Skip to content

Latest commit

 

History

History

bpf-apps

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
libbpf
libbpf
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
bashreadline.bpf.c
bashreadline.bpf.c
 
 
bashreadline.c
bashreadline.c
 
 
bashreadline.h
bashreadline.h
 
 
bashreadline.skel.h
bashreadline.skel.h
 
 
block_shell.bpf.c
block_shell.bpf.c
 
 
block_shell.c
block_shell.c
 
 
block_shell.skel.h
block_shell.skel.h
 
 
execsnoop.bpf.c
execsnoop.bpf.c
 
 
execsnoop.c
execsnoop.c
 
 
execsnoop.h
execsnoop.h
 
 
execsnoop.skel.h
execsnoop.skel.h
 
 
execsnoop_v2.bpf.c
execsnoop_v2.bpf.c
 
 
execsnoop_v2.c
execsnoop_v2.c
 
 
execsnoop_v2.h
execsnoop_v2.h
 
 
execsnoop_v2.skel.h
execsnoop_v2.skel.h
 
 
hello.bpf.c
hello.bpf.c
 
 
hello.c
hello.c
 
 
hello.skel.h
hello.skel.h
 
 
hello_btf.bpf.c
hello_btf.bpf.c
 
 
hello_btf.c
hello_btf.c
 
 
hello_btf.skel.h
hello_btf.skel.h
 
 
http_trace.bpf.c
http_trace.bpf.c
 
 
http_trace.c
http_trace.c
 
 
http_trace.h
http_trace.h
 
 
http_trace.skel.h
http_trace.skel.h
 
 
https_trace.bpf.c
https_trace.bpf.c
 
 
https_trace.c
https_trace.c
 
 
https_trace.h
https_trace.h
 
 
https_trace.skel.h
https_trace.skel.h
 
 
https_trace_bad.bpf.c
https_trace_bad.bpf.c
 
 
https_trace_bad.c
https_trace_bad.c
 
 
https_trace_bad.skel.h
https_trace_bad.skel.h
 
 
tc_block_tcp.bpf.c
tc_block_tcp.bpf.c
 
 
tc_block_tcp.c
tc_block_tcp.c
 
 
tc_block_tcp.skel.h
tc_block_tcp.skel.h
 
 
uprobe_helpers.h
uprobe_helpers.h
 
 
vmlinux.h
vmlinux.h
 
 
xdp_drop.bpf.c
xdp_drop.bpf.c
 
 
xdp_drop.c
xdp_drop.c
 
 
xdp_drop.skel.h
xdp_drop.skel.h
 
 
xdp_drop_test.bpf.c
xdp_drop_test.bpf.c
 
 
xdp_drop_test.c
xdp_drop_test.c
 
 
xdp_drop_test.skel.h
xdp_drop_test.skel.h
 
 
xdp_drop_trace.bpf.c
xdp_drop_trace.bpf.c
 
 
xdp_drop_trace.c
xdp_drop_trace.c
 
 
xdp_drop_trace.skel.h
xdp_drop_trace.skel.h
 
 
xdppass.bpf.c
xdppass.bpf.c
 
 
xdppass.c
xdppass.c
 
 
xdppass.skel.h
xdppass.skel.h
 
 

README.md

eBPF apps with libbpf

Contents

  • hello: hello world for libbpf.
  • execsnoop and execsnoop_v2: kprobe for tracepoint/syscalls/sys_enter_execve.
  • bashreadline: uprobe for bash's readline.
  • hello_btf: custom BTF Hello world for kernel without built-in BTF support.

Pre-requisites

To use BTF and CO-RE, CONFIG_DEBUG_INFO_BTF=y and CONFIG_DEBUG_INFO_BTF_MODULES=y need to be enabled. If you don't want to rebuild the kernel, the following distos have enabled those options by default:

  • Ubuntu 20.10+
  • Fedora 31+
  • RHEL 8.2+
  • Debian 11+

And to build bpf applications, the following development tools should also be installed:

# Ubuntu
sudo apt-get install -y make clang llvm libelf-dev linux-tools-$(uname -r)

# RHEL
sudo yum install -y make clang llvm elfutils-libelf-devel bpftool