init with documents from eunomia-bpf

2026-02-12 06:35:16 +08:00 · 2022-12-02 19:18:03 +08:00
parent 1179ec171e
commit 81d749a9cc
85 changed files with 11876 additions and 0 deletions
--- a/1-helloworld/.gitignore
+++ b/1-helloworld/.gitignore
@@ -0,0 +1,6 @@
+.vscode
+package.json
+*.o
+*.skel.json
+*.skel.yaml
+package.yaml
--- a/1-helloworld/README.md
+++ b/1-helloworld/README.md
@@ -0,0 +1,57 @@
+---
+layout: post
+title: minimal
+date: 2022-10-10 16:18
+category: bpftools
+author: yunwei37
+tags: [bpftools, tracepoint, example, syscall]
+summary: a minimal example of a BPF application installs a tracepoint handler which is triggered by write syscall
+---
+
+
+`minimal` is just that – a minimal practical BPF application example. It
+doesn't use or require BPF CO-RE, so should run on quite old kernels. It
+installs a tracepoint handler which is triggered once every second. It uses
+`bpf_printk()` BPF helper to communicate with the world. 
+
+
+```console
+$ sudo ecli  examples/bpftools/minimal/package.json
+Runing eBPF program...
+```
+
+To see it's output,
+read `/sys/kernel/debug/tracing/trace_pipe` file as a root:
+
+```shell
+$ sudo cat /sys/kernel/debug/tracing/trace_pipe
+           <...>-3840345 [010] d... 3220701.101143: bpf_trace_printk: BPF triggered from PID 3840345.
+           <...>-3840345 [010] d... 3220702.101265: bpf_trace_printk: BPF triggered from PID 3840345.
+```
+
+`minimal` is great as a bare-bones experimental playground to quickly try out
+new ideas or BPF features.
+
+## Compile and Run
+
+ 
+
+Compile:
+
+```console
+docker run -it -v `pwd`/:/src/ yunwei37/ebpm:latest
+```
+
+or compile with `ecc`:
+
+```console
+$ ecc minimal.bpf.c
+Compiling bpf object...
+Packing ebpf object and config into package.json...
+```
+
+Run:
+
+```console
+sudo ecli ./package.json
+```
--- a/1-helloworld/minimal.bpf.c
+++ b/1-helloworld/minimal.bpf.c
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */
+#define BPF_NO_GLOBAL_DATA
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+typedef unsigned int u32;
+typedef int pid_t;
+const pid_t pid_filter = 0;
+
+char LICENSE[] SEC("license") = "Dual BSD/GPL";
+
+SEC("tp/syscalls/sys_enter_write")
+int handle_tp(void *ctx)
+{
+	pid_t pid = bpf_get_current_pid_tgid() >> 32;
+	if (pid_filter && pid != pid_filter)
+		return 0;
+	bpf_printk("BPF triggered from PID %d.\n", pid);
+	return 0;
+}