Hi Ragalahari, In your code you seem to not check for "old state" when you're heading to decrement. It looks like you are adding 1 and then immediately subtracting 1 in the same condition. That might

Hi everyone, I am using inet_set_socket_state trace point to get current establish connection count Here, incrementing counter value in BPF map when new state is TCP_ESTABLISHED and decrementing

Sure I can accept a PR.

I have to create a test-environment (based on vagrant) the last couple of days and i've done this with ubuntu 20.04 as base image. Is the repository https://github.com/iovisor/vagrant still active? If

you can attach kprobe in 'tcp_conn_request" for inbound connection -- forrest0579@...

Maybe you can use sk_local_storage? You can attach a piece of information to the socket during TCP_SYN_RECV and later on during TCP_ESTABLISHED to check that data, and you can delete that data

Hi, I am looking for tracking inbound connections on a system using tracepoints/kprobes. I was checking "trace_inet_sock_set_state", with which we can track the state changes during connection

It is possible. See the patch below: https://lore.kernel.org/bpf/20200819042759.51280-1-alexei.starovoitov@.../ I tried to load a BPF program and pin it in bpffs system. The system could be

Hi, Is it possible to load a BPF program at boot time? What I'm trying to achieve is to trace every single call to a certain function since the kernel starts, without missing anything. More

It's expected right now. BTF started out as purely debug information, but got elevated into pretty much a mandatory thing for modern BPF applications. We've talked about making .BTF emitted without

Interestingly enough adding just -g in my Makefile built the BPF programs and allowed the BTF section to be found and properly loaded. My BPF program was loaded and is running properly with my desired

[...] Ok, this is a very different issue than the kernel missing BTF. libbpf is complaining that your opensnoop.bpf.o itself is missing BTF. And right, BTF is required to parse map definitions

Hello, Here is the libbpf Logs at all levels for the open snoop program when using the pinned option for a map. This was tested on Linux Kernel v5.4 with libbpf 0.0.9, 0.1.0, and the current version.

Check example [0] for how to set custom logging callback and print all libbpf logs (including those at DEBUG level of verbosity). [0]

Hey Andrii, I tried using the same BPF program with the declarative pinning of maps with Libbpf v.0.0.9, v.0.1.0 and the current master branch under commit 7bc52e6. All of these had the same error

<mayfieldtristan@...> wrote: Which version of libbpf are you seeing this on? We've had bugs in libbpf where we'd attempt to load kernel BTF unnecessarily, but I believe we've fixed all those

[...] I don't see anything needing kernel BTF in there, so if libbpf still fails on not being able to load kernel BTF, that might be a bug in libbpf. Can you please double-check this with the latest

I wanted to chime in and mention that I've seen the BTF error before when trying to declare maps the way shown in

Hello! Sorry for the wait, I just started back at uni and things are a little bit crazy around here! Anyways, this is the source code for my version of open snoop. Which is what I have been testing

Your BPF code must be relying on CO-RE. I can check if you can show me your BPF source code. The pinning and map definition itself doesn't rely on CO-RE and thus doesn't need kernel BTF.