Re: Notification when an eBPF map is modified

Home Messages Hashtags Subgroups

Raffaele Sommese #1429 bpf tracepoints have been removed from recent linux so the you need to use kprobe to trace update/delete. typical map_update_elem and map_delete_elem first argument is 'struct bpf_map map', you can get name and id from there: Hello again :) It seems that there is 2 function that can be traced inside the kernel, one is map_update_elem, and it is the syscall, the other one is the BPF helper. I have successful attach my ebpf code to the first one, but it doesn't have as parameter struct bpf_map map (it have a union bpf_attr). If I attach my program to the bpf_map_update_elem (that I think is the function name of BPF helper), I don't receive any event. I'm using the last version of bcc and of kernel. I try also with kprobe program of perf kernel suite with the same results. I was looking for this helper BPF_CALL_4 (bpf_map_update_elem, struct bpf_map , map, void , key, void *, value, u64, flags) Thank you again for the support, Raffaele -- ________________________________ Raffaele Sommese Mail:raffysommy@... About me:https://about.me/r4ffy Gpg Key:http://www.r4ffy.info/Openpgp.asc GPG key ID: 0x830b1428cf91db2a on http://pgp.mit.edu:11371/
More All Messages By This Member

Join {iovisor-dev@lists.iovisor.org to automatically receive all group messages.