From 4cf80067a0128b8a4137b7f5649541c0e060655e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=91=E5=BE=AE?= <1067852565@qq.com> Date: Mon, 10 Feb 2025 23:25:39 +0000 Subject: [PATCH] update --- src/18-further-reading/README.md | 2 +- src/18-further-reading/README.zh.md | 2 +- src/32-http2/README.zh.md | 5 -- src/43-kfuncs/module/README.md | 134 ++++++++++++++++++++++++++++ src/SUMMARY.md | 2 - src/bpftrace-tutorial/README.zh.md | 2 +- 6 files changed, 137 insertions(+), 10 deletions(-) delete mode 100644 src/32-http2/README.zh.md create mode 100644 src/43-kfuncs/module/README.md diff --git a/src/18-further-reading/README.md b/src/18-further-reading/README.md index 458612e..8fc0c39 100644 --- a/src/18-further-reading/README.md +++ b/src/18-further-reading/README.md @@ -22,7 +22,7 @@ The papers demonstrate eBPF's versatility in accelerating systems, enhancing sec If you have any suggestions or adding papers, please feel free to open an issue or PR. The list was created in 2023.10, New papers will be added in the future. -> Check out our open-source projects at [eunomia-bpf](https://github.com/eunomia-bpf) and eBPF tutorials at [bpf-developer-tutorial](https://github.com/eunomia-bpf/bpf-developer-tutorial). I'm also looking for a PhD position in the area of systems and networking in 2024/2025. My [Github](https://github.com/yunwei37) and [email](yunwei356@gmail.com). +> Check out our open-source projects at [eunomia-bpf](https://github.com/eunomia-bpf) and eBPF tutorials at [bpf-developer-tutorial](https://github.com/eunomia-bpf/bpf-developer-tutorial). I'm also looking for a PhD position in the area of systems and networking in 2024/2025. My [Github](https://github.com/yunwei37) and [email](mailto:yunwei356@gmail.com). ## XRP: In-Kernel Storage Functions with eBPF diff --git a/src/18-further-reading/README.zh.md b/src/18-further-reading/README.zh.md index 3a71301..a93e4e6 100644 --- a/src/18-further-reading/README.zh.md +++ b/src/18-further-reading/README.zh.md @@ -20,7 +20,7 @@ eBPF(扩展的伯克利数据包过滤器)是一种新兴的技术,允许 如果您有任何建议或添加论文的意见,请随时开放一个问题或PR。此列表创建于 2023.10,未来将添加新的论文。 -> 如果您对 eBPF 有些进一步的兴趣的话,也可以查看我们在 [eunomia-bpf](https://github.com/eunomia-bpf) 的开源项目和 [bpf-developer-tutorial](https://github.com/eunomia-bpf/bpf-developer-tutorial) 的 eBPF 教程。我也在寻找 2024/2025 年系统和网络领域的 PhD 相关机会,这是我的 [Github](https://github.com/yunwei37) 和 [邮箱](yunwei356@gmail.com)。 +> 如果您对 eBPF 有些进一步的兴趣的话,也可以查看我们在 [eunomia-bpf](https://github.com/eunomia-bpf) 的开源项目和 [bpf-developer-tutorial](https://github.com/eunomia-bpf/bpf-developer-tutorial) 的 eBPF 教程。我也在寻找 2024/2025 年系统和网络领域的 PhD 相关机会,这是我的 [Github](https://github.com/yunwei37) 和 [邮箱](mailto:yunwei356@gmail.com)。 ## XRP: In-Kernel Storage Functions with eBPF diff --git a/src/32-http2/README.zh.md b/src/32-http2/README.zh.md deleted file mode 100644 index aec6cee..0000000 --- a/src/32-http2/README.zh.md +++ /dev/null @@ -1,5 +0,0 @@ -# trace http2 request in go - -TODO: make it work - -from . diff --git a/src/43-kfuncs/module/README.md b/src/43-kfuncs/module/README.md new file mode 100644 index 0000000..d2dfada --- /dev/null +++ b/src/43-kfuncs/module/README.md @@ -0,0 +1,134 @@ +# write a basic kernel module + +## hello world + +Writing a Linux kernel module involves creating code that can be loaded into and unloaded from the kernel dynamically, without rebooting the system. Here’s a simple step-by-step guide to help you write a basic kernel module: + +### 1. Set Up Your Environment + +Make sure you have the Linux kernel headers installed and a suitable development environment ready. For Ubuntu or Debian, install them with: + +```bash +sudo apt-get install linux-headers-$(uname -r) build-essential +``` + +### 2. Write the Kernel Module Code + +Here’s an example of a very basic Linux kernel module: + +```c +// hello.c: A simple Linux kernel module +#include // Macros for module initialization +#include // Core header for loading modules +#include // Kernel logging macros + +// Function executed when the module is loaded +static int __init hello_init(void) +{ + printk(KERN_INFO "Hello, world!\n"); + return 0; // Return 0 if successful +} + +// Function executed when the module is removed +static void __exit hello_exit(void) +{ + printk(KERN_INFO "Goodbye, world!\n"); +} + +// Macros to define the module’s init and exit points +module_init(hello_init); +module_exit(hello_exit); + +MODULE_LICENSE("GPL"); // License type (GPL) +MODULE_AUTHOR("Your Name"); // Module author +MODULE_DESCRIPTION("A simple module"); // Module description +MODULE_VERSION("1.0"); // Module version +``` + +### 3. Create a Makefile + +To compile the kernel module, you’ll need a `Makefile`. Here's a simple one: + +```makefile +obj-m += hello.o # hello.o is the target + +all: + make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules + +clean: + make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean +``` + +### 4. Compile the Module + +Run the following command in the directory where your `hello.c` and `Makefile` are located: + +```bash +make +``` + +This will generate a file called `hello.ko`, which is the compiled kernel module. + +### 5. Load the Module + +To insert the module into the kernel, use `insmod`: + +```bash +sudo insmod hello.ko +``` + +### 6. Check the Logs + +To see the output from the `printk` statements, use the `dmesg` command: + +```bash +dmesg | tail +``` + +You should see something like: + +```txt +[ 1234.5678] Hello, world! +``` + +### 7. Remove the Module + +To unload the module, use `rmmod`: + +```bash +sudo rmmod hello +``` + +Again, check the logs using `dmesg`: + +```bash +sudo dmesg | tail +``` + +You should see: + +```txt +[ 1234.9876] Goodbye, world! +``` + +### 8. Clean Up + +To clean up the build files, run: + +```bash +make clean +``` + +### Notes + +- **License**: The `MODULE_LICENSE("GPL")` ensures the module is GPL-compliant, which allows it to use symbols (functions) exported by the kernel. +- **Debugging**: Use `printk` for logging within the module. It behaves similarly to `printf` but is designed for kernel space. +- **Module Parameters**: You can add parameters to modules using `module_param()` to pass arguments when the module is loaded. + +### Next Steps + +Once you are familiar with this basic example, you can explore: + +- Writing more advanced modules that interact with hardware or the filesystem. +- Using kernel-specific APIs like work queues, kthreads, or handling interrupts. +- Diving into eBPF or loadable kernel module techniques for debugging and tracing kernel events. diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 91652a9..472f35e 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -1,7 +1,5 @@ # eBPF Tutorial by Example: Learning CO-RE eBPF Step by Step -[![CI](https://github.com/eunomia-bpf/bpf-developer-tutorial/actions/workflows/main.yml/badge.svg)](https://github.com/eunomia-bpf/bpf-developer-tutorial/actions/workflows/main.yml) - This is a development tutorial for eBPF based on CO-RE (Compile Once, Run Everywhere). It provides practical eBPF development practices from beginner to advanced, including basic concepts, code examples, and real-world applications. Unlike BCC, we use frameworks like libbpf, Cilium, libbpf-rs, and eunomia-bpf for development, with examples in languages such as C, Go, and Rust. This tutorial does not cover complex concepts and scenario introductions. Its main purpose is to provide examples of eBPF tools (**very short, starting with twenty lines of code!**) to help eBPF application developers quickly grasp eBPF development methods and techniques. The tutorial content can be found in the directory, with each directory being an independent eBPF tool example. diff --git a/src/bpftrace-tutorial/README.zh.md b/src/bpftrace-tutorial/README.zh.md index 010f506..48754e5 100644 --- a/src/bpftrace-tutorial/README.zh.md +++ b/src/bpftrace-tutorial/README.zh.md @@ -66,7 +66,7 @@ Attaching 1 probe... 按Ctrl-C后打印进程的系统调用计数。 - @: 表示一种特殊的变量类型,称为map,可以以不同的方式来存储和描述数据。你可以在@后添加可选的变量名(如@num),用来增加可读性或者区分不同的map。 -- []: 可选的中括号允许设置map的关键字,比较像关联数组。 +- [] 可选的中括号允许设置map的关键字,比较像关联数组。 - count(): 这是一个map函数 - 记录被调用次数。因为调用次数根据comm保存在map里,输出结果是进程执行系统调用的次数统计。 Maps会在bpftrace结束(如按Ctrl-C)时自动打印出来。