2
2
3
3
[ ![ Github Actions] ( https://github.com/libbpf/libbpf-bootstrap/actions/workflows/build.yml/badge.svg )] ( https://github.com/libbpf/libbpf-bootstrap/actions/workflows/build.yml )
4
4
5
- ## Minimal
5
+ ## minimal
6
6
7
7
` minimal ` is just that – a minimal practical BPF application example. It
8
8
doesn't use or require BPF CO-RE, so should run on quite old kernels. It
@@ -22,7 +22,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
22
22
` minimal ` is great as a bare-bones experimental playground to quickly try out
23
23
new ideas or BPF features.
24
24
25
- ## Minimal_ns
25
+ ## minimal_ns
26
26
27
27
` minimal_ns ` is as same as ` minimal ` but for namespaced environments.
28
28
` minimal ` would not work in environments that have namespace, like containers,
@@ -39,7 +39,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
39
39
< ...> -3840345 [022] d...1 8804.331215: bpf_trace_printk: BPF triggered from PID 9087.
40
40
```
41
41
42
- ## Minimal_Legacy
42
+ ## minimal_Legacy
43
43
44
44
This version of ` minimal ` is modified to allow running on even older kernels
45
45
that do not allow global variables. bpf_printk uses global variables unless
@@ -58,7 +58,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
58
58
minimal_legacy-52030 [001] .... 491230.842432: 0x00000001: BPF triggered from PID 52030.
59
59
```
60
60
61
- ## Bootstrap
61
+ ## bootstrap
62
62
63
63
` bootstrap ` is an example of a simple (but realistic) BPF application. It
64
64
tracks process starts (` exec() ` family of syscalls, to be precise) and exits
@@ -107,7 +107,7 @@ TIME EVENT COMM PID PPID FILENAME/EXIT CODE
107
107
...
108
108
```
109
109
110
- ## Uprobe
110
+ ## uprobe
111
111
112
112
` uprobe ` is an example of dealing with user-space entry and exit (return) probes,
113
113
` uprobe ` and ` uretprobe ` in libbpf lingo. It attached ` uprobe ` and ` uretprobe `
@@ -136,7 +136,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
136
136
uprobe-1809291 [007] .... 4017234.106701: 0: uprobed_sub EXIT: return = 0
137
137
```
138
138
139
- ## USDT
139
+ ## usdt
140
140
141
141
` usdt ` is an example of dealing with USDT probe. It attaches USDT BPF programs to
142
142
the [ libc: setjmp ] ( https://www.gnu.org/software/libc/manual/html_node/Non_002dlocal-Goto-Probes.html ) probe, which is triggered by calling ` setjmp ` in user-space program once per second and logs USDT arguments using ` bpf_printk() ` macro:
@@ -158,7 +158,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
158
158
usdt-1919077 [005] d..21 537311.886227: bpf_trace_printk: USDT manual attach to libc:setjmp: arg1 = 55d03d6a42a0, arg2 = 0, arg3 = 55d03d65e54e
159
159
```
160
160
161
- ## Fentry
161
+ ## fentry
162
162
163
163
` fentry ` is an example that uses fentry and fexit BPF programs for tracing. It
164
164
attaches ` fentry ` and ` fexit ` traces to ` do_unlinkat() ` which is called when a
@@ -193,7 +193,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
193
193
rm-9290 [004] d..2 4637.798843: bpf_trace_printk: fexit: pid = 9290, filename = test_file2, ret = 0
194
194
```
195
195
196
- ## Kprobe
196
+ ## kprobe
197
197
198
198
` kprobe ` is an example of dealing with kernel-space entry and exit (return)
199
199
probes, ` kprobe ` and ` kretprobe ` in libbpf lingo. It attaches ` kprobe ` and
@@ -219,7 +219,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
219
219
rm-9346 [005] d..4 4710.951895: bpf_trace_printk: KPROBE EXIT: ret = 0
220
220
```
221
221
222
- ## XDP
222
+ ## xdp
223
223
224
224
` xdp ` is an example written in Rust (using libbpf-rs). It attaches to
225
225
the ingress path of networking device and logs the size of each packet,
@@ -242,7 +242,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
242
242
< ...> -2813507 [000] d.s1 602386.696735: bpf_trace_printk: packet size: 66
243
243
```
244
244
245
- ## TC
245
+ ## tc
246
246
247
247
` tc ` (short for Traffic Control) is an example of handling ingress network traffics.
248
248
It creates a qdisc on the ` lo ` interface and attaches the ` tc_ingress ` BPF program to it.
@@ -266,7 +266,7 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
266
266
node-1254811 [007] ..s1 8737831.674550: 0: Got IP packet: tot_len: 71, ttl: 64
267
267
```
268
268
269
- ## Profile
269
+ ## profile
270
270
271
271
` profile ` is an example written in Rust and C with BlazeSym. It
272
272
attaches to perf events, sampling on every processor periodically. It
@@ -288,7 +288,7 @@ No Userspace Stack
288
288
289
289
C version and Rust version show the same content. Both of them use BlazeSym to symbolize stacktraces.
290
290
291
- ## Socket filter
291
+ ## sockfilter
292
292
293
293
` sockfilter ` is an example of monitoring packet and dealing with ` __sk_buff `
294
294
structure. It attaches ` socket ` BPF program to ` sock_queue_rcv_skb() ` function
@@ -310,7 +310,8 @@ This serves as a cross reference for folks coming from different backgrounds.
310
310
311
311
## Install Dependencies
312
312
313
- You will need ` clang ` , ` libelf ` and ` zlib ` to build the examples, package names may vary across distros.
313
+ You will need ` clang ` (at least v11 or later), ` libelf ` and ` zlib ` to build
314
+ the examples, package names may vary across distros.
314
315
315
316
On Ubuntu/Debian, you need:
316
317
``` shell
0 commit comments