kernel/bpf-developer-tutorial
1
0
Fork 0
mirror of https://github.com/eunomia-bpf/bpf-developer-tutorial.git synced 2026-02-02 17:59:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: update links in README files for consistency and accuracy

Browse Source 
- Updated URLs in the README files for the eunomia-bpf repository to point to the correct build documentation.
- Changed references to the DPDK eBPF support documentation to the new link format.
- Ensured all links in the BCC reference guide and tutorial documents are consistent and functional.
This commit is contained in:
github-actions[bot]
2025-08-24 04:22:48 +00:00
parent 3b79879fcf
commit 5a2535312c
14 changed files with 293 additions and 305 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/22-android/README.md
View File

@@ -50,7 +50,7 @@ At this point, the Linux environment required for testing eBPF has been set up.
## Build Tools
Clone the eunomia-bpf repository into the local debian environment. For the specific build process, refer to the repository's [build.md](https://github.com/eunomia-bpf/eunomia-bpf/blob/master/documents/build.md). In this test, I used the `ecc` compilation method to generate the `package.json`. Please refer to the [repository page](https://github.com/eunomia-bpf/eunomia-bpf/tree/master/compiler) for the build and usage instructions for this tool.
Clone the eunomia-bpf repository into the local debian environment. For the specific build process, refer to the repository's [build.md](https://eunomia.dev/eunomia-bpf/setup/build). In this test, I used the `ecc` compilation method to generate the `package.json`. Please refer to the [repository page](https://github.com/eunomia-bpf/eunomia-bpf/tree/master/compiler) for the build and usage instructions for this tool.
>During the build process, you may need to manually install tools such as `curl`, `pkg-config`, `libssl-dev`, etc.

2
src/22-android/README.zh.md
View File

@@ -51,7 +51,7 @@
## 工具构建
在 debian 环境中将 eunomia-bpf 仓库 clone 到本地,具体的构建过程,可以参考仓库的 [build.md](https://github.com/eunomia-bpf/eunomia-bpf/blob/master/documents/build.md)。在本次测试中,笔者选用了 `ecc` 编译生成 `package.json` 的方式,该工具的构建和使用方式请参考[仓库页面](https://github.com/eunomia-bpf/eunomia-bpf/tree/master/compiler)。
在 debian 环境中将 eunomia-bpf 仓库 clone 到本地,具体的构建过程,可以参考仓库的 [build.md](https://eunomia.dev/eunomia-bpf/setup/build)。在本次测试中,笔者选用了 `ecc` 编译生成 `package.json` 的方式,该工具的构建和使用方式请参考[仓库页面](https://github.com/eunomia-bpf/eunomia-bpf/tree/master/compiler)。
>在构建过程中,可能需要自行安装包括但不限于 `curl``pkg-config``libssl-dev` 等工具。

4
src/36-userspace-ebpf/README.md
View File

@@ -72,7 +72,7 @@ Userspace eBPF is being utilized in a number of notable projects, each harnessin
Oko is an extension of Open vSwitch-DPDK that provides runtime extension with BPF programs. It enables the use of BPF programs to process packets in userspace, providing flexible packet processing and facilitating the integration of Open vSwitch with other systems.
1. [**DPDK eBPF Support:**](https://www.dpdk.org/wp-content/uploads/sites/35/2018/10/pm-07-DPDK-BPFu6.pdf)
1. [**DPDK eBPF Support:**](https://doc.dpdk.org/guides/prog_guide/bpf_lib.html)
The DPDK (Data Plane Development Kit) eBPF support facilitates fast packet processing by enabling the use of eBPF programs in userspace, which can be loaded and run to analyze network packets. This enhances the flexibility and programmability of network applications without requiring kernel modifications.
@@ -212,7 +212,7 @@ While alternatives like Wasm certainly have their place with a strong emphasis o
3. rbpf: <https://github.com/qmonnet/rbpf>
4. Oko: <https://github.com/Orange-OpenSource/Oko>
5. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices: <https://www.usenix.org/conference/usenixsecurity22/presentation/he-yi>
6. DPDK eBPF Support: <https://www.dpdk.org/wp-content/uploads/sites/35/2018/10/pm-07-DPDK-BPFu6.pdf>
6. DPDK eBPF Support: <https://doc.dpdk.org/guides/prog_guide/bpf_lib.html>
7. Solana: <https://solana.com/>
8. eBPF for Windows (Work-In-Progress): <https://github.com/microsoft/ebpf-for-windows>
9. Femto-Containers: Lightweight Virtualization and Fault Isolation For Small Software Functions on Low-Power IoT Microcontrollers: <https://arxiv.org/abs/2210.03432>

4
src/36-userspace-ebpf/README.zh.md
View File

@@ -73,7 +73,7 @@ eBPF原本因其在内核空间的强大性能而被广泛认知但近年
Oko 是 Open vSwitch-DPDK 的扩展,提供了与 BPF 程序的运行时扩展。它允许使用 BPF 程序在用户空间处理数据包,提供灵活的数据包处理,并促进 Open vSwitch 与其他系统的集成。
1. [**DPDK eBPF 支持:**](https://www.dpdk.org/wp-content/uploads/sites/35/2018/10/pm-07-DPDK-BPFu6.pdf)
1. [**DPDK eBPF 支持:**](https://doc.dpdk.org/guides/prog_guide/bpf_lib.html)
DPDK (数据平面开发套件) eBPF 支持通过允许在用户空间使用 eBPF 程序来促进快速的数据包处理,这些程序可以加载并运行以分析网络数据包。这增强了网络应用的灵活性和可编程性,无需修改内核。
@@ -213,7 +213,7 @@ Wasm 的主要焦点在于可移植性、轻量级虚拟化、安全性、多语
3. rbpf: <https://github.com/qmonnet/rbpf>
4. Oko: <https://github.com/Orange-OpenSource/Oko>
5. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices: <https://www.usenix.org/conference/usenixsecurity22/presentation/he-yi>
6. DPDK eBPF Support: <https://www.dpdk.org/wp-content/uploads/sites/35/2018/10/pm-07-DPDK-BPFu6.pdf>
6. DPDK eBPF Support: <https://doc.dpdk.org/guides/prog_guide/bpf_lib.html>
7. Solana: <https://solana.com/>
8. eBPF for Windows (Work-In-Progress): <https://github.com/microsoft/ebpf-for-windows>
9. Femto-Containers: Lightweight Virtualization and Fault Isolation For Small Software Functions on Low-Power IoT Microcontrollers: <https://arxiv.org/abs/2210.03432>

2
src/44-scx-simple/README.md
View File

@@ -374,7 +374,7 @@ By mastering scx_simple, you're well-equipped to design and implement more sophi
- **sched_ext Repository:** [https://github.com/sched-ext/scx](https://github.com/sched-ext/scx)
- **Linux Kernel Documentation:** [Scheduler Ext Documentation](https://www.kernel.org/doc/html/next/scheduler/sched-ext.html)
- **Kernel Source Tree:** [Linux Kernel sched_ext Tools](https://github.com/torvalds/linux/tree/master/tools/sched_ext)
- **eBPF Official Documentation:** [https://ebpf.io/docs/](https://ebpf.io/docs/)
- **eBPF Official Documentation:** [https://docs.ebpf.io/](https://docs.ebpf.io/)
- **libbpf Documentation:** [https://github.com/libbpf/libbpf](https://github.com/libbpf/libbpf)
Feel free to explore these resources to expand your understanding and continue your journey into advanced eBPF programming!

2
src/44-scx-simple/README.zh.md
View File

@@ -426,6 +426,6 @@ sched_ext 与默认的完全公平调度器CFS并行运行。你可以通
- **sched_ext 仓库:** [https://github.com/sched-ext/scx](https://github.com/sched-ext/scx)
- **Linux 内核文档:** [Scheduler Ext Documentation](https://www.kernel.org/doc/html/next/scheduler/sched-ext.html)
- **内核源代码树:** [Linux Kernel sched_ext Tools](https://github.com/torvalds/linux/tree/master/tools/sched_ext)
- **eBPF 官方文档:** [https://ebpf.io/docs/](https://ebpf.io/docs/)
- **eBPF 官方文档:** [https://docs.ebpf.io/](https://docs.ebpf.io/)
- **libbpf 文档:** [https://github.com/libbpf/libbpf](https://github.com/libbpf/libbpf)

2
src/45-scx-nest/README.md
View File

@@ -921,7 +921,7 @@ Additional resources that can enhance your understanding include:
- **Linux Kernel Documentation:** [Scheduler Ext Documentation](https://www.kernel.org/doc/html/next/scheduler/sched-ext.html)
- **Kernel Source Tree:** [Linux Kernel `sched_ext` Tools](https://github.com/torvalds/linux/tree/master/tools/sched_ext)
- **eBPF Official Documentation:** [https://ebpf.io/docs/](https://ebpf.io/docs/)
- **eBPF Official Documentation:** [https://docs.ebpf.io/](https://docs.ebpf.io/)
- **libbpf Documentation:** [https://github.com/libbpf/libbpf](https://github.com/libbpf/libbpf)
Feel free to explore these resources to expand your knowledge and continue your journey into advanced eBPF programming!

2
src/45-scx-nest/README.zh.md
View File

@@ -897,7 +897,7 @@ IDLE (16): | ********-------------------------------------------------------
- **Linux 内核文档:** [Scheduler Ext 文档](https://www.kernel.org/doc/html/next/scheduler/sched-ext.html)
- **内核源树:** [Linux 内核 `sched_ext` 工具](https://github.com/torvalds/linux/tree/master/tools/sched_ext)
- **eBPF 官方文档:** [https://ebpf.io/docs/](https://ebpf.io/docs/)
- **eBPF 官方文档:** [https://docs.ebpf.io/](https://docs.ebpf.io/)
- **libbpf 文档:** [https://github.com/libbpf/libbpf](https://github.com/libbpf/libbpf)
欢迎探索这些资源,扩展您的知识,继续深入学习高级 eBPF 编程的旅程。

280
src/bcc-documents/reference_guide.md
View File

@@ -224,8 +224,8 @@ TRACEPOINT_PROBE(random, urandom_read) {
实际示例:
[code](https://github.com/iovisor/bcc/blob/a4159da8c4ea8a05a3c6e402451f530d6e5a8b41/examples/tracing/urandomread.py#L19) ([output](https://github.com/iovisor/bcc/commit/e422f5e50ecefb96579b6391a2ada7f6367b83c4#diff-41e5ecfae4a3b38de5f4e0887ed160e5R10))
[search /examples](https://github.com/iovisor/bcc/search?q=TRACEPOINT_PROBE+path%3Aexamples&type=Code)
[search /tools](https://github.com/iovisor/bcc/search?q=TRACEPOINT_PROBE+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples)
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. uprobes
@@ -367,7 +367,7 @@ KFUNC_PROBE(do_sys_open, int dfd, const char *filename, int flags, int mode)
这将对do_sys_open内核函数进行探查并将其参数作为标准参数值访问。
示例:
[search /tools](https://github.com/iovisor/bcc/search?q=KFUNC_PROBE+path%3Atools&type=Code)
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 10. kretfuncs
@@ -389,7 +389,7 @@ KRETFUNC_PROBE(do_sys_open, int dfd, const char *filename, int flags, int mode,
这会对do_sys_open内核函数进行检测并将其参数作为标准参数值一起与其返回值一起提取。
原地示例:
[搜索 /tools](https://github.com/iovisor/bcc/search?q=KRETFUNC_PROBE+path%3Atools&type=Code)
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 11. LSM Probes
@@ -424,7 +424,7 @@ LSM探针需要至少一个5.7+内核,并设置了以下配置选项:
- `CONFIG_LSM` 逗号分隔的字符串必须包含"bpf"(例如,
`CONFIG_LSM="lockdown,yama,bpf"`)
原地示例:"[搜索/tests](https://github.com/iovisor/bcc/search?q=LSM_PROBE+path%3Atests&type=Code)
原地示例:"[搜索/tests](https://github.com/iovisor/bcc/tree/master/tests)
### 12. BPF迭代器
@@ -463,8 +463,8 @@ BPF_ITER(task)
该函数将从内核地址空间复制size字节到BPF堆栈以便BPF之后可以对其进行操作。为了安全起见所有内核内存读取都必须通过bpf_probe_read_kernel()进行。在某些情况下比如解引用内核变量时这会自动发生因为bcc会重新编写BPF程序以包含所需的bpf_probe_read_kernel()。
现场示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=bpf_probe_read_kernel+path%3Aexamples&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=bpf_probe_read_kernel+path%3Atools&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. bpf_probe_read_kernel_str()".```shell
@@ -478,8 +478,8 @@ BPF_ITER(task)
该函数将一个以`NULL`结尾的字符串从内核地址空间复制到BPF堆栈中以便BPF以后可以对其进行操作。如果字符串的长度小于size则目标不会用更多的`NULL`字节进行填充。如果字符串的长度大于size则只会复制`size - 1`个字节,并将最后一个字节设置为`NULL`。
示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=bpf_probe_read_kernel_str+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=bpf_probe_read_kernel_str+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. bpf_ktime_get_ns()
@@ -488,8 +488,8 @@ BPF_ITER(task)
返回值u64 纳秒数。从系统启动时间开始计数,但在挂起期间停止计数。
示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=bpf_ktime_get_ns+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=bpf_ktime_get_ns+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. bpf_get_current_pid_tgid()
@@ -500,8 +500,8 @@ BPF_ITER(task)
返回进程ID位于低32位内核视图的PID在用户空间通常表示为线程ID线程组ID位于高32位在用户空间通常被认为是PID。通过直接设置为u32类型我们丢弃了高32位。
示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_pid_tgid+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_pid_tgid+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. bpf_get_current_uid_gid()
@@ -511,7 +511,7 @@ BPF_ITER(task)
返回用户ID和组ID。
示例:[搜索/examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_uid_gid+path%3Aexamples&type=Code), [搜索/tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_uid_gid+path%3Atools&type=Code)
示例:[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples), [搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 6. bpf_get_current_comm()
@@ -531,7 +531,7 @@ int do_trace(struct pt_regs *ctx) {
```
现有示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_comm+path%3Aexamples&type=Code), [搜索/tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_comm+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples), [搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 7. bpf_get_current_task()
@@ -554,7 +554,7 @@ int do_trace(void *ctx) {
```
现有示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_task+path%3Aexamples&type=Code), [搜索/tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_task+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples), [搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 8. bpf_log2l()
@@ -562,8 +562,8 @@ int do_trace(void *ctx) {
返回提供的值的log-2。这通常用于创建直方图的索引以构建2的幂次直方图。在原地示例
[搜索/示例](https://github.com/iovisor/bcc/search?q=bpf_log2l+path%3Aexamples&type=Code)
[搜索/工具](https://github.com/iovisor/bcc/search?q=bpf_log2l+path%3Atools&type=Code)
[搜索/示例](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/工具](https://github.com/iovisor/bcc/tree/master/tools)
### 9. bpf_get_prandom_u32()
@@ -573,8 +573,8 @@ int do_trace(void *ctx) {
在原地示例:
[搜索/示例](https://github.com/iovisor/bcc/search?q=bpf_get_prandom_u32+path%3Aexamples&type=Code)
[搜索/工具](https://github.com/iovisor/bcc/search?q=bpf_get_prandom_u32+path%3Atools&type=Code)
[搜索/示例](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/工具](https://github.com/iovisor/bcc/tree/master/tools)
### 10. bpf_probe_read_user()
@@ -586,8 +586,8 @@ int do_trace(void *ctx) {
在原地示例:
[搜索/示例](https://github.com/iovisor/bcc/search?q=bpf_probe_read_user+path%3Aexamples&type=Code)
[搜索/工具](https://github.com/iovisor/bcc/search?q=bpf_probe_read_user+path%3Atools&type=Code)
[搜索/示例](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/工具](https://github.com/iovisor/bcc/tree/master/tools)
### 11. bpf_probe_read_user_str()
@@ -602,8 +602,8 @@ int do_trace(void *ctx) {
在原地示例:
[搜索/示例](https://github.com/iovisor/bcc/search?q=bpf_probe_read_user_str+path%3Aexamples&type=Code)
[搜索/工具](https://github.com/iovisor/bcc/search?q=bpf_probe_read_user_str+path%3Atools&type=Code)
[搜索/示例](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/工具](https://github.com/iovisor/bcc/tree/master/tools)
### 12. bpf_get_ns_current_pid_tgid()
@@ -616,8 +616,8 @@ int do_trace(void *ctx) {
- 如果当前任务的pidns不存在则返回**-ENOENT**。
原地示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=bpf_get_ns_current_pid_tgid+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=bpf_get_ns_current_pid_tgid+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
## 调试
@@ -648,7 +648,7 @@ int kprobe__io_ctl_init(void *ctx) {
对于通常的trace_pipe (/sys/kernel/debug/tracing/trace_pipe)提供了一个简单的内核printf()功能。这对于一些快速示例是可以接受的但有一些限制最多3个参数只有一个%s而且trace_pipe是全局共享的所以并发程序会有冲突输出。更好的接口是通过BPF_PERF_OUTPUT()。注意,与原始内核版本相比,调用这个辅助函数变得更简单,它的第二个参数已经是 ```fmt_size```。
原地示例:"[搜索 /示例](https://github.com/iovisor/bcc/search?q=bpf_trace_printk+path%3Aexamples&type=Code), [搜索 /工具](https://github.com/iovisor/bcc/search?q=bpf_trace_printk+path%3Atools&type=Code)
原地示例:"[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples), [搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
### 2. BPF_PERF_OUTPUT
@@ -682,7 +682,7 @@ int hello(struct pt_regs *ctx) {
输出表格名为```events```,数据通过```events.perf_submit()```推送到该表格。
示例中包含以下内容:
[搜索 /示例](https://github.com/iovisor/bcc/search?q=BPF_PERF_OUTPUT+path%3Aexamples&type=Code), [搜索 /工具](https://github.com/iovisor/bcc/search?q=BPF_PERF_OUTPUT+path%3Atools&type=Code)
[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples), [搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
### 3. perf_submit()
@@ -695,7 +695,7 @@ int hello(struct pt_regs *ctx) {
```ctx```参数在[kprobes](#1-kprobes)或[kretprobes](#2-kretprobes)中提供。对于```SCHED_CLS```或```SOCKET_FILTER```程序,必须使用```struct __sk_buff *skb```。
示例中包含以下内容:
[搜索 /示例](https://github.com/iovisor/bcc/search?q=perf_submit+path%3Aexamples&type=Code), [搜索 /工具](https://github.com/iovisor/bcc/search?q=perf_submit+path%3Atools&type=Code)
[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples), [搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
### 4. perf_submit_skb()
@@ -704,8 +704,8 @@ int hello(struct pt_regs *ctx) {
返回值成功返回0".一种在网络程序类型中可用的BPF_PERF_OUTPUT表的方法用于将自定义事件数据和数据包缓冲区的前```packet_size```字节一起提交到用户空间。请参阅BPF_PERF_OUTPUT条目。最终调用bpf_perf_event_output()函数。)
现场示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=perf_submit_skb+path%3Aexamples&type=Code)
[搜索/tools](https://github.com/iovisor/bcc/search?q=perf_submit_skb+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. BPF_RINGBUF_OUTPUT
@@ -727,7 +727,7 @@ int hello(struct pt_regs *ctx) {
输出表命名为'事件'。数据通过'事件'。ringbuf_reserve分配并通过'事件'。ringbuf_submit推送到其中。
在situ示例<!-- TODO -->
[搜索/示例](https://github.com/iovisor/bcc/search?q=BPF_RINGBUF_OUTPUT+path%3Aexamples&type=Code)
[搜索/示例](https://github.com/iovisor/bcc/tree/master/examples)
### 6. ringbuf_output
@@ -743,7 +743,7 @@ int hello(struct pt_regs *ctx) {
BPF_RINGBUF_OUTPUT表的方法用于将自定义事件数据提交给用户空间。此方法类似于```perf_submit```但不需要ctx参数。
在situ示例<!-- TODO -->
[搜索/示例](https://github.com/iovisor/bcc/search?q=ringbuf_output+path%3Aexamples&type=Code)
[搜索/示例](https://github.com/iovisor/bcc/tree/master/examples)
### 7. ringbuf_reserve()
@@ -754,22 +754,10 @@ BPF_RINGBUF_OUTPUT表的方法用于将自定义事件数据提交给用户
BPF_RINGBUF_OUTPUT表的方法用于在环形缓冲区中保留空间并同时分配一个用于输出的数据结构。必须与```ringbuf_submit```或```ringbuf_discard```之一配合使用。
在situ示例<!-- TODO -->
[搜索/示例]<https://github.com/iovisor/bcc/search?q=ringbuf_reserve+path%3Aexamples&type=Code>
### 8. ringbuf_submit
语法void ringbuf_submitvoid *datau64 flags
返回:无,始终成功
标志:- ```BPF_RB_NO_WAKEUP```: 不发送新数据可用的通知
- ```BPF_RB_FORCE_WAKEUP```: 无条件发送新数据可用的通知
BPF_RINGBUF_OUTPUT表的方法用于将自定义事件数据提交到用户态。必须在调用```ringbuf_reserve()```之前调用,以为数据预留空间。
[搜索/示例]<https://github.com/iovisor/bcc/tree/master/examples)```之前调用,以为数据预留空间。
现场示例:<!-- TODO -->
[搜索/examples](https://github.com/iovisor/bcc/search?q=ringbuf_submit+path%3Aexamples&type=Code),
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
### 9. ringbuf_discard()
@@ -785,7 +773,7 @@ BPF_RINGBUF_OUTPUT表的方法用于将自定义事件数据提交到用户
BPF_RINGBUF_OUTPUT表的方法用于丢弃自定义事件数据用户空间将忽略与丢弃事件相关联的数据。必须在调用```ringbuf_reserve()```之前调用,以为数据预留空间。
现场示例:<!-- TODO -->
[搜索/examples](https://github.com/iovisor/bcc/search?q=ringbuf_submit+path%3Aexamples&type=Code),
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
## Maps
@@ -802,7 +790,7 @@ Maps是BPF数据存储是更高级对象类型包括表、哈希和直方
方法稍后讨论map.lookup()、map.lookup_or_try_init()、map.delete()、map.update()、map.insert()、map.increment()。
现场示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=BPF_TABLE+path%3Aexamples&type=Code),"[搜索 /工具](https://github.com/iovisor/bcc/search?q=BPF_TABLE+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),"[搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
#### 固定映射
@@ -836,8 +824,8 @@ BPF_HASH(start, struct request *);
方法稍后涵盖map.lookup()map.lookup_or_try_init()map.delete()map.update()map.insert()map.increment()。
示例中的原位置链接:[搜索 /示例](https://github.com/iovisor/bcc/search?q=BPF_HASH+path%3Aexamples&type=Code),
[搜索 /工具](https://github.com/iovisor/bcc/search?q=BPF_HASH+path%3Atools&type=Code)
示例中的原位置链接:[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
### 3. BPF_ARRAY
@@ -858,8 +846,8 @@ BPF_ARRAY(counts, u64, 32);
方法稍后介绍map.lookup()、map.update()、map.increment()。注意,所有数组元素都预先分配为零值,无法删除。
在当前位置的示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=BPF_ARRAY+path%3Aexamples&type=Code)
[搜索/tools](https://github.com/iovisor/bcc/search?q=BPF_ARRAY+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. BPF_HISTOGRAM
@@ -882,8 +870,8 @@ BPF_HISTOGRAM(dist);
方法稍后介绍map.increment()。
在当前位置的示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=BPF_HISTOGRAM+path%3Aexamples&type=Code)
[搜索/tools](https://github.com/iovisor/bcc/search?q=BPF_HISTOGRAM+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. BPF_STACK_TRACE
@@ -904,8 +892,8 @@ BPF_STACK_TRACE(stack_traces, 1024);
方法稍后介绍map.get_stackid()。
在当前位置的示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=BPF_STACK_TRACE+path%3Aexamples&type=Code)
[搜索/tools](https://github.com/iovisor/bcc/search?q=BPF_STACK_TRACE+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 6. BPF_PERF_ARRAY
@@ -926,7 +914,7 @@ b["cpu_cycles"].open_perf_event(b["cpu_cycles"].HW_CPU_CYCLES)
方法(稍后介绍):```map.perf_read()```。
现场示例:
[搜索 /tests](https://github.com/iovisor/bcc/search?q=BPF_PERF_ARRAY+path%3Atests&type=Code)
[搜索 /tests](https://github.com/iovisor/bcc/tree/master/tests)
### 7. BPF_PERCPU_HASH
@@ -952,8 +940,8 @@ BPF_PERCPU_HASH(start, struct request *);
方法(稍后介绍):```map.lookup()```、```map.lookup_or_try_init()```、```map.delete()```、```map.update()```、```map.insert()```、```map.increment()```。
现场示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=BPF_PERCPU_HASH+path%3Aexamples&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=BPF_PERCPU_HASH+path%3Atools&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 8. BPF_PERCPU_ARRAY
@@ -977,8 +965,8 @@ BPF_PERCPU_ARRAY(counts, u64, 32);
方法稍后介绍map.lookup()map.update()map.increment()。请注意,所有数组元素都预先分配为零值,并且不能被删除。
In situ示例
[搜索/examples](https://github.com/iovisor/bcc/search?q=BPF_PERCPU_ARRAY+path%3Aexamples&type=Code)
[搜索/tools](https://github.com/iovisor/bcc/search?q=BPF_PERCPU_ARRAY+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 9. BPF_LPM_TRIE
@@ -1001,8 +989,8 @@ BPF_LPM_TRIE(trie, struct key_v6);
方法稍后介绍map.lookup()map.lookup_or_try_init()map.delete()map.update()map.insert()map.increment()。
In situ示例
[搜索/examples](https://github.com/iovisor/bcc/search?q=BPF_LPM_TRIE+path%3Aexamples&type=Code)
[搜索/tools](https://github.com/iovisor/bcc/search?q=BPF_LPM_TRIE+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples)
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 10. BPF_PROG_ARRAY
@@ -1013,8 +1001,8 @@ In situ示例
方法稍后介绍map.call()。
实时示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=BPF_PROG_ARRAY+path%3Aexamples&type=Code),
[搜索 /tests](https://github.com/iovisor/bcc/search?q=BPF_PROG_ARRAY+path%3Atests&type=Code),
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tests](https://github.com/iovisor/bcc/tree/master/tests),
[分配 fd](https://github.com/iovisor/bcc/blob/master/examples/networking/tunnel_monitor/monitor.py#L24-L26)
### 11. BPF_DEVMAP
@@ -1032,7 +1020,7 @@ BPF_DEVMAP(devmap, 10);
方法稍后介绍map.redirect_map()。
实时示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=BPF_DEVMAP+path%3Aexamples&type=Code),
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 12. BPF_CPUMAP
@@ -1049,7 +1037,7 @@ BPF_CPUMAP(cpumap, 16);
方法稍后介绍map.redirect_map()。
实时示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=BPF_CPUMAP+path%3Aexamples&type=Code),
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 13. BPF_XSKMAP
@@ -1064,7 +1052,7 @@ BPF_XSKMAP(xsks_map, 8);
方法稍后涵盖map.redirect_map()。map.lookup()
现场示例:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_XSKMAP+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 14. BPF_ARRAY_OF_MAPS
@@ -1111,7 +1099,7 @@ BPF_STACK(stack, struct event, 10240);
示例:
在 [search /tests](https://github.com/iovisor/bcc/search?q=BPF_STACK+path%3Atests&type=Code) 中。
在 [search /tests](https://github.com/iovisor/bcc/tree/master/tests) 中。
### 17. BPF_QUEUE
@@ -1132,7 +1120,7 @@ BPF_QUEUE(queue, struct event, 10240);
示例:
在 [search /tests](https://github.com/iovisor/bcc/search?q=BPF_QUEUE+path%3Atests&type=Code) 中。
在 [search /tests](https://github.com/iovisor/bcc/tree/master/tests) 中。
### 18. BPF_SOCKHASH
@@ -1161,7 +1149,7 @@ sockhash是一种BPF映射类型它保存对sock结构体的引用。然后
方法稍后介绍map.sock_hash_update()map.msg_redirect_hash()map.sk_redirect_hash()。
[搜索/tests](https://github.com/iovisor/bcc/search?q=BPF_SOCKHASH+path%3Atests&type=Code)
[搜索/tests](https://github.com/iovisor/bcc/tree/master/tests)
### 19. map.lookup()
@@ -1170,8 +1158,8 @@ sockhash是一种BPF映射类型它保存对sock结构体的引用。然后
在映射中查找键如果存在则返回指向其值的指针否则返回NULL。我们将键作为指针的地址传入。
示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=lookup+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=lookup+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 20. map.lookup_or_try_init()
@@ -1180,8 +1168,8 @@ sockhash是一种BPF映射类型它保存对sock结构体的引用。然后
在映射中查找键如果存在则返回指向其值的指针否则将键的值初始化为第二个参数。通常用于将值初始化为零。如果无法插入键例如映射已满则返回NULL。
示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=lookup_or_try_init+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=lookup_or_try_init+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
注意旧的map.lookup_or_init()可能导致函数返回因此建议使用lookup_or_try_init(),它没有这种副作用。
@@ -1192,8 +1180,8 @@ sockhash是一种BPF映射类型它保存对sock结构体的引用。然后
从哈希表中删除键。
示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=delete+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=delete+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 22. map.update()
@@ -1201,8 +1189,8 @@ sockhash是一种BPF映射类型它保存对sock结构体的引用。然后
将第二个参数中的值与键关联,覆盖任何先前的值。
示例:"[搜索/examples](https://github.com/iovisor/bcc/search?q=update+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=update+path%3Atools&type=Code)
示例:"[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 23. map.insert()
@@ -1211,8 +1199,8 @@ sockhash是一种BPF映射类型它保存对sock结构体的引用。然后
将第二个参数中的值与键相关联,仅在之前没有值的情况下。
现场示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=insert+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=insert+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 24. map.increment()
@@ -1225,8 +1213,8 @@ sockhash是一种BPF映射类型它保存对sock结构体的引用。然后
注意. 当使用 ```map.atomic_increment()``` 操作类型为 ```BPF_MAP_TYPE_HASH``` 的 BPF map 时,如果指定的键不存在,则 ```map.atomic_increment()``` 无法保证操作的原子性。
现场示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=increment+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=increment+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 25. map.get_stackid()
@@ -1235,14 +1223,14 @@ sockhash是一种BPF映射类型它保存对sock结构体的引用。然后
这会遍历在 ```ctx``` 中找到的 struct pt_regs 中的堆栈,将其保存在堆栈跟踪 map 中,并返回一个唯一的堆栈跟踪 ID。
现场示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=get_stackid+path%3Aexamples&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=get_stackid+path%3Atools&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 26. map.perf_read()
语法: ```u64 map.perf_read(u32 cpu)```
现场示例:""[搜索/tests](https://github.com/iovisor/bcc/search?q=perf_read+path%3Atests&type=Code)
现场示例:""[搜索/tests](https://github.com/iovisor/bcc/tree/master/tests)
### 27. map.call()
@@ -1327,7 +1315,7 @@ b.attach_xdp("eth1", out_fn, 0)
将元素推入堆栈或队列表。将 BPF_EXIST 作为标志传递会导致队列或堆栈在已满时丢弃最旧的元素。成功返回0失败返回负错误值。
示例位置:
[搜索 /tests](https://github.com/iovisor/bcc/search?q=push+path%3Atests&type=Code),
[搜索 /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 30. map.pop()
@@ -1336,7 +1324,7 @@ b.attach_xdp("eth1", out_fn, 0)
从堆栈或队列表中弹出一个元素。```*val```被填充为结果。与查看不同弹出操作会移除该元素。成功返回0失败返回负错误值。
示例位置:
[搜索 /tests](https://github.com/iovisor/bcc/search?q=pop+path%3Atests&type=Code),
[搜索 /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 31. map.peek()
@@ -1345,7 +1333,7 @@ b.attach_xdp("eth1", out_fn, 0)
成功返回0失败返回负错误。
实例:
[搜索/tests](https://github.com/iovisor/bcc/search?q=peek+path%3Atests&type=Code)
[搜索/tests](https://github.com/iovisor/bcc/tree/master/tests)
### 32. map.sock_hash_update()
@@ -1364,7 +1352,7 @@ BPF_ANY对于key的条目是否存在没有条件。
成功返回0失败返回负错误。
实例:
[搜索/tests](https://github.com/iovisor/bcc/search?q=sock_hash_update+path%3Atests&type=Code)
[搜索/tests](https://github.com/iovisor/bcc/tree/master/tests)
### 33. map.msg_redirect_hash()
@@ -1375,7 +1363,7 @@ BPF_ANY对于key的条目是否存在没有条件。
成功返回SK_PASS发生错误返回SK_DROP。
实例:
[搜索/tests](https://github.com/iovisor/bcc/search?q=msg_redirect_hash+path%3Atests&type=Code)
[搜索/tests](https://github.com/iovisor/bcc/tree/master/tests)
### 34. map.sk_redirect_hash()
@@ -1388,7 +1376,7 @@ This is the only flag supported for now.
Return SK_PASS on success, or SK_DROP on error.
Examples in situ:
\[搜索/tests\]\(<https://github.com/iovisor/bcc/search?q=sk_redirect_hash+path%3Atests&type=Code\>),
\[搜索/tests\]\(<https://github.com/iovisor/bcc/tree/master/tests),
## 许可证
@@ -1471,8 +1459,8 @@ u = BPF(text=prog, cflags=["-I/path/to/include"])
在原地的示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=BPF+path%3Aexamples+language%3Apython&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=BPF+path%3Atools+language%3Apython&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. USDT
@@ -1495,8 +1483,8 @@ b = BPF(text=bpf_text, usdt_contexts=[u])
```
在原地的示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=USDT+path%3Aexamples+language%3Apython&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=USDT+path%3Atools+language%3Apython&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
## 事件
@@ -1519,8 +1507,8 @@ b.attach_kprobe(event="sys_clone", fn_name="do_trace")
有关如何从BPF中提取参数的详细信息请参阅前面的kprobes部分。
示例:
[查找/examples](https://github.com/iovisor/bcc/search?q=attach_kprobe+path%3Aexamples+language%3Apython&type=Code),
[查找/tools](https://github.com/iovisor/bcc/search?q=attach_kprobe+path%3Atools+language%3Apython&type=Code)
[查找/examples](https://github.com/iovisor/bcc/tree/master/examples),
[查找/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. attach_kretprobe()
@@ -1544,8 +1532,8 @@ b.attach_kretprobe(event="vfs_read", fn_name="do_return")
有关如何从BPF中提取返回值的详细信息请参阅前面的kretprobes部分。
示例:
[查找/examples](https://github.com/iovisor/bcc/search?q=attach_kretprobe+path%3Aexamples+language%3Apython&type=Code),
[查找/tools](https://github.com/iovisor/bcc/search?q=attach_kretprobe+path%3Atools+language%3Apython&type=Code)
[查找/examples](https://github.com/iovisor/bcc/tree/master/examples),
[查找/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. attach_tracepoint()
@@ -1583,8 +1571,8 @@ b.attach_tracepoint("random:urandom_read", "printarg")
代码示例:
[code](https://github.com/iovisor/bcc/blob/a4159da8c4ea8a05a3c6e402451f530d6e5a8b41/examples/tracing/urandomread-explicit.py#L41),
[search /examples](https://github.com/iovisor/bcc/search?q=attach_tracepoint+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=attach_tracepoint+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. attach_uprobe()
@@ -1616,8 +1604,8 @@ b.attach_uprobe(name="/usr/bin/python", sym="main", fn_name="do_main")
有关如何从BPF工具获取参数的详细信息请参见上一节uprobes。
原址示例:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_uprobe+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=attach_uprobe+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. attach_uretprobe()
@@ -1643,8 +1631,8 @@ b.attach_uretprobe(name="/usr/bin/python", sym="main", fn_name="do_main")
有关如何对BPF返回值进行插装的详细信息请参阅前面的uretprobes部分。
内部示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=attach_uretprobe+path%3Aexamples+language%3Apython&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=attach_uretprobe+path%3Atools+language%3Apython&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 6. USDT.enable_probe()
@@ -1663,8 +1651,8 @@ u.enable_probe(probe="http__server__request", fn_name="do_trace")
要检查您的二进制文件是否具有USDT探针以及它们的详细信息可以运行```readelf -n binary```并检查stap调试部分。
内部示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=enable_probe+path%3Aexamples+language%3Apython&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=enable_probe+path%3Atools+language%3Apython&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 7. attach_raw_tracepoint()
@@ -1680,7 +1668,7 @@ u.enable_probe(probe="http__server__request", fn_name="do_trace")
b.attach_raw_tracepoint("sched_switch", "do_trace")
```
内部示例:"."[搜索 /工具](https://github.com/iovisor/bcc/search?q=attach_raw_tracepoint+path%3Atools+language%3Apython&type=Code)
内部示例:"."[搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
### 8. attach_raw_socket()
@@ -1705,7 +1693,7 @@ BPF.attach_raw_socket(bpf_func, ifname)
```
示例位置:
[搜索 /示例](https://github.com/iovisor/bcc/search?q=attach_raw_socket+path%3Aexamples+language%3Apython&type=Code)
[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples)
### 9. attach_xdp()
@@ -1756,8 +1744,8 @@ b.attach_xdp(dev="ens1", fn=b.load_func("do_xdp", BPF.XDP))
不要忘记在最后调用```b.remove_xdp("ens1")```
示例:
[搜索/examples](https://github.com/iovisor/bcc/search?q=attach_xdp+path%3Aexamples+language%3Apython&type=Code),
[搜索/tools](https://github.com/iovisor/bcc/search?q=attach_xdp+path%3Atools+language%3Apython&type=Code)
[搜索/examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索/tools](https://github.com/iovisor/bcc/tree/master/tools)
### 10. attach_func()
@@ -1774,7 +1762,7 @@ b.attach_func(fn, map_fd, BPFAttachType.SK_MSG_VERDICT)
示例中的内部代码:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_func+path%3Aexamples+language%3Apython&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 11. detach_func()
@@ -1791,7 +1779,7 @@ b.detach_func(fn, map_fd, BPFAttachType.SK_MSG_VERDICT) // 断开 map_fd 上的
示例中的内部代码:
[search /examples](https://github.com/iovisor/bcc/search?q=detach_func+path%3Aexamples+language%3Apython&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 12. detach_kprobe()
@@ -1840,7 +1828,7 @@ b.trace_print(fmt="{1} {5}")
```
示例中的内部代码:
[search /examples](https://github.com/iovisor/bcc/search?q=trace_print+path%3Aexamples+language%3Apython&type=Code)。"[搜索 /工具](https://github.com/iovisor/bcc/search?q=trace_print+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples)。"[搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
### 2. trace_fields()
@@ -1864,8 +1852,8 @@ while 1:
```
内联示例:
[搜索 /示例](https://github.com/iovisor/bcc/search?q=trace_fields+path%3Aexamples+language%3Apython&type=Code),
[搜索 /工具](https://github.com/iovisor/bcc/search?q=trace_fields+path%3Atools+language%3Apython&type=Code)
[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
## 输出 API
@@ -1895,8 +1883,8 @@ while 1:
```
内联示例:
[代码](https://github.com/iovisor/bcc/blob/v0.9.0/examples/tracing/hello_perf_output.py#L55)"."[搜索 /示例](https://github.com/iovisor/bcc/search?q=perf_buffer_poll+path%3Aexamples+language%3Apython&type=Code),
[搜索 /工具](https://github.com/iovisor/bcc/search?q=perf_buffer_poll+path%3Atools+language%3Apython&type=Code)
[代码](https://github.com/iovisor/bcc/blob/v0.9.0/examples/tracing/hello_perf_output.py#L55)"."[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
### 2. ring_buffer_poll()
@@ -1919,7 +1907,7 @@ while 1:
```
示例:
[搜索 /示例](https://github.com/iovisor/bcc/search?q=ring_buffer_poll+path%3Aexamples+language%3Apython&type=Code),
[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples),
### 3. ring_buffer_consume()
@@ -1942,7 +1930,7 @@ while 1:
```
示例:
[搜索 /示例](https://github.com/iovisor/bcc/search?q=ring_buffer_consume+path%3Aexamples+language%3Apython&type=Code),
[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples),
## Map APIs
@@ -2021,8 +2009,8 @@ class Data(ct.Structure):
在此处的示例中:
[code](https://github.com/iovisor/bcc/blob/v0.9.0/examples/tracing/hello_perf_output.py#L52),
[search /examples](https://github.com/iovisor/bcc/search?q=open_perf_buffer+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=open_perf_buffer+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. items()
@@ -2043,8 +2031,8 @@ for k, v in sorted(counts.items(), key=lambda counts: counts[1].value):
此示例还使用```sorted()```方法按值排序。
在此处的示例中:
[search /examples](https://github.com/iovisor/bcc/search?q=items+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=items+path%3Atools+language%3Apython&type=Code)。
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)。
### 4. values()
@@ -2070,8 +2058,8 @@ while True:
```
在此处的示例中:
[search /examples](https://github.com/iovisor/bcc/search?q=clear+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=clear+path%3Atools+language%3Apython&type=Code)。
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)。
### 6. items_lookup_and_delete_batch()
@@ -2173,8 +2161,8 @@ b["dist"].print_log2_hist("kbytes")
这是一种高效的数据概括方法,因为概括是在内核中执行的,只有计数列被传递到用户空间。
实际示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=print_log2_hist+path%3Aexamples+language%3Apython&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=print_log2_hist+path%3Atools+language%3Apython&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 11. print_linear_hist()".语法: ```table.print_linear_hist(val_type="value", section_header="Bucket ptr", section_print_fn=None)```
@@ -2230,8 +2218,8 @@ b["dist"].print_linear_hist("kbytes")
这是一种高效的数据汇总方式,因为汇总是在内核中执行的,只有计数列中的值传递到用户空间。
现场示例:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=print_linear_hist+path%3Aexamples+language%3Apython&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=print_linear_hist+path%3Atools+language%3Apython&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 12. open_ring_buffer()
@@ -2293,7 +2281,7 @@ def print_event(ctx, data, size):
```
在原地的示例:
[在/examples中搜索](https://github.com/iovisor/bcc/search?q=open_ring_buffer+path%3Aexamples+language%3Apython&type=Code),
[在/examples中搜索](https://github.com/iovisor/bcc/tree/master/examples),
### 13. push()
@@ -2302,7 +2290,7 @@ def print_event(ctx, data, size):
将元素推入堆栈或队列表。如果操作不成功会引发异常。传递QueueStack.BPF_EXIST作为标志会使队列或堆栈丢弃最旧的元素如果表已满。
在原地的示例:
[在/tests中搜索](https://github.com/iovisor/bcc/search?q=push+path%3Atests+language%3Apython&type=Code),
[在/tests中搜索](https://github.com/iovisor/bcc/tree/master/tests),
### 14. pop()
@@ -2311,7 +2299,7 @@ def print_event(ctx, data, size):
从堆栈或队列表中弹出一个元素。与```peek()```不同,```pop()```在返回元素之前会将其从表中移除。如果操作不成功会引发KeyError异常。
在原地的示例:
[在/tests中搜索](https://github.com/iovisor/bcc/search?q=pop+path%3Atests+language%3Apython&type=Code),
[在/tests中搜索](https://github.com/iovisor/bcc/tree/master/tests),
### 15. peek()
@@ -2320,7 +2308,7 @@ def print_event(ctx, data, size):
查看堆栈或队列表头部的元素。与```pop()```不同,```peek()```不会将元素从表中移除。如果操作不成功,会引发异常。
在原地的示例:
[在/tests中搜索](https://github.com/iovisor/bcc/search?q=peek+path%3Atests+language%3Apython&type=Code),
[在/tests中搜索](https://github.com/iovisor/bcc/tree/master/tests),
## 辅助方法
@@ -2340,8 +2328,8 @@ print("内核函数:" + b.ksym(addr))
```
例子:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=ksym+path%3Aexamples+language%3Apython&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=ksym+path%3Atools+language%3Apython&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. ksymname()
@@ -2356,8 +2344,8 @@ print("内核地址:%x" % b.ksymname("vfs_read"))
```
例子:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=ksymname+path%3Aexamples+language%3Apython&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=ksymname+path%3Atools+language%3Apython&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. sym()
@@ -2372,8 +2360,8 @@ print("函数:" + b.sym(addr, pid))
```
例子:
[搜索 /examples](https://github.com/iovisor/bcc/search?q=sym+path%3Aexamples+language%3Apython&type=Code),
[搜索 /tools](https://github.com/iovisor/bcc/search?q=sym+path%3Atools+language%3Apython&type=Code)
[搜索 /examples](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. num_open_kprobes()
@@ -2391,8 +2379,8 @@ if matched == 0:
exit()
```
例子:"[搜索 /示例](https://github.com/iovisor/bcc/search?q=num_open_kprobes+path%3Aexamples+language%3Apython&type=Code),
[搜索 /工具](https://github.com/iovisor/bcc/search?q=num_open_kprobes+path%3Atools+language%3Apython&type=Code)
例子:"[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
### 5. get_syscall_fnname()
@@ -2408,8 +2396,8 @@ print("在内核中,%s 的函数名是 %s" % ("clone", b.get_syscall_fnname("c
```
现场示例:
[搜索 /示例](https://github.com/iovisor/bcc/search?q=get_syscall_fnname+path%3Aexamples+language%3Apython&type=Code),
[搜索 /工具](https://github.com/iovisor/bcc/search?q=get_syscall_fnname+path%3Atools+language%3Apython&type=Code)
[搜索 /示例](https://github.com/iovisor/bcc/tree/master/examples),
[搜索 /工具](https://github.com/iovisor/bcc/tree/master/tools)
# BPF 错误

290
src/bcc-documents/reference_guide_en.md
View File

@@ -227,8 +227,8 @@ Note the name of the probe function defined above is `tracepoint__random__urando
Examples in situ:
[code](https://github.com/iovisor/bcc/blob/a4159da8c4ea8a05a3c6e402451f530d6e5a8b41/examples/tracing/urandomread.py#L19) ([output](https://github.com/iovisor/bcc/commit/e422f5e50ecefb96579b6391a2ada7f6367b83c4#diff-41e5ecfae4a3b38de5f4e0887ed160e5R10)),
[search /examples](https://github.com/iovisor/bcc/search?q=TRACEPOINT_PROBE+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=TRACEPOINT_PROBE+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. uprobes
@@ -299,8 +299,8 @@ When initializing USDTs via the third argument of ```BPF::init``` in the C API,
Examples in situ:
[code](https://github.com/iovisor/bcc/commit/4f88a9401357d7b75e917abd994aa6ea97dda4d3#diff-04a7cad583be5646080970344c48c1f4R24),
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_usdt_readarg+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_usdt_readarg+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 7. Raw Tracepoints
@@ -329,7 +329,7 @@ RAW_TRACEPOINT_PROBE(sched_switch)
This instruments the sched:sched_switch tracepoint, and prints the prev and next tgid.
Examples in situ:
[search /tools](https://github.com/iovisor/bcc/search?q=RAW_TRACEPOINT_PROBE+path%3Atools&type=Code)
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 8. system call tracepoints
@@ -383,7 +383,7 @@ This instruments the do_sys_open kernel function and make its arguments
accessible as standard argument values.
Examples in situ:
[search /tools](https://github.com/iovisor/bcc/search?q=KFUNC_PROBE+path%3Atools&type=Code)
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 10. kretfuncs
@@ -406,7 +406,7 @@ This instruments the do_sys_open kernel function and make its arguments
accessible as standard argument values together with its return value.
Examples in situ:
[search /tools](https://github.com/iovisor/bcc/search?q=KRETFUNC_PROBE+path%3Atools&type=Code)
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 11. LSM Probes
@@ -445,7 +445,7 @@ LSM probes require at least a 5.7+ kernel with the following configuration optio
`CONFIG_LSM="lockdown,yama,bpf"`)
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=LSM_PROBE+path%3Atests&type=Code)
[search /tests](https://github.com/iovisor/bcc/tree/master/tests)
### 12. BPF ITERATORS
@@ -483,8 +483,8 @@ Return: 0 on success
This copies size bytes from kernel address space to the BPF stack, so that BPF can later operate on it. For safety, all kernel memory reads must pass through bpf_probe_read_kernel(). This happens automatically in some cases, such as dereferencing kernel variables, as bcc will rewrite the BPF program to include the necessary bpf_probe_read_kernel().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_probe_read_kernel+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_probe_read_kernel+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. bpf_probe_read_kernel_str()
@@ -497,8 +497,8 @@ Return:
This copies a `NULL` terminated string from kernel address space to the BPF stack, so that BPF can later operate on it. In case the string length is smaller than size, the target is not padded with further `NULL` bytes. In case the string length is larger than size, just `size - 1` bytes are copied and the last byte is set to `NULL`.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_probe_read_kernel_str+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_probe_read_kernel_str+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. bpf_ktime_get_ns()
@@ -507,8 +507,8 @@ Syntax: ```u64 bpf_ktime_get_ns(void)```
Return: u64 number of nanoseconds. Starts at system boot time but stops during suspend.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_ktime_get_ns+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_ktime_get_ns+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. bpf_get_current_pid_tgid()
@@ -519,8 +519,8 @@ Return: ```current->tgid << 32 | current->pid```
Returns the process ID in the lower 32 bits (kernel's view of the PID, which in user space is usually presented as the thread ID), and the thread group ID in the upper 32 bits (what user space often thinks of as the PID). By directly setting this to a u32, we discard the upper 32 bits.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_pid_tgid+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_pid_tgid+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. bpf_get_current_uid_gid()
@@ -531,8 +531,8 @@ Return: ```current_gid << 32 | current_uid```
Returns the user ID and group IDs.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_uid_gid+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_uid_gid+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 6. bpf_get_current_comm()
@@ -552,8 +552,8 @@ int do_trace(struct pt_regs *ctx) {
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_comm+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_comm+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 7. bpf_get_current_task()
@@ -575,8 +575,8 @@ int do_trace(void *ctx) {
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_task+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_task+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 8. bpf_log2l()
@@ -585,8 +585,8 @@ Syntax: ```unsigned int bpf_log2l(unsigned long v)```
Returns the log-2 of the provided value. This is often used to create indexes for histograms, to construct power-of-2 histograms.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_log2l+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_log2l+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 9. bpf_get_prandom_u32()
@@ -595,8 +595,8 @@ Syntax: ```u32 bpf_get_prandom_u32()```
Returns a pseudo-random u32.
Example in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_prandom_u32+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_prandom_u32+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 10. bpf_probe_read_user()
@@ -607,8 +607,8 @@ Return: 0 on success
This attempts to safely read size bytes from user address space to the BPF stack, so that BPF can later operate on it. For safety, all user address space memory reads must pass through bpf_probe_read_user().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_probe_read_user+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_probe_read_user+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 11. bpf_probe_read_user_str()
@@ -621,8 +621,8 @@ Return:
This copies a `NULL` terminated string from user address space to the BPF stack, so that BPF can later operate on it. In case the string length is smaller than size, the target is not padded with further `NULL` bytes. In case the string length is larger than size, just `size - 1` bytes are copied and the last byte is set to `NULL`.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_probe_read_user_str+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_probe_read_user_str+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 12. bpf_get_ns_current_pid_tgid()
@@ -638,8 +638,8 @@ Return 0 on success, or one of the following in case of failure:
- **-ENOENT** if pidns does not exists for the current task.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_ns_current_pid_tgid+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_ns_current_pid_tgid+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
## Debugging
@@ -679,8 +679,8 @@ Return: 0 on success
A simple kernel facility for printf() to the common trace_pipe (/sys/kernel/debug/tracing/trace_pipe). This is ok for some quick examples, but has limitations: 3 args max, 1 %s only, and trace_pipe is globally shared, so concurrent programs will have clashing output. A better interface is via BPF_PERF_OUTPUT(). Note that calling this helper is made simpler than the original kernel version, which has ```fmt_size``` as the second parameter.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=bpf_trace_printk+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=bpf_trace_printk+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. BPF_PERF_OUTPUT
@@ -714,8 +714,8 @@ int hello(struct pt_regs *ctx) {
The output table is named ```events```, and data is pushed to it via ```events.perf_submit()```.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_PERF_OUTPUT+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_PERF_OUTPUT+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. perf_submit()
@@ -728,8 +728,8 @@ A method of a BPF_PERF_OUTPUT table, for submitting custom event data to user sp
The ```ctx``` parameter is provided in [kprobes](#1-kprobes) or [kretprobes](#2-kretprobes). For ```SCHED_CLS``` or ```SOCKET_FILTER``` programs, the ```struct __sk_buff *skb``` must be used instead.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=perf_submit+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=perf_submit+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. perf_submit_skb()
@@ -740,8 +740,8 @@ Return: 0 on success
A method of a BPF_PERF_OUTPUT table available in networking program types, for submitting custom event data to user space, along with the first ```packet_size``` bytes of the packet buffer. See the BPF_PERF_OUTPUT entry. (This ultimately calls bpf_perf_event_output().)
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=perf_submit_skb+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=perf_submit_skb+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. BPF_RINGBUF_OUTPUT
@@ -805,7 +805,7 @@ int second_api_example(struct pt_regs *ctx) {
The output table is named ```events```. Data is allocated via ```events.ringbuf_reserve()``` and pushed to it via ```events.ringbuf_submit()```.
Examples in situ: <!-- TODO -->
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_RINGBUF_OUTPUT+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 6. ringbuf_output()
@@ -821,7 +821,7 @@ A method of the BPF_RINGBUF_OUTPUT table, for submitting custom event data to us
although it does not require a ctx argument.
Examples in situ: <!-- TODO -->
[search /examples](https://github.com/iovisor/bcc/search?q=ringbuf_output+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 7. ringbuf_reserve()
@@ -833,7 +833,7 @@ A method of the BPF_RINGBUF_OUTPUT table, for reserving space in the ring buffer
allocating a data struct for output. Must be used with one of ```ringbuf_submit``` or ```ringbuf_discard```.
Examples in situ: <!-- TODO -->
[search /examples](https://github.com/iovisor/bcc/search?q=ringbuf_reserve+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 8. ringbuf_submit()
@@ -849,7 +849,7 @@ A method of the BPF_RINGBUF_OUTPUT table, for submitting custom event data to us
```ringbuf_reserve()``` to reserve space for the data.
Examples in situ: <!-- TODO -->
[search /examples](https://github.com/iovisor/bcc/search?q=ringbuf_submit+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 9. ringbuf_discard()
@@ -866,7 +866,7 @@ ignores the data associated with the discarded event. Must be preceded by a call
```ringbuf_reserve()``` to reserve space for the data.
Examples in situ: <!-- TODO -->
[search /examples](https://github.com/iovisor/bcc/search?q=ringbuf_submit+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
## Maps
@@ -883,8 +883,8 @@ Creates a map named ```_name```. Most of the time this will be used via higher-l
Methods (covered later): map.lookup(), map.lookup_or_try_init(), map.delete(), map.update(), map.insert(), map.increment().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_TABLE+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_TABLE+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
#### Pinned Maps
@@ -919,8 +919,8 @@ This is a wrapper macro for `BPF_TABLE("hash", ...)`.
Methods (covered later): map.lookup(), map.lookup_or_try_init(), map.delete(), map.update(), map.insert(), map.increment().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_HASH+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_HASH+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. BPF_ARRAY
@@ -943,8 +943,8 @@ This is a wrapper macro for `BPF_TABLE("array", ...)`.
Methods (covered later): map.lookup(), map.update(), map.increment(). Note that all array elements are pre-allocated with zero values and can not be deleted.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_ARRAY+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_ARRAY+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. BPF_HISTOGRAM
@@ -967,8 +967,8 @@ This is a wrapper macro for `BPF_TABLE("histgram", ...)`.
Methods (covered later): map.increment().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_HISTOGRAM+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_HISTOGRAM+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. BPF_STACK_TRACE
@@ -989,8 +989,8 @@ This is a wrapper macro for `BPF_TABLE("stacktrace", ...)`.
Methods (covered later): map.get_stackid().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_STACK_TRACE+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_STACK_TRACE+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 6. BPF_PERF_ARRAY
@@ -1013,7 +1013,7 @@ This creates a perf array named ```cpu_cycles```, with number of entries equal t
Methods (covered later): map.perf_read().
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=BPF_PERF_ARRAY+path%3Atests&type=Code)
[search /tests](https://github.com/iovisor/bcc/tree/master/tests)
### 7. BPF_PERCPU_HASH
@@ -1040,8 +1040,8 @@ This is a wrapper macro for `BPF_TABLE("percpu_hash", ...)`.
Methods (covered later): map.lookup(), map.lookup_or_try_init(), map.delete(), map.update(), map.insert(), map.increment().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_PERCPU_HASH+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_PERCPU_HASH+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 8. BPF_PERCPU_ARRAY
@@ -1069,8 +1069,8 @@ This is a wrapper macro for `BPF_TABLE("percpu_array", ...)`.
Methods (covered later): map.lookup(), map.update(), map.increment(). Note that all array elements are pre-allocated with zero values and can not be deleted.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_PERCPU_ARRAY+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_PERCPU_ARRAY+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 9. BPF_LPM_TRIE
@@ -1093,8 +1093,8 @@ This is a wrapper macro to `BPF_F_TABLE("lpm_trie", ..., BPF_F_NO_PREALLOC)`.
Methods (covered later): map.lookup(), map.lookup_or_try_init(), map.delete(), map.update(), map.insert(), map.increment().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_LPM_TRIE+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF_LPM_TRIE+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 10. BPF_PROG_ARRAY
@@ -1107,8 +1107,8 @@ This is a wrapper macro for `BPF_TABLE("prog", ...)`.
Methods (covered later): map.call().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_PROG_ARRAY+path%3Aexamples&type=Code),
[search /tests](https://github.com/iovisor/bcc/search?q=BPF_PROG_ARRAY+path%3Atests&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
[assign fd](https://github.com/iovisor/bcc/blob/master/examples/networking/tunnel_monitor/monitor.py#L24-L26)
### 11. BPF_DEVMAP
@@ -1125,7 +1125,7 @@ BPF_DEVMAP(devmap, 10);
Methods (covered later): map.redirect_map().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_DEVMAP+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 12. BPF_CPUMAP
@@ -1141,7 +1141,7 @@ BPF_CPUMAP(cpumap, 16);
Methods (covered later): map.redirect_map().
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_CPUMAP+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 13. BPF_XSKMAP
@@ -1157,7 +1157,7 @@ BPF_XSKMAP(xsks_map, 8);
Methods (covered later): map.redirect_map(). map.lookup()
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF_XSKMAP+path%3Aexamples&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 14. BPF_ARRAY_OF_MAPS
@@ -1203,7 +1203,7 @@ This creates a stack named ```stack``` where the value type is ```struct event``
Methods (covered later): map.push(), map.pop(), map.peek().
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=BPF_STACK+path%3Atests&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 17. BPF_QUEUE
@@ -1223,7 +1223,7 @@ This creates a queue named ```queue``` where the value type is ```struct event``
Methods (covered later): map.push(), map.pop(), map.peek().
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=BPF_QUEUE+path%3Atests&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 18. BPF_SOCKHASH
@@ -1253,7 +1253,7 @@ The difference between ```BPF_SOCKHASH``` and ```BPF_SOCKMAP``` is that ```BPF_S
Methods (covered later): map.sock_hash_update(), map.msg_redirect_hash(), map.sk_redirect_hash().
[search /tests](https://github.com/iovisor/bcc/search?q=BPF_SOCKHASH+path%3Atests&type=Code)
[search /tests](https://github.com/iovisor/bcc/tree/master/tests)
### 19. map.lookup()
@@ -1262,8 +1262,8 @@ Syntax: ```*val map.lookup(&key)```
Lookup the key in the map, and return a pointer to its value if it exists, else NULL. We pass the key in as an address to a pointer.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=lookup+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=lookup+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 20. map.lookup_or_try_init()
@@ -1272,8 +1272,8 @@ Syntax: ```*val map.lookup_or_try_init(&key, &zero)```
Lookup the key in the map, and return a pointer to its value if it exists, else initialize the key's value to the second argument. This is often used to initialize values to zero. If the key cannot be inserted (e.g. the map is full) then NULL is returned.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=lookup_or_try_init+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=lookup_or_try_init+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
Note: The old map.lookup_or_init() may cause return from the function, so lookup_or_try_init() is recommended as it
does not have this side effect.
@@ -1285,8 +1285,8 @@ Syntax: ```map.delete(&key)```
Delete the key from the hash.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=delete+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=delete+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 22. map.update()
@@ -1295,8 +1295,8 @@ Syntax: ```map.update(&key, &val)```
Associate the value in the second argument to the key, overwriting any previous value.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=update+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=update+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 23. map.insert()
@@ -1305,8 +1305,8 @@ Syntax: ```map.insert(&key, &val)```
Associate the value in the second argument to the key, only if there was no previous value.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=insert+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=insert+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 24. map.increment()
@@ -1319,8 +1319,8 @@ Increments the key's value by `increment_amount`, which defaults to 1. Used for
Note. When using ```map.atomic_increment()``` to operate on a BPF map of type ```BPF_MAP_TYPE_HASH```, ```map.atomic_increment()``` does not guarantee the atomicity of the operation when the specified key does not exist.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=increment+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=increment+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 25. map.get_stackid()
@@ -1329,8 +1329,8 @@ Syntax: ```int map.get_stackid(void *ctx, u64 flags)```
This walks the stack found via the struct pt_regs in ```ctx```, saves it in the stack trace map, and returns a unique ID for the stack trace.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=get_stackid+path%3Aexamples&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=get_stackid+path%3Atools&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 26. map.perf_read()
@@ -1339,7 +1339,7 @@ Syntax: ```u64 map.perf_read(u32 cpu)```
This returns the hardware performance counter as configured in [5. BPF_PERF_ARRAY](#5-bpf_perf_array)
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=perf_read+path%3Atests&type=Code)
[search /tests](https://github.com/iovisor/bcc/tree/master/tests)
### 27. map.call()
@@ -1427,7 +1427,7 @@ Passing BPF_EXIST as a flag causes the Queue or Stack to discard the oldest elem
Returns 0 on success, negative error on failure.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=push+path%3Atests&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 30. map.pop()
@@ -1438,7 +1438,7 @@ Unlike peeking, popping removes the element.
Returns 0 on success, negative error on failure.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=pop+path%3Atests&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 31. map.peek()
@@ -1449,7 +1449,7 @@ Unlike popping, peeking does not remove the element.
Returns 0 on success, negative error on failure.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=peek+path%3Atests&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 32. map.sock_hash_update()
@@ -1468,7 +1468,7 @@ If the map has eBPF programs (parser and verdict), those will be inherited by th
Return 0 on success, or a negative error in case of failure.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=sock_hash_update+path%3Atests&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 33. map.msg_redirect_hash()
@@ -1479,7 +1479,7 @@ This helper is used in programs implementing policies at the socket level. If th
Return SK_PASS on success, or SK_DROP on error.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=msg_redirect_hash+path%3Atests&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 34. map.sk_redirect_hash()
@@ -1490,7 +1490,7 @@ This helper is used in programs implementing policies at the skb socket level. I
Return SK_PASS on success, or SK_DROP on error.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=sk_redirect_hash+path%3Atests&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
## Licensing
@@ -1570,8 +1570,8 @@ u = BPF(text=prog, cflags=["-I/path/to/include"])
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=BPF+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=BPF+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. USDT
@@ -1594,8 +1594,8 @@ b = BPF(text=bpf_text, usdt_contexts=[u])
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=USDT+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=USDT+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
## Events
@@ -1619,8 +1619,8 @@ You can also call attach_kprobe() more than once to attach multiple BPF function
See the previous kprobes section for how to instrument arguments from BPF.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_kprobe+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=attach_kprobe+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. attach_kretprobe()
@@ -1644,8 +1644,8 @@ When a kretprobe is installed on a kernel function, there is a limit on how many
See the previous kretprobes section for how to instrument the return value from BPF.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_kretprobe+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=attach_kretprobe+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. attach_tracepoint()
@@ -1685,8 +1685,8 @@ Notice how the first argument to ```printarg()``` is now our defined struct.
Examples in situ:
[code](https://github.com/iovisor/bcc/blob/a4159da8c4ea8a05a3c6e402451f530d6e5a8b41/examples/tracing/urandomread-explicit.py#L41),
[search /examples](https://github.com/iovisor/bcc/search?q=attach_tracepoint+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=attach_tracepoint+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. attach_uprobe()
@@ -1721,8 +1721,8 @@ You can call attach_uprobe() more than once, and attach your BPF function to mul
See the previous uprobes section for how to instrument arguments from BPF.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_uprobe+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=attach_uprobe+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. attach_uretprobe()
@@ -1750,8 +1750,8 @@ You can call attach_uretprobe() more than once, and attach your BPF function to
See the previous uretprobes section for how to instrument the return value from BPF.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_uretprobe+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=attach_uretprobe+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 6. USDT.enable_probe()
@@ -1770,8 +1770,8 @@ u.enable_probe(probe="http__server__request", fn_name="do_trace")
To check if your binary has USDT probes, and what they are, you can run ```readelf -n binary``` and check the stap debug section.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=enable_probe+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=enable_probe+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 7. attach_raw_tracepoint()
@@ -1788,7 +1788,7 @@ b.attach_raw_tracepoint("sched_switch", "do_trace")
```
Examples in situ:
[search /tools](https://github.com/iovisor/bcc/search?q=attach_raw_tracepoint+path%3Atools+language%3Apython&type=Code)
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 8. attach_raw_socket()
@@ -1813,7 +1813,7 @@ BPF.attach_raw_socket(bpf_func, ifname)
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_raw_socket+path%3Aexamples+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples)
### 9. attach_xdp()
Syntax: ```BPF.attach_xdp(dev="device", fn=b.load_func("fn_name",BPF.XDP), flags)```
@@ -1861,8 +1861,8 @@ This will instrument the network device ```ens1``` , which will then run our BPF
Don't forget to call ```b.remove_xdp("ens1")``` at the end!
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_xdp+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=attach_xdp+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 10. attach_func()
@@ -1881,7 +1881,7 @@ Note. When attached to "global" hooks (xdp, tc, lwt, cgroup). If the "BPF functi
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=attach_func+path%3Aexamples+language%3Apython&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 11. detach_func()
@@ -1898,7 +1898,7 @@ b.detach_func(fn, map_fd, BPFAttachType.SK_MSG_VERDICT)
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=detach_func+path%3Aexamples+language%3Apython&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 12. detach_kprobe()
@@ -1947,8 +1947,8 @@ b.trace_print(fmt="{1} {5}")
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=trace_print+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=trace_print+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. trace_fields()
@@ -1972,8 +1972,8 @@ while 1:
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=trace_fields+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=trace_fields+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
## Output APIs
@@ -2004,8 +2004,8 @@ while 1:
Examples in situ:
[code](https://github.com/iovisor/bcc/blob/v0.9.0/examples/tracing/hello_perf_output.py#L55),
[search /examples](https://github.com/iovisor/bcc/search?q=perf_buffer_poll+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=perf_buffer_poll+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. ring_buffer_poll()
@@ -2029,7 +2029,7 @@ while 1:
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=ring_buffer_poll+path%3Aexamples+language%3Apython&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 3. ring_buffer_consume()
@@ -2054,7 +2054,7 @@ while 1:
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=ring_buffer_consume+path%3Aexamples+language%3Apython&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
## Map APIs
@@ -2137,8 +2137,8 @@ def print_event(cpu, data, size):
Examples in situ:
[code](https://github.com/iovisor/bcc/blob/v0.9.0/examples/tracing/hello_perf_output.py#L52),
[search /examples](https://github.com/iovisor/bcc/search?q=open_perf_buffer+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=open_perf_buffer+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. items()
@@ -2159,8 +2159,8 @@ for k, v in sorted(counts.items(), key=lambda counts: counts[1].value):
This example also uses the ```sorted()``` method to sort by value.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=items+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=items+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. values()
@@ -2186,8 +2186,8 @@ while True:
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=clear+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=clear+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 6. items_lookup_and_delete_batch()
@@ -2296,8 +2296,8 @@ This output shows a multi-modal distribution, with the largest mode of 128->255
This is an efficient way to summarize data, as the summarization is performed in-kernel, and only the count column is passed to user space.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=print_log2_hist+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=print_log2_hist+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 11. print_linear_hist()
@@ -2355,8 +2355,8 @@ Output:
This is an efficient way to summarize data, as the summarization is performed in-kernel, and only the values in the count column are passed to user space.
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=print_linear_hist+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=print_linear_hist+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 12. open_ring_buffer()
@@ -2418,7 +2418,7 @@ def print_event(ctx, data, size):
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=open_ring_buffer+path%3Aexamples+language%3Apython&type=Code),
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
### 13. push()
@@ -2428,7 +2428,7 @@ Push an element onto a Stack or Queue table. Raises an exception if the operatio
Passing QueueStack.BPF_EXIST as a flag causes the Queue or Stack to discard the oldest element if it is full.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=push+path%3Atests+language%3Apython&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 14. pop()
@@ -2439,7 +2439,7 @@ removes the element from the table before returning it.
Raises a KeyError exception if the operation does not succeed.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=pop+path%3Atests+language%3Apython&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
### 15. peek()
@@ -2449,7 +2449,7 @@ Peek the element at the head of a Stack or Queue table. Unlike ```pop()```, ```p
does not remove the element from the table. Raises an exception if the operation does not succeed.
Examples in situ:
[search /tests](https://github.com/iovisor/bcc/search?q=peek+path%3Atests+language%3Apython&type=Code),
[search /tests](https://github.com/iovisor/bcc/tree/master/tests),
## Helpers
@@ -2468,8 +2468,8 @@ print("kernel function: " + b.ksym(addr))
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=ksym+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=ksym+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 2. ksymname()
@@ -2484,8 +2484,8 @@ print("kernel address: %x" % b.ksymname("vfs_read"))
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=ksymname+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=ksymname+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 3. sym()
@@ -2500,8 +2500,8 @@ print("function: " + b.sym(addr, pid))
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=sym+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=sym+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 4. num_open_kprobes()
@@ -2520,8 +2520,8 @@ if matched == 0:
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=num_open_kprobes+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=num_open_kprobes+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
### 5. get_syscall_fnname()
@@ -2537,8 +2537,8 @@ print("The function name of %s in kernel is %s" % ("clone", b.get_syscall_fnname
```
Examples in situ:
[search /examples](https://github.com/iovisor/bcc/search?q=get_syscall_fnname+path%3Aexamples+language%3Apython&type=Code),
[search /tools](https://github.com/iovisor/bcc/search?q=get_syscall_fnname+path%3Atools+language%3Apython&type=Code)
[search /examples](https://github.com/iovisor/bcc/tree/master/examples),
[search /tools](https://github.com/iovisor/bcc/tree/master/tools)
# BPF Errors

2
src/bcc-documents/tutorial.md
View File

@@ -2,7 +2,7 @@
本教程介绍如何使用[bcc](https://github.com/iovisor/bcc)工具快速解决性能、故障排除和网络问题。如果你想开发新的bcc工具请参考[tutorial_bcc_python_developer.md](tutorial_bcc_python_developer.md)教程。
本教程假设bcc已经安装好并且你可以成功运行像execsnoop这样的工具。参见[INSTALL.md](https://github.com/iovisor/bcc/tree/master/INSTALL.md)。这些功能是在Linux 4.x系列中增加的。
本教程假设bcc已经安装好并且你可以成功运行像execsnoop这样的工具。参见[INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md)。这些功能是在Linux 4.x系列中增加的。
## 可观察性

2
src/bcc-documents/tutorial_bcc_python_developer.md
View File

@@ -10,7 +10,7 @@
### 第1课. 你好,世界
首先运行 [examples/hello_world.py](https://github.com/iovisor/bcc/tree/master/examples/hello_world.py)同时在另一个会话中运行一些命令例如“ls”。它应该会为新进程打印“Hello, World!”。如果没有打印请先修复bcc请参阅 [INSTALL.md](https://github.com/iovisor/bcc/tree/master/INSTALL.md)。
首先运行 [examples/hello_world.py](https://github.com/iovisor/bcc/tree/master/examples/hello_world.py)同时在另一个会话中运行一些命令例如“ls”。它应该会为新进程打印“Hello, World!”。如果没有打印请先修复bcc请参阅 [INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md)。
```sh
# ./examples/hello_world.py

2
src/bcc-documents/tutorial_bcc_python_developer_en.md
View File

@@ -10,7 +10,7 @@ This observability tutorial contains 17 lessons, and 46 enumerated things to lea
### Lesson 1. Hello World
Start by running [examples/hello_world.py](https://github.com/iovisor/bcc/tree/master/examples/hello_world.py), while running some commands (eg, "ls") in another session. It should print "Hello, World!" for new processes. If not, start by fixing bcc: see [INSTALL.md](https://github.com/iovisor/bcc/tree/master/INSTALL.md).
Start by running [examples/hello_world.py](https://github.com/iovisor/bcc/tree/master/examples/hello_world.py), while running some commands (eg, "ls") in another session. It should print "Hello, World!" for new processes. If not, start by fixing bcc: see [INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md).
```sh
# ./examples/hello_world.py

2
src/bcc-documents/tutorial_en.md
View File

@@ -2,7 +2,7 @@
This tutorial covers how to use [bcc](https://github.com/iovisor/bcc) tools to quickly solve performance, troubleshooting, and networking issues. If you want to develop new bcc tools, see [tutorial_bcc_python_developer.md](tutorial_bcc_python_developer.md) for that tutorial.
It is assumed for this tutorial that bcc is already installed, and you can run tools like execsnoop successfully. See [INSTALL.md](https://github.com/iovisor/bcc/tree/master/INSTALL.md). This uses enhancements added to the Linux 4.x series.
It is assumed for this tutorial that bcc is already installed, and you can run tools like execsnoop successfully. See [INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md). This uses enhancements added to the Linux 4.x series.
## Observability