From 64817cc722fa87ec9d654822802c8851c5d7220b Mon Sep 17 00:00:00 2001
From: 123456 <yangyiwei2000@gmail.com>
Date: Tue, 29 Jul 2025 13:25:41 +0000
Subject: [PATCH] docs: add CLAUDE.md for project guidance and create master
 Makefile for eBPF tutorials

- Introduced CLAUDE.md to provide an overview and guidance for the eBPF Developer Tutorial repository.
- Added a master Makefile to automate the building and cleaning of eBPF tutorial subdirectories.
- Updated .gitignore in the sslsniff example to include the sslsniff binary.
- Made minor code adjustments in user_ringbuf.c and xdp-tcpdump.c to include necessary headers.
- Modified the Makefile in the btf-uprobe example to streamline the build process.
---
 CLAUDE.md                          | 61 ++++++++++++++++++++++++++++++
 src/30-sslsniff/.gitignore         |  1 +
 src/35-user-ringbuf/user_ringbuf.c |  2 +
 src/38-btf-uprobe/Makefile         |  2 +-
 src/41-xdp-tcpdump/xdp-tcpdump.c   |  1 +
 src/Makefile                       | 23 +++++++++++
 6 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 CLAUDE.md
 create mode 100644 src/Makefile

diff --git a/CLAUDE.md b/CLAUDE.md
new file mode 100644
index 0000000..498595b
--- /dev/null
+++ b/CLAUDE.md
@@ -0,0 +1,61 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+This is the eBPF Developer Tutorial repository - a comprehensive learning resource for eBPF development. It provides 48+ practical examples progressing from beginner to advanced topics using modern eBPF frameworks like libbpf, Cilium eBPF, and libbpf-rs.
+
+## Common Development Tasks
+
+### Building eBPF Examples
+
+Most examples use libbpf and follow this pattern:
+```bash
+cd src/<example-number>-<example-name>
+make
+```
+
+For Rust examples (in src/37-uprobe-rust/):
+```bash
+cd src/37-uprobe-rust/<example>
+cargo build
+```
+
+### Running Examples
+
+Most examples require root privileges:
+```bash
+sudo ./<binary-name>
+# or with timeout for continuous monitoring tools:
+sudo timeout -s 2 3 ./<binary-name>
+```
+
+### Clean Build Artifacts
+```bash
+make clean
+```
+
+## Architecture
+
+### Build System
+- **Framework**: GNU Make with libbpf
+- **BPF Compilation**: Clang/LLVM compiles `.bpf.c` → `.bpf.o`
+- **Skeleton Generation**: bpftool generates `.skel.h` from BPF objects
+- **User Space**: GCC compiles C programs linking with libbpf
+- **Dependencies**: All in `src/third_party/` (libbpf, bpftool, blazesym, vmlinux headers)
+
+### Directory Structure
+- `src/0-10`: Basic eBPF concepts (kprobes, uprobes, tracepoints)
+- `src/11-18`: Advanced libbpf development
+- `src/19-21,29,41-42`: Networking (LSM, TC, XDP, sockops)
+- `src/22-28,34`: Security topics
+- `src/31,37`: Language integration (Go, Rust)
+- `src/44-45`: BPF schedulers
+- `src/47`: GPU tracing
+- Each tutorial has its own Makefile and README
+
+### Key Components
+1. **vmlinux headers**: Pre-generated for x86, arm, arm64, riscv, powerpc, loongarch
+2. **CO-RE (Compile Once, Run Everywhere)**: Uses BTF for kernel compatibility
+3. **Multiple frameworks**: libbpf (primary), eunomia-bpf, Cilium eBPF, libbpf-rs
\ No newline at end of file
diff --git a/src/30-sslsniff/.gitignore b/src/30-sslsniff/.gitignore
index 7afe9c3..b43eb51 100644
--- a/src/30-sslsniff/.gitignore
+++ b/src/30-sslsniff/.gitignore
@@ -7,3 +7,4 @@ package.yaml
 ecli
 bootstrap
 openssl
+sslsniff
diff --git a/src/35-user-ringbuf/user_ringbuf.c b/src/35-user-ringbuf/user_ringbuf.c
index dfeb8cd..c80be1c 100644
--- a/src/35-user-ringbuf/user_ringbuf.c
+++ b/src/35-user-ringbuf/user_ringbuf.c
@@ -4,6 +4,8 @@
 #include <signal.h>
 #include <stdio.h>
 #include <time.h>
+#include <unistd.h>
+#include <string.h>
 #include <sys/resource.h>
 #include <bpf/libbpf.h>
 #include "user_ringbuf.h"
diff --git a/src/38-btf-uprobe/Makefile b/src/38-btf-uprobe/Makefile
index 0da8c3b..abc3f80 100644
--- a/src/38-btf-uprobe/Makefile
+++ b/src/38-btf-uprobe/Makefile
@@ -66,7 +66,7 @@ $(call allow-override,CC,$(CROSS_COMPILE)cc)
 $(call allow-override,LD,$(CROSS_COMPILE)ld)
 
 .PHONY: all
-all: $(APPS) merge-btf all-btf
+all: $(APPS)
 
 .PHONY: all-btf
 all-btf: merge-btf
diff --git a/src/41-xdp-tcpdump/xdp-tcpdump.c b/src/41-xdp-tcpdump/xdp-tcpdump.c
index 0af1fb3..51ca3d5 100644
--- a/src/41-xdp-tcpdump/xdp-tcpdump.c
+++ b/src/41-xdp-tcpdump/xdp-tcpdump.c
@@ -4,6 +4,7 @@
 #include <errno.h>
 #include <unistd.h>
 #include <net/if.h>
+#include <arpa/inet.h>
 
 #include <bpf/libbpf.h>
 #include <bpf/bpf.h>
diff --git a/src/Makefile b/src/Makefile
new file mode 100644
index 0000000..f612211
--- /dev/null
+++ b/src/Makefile
@@ -0,0 +1,23 @@
+# Master Makefile for eBPF tutorials
+# Detects subdirectories with Makefiles and builds them
+
+# Find all subdirectories containing a Makefile
+SUBDIRS := $(shell find . -mindepth 2 -maxdepth 2 -name Makefile -exec dirname {} \; | sort)
+
+# Default target
+all: $(SUBDIRS)
+
+# Build each subdirectory
+$(SUBDIRS):
+	@echo "Building $@"
+	@$(MAKE) -C $@
+
+# Clean all subdirectories
+clean:
+	@for dir in $(SUBDIRS); do \
+		echo "Cleaning $$dir"; \
+		$(MAKE) -C $$dir clean; \
+	done
+
+# Phony targets
+.PHONY: all clean $(SUBDIRS)
\ No newline at end of file