• Alexei Starovoitov's avatar
    samples/bpf: Add simple non-portable kprobe filter example · b896c4f9
    Alexei Starovoitov authored
    tracex1_kern.c - C program compiled into BPF.
    
    It attaches to kprobe:netif_receive_skb()
    
    When skb->dev->name == "lo", it prints sample debug message into
    trace_pipe via bpf_trace_printk() helper function.
    
    tracex1_user.c - corresponding user space component that:
      - loads BPF program via bpf() syscall
      - opens kprobes:netif_receive_skb event via perf_event_open()
        syscall
      - attaches the program to event via ioctl(event_fd,
        PERF_EVENT_IOC_SET_BPF, prog_fd);
      - prints from trace_pipe
    
    Note, this BPF program is non-portable. It must be recompiled
    with current kernel headers. kprobe is not a stable ABI and
    BPF+kprobe scripts may no longer be meaningful when kernel
    internals change.
    
    No matter in what way the kernel changes, neither the kprobe,
    nor the BPF program can ever crash or corrupt the kernel,
    assuming the kprobes, perf and BPF subsystem has no bugs.
    
    The verifier will detect that the program is using
    bpf_trace_printk() and the kernel will print 'this is a DEBUG
    kernel' warning banner, which means that bpf_trace_printk()
    should be used for debugging of the BPF program only.
    
    Usage:
    $ sudo tracex1
                ping-19826 [000] d.s2 63103.382648: : skb ffff880466b1ca00 len 84
                ping-19826 [000] d.s2 63103.382684: : skb ffff880466b1d300 len 84
    
                ping-19826 [000] d.s2 63104.382533: : skb ffff880466b1ca00 len 84
                ping-19826 [000] d.s2 63104.382594: : skb ffff880466b1d300 len 84
    Signed-off-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
    Cc: Arnaldo Carvalho de Melo <acme@infradead.org>
    Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: Jiri Olsa <jolsa@redhat.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
    Cc: Namhyung Kim <namhyung@kernel.org>
    Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Peter Zijlstra <peterz@infradead.org>
    Cc: Steven Rostedt <rostedt@goodmis.org>
    Link: http://lkml.kernel.org/r/1427312966-8434-7-git-send-email-ast@plumgrid.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    b896c4f9
bpf_helpers.h 1.54 KB