On Sun, Aug 30, 2020 at 4:35 PM Ian <icampbe14@...> wrote:
Here is the libbpf Logs at all levels for the open snoop program when using the pinned option for a map. This was tested on Linux Kernel v5.4 with libbpf 0.0.9, 0.1.0, and the current version. All the results of the logs were the same so I have only posted a single copy of it here. Let me know what you think and what the next steps might be! I appreciate the help and am having a good time trying to piece this together.
libbpf: section(14) .rel.eh_frame, size 32, link 15, flags 0, type=9
libbpf: skip relo .rel.eh_frame(14) for section(13)
libbpf: section(15) .symtab, size 408, link 1, flags 0, type=2
libbpf: BTF is required, but is missing or corrupted.
Ok, this is a very different issue than the kernel missing BTF. libbpf
is complaining that your opensnoop.bpf.o itself is missing BTF. And
right, BTF is required to parse map definitions properly, but it
doesn't depend on having kernel support for BTF at all. Make sure you
use recent enough Clang (v10+) and you build your opensnoop.bpf.o with
-target bpf **and** -g flag to generate debug info (including .BTF ELF