Hi Ragalahari, In your code you seem to not check for "old state" when you're heading to decrement. It looks like you are adding 1 and then immediately subtracting 1 in the same condition. That might

I wanted to chime in and mention that I've seen the BTF error before when trying to declare maps the way shown in https://github.com/torvalds/linux/blob/master/tools/testing/selftests/bpf/progs/test_p

Alessandro, I figured out that it's non-deterministic. So sometimes certain commands (git, awk, rm, uname, etc.) will have an openat with no filename, but other times they will. I ran these commands e

I ran the same test with strace. One of the file data points that doesn't show up is this: bpftrace: sys_enter_openat mode:0 filename: (93911401193582) strace: openat(AT_FDCWD, "/usr/lib/locale/locale

I don't have an answer, but I verified this with the following bpftrace script and using the action of switching to zsh/oh-my-zsh from bash. --- tracepoint:syscalls:sys_enter_open, tracepoint:syscalls

Thanks for the reply Andrii. Managed to get a build working outside of the kernel tree for BPF programs. The two major things that I learned were that first, the order in which files are included in t

Hi all, hope everyone is staying healthy out there. I've been working on building BPF programs, and have run into a few issues that I think might be clang (vs gcc) based. It seems that either clang is

I've waited to reply, not wanting to clog the mailing list, but I thought it would be beneficial to follow up on the same topic with kprobes in addition to tracepoints. The main issue I had with trace

I've spent a few days trying to solve this issue I've had, and I've learned a lot about both the past BPF APIs, and the new CO-RE API. I do have a couple questions though. Once a CO-RE program is comp

Will do. Does this mean that, going forward, BPF development will be encouraged to use kernels compiled with "CONFIG_DEBUG_INFO_BTF=y"? I've been using a default build up to now.

I found out that the cloned the kernel tree from the Ubuntu repo (i.e. "git clone --depth 1 git://kernel.ubuntu.com/ubuntu/ubuntu-bionic.git") for Bionic was the issue. For some reason it doesn't have

I've been exploring the libbpf library for different versions of the Linux kernel, and trying to rewrite some of the BCC tools. I would like to do more work with CO-RE eventually, but I'm trying to un

Hi all, Finally found the BPF blog and it's been nice to get more information on using libbpf directly since I don't have a lot of systems or kernel experience. Scanning through the "BCC to libbpf" po