Comments (6)
mythi
commented on August 15, 2024
2
@lmb I'm currently using iovisor/gobpf and just last week I built a POC that gives me the same functionality using cilium/ebpf.
In my POC, I loaded an ELF built using clang (tried LoadCollectionSpecFromReader and LoadCollection) . cilium/ebpf supports ways to overcome that cgo issue mentioned above and here's what I needed to add on top:
attr := unix.PerfEventAttr{
Type: unix.PERF_TYPE_TRACEPOINT,
Config: uint64(tid), // tracepoint id
Sample_type: unix.PERF_SAMPLE_RAW,
Sample: 1,
Wakeup: 1,
}
pfd, err := unix.PerfEventOpen(&attr, -1, 0, -1, unix.PERF_FLAG_FD_CLOEXEC)
if err != nil {
return -1, errors.Wrap(err, "unable open perf events")
}
if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(pfd), unix.PERF_EVENT_IOC_ENABLE, 0); errno != 0 {
return -1, errors.New("unable to set up perf events")
}
if _, _, errno := unix.Syscall(unix.SYS_IOCTL, uintptr(pfd), unix.PERF_EVENT_IOC_SET_BPF, uintptr(fd)); errno != 0 {
return -1, errors.New("unable to attach bpf program to perf events")
AFAICS, it's not much that needs to be added. I'm still going to check/learn how craft tracepoint programs without pre-compiling (it's not a hard requirement for me right now though)
from ebpf.
lmb
commented on August 15, 2024
Hi! We had a similar discussion on Slack a while ago. Here is the thread for posterity:
Grant Seltzer Feb 22nd at 1:04 AM
Hi everyone, I'm excited about this package but from reading documentation I don't get the impression that I can load a uprobe using it yet, is that correct?
Joe Stringer 1 month ago
Correct. At this stage this library is not intending to take over all BPF use case like tracing, it's more focused on networking use cases where the BPF programs are managed by long-running daemons.
Grant Seltzer 27 days ago
Would there be interest in that feature if I were to try to implement it? I think having static go binaries that can do eBPF tracing would be widely appreciated
Lorenz 27 days ago
Do you have a rough idea what features you want? Contributions are always welcome of course, the main questions for me are who will maintain that code, and how much additional API surface does it expose?
Lorenz 27 days ago
Especially allowing uprobes on old kernels will be difficult i think
pbnj 26 days ago
Grant, have you seen this project: https://github.com/iovisor/gobpf
Grant Seltzer 26 days ago
@pbnj Yes, I'm currently using that for a project i'm working on: https://github.com/grantseltzer/weaver
Grant Seltzer 26 days ago
I could be misunderstanding the function and purpose of this package, but the iovisor gobpf package requires dynamic linking/CGO. If there were a purely go alternative then I could make my program which instruments ebpf into a static binary, right?
Lorenz 24 days ago
yes, with the caveat that you need to ship your compiled ebpf somehow
Lorenz 24 days ago
since you're using uprobes, do you rely on CO-RE / BTF at all?
Lorenz 24 days ago
you can try the following, and see how it goes: turn the gobpf C into something you can compile with vanilla clang, and try to load it with the library. if you put the function in a uprobe section the library should recognize it: https://github.com/cilium/ebpf/blob/master/elf_reader.go#L542 (edited)
elf_reader.go:542
"uretprobe/": Kprobe,
Lorenz 24 days ago
at that point you can take a look at adding a function that attaches the ebpf to the user function, not sure how that works
From my POV it boils down to how much additional code we need for tracepoint support. For example, I suspect that supporting libbpf-style Compile-Once Rune-Everywhere is a good chunk of code. Since we don't have a use case for it at the moment I'd rather not have to maintain that. If you can do without we can probably accomodate your use case.
from ebpf.
lmb
commented on August 15, 2024
Hi Mikko, sorry for the late reply. There is currently a proposal to add a "BPF link" to the kernel: https://lore.kernel.org/bpf/?q=bpf_link The idea is that this will unify attaching BPF to things, which would be great for this library of course. I'd like to wait and see whether bpf_link becomes reality before supporting attachment in the library.
It seems like your patch is fairly self contained, do you think it could be a small independent library for the time being, or is there something missing from the public API to make this possible?
from ebpf.
florianl
commented on August 15, 2024
Thanks @mythi for demonstrating this easy way to enable tracepoints 👍
I see the concerns @lmb mentioned about the maintenance overhead.
For me, this package is also not limited to network only. BPF link sounds exciting, but might not be available in all the environment, where this package is used.
So, what about documenting this easy way for tracepoints in some kind of readme or example?
from ebpf.
lmb
commented on August 15, 2024
@mythi are you still interested in working on this? There is now a link subpackage where this would fit.
from ebpf.
lmb
commented on August 15, 2024
Florian added a nice example in #190, I think more than that is out of scope for the library.
from ebpf.
Related Issues (20)
- dae can not recognize pppoe dial-up interface and route out correctly. HOT 1
- Kernel version detection does not work with vDSO disabled HOT 6
- Allow changing line info data in btf.Line HOT 11
- load program: invalid argument: unknown func bpf_redirect_peer#155 (51 line(s) omitted)
- With the program type raw_tracepoint, no data is generated.error: loading objects: field TraceSchedWakeup: program trace_sched_wakeup: load program: permission denied: 5: (61) r1 = *(u32 *)(r7 +2784): R7 invalid mem access 'inv' (5 line(s) omitted HOT 1
- Test TestPerfReaderWakeupEvents gets stuck on some runs HOT 9
- With Linux 4.9, loadBpfObjects() failed, error=argument list too long HOT 1
- program: relocation of program targeting a module fails if CONFIG_DEBUG_INFO_BTF_MODULES is disabled HOT 3
- Unusual `go` directive in `go.mod`
- flake: TestMapIteratorAllocations HOT 1
- TestHaveProgramType/Extension fails on kernels >6.7 HOT 2
- ci: arm64 tests fail HOT 4
- deprecation of directive `//go:linkname` HOT 3
- AttachXDP failed on Ubuntu 20.04, kernel version is 5.4 HOT 3
- program: make it harder to attach Kretprobe via link.Kprobe and vice versa
- btf: CO-RE: types from (other) kmod BTF are not available HOT 3
- map Lookup allocates when key does not exist HOT 3
- DATA RACE: github.com/cilium/ebpf.(*MapSpec).createMap HOT 1
- has to have BTF in order to use bpf_spin_lock HOT 4
- enhancement: API for interacting with static and global variables HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ebpf.