.. | ||
android | ||
arm64 | ||
bin | ||
powerpc | ||
x86 | ||
Android.bp | ||
Makefile | ||
README.md | ||
bashreadline.bpf.c | ||
bashreadline.c | ||
bashreadline.h | ||
bindsnoop.bpf.c | ||
bindsnoop.c | ||
bindsnoop.h | ||
biolatency.bpf.c | ||
biolatency.c | ||
biolatency.h | ||
biopattern.bpf.c | ||
biopattern.c | ||
biopattern.h | ||
biosnoop.bpf.c | ||
biosnoop.c | ||
biosnoop.h | ||
biostacks.bpf.c | ||
biostacks.c | ||
biostacks.h | ||
bitesize.bpf.c | ||
bitesize.c | ||
bitesize.h | ||
bits.bpf.h | ||
blk_types.h | ||
cachestat.bpf.c | ||
cachestat.c | ||
core_fixes.bpf.h | ||
cpudist.bpf.c | ||
cpudist.c | ||
cpudist.h | ||
cpufreq.bpf.c | ||
cpufreq.c | ||
cpufreq.h | ||
drsnoop.bpf.c | ||
drsnoop.c | ||
drsnoop.h | ||
drsnoop_example.txt | ||
errno_helpers.c | ||
errno_helpers.h | ||
execsnoop.bpf.c | ||
execsnoop.c | ||
execsnoop.h | ||
exitsnoop.bpf.c | ||
exitsnoop.c | ||
exitsnoop.h | ||
filelife.bpf.c | ||
filelife.c | ||
filelife.h | ||
filetop.bpf.c | ||
filetop.c | ||
filetop.h | ||
fsdist.bpf.c | ||
fsdist.c | ||
fsdist.h | ||
fsslower.bpf.c | ||
fsslower.c | ||
fsslower.h | ||
funclatency.bpf.c | ||
funclatency.c | ||
funclatency.h | ||
gethostlatency.bpf.c | ||
gethostlatency.c | ||
gethostlatency.h | ||
hardirqs.bpf.c | ||
hardirqs.c | ||
hardirqs.h | ||
kernel.config | ||
klockstat.bpf.c | ||
klockstat.c | ||
klockstat.h | ||
ksnoop.bpf.c | ||
ksnoop.c | ||
ksnoop.h | ||
llcstat.bpf.c | ||
llcstat.c | ||
llcstat.h | ||
map_helpers.c | ||
map_helpers.h | ||
maps.bpf.h | ||
mountsnoop.bpf.c | ||
mountsnoop.c | ||
mountsnoop.h | ||
numamove.bpf.c | ||
numamove.c | ||
offcputime.bpf.c | ||
offcputime.c | ||
offcputime.h | ||
oomkill.bpf.c | ||
oomkill.c | ||
oomkill.h | ||
opensnoop.bpf.c | ||
opensnoop.c | ||
opensnoop.h | ||
readahead.bpf.c | ||
readahead.c | ||
readahead.h | ||
runqlat.bpf.c | ||
runqlat.c | ||
runqlat.h | ||
runqlen.bpf.c | ||
runqlen.c | ||
runqlen.h | ||
runqslower.bpf.c | ||
runqslower.c | ||
runqslower.h | ||
runqslower_example.txt | ||
softirqs.bpf.c | ||
softirqs.c | ||
softirqs.h | ||
solisten.bpf.c | ||
solisten.c | ||
solisten.h | ||
stat.h | ||
statsnoop.bpf.c | ||
statsnoop.c | ||
statsnoop.h | ||
syscall_helpers.c | ||
syscall_helpers.h | ||
syscount.bpf.c | ||
syscount.c | ||
syscount.h | ||
tcpconnect.bpf.c | ||
tcpconnect.c | ||
tcpconnect.h | ||
tcpconnlat.bpf.c | ||
tcpconnlat.c | ||
tcpconnlat.h | ||
tcprtt.bpf.c | ||
tcprtt.c | ||
tcprtt.h | ||
tcpsynbl.bpf.c | ||
tcpsynbl.c | ||
tcpsynbl.h | ||
trace_helpers.c | ||
trace_helpers.h | ||
uprobe_helpers.c | ||
uprobe_helpers.h | ||
vfsstat.bpf.c | ||
vfsstat.c | ||
vfsstat.h |
README.md
Useful links
Building
To build libbpf-based tools, simply run make
. This will build all the listed
tools/applications. All the build artifacts, by default, go into .output
subdirectory to keep source code and build artifacts completely separate. The
only exception is resulting tool binaries, which are put in a current
directory. make clean
will clean up all the build artifacts, including
generated binaries.
Given that the libbpf package might not be available across wide variety of
distributions, all libbpf-based tools are linked statically against a version
of libbpf that BCC links against (from submodule under src/cc/libbpf). This
results in binaries with minimal amount of dependencies (libc, libelf, and
libz are linked dynamically, though, given their widespread availability).
If your build fails because the libbpf submodule is outdated, try running git submodule update --init --recursive
.
Tools are expected to follow a simple naming convention:
- .c contains userspace C code of a tool.
- .bpf.c contains BPF C code, which gets compiled into BPF ELF file. This ELF file is used to generate BPF skeleton .skel.h, which is subsequently is included from .c.
- .h can optionally contain any types and constants, shared by both BPF and userspace sides of a tool.
For such cases, simply adding name to Makefile's APPS variable will ensure this tool is built alongside others.
For more complicated applications, some extra Makefile rules might need to be created. For such cases, it is advised to put application into a dedicated subdirectory and link it from main Makefile.
vmlinux.h generation
vmlinux.h contains all kernel types, both exported and internal-only. BPF CO-RE-based applications are expected to include this file in their BPF program C source code to avoid dependency on kernel headers package.
For more reproducible builds, vmlinux.h header file is pre-generated and
checked in along the other sources. This is done to avoid dependency on
specific user/build server's kernel configuration, because vmlinux.h
generation depends on having a kernel with BTF type information built-in
(which is enabled by CONFIG_DEBUG_INFO_BTF=y
Kconfig option See below).
vmlinux.h is generated from upstream Linux version at particular minor
version tag. E.g., vmlinux_505.h
is generated from v5.5 tag. Exact set of
types available in compiled kernel depends on configuration used to compile
it. To generate present vmlinux.h header, default configuration was used, with
only extra CONFIG_DEBUG_INFO_BTF=y
option enabled.
Given different kernel version can have incompatible type definitions, it might be important to use vmlinux.h of a specific kernel version as a "base" version of header. To that extent, all vmlinux.h headers are versioned by appending suffix to a file name. There is always a symbolic link vmlinux.h, that points to whichever version is deemed to be default (usually, latest).
bpftool
bpftool is a universal tool used for inspection of BPF resources, as well as providing various extra BPF-related facilities, like code-generation of BPF program skeletons. The latter functionality is heavily used by these tools to load and interact with BPF programs.
Given bpftool package can't yet be expected to be available widely across many distributions, bpftool binary is checked in into BCC repository in bin/ subdirectory. Once bpftool package is more widely available, this can be changed in favor of using pre-packaged version of bpftool.
Re-compiling your Kernel with CONFIG_DEBUG_INFO_BTF=y
libbpf probes to see if your sys fs exports the file /sys/kernel/btf/vmlinux
(from Kernel 5.5+) or if you have the ELF version in your system code
Please note the ELF file could exist without the BTF info in it. Your Kconfig should contain the options below
- Compile options
CONFIG_DEBUG_INFO_BTF=y
CONFIG_DEBUG_INFO=y
- Also, make sure that you have pahole 1.13 (or preferably 1.16+) during the kernel build (it comes from dwarves package). Without it, BTF won't be generated, and on older kernels you'd get only warning, but still would build kernel successfully