bcc-bpf

问题 When I run the following code I get an error. #include <uapi/linux/utsname.h> #include <linux/pid_namespace.h> struct uts_namespace { struct kref kref; struct new_utsname name; }; static __always_inline char * get_task_uts_name(struct task_struct *task){ return task->nsproxy->uts_ns->name.nodename; } int cmpNamespace(void *ctx) { struct task_struct *task; task = (struct task_struct *)bpf_get_current_task(); if (strcmp(get_task_uts_name(task),"namespace")==0){ ... } return 0; } Error: bpf:

问题 When I run the following code I get an error. #include <uapi/linux/utsname.h> #include <linux/pid_namespace.h> struct uts_namespace { struct kref kref; struct new_utsname name; }; static __always_inline char * get_task_uts_name(struct task_struct *task){ return task->nsproxy->uts_ns->name.nodename; } int cmpNamespace(void *ctx) { struct task_struct *task; task = (struct task_struct *)bpf_get_current_task(); if (strcmp(get_task_uts_name(task),"namespace")==0){ ... } return 0; } Error: bpf:

来源： https://stackoverflow.com/questions/57242204/ebpf-reading-the-result-of-getaddrinfo

来源： https://stackoverflow.com/questions/57242204/ebpf-reading-the-result-of-getaddrinfo

问题 What I want: To add a network namespace option to execsnoop bcc tool to trace only the logs with specified network namespace just like we have filter PID option in many other bcc tools. For eg: execsnoop -N "ns_id" I am using linux kernel structures to retrieve namespace id net = task->nsproxy->net_ns; and need to assign the retrieved ns to data.netns which is u32 int. What I am doing: int syscall__execve(struct pt_regs *ctx, const char __user *filename, const char __user *const __user *_

问题 Idea is to use argdist to measure latency duration of napi_poll() which returns number of packet processed (called work). Ratio of execution latency of napi_poll() to number of packets processed would give me average amount of time it took to process each packet in form of histogram. I am using following command argdist -H 'r:c:napi_poll():u64:$latency/$retval#avg time per packet (ns)' which end up giving me error Failed to attach BPF to kprobe and in dmesg I get message like Could not insert

问题 Idea is to use argdist to measure latency duration of napi_poll() which returns number of packet processed (called work). Ratio of execution latency of napi_poll() to number of packets processed would give me average amount of time it took to process each packet in form of histogram. I am using following command argdist -H 'r:c:napi_poll():u64:$latency/$retval#avg time per packet (ns)' which end up giving me error Failed to attach BPF to kprobe and in dmesg I get message like Could not insert

问题 Idea is to use argdist to measure latency duration of napi_poll() which returns number of packet processed (called work). Ratio of execution latency of napi_poll() to number of packets processed would give me average amount of time it took to process each packet in form of histogram. I am using following command argdist -H 'r:c:napi_poll():u64:$latency/$retval#avg time per packet (ns)' which end up giving me error Failed to attach BPF to kprobe and in dmesg I get message like Could not insert

问题 I am trying to write a BPF program that examines the session ID of any process that calls the tty_write kernel function. I am trying to do this by retrieving a field from the current task_struct struct. My code is as follows: SEC("kprobe/tty_write") int kprobe__tty_write(struct pt_regs *ctx) { struct task_struct *task; struct task_struct *group_leader; struct pid_link pid_link; struct pid pid; int sessionid; // get current sessionid task = (struct task_struct *)bpf_get_current_task(); bpf

问题 I am trying to write a BPF program that examines the session ID of any process that calls the tty_write kernel function. I am trying to do this by retrieving a field from the current task_struct struct. My code is as follows: SEC("kprobe/tty_write") int kprobe__tty_write(struct pt_regs *ctx) { struct task_struct *task; struct task_struct *group_leader; struct pid_link pid_link; struct pid pid; int sessionid; // get current sessionid task = (struct task_struct *)bpf_get_current_task(); bpf