update readme

execsnoop-kernel/readme.md

@@ -28,13 +28,41 @@ execsnoop-objs := bpf_load.o execsnoop_user.o $(TRACE_HELPERS)
 always-y += execsnoop_kern.o
 ```
 
-## Run
+- compile again
+
+```
+make M=samples/bpf -j8
+```
+
+- run test
 
 ```bash
 cd samples/bpf
 sudo bash -c "ulimit -l unlimited && ./execsnoop"
 ```
 
+## With bpftool
+
+- move compiled `execsnoop_kern.o` to current `exexcnoop-kernel` directory
+
+- generate `execsnoop_kern_skel.h`
+
+```
+bpftool gen skeleton execsnoop_kern.o > execsnoop_kern_skel.h
+```
+
+- build execsnoop
+
+```
+gcc -Wall -O2 execsnoop_user_1.c -o execsnoop -lbpf
+```
+
+
+
+
+
+**Followings are just some notes. they are not really related.**
+
 ## Detail build command
 
 using `make V=1 M=samples/bpf | tee -a log.txt` to get and filter following command
@@ -99,20 +127,6 @@ clang -nostdinc \
 
 
 
-## With bpftool
-
-- gen
-
-```
-bpftool gen skeleton execsnoop_kern.o > execsnoop_kern_skel.h
-```
-
-- build
-
-```
-gcc -Wall -O2 execsnoop_user_1.c -o execsnoop -lbpf
-```
-
 ## Some resources
 
 - [A thorough introduction to eBPF](https://lwn.net/Articles/740157/)

readme.md

@@ -133,7 +133,7 @@ Config file: **/etc/cgproxy/config.json**
 
 - **port** tproxy listenning port
 
-- program level proxy control:
+- program level proxy control, need execsnoop enabled:
 
   - **program_proxy**  program need to be proxied
   - **program_noproxy** program that won't be proxied