Il giorno lun 6 ago 2018 alle ore 19:40 Y Song <ys114321@...> ha scritto:
On Mon, Aug 6, 2018 at 10:17 AM, Raffaele Sommese <raffysommy@...> wrote:
Please directly use the map lookup function for the specific map.
bpf tracepoints have been removed from recent linux so the you need toHello again :)
use kprobe to trace update/delete.
typical map_update_elem and map_delete_elem first argument is
'struct bpf_map *map', you can get name and id from there:
It seems that there is 2 function that can be traced inside the
kernel, one is map_update_elem, and it is the syscall, the other one
is the BPF helper.
I have successful attach my ebpf code to the first one, but it doesn't
have as parameter struct bpf_map *map (it have a union bpf_attr).
If I attach my program to the bpf_map_update_elem (that I think is the
function name of BPF helper), I don't receive any event.
I'm using the last version of bcc and of kernel.
I try also with kprobe program of perf kernel suite with the same results.
I was looking for this helper BPF_CALL_4 (bpf_map_update_elem, struct
bpf_map *, map, void *, key, void *, value, u64, flags)
For example, for hashmap, the verifier is smart enough to
change the byte code to call the underlying hashmap map lookup function.
Thank you, right now I will try only to implement a solution for hashmap.
I have detected a strange behavior for lookup I can receive the event
when the map was looked, but for the updates, I don't receive
I have checked the kernel and there was the map_gen_lookup.
The strange thing is that if I use kprobe tool I can see the event on
Here is my test code: (I have tried with lookup and it works)https://gist.github.com/raffysommy/1dabe5bf9487d974f3acd1f7a32ed01chttps://gist.github.com/raffysommy/587f61c14d3e157f86da1aadd07442b1
GPG key ID: 0x830b1428cf91db2a on http://pgp.mit.edu:11371/