nit: this is a legacy syntax of specifying BPF maps, please see [0] for some newer examples [0] https://github.com/iovisor/bcc/tree/master/libbpf-tools you don't need to bpf_probe_read() ctx here,

Hello everybody, in my XDP eBPF program I'm trying to initialize an array with a brace-enclosed list, however my code is rejected by the verifier. Here is a simple piece of code to replicate the

I've been exploring the libbpf library for different versions of the Linux kernel, and trying to rewrite some of the BCC tools. I would like to do more work with CO-RE eventually, but I'm trying to

Dear all, As software engineering research teams at the University of Sannio (Italy) and Eindhoven University of Technology (The Netherlands) we are interested in investigating the protocol used by

Thanks for your fast reply! In our infrastructure the owners of the app can logging into the production VMs that are running their apps and execute a restricted list of command with sudo (e.g.

^^^^ sudo isn't safe. If you remove the BCC tool from this one-liner, you'll find it still destroys your disk. In practice the production concern I have is for the overhead of each tool, hence the

Hi all! I am curious about whether it is safe to enable root access to BCC scripts on production machines. In my company, each team has access to their instances via ssh, and we are thinking to allow

"Andrii Nakryiko" <andrii.nakryiko@...> wrote: I assume this is the blog post[1]: [1] https://facebookmicrosites.github.io/bpf/blog/2020/02/20/bcc-to-libbpf-howto-guide.html Thanks for writing

Thanks! Glad it was useful. For kernel/libbpf development we do build Clang from sources, but you can install it from packages as well. See https://apt.llvm.org/, there are packages for Clang 10 and

Hi all, Finally found the BPF blog and it's been nice to get more information on using libbpf directly since I don't have a lot of systems or kernel experience. Scanning through the "BCC to

I see, so this means the fentry program needs to load and verify the program for every functions to attach right? In my (maybe very specific) case, the tool may attaches programs to more than 1000

I think this approach won't quite work with fentry because the same fenty type prog cannot be attached to multiple kernel functions. At load time the kernel verifier needs to hold target kernel

Hello, Is there any way to get the address of the function in fentry type programs like kprobe type programs does by PT_REGS_IP(pt_regs)? I'd like to migrate my kprobe based tool[1] to fentry based

wakeup_events and sample_period is set to 1. what is the reason for this? Isn't it better if this number is higher so the polling doesn't happen all the time? what is "sample_period" if

Hi, Unfortunately, no; I have not used libbpf directly but I was thinking of doing it. My goal for having BCC integrated into buildroot is is that embedded systems are not so limited as they were

Have you looked at using libbpf and BPF CO-RE for such use cases? The difference is that you won't have any additional runtime dependencies (no Clang/LLVM, etc), which makes this more suitable for

https://android.googlesource.com/platform/external/adeb/+/master/BCC.md is a way to already use bcc on android. I also have a WIP branch of bpftrace that supports bionic libc, for Android.

Does bcc have an adaptation plan for the Android platform?

<andrii.nakryiko=gmail.com@...> wrote: Discussion has been moved to https://github.com/iovisor/bcc/issues/2770 > > > > > > >

Hi! runqslower expects that kernel was built with BTF type info (which is enabled by CONFIG_DEBUG_INFO_BTF=y Kconfig option). Can you please re-build your kernel with BTF enabled and try again? > >