On Wed, Mar 25, 2020 at 6:45 AM <mayfieldtristan@...> wrote:

bpf_probe_read_str() has been there for a long time, at least 4.12 or
even older.

I found out that the cloned the kernel tree from the Ubuntu repo (i.e. "git clone --depth 1 git://kernel.ubuntu.com/ubuntu/ubuntu-bionic.git") for Bionic was the issue. For some reason it doesn't have an up to date libbpf library and so doesn't have bpf_probe_read_str(). I think going forward, getting the API from the repo you recommended or from the official kernel source is the way to go.

I appreciate the pointers for my BPF program. If using github.com/libbpf/libbpf, should I just plan on loading and attaching programs manually instead of using bpf_load.h? I've been looking through the bcc/libbpf-tools/ directory and it looks like they're making use of bpf_load.h and BTF/CO-RE. I've tried using bpf_load.h/c with the standalone libbpf, but I've gotten some difficult linking issues I haven't been able to resolve.

Take a closer look. libbpf-tools do not use bpf_load.h, that one is
deprecated and its use is discouraged. libbpf-tools rely on
code-generated BPF skeleton. But really, get a close look at
libbpf-tools, it has everything you need to get started.

Please keep this discussion on mailing list, though, it might benefit
someone else.

Agreed, the last message I replied to just you accidentally.
Thanks again for the help.