mirror of
https://github.com/eunomia-bpf/bpf-developer-tutorial.git
synced 2026-02-02 17:59:47 +08:00
remove bcc document
This commit is contained in:
yunwei37
@@ -1,501 +0,0 @@
|
||||
# BPF Features by Linux Kernel Version
|
||||
|
||||
## eBPF support
|
||||
|
||||
Kernel version | Commit
|
||||
---------------|-------
|
||||
3.15 | [`bd4cf0ed331a`](https://github.com/torvalds/linux/commit/bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8)
|
||||
|
||||
## JIT compiling
|
||||
|
||||
The list of supported architectures for your kernel can be retrieved with:
|
||||
|
||||
```sh
|
||||
git grep HAVE_EBPF_JIT arch/
|
||||
```
|
||||
|
||||
Feature / Architecture | Kernel version | Commit
|
||||
-----------------------|----------------|-------
|
||||
x86\_64 | 3.16 | [`622582786c9e`](https://github.com/torvalds/linux/commit/622582786c9e041d0bd52bde201787adeab249f8)
|
||||
ARM64 | 3.18 | [`e54bcde3d69d`](https://github.com/torvalds/linux/commit/e54bcde3d69d40023ae77727213d14f920eb264a)
|
||||
s390 | 4.1 | [`054623105728`](https://github.com/torvalds/linux/commit/054623105728b06852f077299e2bf1bf3d5f2b0b)
|
||||
Constant blinding for JIT machines | 4.7 | [`4f3446bb809f`](https://github.com/torvalds/linux/commit/4f3446bb809f20ad56cadf712e6006815ae7a8f9)
|
||||
PowerPC64 | 4.8 | [`156d0e290e96`](https://github.com/torvalds/linux/commit/156d0e290e969caba25f1851c52417c14d141b24)
|
||||
Constant blinding - PowerPC64 | 4.9 | [`b7b7013cac55`](https://github.com/torvalds/linux/commit/b7b7013cac55d794940bd9cb7b7c55c9dececac4)
|
||||
Sparc64 | 4.12 | [`7a12b5031c6b`](https://github.com/torvalds/linux/commit/7a12b5031c6b947cc13918237ae652b536243b76)
|
||||
MIPS | 4.13 | [`f381bf6d82f0`](https://github.com/torvalds/linux/commit/f381bf6d82f032b7410185b35d000ea370ac706b)
|
||||
ARM32 | 4.14 | [`39c13c204bb1`](https://github.com/torvalds/linux/commit/39c13c204bb1150d401e27d41a9d8b332be47c49)
|
||||
x86\_32 | 4.18 | [`03f5781be2c7`](https://github.com/torvalds/linux/commit/03f5781be2c7b7e728d724ac70ba10799cc710d7)
|
||||
RISC-V RV64G | 5.1 | [`2353ecc6f91f`](https://github.com/torvalds/linux/commit/2353ecc6f91fd15b893fa01bf85a1c7a823ee4f2)RISC-V RV32G | 5.7 | [`5f316b65e99f`](https://github.com/torvalds/linux/commit/5f316b65e99f109942c556dc8790abd4c75bcb34)
|
||||
PowerPC32 | 5.13 | [`51c66ad849a7`](https://github.com/torvalds/linux/commit/51c66ad849a703d9bbfd7704c941827aed0fd9fd)
|
||||
LoongArch | 6.1 | [`5dc615520c4d`](https://github.com/torvalds/linux/commit/5dc615520c4dfb358245680f1904bad61116648e)
|
||||
|
||||
## Main features
|
||||
|
||||
Several (but not all) of these *main features* translate to an eBPF program type.
|
||||
The list of such program types supported in your kernel can be found in file
|
||||
[`include/uapi/linux/bpf.h`](https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h):
|
||||
|
||||
```sh
|
||||
git grep -W 'bpf_prog_type {' include/uapi/linux/bpf.h
|
||||
```
|
||||
|
||||
Feature | Kernel version | Commit
|
||||
--------|----------------|-------
|
||||
`AF_PACKET` (libpcap/tcpdump, `cls_bpf` classifier, netfilter's `xt_bpf`, team driver's load-balancing mode…) | 3.15 | [`bd4cf0ed331a`](https://github.com/torvalds/linux/commit/bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8)
|
||||
Kernel helpers | 3.15 | [`bd4cf0ed331a`](https://github.com/torvalds/linux/commit/bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8)
|
||||
`bpf()` syscall | 3.18 | [`99c55f7d47c0`](https://github.com/torvalds/linux/commit/99c55f7d47c0dc6fc64729f37bf435abf43f4c60)
|
||||
Maps (*a.k.a.* Tables; details below) | 3.18 | [`99c55f7d47c0`](https://github.com/torvalds/linux/commit/99c55f7d47c0dc6fc64729f37bf435abf43f4c60)
|
||||
BPF attached to sockets | 3.19 | [`89aa075832b0`](https://github.com/torvalds/linux/commit/89aa075832b0da4402acebd698d0411dcc82d03e)
|
||||
BPF attached to `kprobes` | 4.1 | [`2541517c32be`](https://github.com/torvalds/linux/commit/2541517c32be2531e0da59dfd7efc1ce844644f5)
|
||||
`cls_bpf` / `act_bpf` for `tc` | 4.1 | [`e2e9b6541dd4`](https://github.com/torvalds/linux/commit/e2e9b6541dd4b31848079da80fe2253daaafb549)
|
||||
Tail calls | 4.2 | [`04fd61ab36ec`](https://github.com/torvalds/linux/commit/04fd61ab36ec065e194ab5e74ae34a5240d992bb)Non-root programs on sockets | 4.4 | [`1be7f75d1668`](https://github.com/torvalds/linux/commit/1be7f75d1668d6296b80bf35dcf6762393530afc)
|
||||
Persistent maps and programs (virtual FS) | 4.4 | [`b2197755b263`](https://github.com/torvalds/linux/commit/b2197755b2633e164a439682fb05a9b5ea48f706)
|
||||
`tc`'s `direct-action` (`da`) mode | 4.4 | [`045efa82ff56`](https://github.com/torvalds/linux/commit/045efa82ff563cd4e656ca1c2e354fa5bf6bbda4)
|
||||
`tc`'s `clsact` qdisc | 4.5 | [`1f211a1b929c`](https://github.com/torvalds/linux/commit/1f211a1b929c804100e138c5d3d656992cfd5622)
|
||||
BPF attached to tracepoints | 4.7 | [`98b5c2c65c29`](https://github.com/torvalds/linux/commit/98b5c2c65c2951772a8fc661f50d675e450e8bce)
|
||||
Direct packet access | 4.7 | [`969bf05eb3ce`](https://github.com/torvalds/linux/commit/969bf05eb3cedd5a8d4b7c346a85c2ede87a6d6d)
|
||||
XDP (see below) | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95)
|
||||
BPF attached to perf events | 4.9 | [`0515e5999a46`](https://github.com/torvalds/linux/commit/0515e5999a466dfe6e1924f460da599bb6821487)
|
||||
Hardware offload for `tc`'s `cls_bpf` | 4.9 | [`332ae8e2f6ec`](https://github.com/torvalds/linux/commit/332ae8e2f6ecda5e50c5c62ed62894963e3a83f5)
|
||||
Verifier exposure and internal hooks | 4.9 | [`13a27dfc6697`](https://github.com/torvalds/linux/commit/13a27dfc669724564aafa2699976ee756029fed2)
|
||||
BPF attached to cgroups for socket filtering | 4.10 | [`0e33661de493`](https://github.com/torvalds/linux/commit/0e33661de493db325435d565a4a722120ae4cbf3)
|
||||
Lightweight tunnel encapsulation | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2)
|
||||
**e**BPF support for `xt_bpf` module (iptables) | 4.10 | [`2c16d6033264`](https://github.com/torvalds/linux/commit/2c16d60332643e90d4fa244f4a706c454b8c7569)
|
||||
BPF program tag | 4.10 | [`7bd509e311f4`](https://github.com/torvalds/linux/commit/7bd509e311f408f7a5132fcdde2069af65fa05ae)Tracepoints to debug BPF | 4.11 (removed in 4.18) | [`a67edbf4fb6d`](https://github.com/torvalds/linux/commit/a67edbf4fb6deadcfe57a04a134abed4a5ba3bb5) [`4d220ed0f814`](https://github.com/torvalds/linux/commit/4d220ed0f8140c478ab7b0a14d96821da639b646)
|
||||
Testing / benchmarking BPF programs | 4.12 | [`1cf1cae963c2`](https://github.com/torvalds/linux/commit/1cf1cae963c2e6032aebe1637e995bc2f5d330f4)
|
||||
BPF programs and maps IDs | 4.13 | [`dc4bb0e23561`](https://github.com/torvalds/linux/commit/dc4bb0e2356149aee4cdae061936f3bbdd45595c)
|
||||
BPF support for `sock_ops` | 4.13 | [`40304b2a1567`](https://github.com/torvalds/linux/commit/40304b2a1567fecc321f640ee4239556dd0f3ee0)
|
||||
BPF support for skbs on sockets | 4.14 | [`b005fd189cec`](https://github.com/torvalds/linux/commit/b005fd189cec9407b700599e1e80e0552446ee79)
|
||||
bpftool utility in kernel sources | 4.15 | [`71bb428fe2c1`](https://github.com/torvalds/linux/commit/71bb428fe2c19512ac671d5ee16ef3e73e1b49a8)
|
||||
BPF attached to cgroups as device controller | 4.15 | [`ebc614f68736`](https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92)
|
||||
bpf2bpf function calls | 4.16 | [`cc8b0b92a169`](https://github.com/torvalds/linux/commit/cc8b0b92a1699bc32f7fec71daa2bfc90de43a4d)
|
||||
BPF used for monitoring socket RX/TX data | 4.17 | [`4f738adba30a`](https://github.com/torvalds/linux/commit/4f738adba30a7cfc006f605707e7aee847ffefa0)
|
||||
BPF attached to raw tracepoints | 4.17 | [`c4f6699dfcb8`](https://github.com/torvalds/linux/commit/c4f6699dfcb8558d138fe838f741b2c10f416cf9)
|
||||
BPF attached to `bind()` system call | 4.17 | [`4fbac77d2d09`](https://github.com/torvalds/linux/commit/4fbac77d2d092b475dda9eea66da674369665427) [`aac3fc320d94`](https://github.com/torvalds/linux/commit/aac3fc320d9404f2665a8b1249dc3170d5fa3caf)
|
||||
BPF attached to `connect()` system call | 4.17 | [`d74bad4e74ee`](https://github.com/torvalds/linux/commit/d74bad4e74ee373787a9ae24197c17b7cdc428d5)BPF Type Format (BTF) | 4.18 | [`69b693f0aefa`](https://github.com/torvalds/linux/commit/69b693f0aefa0ed521e8bd02260523b5ae446ad7)
|
||||
AF_XDP | 4.18 | [`fbfc504a24f5`](https://github.com/torvalds/linux/commit/fbfc504a24f53f7ebe128ab55cb5dba634f4ece8)
|
||||
bpfilter | 4.18 | [`d2ba09c17a06`](https://github.com/torvalds/linux/commit/d2ba09c17a0647f899d6c20a11bab9e6d3382f07)
|
||||
End.BPF action for seg6local LWT | 4.18 | [`004d4b274e2a`](https://github.com/torvalds/linux/commit/004d4b274e2a1a895a0e5dc66158b90a7d463d44)
|
||||
BPF attached to LIRC devices | 4.18 | [`f4364dcfc86d`](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936)
|
||||
Pass map values to map helpers | 4.18 | [`d71962f3e627`](https://github.com/torvalds/linux/commit/d71962f3e627b5941804036755c844fabfb65ff5)
|
||||
BPF socket reuseport | 4.19 | [`2dbb9b9e6df6`](https://github.com/torvalds/linux/commit/2dbb9b9e6df67d444fbe425c7f6014858d337adf)
|
||||
BPF flow dissector | 4.20 | [`d58e468b1112`](https://github.com/torvalds/linux/commit/d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9)
|
||||
BPF 1M insn limit | 5.2 | [`c04c0d2b968a`](https://github.com/torvalds/linux/commit/c04c0d2b968ac45d6ef020316808ef6c82325a82)
|
||||
BPF cgroup sysctl | 5.2 | [`7b146cebe30c`](https://github.com/torvalds/linux/commit/7b146cebe30cb481b0f70d85779da938da818637)
|
||||
BPF raw tracepoint writable | 5.2 | [`9df1c28bb752`](https://github.com/torvalds/linux/commit/9df1c28bb75217b244257152ab7d788bb2a386d0)
|
||||
BPF bounded loop | 5.3 | [`2589726d12a1`](https://github.com/torvalds/linux/commit/2589726d12a1b12eaaa93c7f1ea64287e383c7a5)
|
||||
BPF trampoline | 5.5 | [`fec56f5890d9`](https://github.com/torvalds/linux/commit/fec56f5890d93fc2ed74166c397dc186b1c25951)
|
||||
BPF LSM hook | 5.7 | [`fc611f47f218`](https://github.com/torvalds/linux/commit/fc611f47f2188ade2b48ff6902d5cce8baac0c58) [`641cd7b06c91`](https://github.com/torvalds/linux/commit/641cd7b06c911c5935c34f24850ea18690649917)
|
||||
BPF iterator | 5.8 | [`180139dca8b3`](https://github.com/torvalds/linux/commit/180139dca8b38c858027b8360ee10064fdb2fbf7)BPF socket lookup hook | 5.9 | [`e9ddbb7707ff`](https://github.com/torvalds/linux/commit/e9ddbb7707ff5891616240026062b8c1e29864ca)
|
||||
Sleepable BPF programs | 5.10 | [`1e6c62a88215`](https://github.com/torvalds/linux/commit/1e6c62a8821557720a9b2ea9617359b264f2f67c)
|
||||
|
||||
### Program types
|
||||
|
||||
Program type | Kernel version | Commit | Enum
|
||||
-------------|----------------|--------|-----
|
||||
Socket filter | 3.19 | [`ddd872bc3098`](https://github.com/torvalds/linux/commit/ddd872bc3098f9d9abe1680a6b2013e59e3337f7) | BPF_PROG_TYPE_SOCKET_FILTER
|
||||
Kprobe | 4.1 | [`2541517c32be`](https://github.com/torvalds/linux/commit/2541517c32be2531e0da59dfd7efc1ce844644f5) | BPF_PROG_TYPE_KPROBE
|
||||
traffic control (TC) | 4.1 | [`96be4325f443`](https://github.com/torvalds/linux/commit/96be4325f443dbbfeb37d2a157675ac0736531a1) | BPF_PROG_TYPE_SCHED_CLS
|
||||
traffic control (TC) | 4.1 | [`94caee8c312d`](https://github.com/torvalds/linux/commit/94caee8c312d96522bcdae88791aaa9ebcd5f22c) | BPF_PROG_TYPE_SCHED_ACT
|
||||
Tracepoint | 4.7 | [`98b5c2c65c29`](https://github.com/torvalds/linux/commit/98b5c2c65c2951772a8fc661f50d675e450e8bce) | BPF_PROG_TYPE_TRACEPOINT
|
||||
XDP | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95) | BPF_PROG_TYPE_XDP
|
||||
Perf event | 4.9 | [`0515e5999a46`](https://github.com/torvalds/linux/commit/0515e5999a466dfe6e1924f460da599bb6821487) | BPF_PROG_TYPE_PERF_EVENT
|
||||
cgroup socket filtering | 4.10 | [`0e33661de493`](https://github.com/torvalds/linux/commit/0e33661de493db325435d565a4a722120ae4cbf3) | BPF_PROG_TYPE_CGROUP_SKB
|
||||
cgroup sock modification | 4.10 | [`610236587600`](https://github.com/torvalds/linux/commit/61023658760032e97869b07d54be9681d2529e77) | BPF_PROG_TYPE_CGROUP_SOCK
|
||||
lightweight tunnel (IN) | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2) | BPF_PROG_TYPE_LWT_IN".lightweight tunnel (OUT) | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2) | BPF_PROG_TYPE_LWT_OUT
|
||||
lightweight tunnel (XMIT) | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2) | BPF_PROG_TYPE_LWT_XMIT
|
||||
cgroup sock ops (per conn) | 4.13 | [`40304b2a1567`](https://github.com/torvalds/linux/commit/40304b2a1567fecc321f640ee4239556dd0f3ee0) | BPF_PROG_TYPE_SOCK_OPS
|
||||
stream parser / stream verdict | 4.14 | [`b005fd189cec`](https://github.com/torvalds/linux/commit/b005fd189cec9407b700599e1e80e0552446ee79) | BPF_PROG_TYPE_SK_SKB
|
||||
cgroup device manager | 4.15 | [`ebc614f68736`](https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92) | BPF_PROG_TYPE_CGROUP_DEVICE
|
||||
socket msg verdict | 4.17 | [`4f738adba30a`](https://github.com/torvalds/linux/commit/4f738adba30a7cfc006f605707e7aee847ffefa0) | BPF_PROG_TYPE_SK_MSG
|
||||
Raw tracepoint | 4.17 | [`c4f6699dfcb8`](https://github.com/torvalds/linux/commit/c4f6699dfcb8558d138fe838f741b2c10f416cf9) | BPF_PROG_TYPE_RAW_TRACEPOINT
|
||||
socket binding | 4.17 | [`4fbac77d2d09`](https://github.com/torvalds/linux/commit/4fbac77d2d092b475dda9eea66da674369665427) | BPF_PROG_TYPE_CGROUP_SOCK_ADDR
|
||||
LWT seg6local | 4.18 | [`004d4b274e2a`](https://github.com/torvalds/linux/commit/004d4b274e2a1a895a0e5dc66158b90a7d463d44) | BPF_PROG_TYPE_LWT_SEG6LOCAL
|
||||
lirc devices | 4.18 | [`f4364dcfc86d`](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936) | BPF_PROG_TYPE_LIRC_MODE2
|
||||
lookup SO_REUSEPORT socket | 4.19 | [`2dbb9b9e6df6`](https://github.com/torvalds/linux/commit/2dbb9b9e6df67d444fbe425c7f6014858d337adf) | BPF_PROG_TYPE_SK_REUSEPORT
|
||||
flow dissector | 4.20 | [`d58e468b1112`](https://github.com/torvalds/linux/commit/d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9) | BPF_PROG_TYPE_FLOW_DISSECTOR.```markdown
|
||||
cgroup sysctl | 5.2 | [`7b146cebe30c`](https://github.com/torvalds/linux/commit/7b146cebe30cb481b0f70d85779da938da818637) | BPF_PROG_TYPE_CGROUP_SYSCTL
|
||||
writable raw tracepoints | 5.2 | [`9df1c28bb752`](https://github.com/torvalds/linux/commit/9df1c28bb75217b244257152ab7d788bb2a386d0) | BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE
|
||||
cgroup getsockopt/setsockopt | 5.3 | [`0d01da6afc54`](https://github.com/torvalds/linux/commit/0d01da6afc5402f60325c5da31b22f7d56689b49) | BPF_PROG_TYPE_CGROUP_SOCKOPT
|
||||
Tracing (BTF/BPF trampoline) | 5.5 | [`f1b9509c2fb0`](https://github.com/torvalds/linux/commit/f1b9509c2fb0ef4db8d22dac9aef8e856a5d81f6) | BPF_PROG_TYPE_TRACING
|
||||
struct ops | 5.6 | [`27ae7997a661`](https://github.com/torvalds/linux/commit/27ae7997a66174cb8afd6a75b3989f5e0c1b9e5a) | BPF_PROG_TYPE_STRUCT_OPS
|
||||
extensions | 5.6 | [`be8704ff07d2`](https://github.com/torvalds/linux/commit/be8704ff07d2374bcc5c675526f95e70c6459683) | BPF_PROG_TYPE_EXT
|
||||
LSM | 5.7 | [`fc611f47f218`](https://github.com/torvalds/linux/commit/fc611f47f2188ade2b48ff6902d5cce8baac0c58) | BPF_PROG_TYPE_LSM
|
||||
lookup listening socket | 5.9 | [`e9ddbb7707ff`](https://github.com/torvalds/linux/commit/e9ddbb7707ff5891616240026062b8c1e29864ca) | BPF_PROG_TYPE_SK_LOOKUP
|
||||
Allow executing syscalls | 5.15 | [`79a7f8bdb159`](https://github.com/torvalds/linux/commit/79a7f8bdb159d9914b58740f3d31d602a6e4aca8) | BPF_PROG_TYPE_SYSCALL
|
||||
|
||||
## Maps (*a.k.a.* Tables, in BCC lingo)
|
||||
|
||||
### Map types
|
||||
|
||||
The list of map types supported in your kernel can be found in file
|
||||
[`include/uapi/linux/bpf.h`](https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h):
|
||||
|
||||
```sh
|
||||
git grep -W 'bpf_map_type {' include/uapi/linux/bpf.h
|
||||
```
|
||||
|
||||
Map type | Kernel version | Commit | Enum
|
||||
----------|----------------|--------|------
|
||||
Hash | 3.19 | [`0f8e4bd8a1fc`](https://github.com/torvalds/linux/commit/0f8e4bd8a1fc8c4185f1630061d0a1f2d197a475) | BPF_MAP_TYPE_HASH".
|
||||
```Array | 3.19 | [`28fbcfa08d8e`](https://github.com/torvalds/linux/commit/28fbcfa08d8ed7c5a50d41a0433aad222835e8e3) | BPF_MAP_TYPE_ARRAY
|
||||
Prog array | 4.2 | [`04fd61ab36ec`](https://github.com/torvalds/linux/commit/04fd61ab36ec065e194ab5e74ae34a5240d992bb) | BPF_MAP_TYPE_PROG_ARRAY
|
||||
Perf events | 4.3 | [`ea317b267e9d`](https://github.com/torvalds/linux/commit/ea317b267e9d03a8241893aa176fba7661d07579) | BPF_MAP_TYPE_PERF_EVENT_ARRAY
|
||||
Per-CPU hash | 4.6 | [`824bd0ce6c7c`](https://github.com/torvalds/linux/commit/824bd0ce6c7c43a9e1e210abf124958e54d88342) | BPF_MAP_TYPE_PERCPU_HASH
|
||||
Per-CPU array | 4.6 | [`a10423b87a7e`](https://github.com/torvalds/linux/commit/a10423b87a7eae75da79ce80a8d9475047a674ee) | BPF_MAP_TYPE_PERCPU_ARRAY
|
||||
Stack trace | 4.6 | [`d5a3b1f69186`](https://github.com/torvalds/linux/commit/d5a3b1f691865be576c2bffa708549b8cdccda19) | BPF_MAP_TYPE_STACK_TRACE
|
||||
cgroup array | 4.8 | [`4ed8ec521ed5`](https://github.com/torvalds/linux/commit/4ed8ec521ed57c4e207ad464ca0388776de74d4b) | BPF_MAP_TYPE_CGROUP_ARRAY
|
||||
LRU hash | 4.10 | [`29ba732acbee`](https://github.com/torvalds/linux/commit/29ba732acbeece1e34c68483d1ec1f3720fa1bb3) [`3a08c2fd7634`](https://github.com/torvalds/linux/commit/3a08c2fd763450a927d1130de078d6f9e74944fb) | BPF_MAP_TYPE_LRU_HASH
|
||||
LRU per-CPU hash | 4.10 | [`8f8449384ec3`](https://github.com/torvalds/linux/commit/8f8449384ec364ba2a654f11f94e754e4ff719e0) [`961578b63474`](https://github.com/torvalds/linux/commit/961578b63474d13ad0e2f615fcc2901c5197dda6) | BPF_MAP_TYPE_LRU_PERCPU_HASH
|
||||
LPM trie (longest-prefix match) | 4.11 | [`b95a5c4db09b`](https://github.com/torvalds/linux/commit/b95a5c4db09bc7c253636cb84dc9b12c577fd5a0) | BPF_MAP_TYPE_LPM_TRIE
|
||||
Array of maps | 4.12 | [`56f668dfe00d`](https://github.com/torvalds/linux/commit/56f668dfe00dcf086734f1c42ea999398fad6572) | BPF_MAP_TYPE_ARRAY_OF_MAPSHash of maps | 4.12 | [bcc6b1b7ebf8](https://github.com/torvalds/linux/commit/bcc6b1b7ebf857a9fe56202e2be3361131588c15) | BPF_MAP_TYPE_HASH_OF_MAPS
|
||||
Netdevice references (array) | 4.14 | [546ac1ffb70d](https://github.com/torvalds/linux/commit/546ac1ffb70d25b56c1126940e5ec639c4dd7413) | BPF_MAP_TYPE_DEVMAP
|
||||
Socket references (array) | 4.14 | [174a79ff9515](https://github.com/torvalds/linux/commit/174a79ff9515f400b9a6115643dafd62a635b7e6) | BPF_MAP_TYPE_SOCKMAP
|
||||
CPU references | 4.15 | [6710e1126934](https://github.com/torvalds/linux/commit/6710e1126934d8b4372b4d2f9ae1646cd3f151bf) | BPF_MAP_TYPE_CPUMAP
|
||||
AF_XDP socket (XSK) references | 4.18 | [fbfc504a24f5](https://github.com/torvalds/linux/commit/fbfc504a24f53f7ebe128ab55cb5dba634f4ece8) | BPF_MAP_TYPE_XSKMAP
|
||||
Socket references (hashmap) | 4.18 | [81110384441a](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4) | BPF_MAP_TYPE_SOCKHASH
|
||||
cgroup storage | 4.19 | [de9cbbaadba5](https://github.com/torvalds/linux/commit/de9cbbaadba5adf88a19e46df61f7054000838f6) | BPF_MAP_TYPE_CGROUP_STORAGE
|
||||
reuseport sockarray | 4.19 | [5dc4c4b7d4e8](https://github.com/torvalds/linux/commit/5dc4c4b7d4e8115e7cde96a030f98cb3ab2e458c) | BPF_MAP_TYPE_REUSEPORT_SOCKARRAY
|
||||
precpu cgroup storage | 4.20 | [b741f1630346](https://github.com/torvalds/linux/commit/b741f1630346defcbc8cc60f1a2bdae8b3b0036f) | BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE
|
||||
queue | 4.20 | [f1a2e44a3aec](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92) | BPF_MAP_TYPE_QUEUE
|
||||
stack | 4.20 | [f1a2e44a3aec](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92) | BPF_MAP_TYPE_STACK
|
||||
socket local storage | 5.2 | [6ac99e8f23d4](https://github.com/torvalds/linux/commit/6ac99e8f23d4b10258406ca0dd7bffca5f31da9d) | BPF_MAP_TYPE_SK_STORAGE".Netdevice references (hashmap) | 5.4 | [`6f9d451ab1a3`](https://github.com/torvalds/linux/commit/6f9d451ab1a33728adb72d7ff66a7b374d665176) | BPF_MAP_TYPE_DEVMAP_HASH
|
||||
struct ops | 5.6 | [`85d33df357b6`](https://github.com/torvalds/linux/commit/85d33df357b634649ddbe0a20fd2d0fc5732c3cb) | BPF_MAP_TYPE_STRUCT_OPS
|
||||
ring buffer | 5.8 | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab) | BPF_MAP_TYPE_RINGBUF
|
||||
inode storage | 5.10 | [`8ea636848aca`](https://github.com/torvalds/linux/commit/8ea636848aca35b9f97c5b5dee30225cf2dd0fe6) | BPF_MAP_TYPE_INODE_STORAGE
|
||||
task storage | 5.11 | [`4cf1bc1f1045`](https://github.com/torvalds/linux/commit/4cf1bc1f10452065a29d576fc5693fc4fab5b919) | BPF_MAP_TYPE_TASK_STORAGE
|
||||
Bloom filter | 5.16 | [`9330986c0300`](https://github.com/torvalds/linux/commit/9330986c03006ab1d33d243b7cfe598a7a3c1baa) | BPF_MAP_TYPE_BLOOM_FILTER
|
||||
user ringbuf | 6.1 | [`583c1f420173`](https://github.com/torvalds/linux/commit/583c1f420173f7d84413a1a1fbf5109d798b4faa) | BPF_MAP_TYPE_USER_RINGBUF
|
||||
|
||||
### Map userspace API
|
||||
|
||||
Some (but not all) of these *API features* translate to a subcommand beginning with `BPF_MAP_`.
|
||||
The list of subcommands supported in your kernel can be found in file
|
||||
[`include/uapi/linux/bpf.h`](https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h):
|
||||
|
||||
```sh
|
||||
git grep -W 'bpf_cmd {' include/uapi/linux/bpf.h
|
||||
```
|
||||
|
||||
Feature | Kernel version | Commit
|
||||
--------|----------------|-------
|
||||
Basic operations (lookup, update, delete, `GET_NEXT_KEY`) | 3.18 | [`db20fd2b0108`](https://github.com/torvalds/linux/commit/db20fd2b01087bdfbe30bce314a198eefedcc42e)
|
||||
Pass flags to `UPDATE_ELEM` | 3.19 | [`3274f52073d8`](https://github.com/torvalds/linux/commit/3274f52073d88b62f3c5ace82ae9d48546232e72)
|
||||
Pre-alloc map memory by default | 4.6 | [`6c9059817432`](https://github.com/torvalds/linux/commit/6c90598174322b8888029e40dd84a4eb01f56afe)Pass `NULL` to `GET_NEXT_KEY` | 4.12 | [`8fe45924387b`](https://github.com/torvalds/linux/commit/8fe45924387be6b5c1be59a7eb330790c61d5d10)
|
||||
Creation: select NUMA node | 4.14 | [`96eabe7a40aa`](https://github.com/torvalds/linux/commit/96eabe7a40aa17e613cf3db2c742ee8b1fc764d0)
|
||||
Restrict access from syscall side | 4.15 | [`6e71b04a8224`](https://github.com/torvalds/linux/commit/6e71b04a82248ccf13a94b85cbc674a9fefe53f5)
|
||||
Creation: specify map name | 4.15 | [`ad5b177bd73f`](https://github.com/torvalds/linux/commit/ad5b177bd73f5107d97c36f56395c4281fb6f089)
|
||||
`LOOKUP_AND_DELETE_ELEM` | 4.20 | [`bd513cd08f10`](https://github.com/torvalds/linux/commit/bd513cd08f10cbe28856f99ae951e86e86803861)
|
||||
Creation: `BPF_F_ZERO_SEED` | 5.0 | [`96b3b6c9091d`](https://github.com/torvalds/linux/commit/96b3b6c9091d23289721350e32c63cc8749686be)
|
||||
`BPF_F_LOCK` flag for lookup / update | 5.1 | [`96049f3afd50`](https://github.com/torvalds/linux/commit/96049f3afd50fe8db69fa0068cdca822e747b1e4)
|
||||
Restrict access from BPF side | 5.2 | [`591fe9888d78`](https://github.com/torvalds/linux/commit/591fe9888d7809d9ee5c828020b6c6ae27c37229)
|
||||
`FREEZE` | 5.2 | [`87df15de441b`](https://github.com/torvalds/linux/commit/87df15de441bd4add7876ef584da8cabdd9a042a)
|
||||
mmap() support for array maps | 5.5 | [`fc9702273e2e`](https://github.com/torvalds/linux/commit/fc9702273e2edb90400a34b3be76f7b08fa3344b)
|
||||
`LOOKUP_BATCH` | 5.6 | [`cb4d03ab499d`](https://github.com/torvalds/linux/commit/cb4d03ab499d4c040f4ab6fd4389d2b49f42b5a5)
|
||||
`UPDATE_BATCH`, `DELETE_BATCH` | 5.6 | [`aa2e93b8e58e`](https://github.com/torvalds/linux/commit/aa2e93b8e58e18442edfb2427446732415bc215e)
|
||||
`LOOKUP_AND_DELETE_BATCH` | 5.6 | [`057996380a42`](https://github.com/torvalds/linux/commit/057996380a42bb64ccc04383cfa9c0ace4ea11f0)
|
||||
`LOOKUP_AND_DELETE_ELEM` support for hash maps | 5.14 | [`3e87f192b405`](https://github.com/torvalds/linux/commit/3e87f192b405960c0fe83e0925bd0dadf4f8cf43)
|
||||
|
||||
## XDP
|
||||
|
||||
An approximate list of drivers or components supporting XDP programs for your
|
||||
kernel can be retrieved with:
|
||||
|
||||
```sh
|
||||
git grep -l XDP_SETUP_PROG drivers/
|
||||
```
|
||||
|
||||
Feature / Driver | Kernel version | Commit
|
||||
-----------------|----------------|-------
|
||||
XDP core architecture | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95)
|
||||
Action: drop | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95)
|
||||
Action: pass on to stack | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95)
|
||||
Action: direct forwarding (on same port) | 4.8 | [`6ce96ca348a9`](https://github.com/torvalds/linux/commit/6ce96ca348a9e949f8c43f4d3e98db367d93cffd)
|
||||
Direct packet data write | 4.8 | [`4acf6c0b84c9`](https://github.com/torvalds/linux/commit/4acf6c0b84c91243c705303cd9ff16421914150d)
|
||||
Mellanox `mlx4` driver | 4.8 | [`47a38e155037`](https://github.com/torvalds/linux/commit/47a38e155037f417c5740e24ccae6482aedf4b68)
|
||||
Mellanox `mlx5` driver | 4.9 | [`86994156c736`](https://github.com/torvalds/linux/commit/86994156c736978d113e7927455d4eeeb2128b9f)
|
||||
Netronome `nfp` driver | 4.10 | [`ecd63a0217d5`](https://github.com/torvalds/linux/commit/ecd63a0217d5f1e8a92f7516f5586d1177b95de2)
|
||||
QLogic (Cavium) `qed*` drivers | 4.10 | [`496e05170958`](https://github.com/torvalds/linux/commit/496e051709588f832d7a6a420f44f8642b308a87)
|
||||
`virtio_net` driver | 4.10 | [`f600b6905015`](https://github.com/torvalds/linux/commit/f600b690501550b94e83e07295d9c8b9c4c39f4e)
|
||||
Broadcom `bnxt_en` driver | 4.11 | [`c6d30e8391b8`](https://github.com/torvalds/linux/commit/c6d30e8391b85e00eb544e6cf047ee0160ee9938)
|
||||
Intel `ixgbe*` drivers | 4.12 | [`924708081629`](https://github.com/torvalds/linux/commit/9247080816297de4e31abb684939c0e53e3a8a67)
|
||||
Cavium `thunderx` driver | 4.12 | [`05c773f52b96`](https://github.com/torvalds/linux/commit/05c773f52b96ef3fbc7d9bfa21caadc6247ef7a8)
|
||||
Generic XDP | 4.12 | [`b5cdae3291f7`](https://github.com/torvalds/linux/commit/b5cdae3291f7be7a34e75affe4c0ec1f7f328b64)".# Helpers
|
||||
|
||||
The list of helpers supported in your kernel can be found in file."[`include/uapi/linux/bpf.h`](https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h):
|
||||
|
||||
```sh
|
||||
git grep ' FN(' include/uapi/linux/bpf.h
|
||||
```
|
||||
|
||||
Alphabetical order
|
||||
|
||||
Helper | Kernel version | License | Commit |
|
||||
-------|----------------|---------|--------|
|
||||
`BPF_FUNC_bind()` | 4.17 | | [`d74bad4e74ee`](https://github.com/torvalds/linux/commit/d74bad4e74ee373787a9ae24197c17b7cdc428d5) |
|
||||
`BPF_FUNC_bprm_opts_set()` | 5.11 | | [`3f6719c7b62f`](https://github.com/torvalds/linux/commit/3f6719c7b62f0327c9091e26d0da10e65668229e)
|
||||
`BPF_FUNC_btf_find_by_name_kind()` | 5.14 | | [`3d78417b60fb`](https://github.com/torvalds/linux/commit/3d78417b60fba249cc555468cb72d96f5cde2964)
|
||||
`BPF_FUNC_cgrp_storage_delete()` | 6.2 | | [`c4bcfb38a95e`](https://github.com/torvalds/linux/commit/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4)
|
||||
`BPF_FUNC_cgrp_storage_get()` | 6.2 | | [`c4bcfb38a95e`](https://github.com/torvalds/linux/commit/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4)
|
||||
`BPF_FUNC_check_mtu()` | 5.12 | | [`34b2021cc616`](https://github.com/torvalds/linux/commit/34b2021cc61642d61c3cf943d9e71925b827941b)
|
||||
`BPF_FUNC_clone_redirect()` | 4.2 | | [`3896d655f4d4`](https://github.com/torvalds/linux/commit/3896d655f4d491c67d669a15f275a39f713410f8)
|
||||
`BPF_FUNC_copy_from_user()` | 5.10 | | [`07be4c4a3e7a`](https://github.com/torvalds/linux/commit/07be4c4a3e7a0db148e44b16c5190e753d1c8569)
|
||||
`BPF_FUNC_copy_from_user_task()` | 5.18 | GPL | [`376040e47334`](https://github.com/torvalds/linux/commit/376040e47334c6dc6a939a32197acceb00fe4acf)
|
||||
`BPF_FUNC_csum_diff()` | 4.6 | | [`7d672345ed29`](https://github.com/torvalds/linux/commit/7d672345ed295b1356a5d9f7111da1d1d7d65867)
|
||||
`BPF_FUNC_csum_level()` | 5.7 | | [`7cdec54f9713`](https://github.com/torvalds/linux/commit/7cdec54f9713256bb170873a1fc5c75c9127c9d2)
|
||||
`BPF_FUNC_csum_update()` | 4.9 | | [`36bbef52c7eb`](https://github.com/torvalds/linux/commit/36bbef52c7eb646ed6247055a2acd3851e317857)".
|
||||
|
||||
Helper | Kernel version | License | Commit |
|
||||
-------|----------------|---------|--------|
|
||||
`BPF_FUNC_bind()` | 4.17 | | [`d74bad4e74ee`](https://github.com/torvalds/linux/commit/d74bad4e74ee373787a9ae24197c17b7cdc428d5) |
|
||||
`BPF_FUNC_bprm_opts_set()` | 5.11 | | [`3f6719c7b62f`](https://github.com/torvalds/linux/commit/3f6719c7b62f0327c9091e26d0da10e65668229e)
|
||||
`BPF_FUNC_btf_find_by_name_kind()` | 5.14 | | [`3d78417b60fb`](https://github.com/torvalds/linux/commit/3d78417b60fba249cc555468cb72d96f5cde2964)
|
||||
`BPF_FUNC_cgrp_storage_delete()` | 6.2 | | [`c4bcfb38a95e`](https://github.com/torvalds/linux/commit/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4)
|
||||
`BPF_FUNC_cgrp_storage_get()` | 6.2 | | [`c4bcfb38a95e`](https://github.com/torvalds/linux/commit/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4)
|
||||
`BPF_FUNC_check_mtu()` | 5.12 | | [`34b2021cc616`](https://github.com/torvalds/linux/commit/34b2021cc61642d61c3cf943d9e71925b827941b)
|
||||
`BPF_FUNC_clone_redirect()` | 4.2 | | [`3896d655f4d4`](https://github.com/torvalds/linux/commit/3896d655f4d491c67d669a15f275a39f713410f8)
|
||||
`BPF_FUNC_copy_from_user()` | 5.10 | | [`07be4c4a3e7a`](https://github.com/torvalds/linux/commit/07be4c4a3e7a0db148e44b16c5190e753d1c8569)
|
||||
`BPF_FUNC_copy_from_user_task()` | 5.18 | GPL | [`376040e47334`](https://github.com/torvalds/linux/commit/376040e47334c6dc6a939a32197acceb00fe4acf)
|
||||
`BPF_FUNC_csum_diff()` | 4.6 | | [`7d672345ed29`](https://github.com/torvalds/linux/commit/7d672345ed295b1356a5d9f7111da1d1d7d65867)
|
||||
`BPF_FUNC_csum_level()` | 5.7 | | [`7cdec54f9713`](https://github.com/torvalds/linux/commit/7cdec54f9713256bb170873a1fc5c75c9127c9d2)
|
||||
`BPF_FUNC_csum_update()` | 4.9 | | [`36bbef52c7eb`](https://github.com/torvalds/linux/commit/36bbef52c7eb646ed6247055a2acd3851e317857)".`BPF_FUNC_current_task_under_cgroup()` | 4.9 | | [`60d20f9195b2`](https://github.com/torvalds/linux/commit/60d20f9195b260bdf0ac10c275ae9f6016f9c069)
|
||||
`BPF_FUNC_d_path()` | 5.10 | | [`6e22ab9da793`](https://github.com/torvalds/linux/commit/6e22ab9da79343532cd3cde39df25e5a5478c692)
|
||||
`BPF_FUNC_dynptr_data()` | 5.19 | | [`34d4ef5775f7`](https://github.com/torvalds/linux/commit/34d4ef5775f776ec4b0d53a02d588bf3195cada6)
|
||||
`BPF_FUNC_dynptr_from_mem()` | 5.19 | | [`263ae152e962`](https://github.com/torvalds/linux/commit/263ae152e96253f40c2c276faad8629e096b3bad)
|
||||
`BPF_FUNC_dynptr_read()` | 5.19 | | [`13bbbfbea759`](https://github.com/torvalds/linux/commit/13bbbfbea7598ea9f8d9c3d73bf053bb57f9c4b2)
|
||||
`BPF_FUNC_dynptr_write()` | 5.19 | | [`13bbbfbea759`](https://github.com/torvalds/linux/commit/13bbbfbea7598ea9f8d9c3d73bf053bb57f9c4b2)
|
||||
`BPF_FUNC_fib_lookup()` | 4.18 | GPL | [`87f5fc7e48dd`](https://github.com/torvalds/linux/commit/87f5fc7e48dd3175b30dd03b41564e1a8e136323)
|
||||
`BPF_FUNC_find_vma()` | 5.17 | | [`7c7e3d31e785`](https://github.com/torvalds/linux/commit/7c7e3d31e7856a8260a254f8c71db416f7f9f5a1)
|
||||
`BPF_FUNC_for_each_map_elem()` | 5.13 | | [`69c087ba6225`](https://github.com/torvalds/linux/commit/69c087ba6225b574afb6e505b72cb75242a3d844)
|
||||
`BPF_FUNC_get_attach_cookie()` | 5.15 | | [`7adfc6c9b315`](https://github.com/torvalds/linux/commit/7adfc6c9b315e174cf8743b21b7b691c8766791b)
|
||||
`BPF_FUNC_get_branch_snapshot()` | 5.16 | GPL | [`856c02dbce4f`](https://github.com/torvalds/linux/commit/856c02dbce4f8d6a5644083db22c11750aa11481)
|
||||
`BPF_FUNC_get_current_ancestor_cgroup_id()` | 5.6 | | [`b4490c5c4e02`](https://github.com/torvalds/linux/commit/b4490c5c4e023f09b7d27c9a9d3e7ad7d09ea6bf)
|
||||
`BPF_FUNC_get_cgroup_classid()` | 4.3 | | [`8d20aabe1c76`](https://github.com/torvalds/linux/commit/8d20aabe1c76cccac544d9fcc3ad7823d9e98a2d)
|
||||
`BPF_FUNC_get_current_cgroup_id()` | 4.18 | | [`bf6fa2c893c5`](https://github.com/torvalds/linux/commit/bf6fa2c893c5237b48569a13fa3c673041430b6c)"`BPF_FUNC_get_current_comm()` | 4.2 | | [`ffeedafbf023`](https://github.com/torvalds/linux/commit/ffeedafbf0236f03aeb2e8db273b3e5ae5f5bc89)
|
||||
`BPF_FUNC_get_current_pid_tgid()` | 4.2 | | [`ffeedafbf023`](https://github.com/torvalds/linux/commit/ffeedafbf0236f03aeb2e8db273b3e5ae5f5bc89)
|
||||
`BPF_FUNC_get_current_task()` | 4.8 | GPL | [`606274c5abd8`](https://github.com/torvalds/linux/commit/606274c5abd8e245add01bc7145a8cbb92b69ba8)
|
||||
`BPF_FUNC_get_current_task_btf()` | 5.11 | GPL | [`3ca1032ab7ab`](https://github.com/torvalds/linux/commit/3ca1032ab7ab010eccb107aa515598788f7d93bb)
|
||||
`BPF_FUNC_get_current_uid_gid()` | 4.2 | | [`ffeedafbf023`](https://github.com/torvalds/linux/commit/ffeedafbf0236f03aeb2e8db273b3e5ae5f5bc89)
|
||||
`BPF_FUNC_get_func_arg()` | 5.17 | | [`f92c1e183604`](https://github.com/torvalds/linux/commit/f92c1e183604c20ce00eb889315fdaa8f2d9e509)
|
||||
`BPF_FUNC_get_func_arg_cnt()` | 5.17 | | [`f92c1e183604`](https://github.com/torvalds/linux/commit/f92c1e183604c20ce00eb889315fdaa8f2d9e509)
|
||||
`BPF_FUNC_get_func_ip()` | 5.15 | | [`5d8b583d04ae`](https://github.com/torvalds/linux/commit/5d8b583d04aedb3bd5f6d227a334c210c7d735f9)
|
||||
`BPF_FUNC_get_func_ret()` | 5.17 | | [`f92c1e183604`](https://github.com/torvalds/linux/commit/f92c1e183604c20ce00eb889315fdaa8f2d9e509)
|
||||
`BPF_FUNC_get_retval()` | 5.18 | | [`b44123b4a3dc`](https://github.com/torvalds/linux/commit/b44123b4a3dcad4664d3a0f72c011ffd4c9c4d93)
|
||||
`BPF_FUNC_get_hash_recalc()` | 4.8 | | [`13c5c240f789`](https://github.com/torvalds/linux/commit/13c5c240f789bbd2bcacb14a23771491485ae61f)
|
||||
`BPF_FUNC_get_listener_sock()` | 5.1 | | [`dbafd7ddd623`](https://github.com/torvalds/linux/commit/dbafd7ddd62369b2f3926ab847cbf8fc40e800b7)
|
||||
`BPF_FUNC_get_local_storage()` | 4.19 | | [`cd3394317653`](https://github.com/torvalds/linux/commit/cd3394317653837e2eb5c5d0904a8996102af9fc)
|
||||
`BPF_FUNC_get_netns_cookie()` | 5.7 | | [`f318903c0bf4`](https://github.com/torvalds/linux/commit/f318903c0bf42448b4c884732df2bbb0ef7a2284)".
|
||||
`BPF_FUNC_get_ns_current_pid_tgid()` | 5.7 | | [`b4490c5c4e02`](https://github.com/torvalds/linux/commit/b4490c5c4e023f09b7d27c9a9d3e7ad7d09ea6bf)
|
||||
`BPF_FUNC_get_numa_node_id()` | 4.10 | | [`2d0e30c30f84`](https://github.com/torvalds/linux/commit/2d0e30c30f84d08dc16f0f2af41f1b8a85f0755e)
|
||||
`BPF_FUNC_get_prandom_u32()` | 4.1 | | [`03e69b508b6f`](https://github.com/torvalds/linux/commit/03e69b508b6f7c51743055c9f61d1dfeadf4b635)
|
||||
`BPF_FUNC_get_route_realm()` | 4.4 | | [`c46646d0484f`](https://github.com/torvalds/linux/commit/c46646d0484f5d08e2bede9b45034ba5b8b489cc)
|
||||
`BPF_FUNC_get_smp_processor_id()` | 4.1 | | [`c04167ce2ca0`](https://github.com/torvalds/linux/commit/c04167ce2ca0ecaeaafef006cb0d65cf01b68e42)
|
||||
`BPF_FUNC_get_socket_cookie()` | 4.12 | | [`91b8270f2a4d`](https://github.com/torvalds/linux/commit/91b8270f2a4d1d9b268de90451cdca63a70052d6)
|
||||
`BPF_FUNC_get_socket_uid()` | 4.12 | | [`6acc5c291068`](https://github.com/torvalds/linux/commit/6acc5c2910689fc6ee181bf63085c5efff6a42bd)
|
||||
`BPF_FUNC_get_stack()` | 4.18 | GPL | [`de2ff05f48af`](https://github.com/torvalds/linux/commit/de2ff05f48afcde816ff4edb217417f62f624ab5)
|
||||
`BPF_FUNC_get_stackid()` | 4.6 | GPL | [`d5a3b1f69186`](https://github.com/torvalds/linux/commit/d5a3b1f691865be576c2bffa708549b8cdccda19)
|
||||
`BPF_FUNC_get_task_stack()` | 5.9 | | [`fa28dcb82a38`](https://github.com/torvalds/linux/commit/fa28dcb82a38f8e3993b0fae9106b1a80b59e4f0)
|
||||
`BPF_FUNC_getsockopt()` | 4.15 | | [`cd86d1fd2102`](https://github.com/torvalds/linux/commit/cd86d1fd21025fdd6daf23d1288da405e7ad0ec6)
|
||||
`BPF_FUNC_ima_file_hash()` | 5.18 | | [`174b16946e39`](https://github.com/torvalds/linux/commit/174b16946e39ebd369097e0f773536c91a8c1a4c)
|
||||
`BPF_FUNC_ima_inode_hash()` | 5.11 | | [`27672f0d280a`](https://github.com/torvalds/linux/commit/27672f0d280a3f286a410a8db2004f46ace72a17)
|
||||
`BPF_FUNC_inode_storage_delete()` | 5.10 | | [`8ea636848aca`](https://github.com/torvalds/linux/commit/8ea636848aca35b9f97c5b5dee30225cf2dd0fe6)``BPF_FUNC_inode_storage_get()` | 5.10 | | [`8ea636848aca`](https://github.com/torvalds/linux/commit/8ea636848aca35b9f97c5b5dee30225cf2dd0fe6)
|
||||
`BPF_FUNC_jiffies64()` | 5.5 | | [`5576b991e9c1`](https://github.com/torvalds/linux/commit/5576b991e9c1a11d2cc21c4b94fc75ec27603896)
|
||||
`BPF_FUNC_kallsyms_lookup_name()` | 5.16 | | [`d6aef08a872b`](https://github.com/torvalds/linux/commit/d6aef08a872b9e23eecc92d0e92393473b13c497)
|
||||
`BPF_FUNC_kptr_xchg()` | 5.19 | | [`c0a5a21c25f3`](https://github.com/torvalds/linux/commit/c0a5a21c25f37c9fd7b36072f9968cdff1e4aa13)
|
||||
`BPF_FUNC_ktime_get_boot_ns()` | 5.8 | | [`71d19214776e`](https://github.com/torvalds/linux/commit/71d19214776e61b33da48f7c1b46e522c7f78221)
|
||||
`BPF_FUNC_ktime_get_coarse_ns()` | 5.11 | | [`d05512618056`](https://github.com/torvalds/linux/commit/d055126180564a57fe533728a4e93d0cb53d49b3)
|
||||
`BPF_FUNC_ktime_get_ns()` | 4.1 | | [`d9847d310ab4`](https://github.com/torvalds/linux/commit/d9847d310ab4003725e6ed1822682e24bd406908)
|
||||
`BPF_FUNC_ktime_get_tai_ns()` | 6.1 | | [`c8996c98f703`](https://github.com/torvalds/linux/commit/c8996c98f703b09afe77a1d247dae691c9849dc1)
|
||||
`BPF_FUNC_l3_csum_replace()` | 4.1 | | [`91bc4822c3d6`](https://github.com/torvalds/linux/commit/91bc4822c3d61b9bb7ef66d3b77948a4f9177954)
|
||||
`BPF_FUNC_l4_csum_replace()` | 4.1 | | [`91bc4822c3d6`](https://github.com/torvalds/linux/commit/91bc4822c3d61b9bb7ef66d3b77948a4f9177954)
|
||||
`BPF_FUNC_load_hdr_opt()` | 5.10 | | [`0813a841566f`](https://github.com/torvalds/linux/commit/0813a841566f0962a5551be7749b43c45f0022a0)
|
||||
`BPF_FUNC_loop()` | 5.17 | | [`e6f2dd0f8067`](https://github.com/torvalds/linux/commit/e6f2dd0f80674e9d5960337b3e9c2a242441b326)
|
||||
`BPF_FUNC_lwt_push_encap()` | 4.18 | | [`fe94cc290f53`](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee79)
|
||||
`BPF_FUNC_lwt_seg6_action()` | 4.18 | | [`fe94cc290f53`](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee79)`BPF_FUNC_lwt_seg6_adjust_srh()` | 4.18 | | [`fe94cc290f53`](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee79)
|
||||
`BPF_FUNC_lwt_seg6_store_bytes()` | 4.18 | | [`fe94cc290f53`](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee79)
|
||||
`BPF_FUNC_map_delete_elem()` | 3.19 | | [`d0003ec01c66`](https://github.com/torvalds/linux/commit/d0003ec01c667b731c139e23de3306a8b328ccf5)
|
||||
`BPF_FUNC_map_lookup_elem()` | 3.19 | | [`d0003ec01c66`](https://github.com/torvalds/linux/commit/d0003ec01c667b731c139e23de3306a8b328ccf5)
|
||||
`BPF_FUNC_map_lookup_percpu_elem()` | 5.19 | | [`07343110b293`](https://github.com/torvalds/linux/commit/07343110b293456d30393e89b86c4dee1ac051c8)
|
||||
`BPF_FUNC_map_peek_elem()` | 4.20 | | [`f1a2e44a3aec`](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92)
|
||||
`BPF_FUNC_map_pop_elem()` | 4.20 | | [`f1a2e44a3aec`](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92)
|
||||
`BPF_FUNC_map_push_elem()` | 4.20 | | [`f1a2e44a3aec`](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92)
|
||||
`BPF_FUNC_map_update_elem()` | 3.19 | | [`d0003ec01c66`](https://github.com/torvalds/linux/commit/d0003ec01c667b731c139e23de3306a8b328ccf5)
|
||||
`BPF_FUNC_msg_apply_bytes()` | 4.17 | | [`2a100317c9eb`](https://github.com/torvalds/linux/commit/2a100317c9ebc204a166f16294884fbf9da074ce)
|
||||
`BPF_FUNC_msg_cork_bytes()` | 4.17 | | [`91843d540a13`](https://github.com/torvalds/linux/commit/91843d540a139eb8070bcff8aa10089164436deb)
|
||||
`BPF_FUNC_msg_pop_data()` | 5.0 | | [`7246d8ed4dcc`](https://github.com/torvalds/linux/commit/7246d8ed4dcce23f7509949a77be15fa9f0e3d28)
|
||||
`BPF_FUNC_msg_pull_data()` | 4.17 | | [`015632bb30da`](https://github.com/torvalds/linux/commit/015632bb30daaaee64e1bcac07570860e0bf3092)
|
||||
`BPF_FUNC_msg_push_data()` | 4.20 | | [`6fff607e2f14`](https://github.com/torvalds/linux/commit/6fff607e2f14bd7c63c06c464a6f93b8efbabe28)".`BPF_FUNC_msg_redirect_hash()` | 4.18 | | [`81110384441a`](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4)
|
||||
`BPF_FUNC_msg_redirect_map()` | 4.17 | | [`4f738adba30a`](https://github.com/torvalds/linux/commit/4f738adba30a7cfc006f605707e7aee847ffefa0)
|
||||
`BPF_FUNC_per_cpu_ptr()` | 5.10 | | [`eaa6bcb71ef6`](https://github.com/torvalds/linux/commit/eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b) |
|
||||
`BPF_FUNC_perf_event_output()` | 4.4 | GPL | [`a43eec304259`](https://github.com/torvalds/linux/commit/a43eec304259a6c637f4014a6d4767159b6a3aa3)
|
||||
`BPF_FUNC_perf_event_read()` | 4.3 | GPL | [`35578d798400`](https://github.com/torvalds/linux/commit/35578d7984003097af2b1e34502bc943d40c1804)
|
||||
`BPF_FUNC_perf_event_read_value()` | 4.15 | GPL | [`908432ca84fc`](https://github.com/torvalds/linux/commit/908432ca84fc229e906ba164219e9ad0fe56f755)
|
||||
`BPF_FUNC_perf_prog_read_value()` | 4.15 | GPL | [`4bebdc7a85aa`](https://github.com/torvalds/linux/commit/4bebdc7a85aa400c0222b5329861e4ad9252f1e5)
|
||||
`BPF_FUNC_probe_read()` | 4.1 | GPL | [`2541517c32be`](https://github.com/torvalds/linux/commit/2541517c32be2531e0da59dfd7efc1ce844644f5)
|
||||
`BPF_FUNC_probe_read_kernel()` | 5.5 | GPL | [`6ae08ae3dea2`](https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47)
|
||||
`BPF_FUNC_probe_read_kernel_str()` | 5.5 | GPL | [`6ae08ae3dea2`](https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47)
|
||||
`BPF_FUNC_probe_read_user()` | 5.5 | GPL | [`6ae08ae3dea2`](https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47)
|
||||
`BPF_FUNC_probe_read_user_str()` | 5.5 | GPL | [`6ae08ae3dea2`](https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47)
|
||||
`BPF_FUNC_probe_read_str()` | 4.11 | GPL | [`a5e8c07059d0`](https://github.com/torvalds/linux/commit/a5e8c07059d0f0b31737408711d44794928ac218)
|
||||
`BPF_FUNC_probe_write_user()` | 4.8 | GPL | [`96ae52279594`](https://github.com/torvalds/linux/commit/96ae52279594470622ff0585621a13e96b700600)| Function | Version | License | Commit Link |
|
||||
| ------------- | ------- | ------- | ------------------------------------------------------------- |
|
||||
| BPF_FUNC_rc_keydown() | 4.18 | GPL | [f4364dcfc86d](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936) |
|
||||
| BPF_FUNC_rc_pointer_rel() | 5.0 | GPL | [01d3240a04f4](https://github.com/torvalds/linux/commit/01d3240a04f4c09392e13c77b54d4423ebce2d72) |
|
||||
| BPF_FUNC_rc_repeat() | 4.18 | GPL | [f4364dcfc86d](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936) |
|
||||
| BPF_FUNC_read_branch_records() | 5.6 | GPL | [fff7b64355ea](https://github.com/torvalds/linux/commit/fff7b64355eac6e29b50229ad1512315bc04b44e) |
|
||||
| BPF_FUNC_redirect() | 4.4 | | [27b29f63058d](https://github.com/torvalds/linux/commit/27b29f63058d26c6c1742f1993338280d5a41dc6) |
|
||||
| BPF_FUNC_redirect_map() | 4.14 | | [97f91a7cf04f](https://github.com/torvalds/linux/commit/97f91a7cf04ff605845c20948b8a80e54cbd3376) |
|
||||
| BPF_FUNC_redirect_neigh() | 5.10 | | [b4ab31414970](https://github.com/torvalds/linux/commit/b4ab31414970a7a03a5d55d75083f2c101a30592) |
|
||||
| BPF_FUNC_redirect_peer() | 5.10 | | [9aa1206e8f48](https://github.com/torvalds/linux/commit/9aa1206e8f48222f35a0c809f33b2f4aaa1e2661) |
|
||||
| BPF_FUNC_reserve_hdr_opt() | 5.10 | | [0813a841566f](https://github.com/torvalds/linux/commit/0813a841566f0962a5551be7749b43c45f0022a0) |
|
||||
| BPF_FUNC_ringbuf_discard() | 5.8 | | [457f44363a88](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab) |
|
||||
| BPF_FUNC_ringbuf_discard_dynptr() | 5.19 | | [bc34dee65a65](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458) |
|
||||
| BPF_FUNC_ringbuf_output() | 5.8 | | [457f44363a88](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab) |
|
||||
| BPF_FUNC_ringbuf_query() | 5.8 | | [457f44363a88](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab) |
|
||||
| BPF_FUNC_ringbuf_reserve() | 5.8 | | [457f44363a88](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab) |"`BPF_FUNC_ringbuf_reserve_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_ringbuf_submit()` | 5.8 | | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab)
|
||||
`BPF_FUNC_ringbuf_submit_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_send_signal()` | 5.3 | | [`8b401f9ed244`](https://github.com/torvalds/linux/commit/8b401f9ed2441ad9e219953927a842d24ed051fc)
|
||||
`BPF_FUNC_send_signal_thread()` | 5.5 | | [`8482941f0906`](https://github.com/torvalds/linux/commit/8482941f09067da42f9c3362e15bfb3f3c19d610)
|
||||
`BPF_FUNC_seq_printf()` | 5.7 | GPL | [`492e639f0c22`](https://github.com/torvalds/linux/commit/492e639f0c222784e2e0f121966375f641c61b15)
|
||||
`BPF_FUNC_seq_printf_btf()` | 5.10 | | [`eb411377aed9`](https://github.com/torvalds/linux/commit/eb411377aed9e27835e77ee0710ee8f4649958f3)
|
||||
`BPF_FUNC_seq_write()` | 5.7 | GPL | [`492e639f0c22`](https://github.com/torvalds/linux/commit/492e639f0c222784e2e0f121966375f641c61b15)
|
||||
`BPF_FUNC_set_hash()` | 4.13 | | [`ded092cd73c2`](https://github.com/torvalds/linux/commit/ded092cd73c2c56a394b936f86897f29b2e131c0)
|
||||
`BPF_FUNC_set_hash_invalid()` | 4.9 | | [`7a4b28c6cc9f`](https://github.com/torvalds/linux/commit/7a4b28c6cc9ffac50f791b99cc7e46106436e5d8)
|
||||
`BPF_FUNC_set_retval()` | 5.18 | | [`b44123b4a3dc`](https://github.com/torvalds/linux/commit/b44123b4a3dcad4664d3a0f72c011ffd4c9c4d93)
|
||||
`BPF_FUNC_setsockopt()` | 4.13 | | [`8c4b4c7e9ff0`](https://github.com/torvalds/linux/commit/8c4b4c7e9ff0447995750d9329949fa082520269)
|
||||
`BPF_FUNC_sk_ancestor_cgroup_id()` | 5.7 | | [`f307fa2cb4c9`](https://github.com/torvalds/linux/commit/f307fa2cb4c935f7f1ff0aeb880c7b44fb9a642b)
|
||||
`BPF_FUNC_sk_assign()` | 5.6 | | [`cf7fbe660f2d`](https://github.com/torvalds/linux/commit/cf7fbe660f2dbd738ab58aea8e9b0ca6ad232449)".
|
||||
`BPF_FUNC_sk_cgroup_id()` | 5.7 | | [`f307fa2cb4c9`](https://github.com/torvalds/linux/commit/f307fa2cb4c935f7f1ff0aeb880c7b44fb9a642b)
|
||||
`BPF_FUNC_sk_fullsock()` | 5.1 | | [`46f8bc92758c`](https://github.com/torvalds/linux/commit/46f8bc92758c6259bcf945e9216098661c1587cd)
|
||||
`BPF_FUNC_sk_lookup_tcp()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_lookup_udp()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_redirect_hash()` | 4.18 | | [`81110384441a`](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4)
|
||||
`BPF_FUNC_sk_redirect_map()` | 4.14 | | [`174a79ff9515`](https://github.com/torvalds/linux/commit/174a79ff9515f400b9a6115643dafd62a635b7e6)
|
||||
`BPF_FUNC_sk_release()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_select_reuseport()` | 4.19 | | [`2dbb9b9e6df6`](https://github.com/torvalds/linux/commit/2dbb9b9e6df67d444fbe425c7f6014858d337adf)
|
||||
`BPF_FUNC_sk_storage_delete()` | 5.2 | | [`6ac99e8f23d4`](https://github.com/torvalds/linux/commit/6ac99e8f23d4b10258406ca0dd7bffca5f31da9d)
|
||||
`BPF_FUNC_sk_storage_get()` | 5.2 | | [`6ac99e8f23d4`](https://github.com/torvalds/linux/commit/6ac99e8f23d4b10258406ca0dd7bffca5f31da9d)
|
||||
`BPF_FUNC_skb_adjust_room()` | 4.13 | | [`2be7e212d541`](https://github.com/torvalds/linux/commit/2be7e212d5419a400d051c84ca9fdd083e5aacac)
|
||||
`BPF_FUNC_skb_ancestor_cgroup_id()` | 4.19 | | [`7723628101aa`](https://github.com/torvalds/linux/commit/7723628101aaeb1d723786747529b4ea65c5b5c5)
|
||||
`BPF_FUNC_skb_change_head()` | 4.10 | | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2)
|
||||
`BPF_FUNC_skb_change_proto()` | 4.8 | | [`6578171a7ff0`](https://github.com/torvalds/linux/commit/6578171a7ff0c31dc73258f93da7407510abf085)
|
||||
`BPF_FUNC_skb_change_tail()` | 4.9 | | [`5293efe62df8`](https://github.com/torvalds/linux/commit/5293efe62df81908f2e90c9820c7edcc8e61f5e9)
|
||||
`BPF_FUNC_skb_change_type()` | 4.8 | | [`d2485c4242a8`](https://github.com/torvalds/linux/commit/d2485c4242a826fdf493fd3a27b8b792965b9b9e)
|
||||
`BPF_FUNC_skb_cgroup_classid()` | 5.10 | | [`b426ce83baa7`](https://github.com/torvalds/linux/commit/b426ce83baa7dff947fb354118d3133f2953aac8)
|
||||
`BPF_FUNC_skb_cgroup_id()` | 4.18 | | [`cb20b08ead40`](https://github.com/torvalds/linux/commit/cb20b08ead401fd17627a36f035c0bf5bfee5567)
|
||||
`BPF_FUNC_skb_ecn_set_ce()` | 5.1 | | [`f7c917ba11a6`](https://github.com/torvalds/linux/commit/f7c917ba11a67632a8452ea99fe132f626a7a2cc)
|
||||
`BPF_FUNC_skb_get_tunnel_key()` | 4.3 | | [`d3aa45ce6b94`](https://github.com/torvalds/linux/commit/d3aa45ce6b94c65b83971257317867db13e5f492)
|
||||
`BPF_FUNC_skb_get_tunnel_opt()` | 4.6 | | [`14ca0751c96f`](https://github.com/torvalds/linux/commit/14ca0751c96f8d3d0f52e8ed3b3236f8b34d3460)
|
||||
`BPF_FUNC_skb_get_xfrm_state()` | 4.18 | | [`12bed760a78d`](https://github.com/torvalds/linux/commit/12bed760a78da6e12ac8252fec64d019a9eac523)
|
||||
`BPF_FUNC_skb_load_bytes()` | 4.5 | | [`05c74e5e53f6`](https://github.com/torvalds/linux/commit/05c74e5e53f6cb07502c3e6a820f33e2777b6605)
|
||||
`BPF_FUNC_skb_load_bytes_relative()` | 4.18 | | [`4e1ec56cdc59`](https://github.com/torvalds/linux/commit/4e1ec56cdc59746943b2acfab3c171b930187bbe)
|
||||
`BPF_FUNC_skb_output()` | 5.5 | | [`a7658e1a4164`](https://github.com/torvalds/linux/commit/a7658e1a4164ce2b9eb4a11aadbba38586e93bd6)
|
||||
`BPF_FUNC_skb_pull_data()` | 4.9 | | [`36bbef52c7eb`](https://github.com/torvalds/linux/commit/36bbef52c7eb646ed6247055a2acd3851e317857)
|
||||
`BPF_FUNC_skb_set_tstamp()` | 5.18 | | [`9bb984f28d5b`](https://github.com/torvalds/linux/commit/9bb984f28d5bcb917d35d930fcfb89f90f9449fd)
|
||||
`BPF_FUNC_skb_set_tunnel_key()` | 4.3 | | [`d3aa45ce6b94`](https://github.com/torvalds/linux/commit/d3aa45ce6b94c65b83971257317867db13e5f492)
|
||||
`BPF_FUNC_skb_set_tunnel_opt()` | 4.6 | | [`14ca0751c96f`](https://github.com/torvalds/linux/commit/14ca0751c96f8d3d0f52e8ed3b3236f8b34d3460)
|
||||
`BPF_FUNC_skb_store_bytes()` | 4.1 | | [`91bc4822c3d6`](https://github.com/torvalds/linux/commit/91bc4822c3d61b9bb7ef66d3b77948a4f9177954)
|
||||
`BPF_FUNC_skb_under_cgroup()` | 4.8 | | [`4a482f34afcc`](https://github.com/torvalds/linux/commit/4a482f34afcc162d8456f449b137ec2a95be60d8)
|
||||
`BPF_FUNC_skb_vlan_pop()` | 4.3 | | [`4e10df9a60d9`](https://github.com/torvalds/linux/commit/4e10df9a60d96ced321dd2af71da558c6b750078)
|
||||
`BPF_FUNC_skb_vlan_push()` | 4.3 | | [`4e10df9a60d9`](https://github.com/torvalds/linux/commit/4e10df9a60d96ced321dd2af71da558c6b750078)
|
||||
`BPF_FUNC_skc_lookup_tcp()` | 5.2 | | [`edbf8c01de5a`](https://github.com/torvalds/linux/commit/edbf8c01de5a104a71ed6df2bf6421ceb2836a8e)
|
||||
`BPF_FUNC_skc_to_mctcp_sock()` | 5.19 | | [`3bc253c2e652`](https://github.com/torvalds/linux/commit/3bc253c2e652cf5f12cd8c00d80d8ec55d67d1a7)
|
||||
`BPF_FUNC_skc_to_tcp_sock()` | 5.9 | | [`478cfbdf5f13`](https://github.com/torvalds/linux/commit/478cfbdf5f13dfe09cfd0b1cbac821f5e27f6108)
|
||||
`BPF_FUNC_skc_to_tcp_request_sock()` | 5.9 | | [`478cfbdf5f13`](https://github.com/torvalds/linux/commit/478cfbdf5f13dfe09cfd0b1cbac821f5e27f6108)
|
||||
`BPF_FUNC_skc_to_tcp_timewait_sock()` | 5.9 | | [`478cfbdf5f13`](https://github.com/torvalds/linux/commit/478cfbdf5f13dfe09cfd0b1cbac821f5e27f6108)
|
||||
`BPF_FUNC_skc_to_tcp6_sock()` | 5.9 | | [`af7ec1383361`](https://github.com/torvalds/linux/commit/af7ec13833619e17f03aa73a785a2f871da6d66b)
|
||||
`BPF_FUNC_skc_to_udp6_sock()` | 5.9 | | [`0d4fad3e57df`](https://github.com/torvalds/linux/commit/0d4fad3e57df2bf61e8ffc8d12a34b1caf9b8835)
|
||||
`BPF_FUNC_skc_to_unix_sock()` | 5.16 | | [`9eeb3aa33ae0`](https://github.com/torvalds/linux/commit/9eeb3aa33ae005526f672b394c1791578463513f)
|
||||
`BPF_FUNC_snprintf()` | 5.13 | | [`7b15523a989b`](https://github.com/torvalds/linux/commit/7b15523a989b63927c2bb08e9b5b0bbc10b58bef)
|
||||
`BPF_FUNC_snprintf_btf()` | 5.10 | | [`c4d0bfb45068`](https://github.com/torvalds/linux/commit/c4d0bfb45068d853a478b9067a95969b1886a30f)
|
||||
`BPF_FUNC_sock_from_file()` | 5.11 | | [`4f19cab76136`](https://github.com/torvalds/linux/commit/4f19cab76136e800a3f04d8c9aa4d8e770e3d3d8)
|
||||
`BPF_FUNC_sock_hash_update()` | 4.18 | | [`81110384441a`](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4)
|
||||
`BPF_FUNC_sock_map_update()` | 4.14 | | [`174a79ff9515`](https://github.com/torvalds/linux/commit/174a79ff9515f400b9a6115643dafd62a635b7e6)
|
||||
`BPF_FUNC_spin_lock()` | 5.1 | | [`d83525ca62cf`](https://github.com/torvalds/linux/commit/d83525ca62cf8ebe3271d14c36fb900c294274a2)
|
||||
`BPF_FUNC_spin_unlock()` | 5.1 | | [`d83525ca62cf`](https://github.com/torvalds/linux/commit/d83525ca62cf8ebe3271d14c36fb900c294274a2)
|
||||
`BPF_FUNC_store_hdr_opt()` | 5.10 | | [`0813a841566f`](https://github.com/torvalds/linux/commit/0813a841566f0962a5551be7749b43c45f0022a0)
|
||||
`BPF_FUNC_strncmp()` | 5.17 | | [`c5fb19937455`](https://github.com/torvalds/linux/commit/c5fb19937455095573a19ddcbff32e993ed10e35)
|
||||
`BPF_FUNC_strtol()` | 5.2 | | [`d7a4cb9b6705`](https://github.com/torvalds/linux/commit/d7a4cb9b6705a89937d12c8158a35a3145dc967a)
|
||||
`BPF_FUNC_strtoul()` | 5.2 | | [`d7a4cb9b6705`](https://github.com/torvalds/linux/commit/d7a4cb9b6705a89937d12c8158a35a3145dc967a)
|
||||
`BPF_FUNC_sys_bpf()` | 5.14 | | [`79a7f8bdb159`](https://github.com/torvalds/linux/commit/79a7f8bdb159d9914b58740f3d31d602a6e4aca8)
|
||||
`BPF_FUNC_sys_close()` | 5.14 | | [`3abea089246f`](https://github.com/torvalds/linux/commit/3abea089246f76c1517b054ddb5946f3f1dbd2c0)
|
||||
`BPF_FUNC_sysctl_get_current_value()` | 5.2 | | [`1d11b3016cec`](https://github.com/torvalds/linux/commit/1d11b3016cec4ed9770b98e82a61708c8f4926e7)
|
||||
`BPF_FUNC_sysctl_get_name()` | 5.2 | | [`808649fb787d`](https://github.com/torvalds/linux/commit/808649fb787d918a48a360a668ee4ee9023f0c11)
|
||||
`BPF_FUNC_sysctl_get_new_value()` | 5.2 | | [`4e63acdff864`](https://github.com/torvalds/linux/commit/4e63acdff864654cee0ac5aaeda3913798ee78f6)
|
||||
`BPF_FUNC_sysctl_set_new_value()` | 5.2 | | [`4e63acdff864`](https://github.com/torvalds/linux/commit/4e63acdff864654cee0ac5aaeda3913798ee78f6)
|
||||
`BPF_FUNC_tail_call()` | 4.2 | | [`04fd61ab36ec`](https://github.com/torvalds/linux/commit/04fd61ab36ec065e194ab5e74ae34a5240d992bb)
|
||||
`BPF_FUNC_task_pt_regs()` | 5.15 | GPL | [`dd6e10fbd9f`](https://github.com/torvalds/linux/commit/dd6e10fbd9fb86a571d925602c8a24bb4d09a2a7)
|
||||
`BPF_FUNC_task_storage_delete()` | 5.11 | | [`4cf1bc1f1045`](https://github.com/torvalds/linux/commit/4cf1bc1f10452065a29d576fc5693fc4fab5b919)
|
||||
`BPF_FUNC_task_storage_get()` | 5.11 | | [`4cf1bc1f1045`](https://github.com/torvalds/linux/commit/4cf1bc1f10452065a29d576fc5693fc4fab5b919)
|
||||
`BPF_FUNC_tcp_check_syncookie()` | 5.2 | | [`399040847084`](https://github.com/torvalds/linux/commit/399040847084a69f345e0a52fd62f04654e0fce3)
|
||||
`BPF_FUNC_tcp_gen_syncookie()` | 5.3 | | [`70d66244317e`](https://github.com/torvalds/linux/commit/70d66244317e958092e9c971b08dd5b7fd29d9cb#diff-05da4bf36c7fbcd176254e1615d98b28)
|
||||
`BPF_FUNC_tcp_raw_check_syncookie_ipv4()` | 6.0 | | [`33bf9885040c`](https://github.com/torvalds/linux/commit/33bf9885040c399cf6a95bd33216644126728e14)
|
||||
`BPF_FUNC_tcp_raw_check_syncookie_ipv6()` | 6.0 | | [`33bf9885040c`](https://github.com/torvalds/linux/commit/33bf9885040c399cf6a95bd33216644126728e14)
|
||||
`BPF_FUNC_tcp_raw_gen_syncookie_ipv4()` | 6.0 | | [`33bf9885040c`](https://github.com/torvalds/linux/commit/33bf9885040c399cf6a95bd33216644126728e14)
|
||||
`BPF_FUNC_tcp_raw_gen_syncookie_ipv6()` | 6.0 | | [`33bf9885040c`](https://github.com/torvalds/linux/commit/33bf9885040c399cf6a95bd33216644126728e14)
|
||||
`BPF_FUNC_tcp_send_ack()` | 5.5 | | [`206057fe020a`](https://github.com/torvalds/linux/commit/206057fe020ac5c037d5e2dd6562a9bd216ec765)".
|
||||
`BPF_FUNC_tcp_sock()` | 5.1 | | [`655a51e536c0`](https://github.com/torvalds/linux/commit/655a51e536c09d15ffa3603b1b6fce2b45b85a1f)
|
||||
`BPF_FUNC_this_cpu_ptr()` | 5.10 | | [`63d9b80dcf2c`](https://github.com/torvalds/linux/commit/63d9b80dcf2c67bc5ade61cbbaa09d7af21f43f1) |
|
||||
`BPF_FUNC_timer_init()` | 5.15 | | [`b00628b1c7d5`](https://github.com/torvalds/linux/commit/b00628b1c7d595ae5b544e059c27b1f5828314b4)
|
||||
`BPF_FUNC_timer_set_callback()` | 5.15 | | [`b00628b1c7d5`](https://github.com/torvalds/linux/commit/b00628b1c7d595ae5b544e059c27b1f5828314b4)
|
||||
`BPF_FUNC_timer_start()` | 5.15 | | [`b00628b1c7d5`](https://github.com/torvalds/linux/commit/b00628b1c7d595ae5b544e059c27b1f5828314b4)
|
||||
`BPF_FUNC_timer_cancel()` | 5.15 | | [`b00628b1c7d5`](https://github.com/torvalds/linux/commit/b00628b1c7d595ae5b544e059c27b1f5828314b4)
|
||||
`BPF_FUNC_trace_printk()` | 4.1 | GPL | [`9c959c863f82`](https://github.com/torvalds/linux/commit/9c959c863f8217a2ff3d7c296e8223654d240569)
|
||||
`BPF_FUNC_trace_vprintk()` | 5.16 | GPL | [`10aceb629e19`](https://github.com/torvalds/linux/commit/10aceb629e198429c849d5e995c3bb1ba7a9aaa3)
|
||||
`BPF_FUNC_user_ringbuf_drain()` | 6.1 | | [`205715673844`](https://github.com/torvalds/linux/commit/20571567384428dfc9fe5cf9f2e942e1df13c2dd)
|
||||
`BPF_FUNC_xdp_adjust_head()` | 4.10 | | [`17bedab27231`](https://github.com/torvalds/linux/commit/17bedab2723145d17b14084430743549e6943d03)
|
||||
`BPF_FUNC_xdp_adjust_meta()` | 4.15 | | [`de8f3a83b0a0`](https://github.com/torvalds/linux/commit/de8f3a83b0a0fddb2cf56e7a718127e9619ea3da)
|
||||
`BPF_FUNC_xdp_adjust_tail()` | 4.18 | | [`b32cc5b9a346`](https://github.com/torvalds/linux/commit/b32cc5b9a346319c171e3ad905e0cddda032b5eb)
|
||||
`BPF_FUNC_xdp_get_buff_len()` | 5.18 | | [`0165cc817075`](https://github.com/torvalds/linux/commit/0165cc817075cf701e4289838f1d925ff1911b3e)
|
||||
`BPF_FUNC_xdp_load_bytes()` | 5.18 | | [`3f364222d032`](https://github.com/torvalds/linux/commit/3f364222d032eea6b245780e845ad213dab28cdd)
|
||||
`BPF_FUNC_xdp_store_bytes()` | 5.18 | | [`3f364222d032`](https://github.com/torvalds/linux/commit/3f364222d032eea6b245780e845ad213dab28cdd)
|
||||
`BPF_FUNC_xdp_output()` | 5.6 | GPL | [`d831ee84bfc9`](https://github.com/torvalds/linux/commit/d831ee84bfc9173eecf30dbbc2553ae81b996c60)
|
||||
`BPF_FUNC_override_return()` | 4.16 | GPL | [`9802d86585db`](https://github.com/torvalds/linux/commit/9802d86585db91655c7d1929a4f6bbe0952ea88e)
|
||||
`BPF_FUNC_sock_ops_cb_flags_set()` | 4.16 | | [`b13d88072172`](https://github.com/torvalds/linux/commit/b13d880721729384757f235166068c315326f4a1)
|
||||
|
||||
Note: GPL-only BPF helpers require a GPL-compatible license. The current licenses considered GPL-compatible by the kernel are:
|
||||
|
||||
* GPL
|
||||
* GPL v2
|
||||
* GPL and additional rights
|
||||
* Dual BSD/GPL
|
||||
* Dual MIT/GPL
|
||||
* Dual MPL/GPL
|
||||
|
||||
Check the list of GPL-compatible licenses in your [kernel source code](https://github.com/torvalds/linux/blob/master/include/linux/license.h).
|
||||
|
||||
## Program Types
|
||||
|
||||
The list of program types and supported helper functions can be retrieved with:
|
||||
|
||||
```sh
|
||||
git grep -W 'func_proto(enum bpf_func_id func_id' kernel/ net/ drivers/
|
||||
```
|
||||
|
||||
|Program Type| Helper Functions|
|
||||
|------------|-----------------|
|
||||
|`BPF_PROG_TYPE_SOCKET_FILTER`|`BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_skb_load_bytes_relative()` <br> `BPF_FUNC_get_socket_cookie()` <br> `BPF_FUNC_get_socket_uid()` <br> `BPF_FUNC_perf_event_output()` <br> `Base functions`|
|
||||
|`BPF_PROG_TYPE_KPROBE`|`BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_stackid()` <br> `BPF_FUNC_get_stack()` <br> `BPF_FUNC_perf_event_read_value()` <br> `BPF_FUNC_override_return()` <br> `Tracing functions`|".|`BPF_PROG_TYPE_SCHED_CLS` <br> `BPF_PROG_TYPE_SCHED_ACT`|`BPF_FUNC_skb_store_bytes()` <br> `BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_skb_load_bytes_relative()` <br> `BPF_FUNC_skb_pull_data()` <br> `BPF_FUNC_csum_diff()` <br> `BPF_FUNC_csum_update()` <br> `BPF_FUNC_l3_csum_replace()` <br> `BPF_FUNC_l4_csum_replace()` <br> `BPF_FUNC_clone_redirect()` <br> `BPF_FUNC_get_cgroup_classid()` <br> `BPF_FUNC_skb_vlan_push()` <br> `BPF_FUNC_skb_vlan_pop()` <br> `BPF_FUNC_skb_change_proto()` <br> `BPF_FUNC_skb_change_type()` <br> `BPF_FUNC_skb_adjust_room()` <br> `BPF_FUNC_skb_change_tail()` <br> `BPF_FUNC_skb_get_tunnel_key()` <br> `BPF_FUNC_skb_set_tunnel_key()` <br> `BPF_FUNC_skb_get_tunnel_opt()` <br> `BPF_FUNC_skb_set_tunnel_opt()` <br> `BPF_FUNC_redirect()` <br> `BPF_FUNC_get_route_realm()` <br> `BPF_FUNC_get_hash_recalc()` <br> `BPF_FUNC_set_hash_invalid()` <br> `BPF_FUNC_set_hash()` <br> `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_skb_under_cgroup()` <br> `BPF_FUNC_get_socket_cookie()` <br> `BPF_FUNC_get_socket_uid()` <br> `BPF_FUNC_fib_lookup()` <br> `BPF_FUNC_skb_get_xfrm_state()` <br> `BPF_FUNC_skb_cgroup_id()` <br> `Base functions`|
|
||||
|`BPF_PROG_TYPE_TRACEPOINT`|`BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_stackid()` <br> `BPF_FUNC_get_stack()` <br> `BPF_FUNC_d_path()` <br> `Tracing functions`|
|
||||
|`BPF_PROG_TYPE_XDP`| `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_csum_diff()` <br> `BPF_FUNC_xdp_adjust_head()` <br> `BPF_FUNC_xdp_adjust_meta()` <br> `BPF_FUNC_redirect()` <br> `BPF_FUNC_redirect_map()` <br> `BPF_FUNC_xdp_adjust_tail()` <br> `BPF_FUNC_fib_lookup()` <br> `Base functions`|
|
||||
|`BPF_PROG_TYPE_PERF_EVENT`| `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_stackid()` <br> `BPF_FUNC_get_stack()` <br> `BPF_FUNC_perf_prog_read_value()` <br> `Tracing functions`|| `BPF_PROG_TYPE_CGROUP_SKB` | `BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_skb_load_bytes_relative()` <br> `BPF_FUNC_get_socket_cookie()` <br> `BPF_FUNC_get_socket_uid()` <br> `Base functions` |
|
||||
| `BPF_PROG_TYPE_CGROUP_SOCK` | `BPF_FUNC_get_current_uid_gid()` <br> `Base functions` |
|
||||
| `BPF_PROG_TYPE_LWT_IN` | `BPF_FUNC_lwt_push_encap()` <br> `LWT functions` <br> `Base functions` |
|
||||
| `BPF_PROG_TYPE_LWT_OUT` | `LWT functions` <br> `Base functions` |
|
||||
| `BPF_PROG_TYPE_LWT_XMIT` | `BPF_FUNC_skb_get_tunnel_key()` <br> `BPF_FUNC_skb_set_tunnel_key()` <br> `BPF_FUNC_skb_get_tunnel_opt()` <br> `BPF_FUNC_skb_set_tunnel_opt()` <br> `BPF_FUNC_redirect()` <br> `BPF_FUNC_clone_redirect()` <br> `BPF_FUNC_skb_change_tail()` <br> `BPF_FUNC_skb_change_head()` <br> `BPF_FUNC_skb_store_bytes()` <br> `BPF_FUNC_csum_update()` <br> `BPF_FUNC_l3_csum_replace()` <br> `BPF_FUNC_l4_csum_replace()` <br> `BPF_FUNC_set_hash_invalid()` <br> `LWT functions` |
|
||||
| `BPF_PROG_TYPE_SOCK_OPS` | `BPF_FUNC_setsockopt()` <br> `BPF_FUNC_getsockopt()` <br> `BPF_FUNC_sock_ops_cb_flags_set()` <br> `BPF_FUNC_sock_map_update()` <br> `BPF_FUNC_sock_hash_update()` <br> `BPF_FUNC_get_socket_cookie()` <br> `Base functions` |
|
||||
| `BPF_PROG_TYPE_SK_SKB` | `BPF_FUNC_skb_store_bytes()` <br> `BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_skb_pull_data()` <br> `BPF_FUNC_skb_change_tail()` <br> `BPF_FUNC_skb_change_head()` <br> `BPF_FUNC_get_socket_cookie()` <br> `BPF_FUNC_get_socket_uid()` <br> `BPF_FUNC_sk_redirect_map()` <br> `BPF_FUNC_sk_redirect_hash()` <br> `BPF_FUNC_sk_lookup_tcp()` <br> `BPF_FUNC_sk_lookup_udp()` <br> `BPF_FUNC_sk_release()` <br> `Base functions` |
|
||||
| `BPF_PROG_TYPE_CGROUP_DEVICE` | `BPF_FUNC_map_lookup_elem()` <br> `BPF_FUNC_map_update_elem()` <br> `BPF_FUNC_map_delete_elem()` <br> `BPF_FUNC_get_current_uid_gid()` <br> `BPF_FUNC_trace_printk()` ||`BPF_PROG_TYPE_SK_MSG`|`BPF_FUNC_msg_redirect_map()` <br> `BPF_FUNC_msg_redirect_hash()` <br> `BPF_FUNC_msg_apply_bytes()` <br> `BPF_FUNC_msg_cork_bytes()` <br> `BPF_FUNC_msg_pull_data()` <br> `BPF_FUNC_msg_push_data()` <br> `BPF_FUNC_msg_pop_data()` <br> `Base functions`|
|
||||
|`BPF_PROG_TYPE_RAW_TRACEPOINT`|`BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_stackid()` <br> `BPF_FUNC_get_stack()` <br> `BPF_FUNC_skb_output()` <br> `Tracing functions`|
|
||||
|`BPF_PROG_TYPE_CGROUP_SOCK_ADDR`|`BPF_FUNC_get_current_uid_gid()` <br> `BPF_FUNC_bind()` <br> `BPF_FUNC_get_socket_cookie()` <br> `Base functions`|
|
||||
|`BPF_PROG_TYPE_LWT_SEG6LOCAL`|`BPF_FUNC_lwt_seg6_store_bytes()` <br> `BPF_FUNC_lwt_seg6_action()` <br> `BPF_FUNC_lwt_seg6_adjust_srh()` <br> `LWT functions`|
|
||||
|`BPF_PROG_TYPE_LIRC_MODE2`|`BPF_FUNC_rc_repeat()` <br> `BPF_FUNC_rc_keydown()` <br> `BPF_FUNC_rc_pointer_rel()` <br> `BPF_FUNC_map_lookup_elem()` <br> `BPF_FUNC_map_update_elem()` <br> `BPF_FUNC_map_delete_elem()` <br> `BPF_FUNC_ktime_get_ns()` <br> `BPF_FUNC_tail_call()` <br> `BPF_FUNC_get_prandom_u32()` <br> `BPF_FUNC_trace_printk()`|
|
||||
|`BPF_PROG_TYPE_SK_REUSEPORT`|`BPF_FUNC_sk_select_reuseport()` <br> `BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_load_bytes_relative()` <br> `Base functions`|
|
||||
|`BPF_PROG_TYPE_FLOW_DISSECTOR`|`BPF_FUNC_skb_load_bytes()` <br> `Base functions`|
|
||||
|
||||
|Function Group| Functions|
|
||||
|------------------|-------|
|
||||
|Base functions| `BPF_FUNC_map_lookup_elem()` <br> `BPF_FUNC_map_update_elem()` <br> `BPF_FUNC_map_delete_elem()` <br> `BPF_FUNC_map_peek_elem()` <br> `BPF_FUNC_map_pop_elem()` <br> `BPF_FUNC_map_push_elem()` <br> `BPF_FUNC_get_prandom_u32()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_get_numa_node_id()` <br> `BPF_FUNC_tail_call()` <br> `BPF_FUNC_ktime_get_boot_ns()` <br> `BPF_FUNC_ktime_get_ns()` <br> `BPF_FUNC_trace_printk()` <br> `BPF_FUNC_spin_lock()` <br> `BPF_FUNC_spin_unlock()` ||`Tracing functions`|`BPF_FUNC_map_lookup_elem()` <br> `BPF_FUNC_map_update_elem()` <br> `BPF_FUNC_map_delete_elem()` <br> `BPF_FUNC_probe_read()` <br> `BPF_FUNC_ktime_get_boot_ns()` <br> `BPF_FUNC_ktime_get_ns()` <br> `BPF_FUNC_tail_call()` <br> `BPF_FUNC_get_current_pid_tgid()` <br> `BPF_FUNC_get_current_task()` <br> `BPF_FUNC_get_current_uid_gid()` <br> `BPF_FUNC_get_current_comm()` <br> `BPF_FUNC_trace_printk()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_get_numa_node_id()` <br> `BPF_FUNC_perf_event_read()` <br> `BPF_FUNC_probe_write_user()` <br> `BPF_FUNC_current_task_under_cgroup()` <br> `BPF_FUNC_get_prandom_u32()` <br> `BPF_FUNC_probe_read_str()` <br> `BPF_FUNC_get_current_cgroup_id()` <br> `BPF_FUNC_send_signal()` <br> `BPF_FUNC_probe_read_kernel()` <br> `BPF_FUNC_probe_read_kernel_str()` <br> `BPF_FUNC_probe_read_user()` <br> `BPF_FUNC_probe_read_user_str()` <br> `BPF_FUNC_send_signal_thread()` <br> `BPF_FUNC_get_ns_current_pid_tgid()` <br> `BPF_FUNC_xdp_output()` <br> `BPF_FUNC_get_task_stack()`|
|
||||
|`LWT functions`| `BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_skb_pull_data()` <br> `BPF_FUNC_csum_diff()` <br> `BPF_FUNC_get_cgroup_classid()` <br> `BPF_FUNC_get_route_realm()` <br> `BPF_FUNC_get_hash_recalc()` <br> `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_skb_under_cgroup()`|
|
||||
@@ -1,614 +0,0 @@
|
||||
# Linux 内核版本的 BPF 功能
|
||||
|
||||
## eBPF支持
|
||||
|
||||
内核版本 | 提交
|
||||
--------|------
|
||||
3.15 | [`bd4cf0ed331a`](https://github.com/torvalds/linux/commit/bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8)
|
||||
|
||||
## JIT编译
|
||||
|
||||
可以使用以下命令获取内核支持的体系结构列表:
|
||||
|
||||
```sh
|
||||
git grep HAVE_EBPF_JIT arch/
|
||||
```
|
||||
|
||||
功能 / 体系结构 | 内核版本 | 提交
|
||||
-----------------|----------|------
|
||||
x86\_64 | 3.16 | [`622582786c9e`](https://github.com/torvalds/linux/commit/622582786c9e041d0bd52bde201787adeab249f8)
|
||||
ARM64 | 3.18 | [`e54bcde3d69d`](https://github.com/torvalds/linux/commit/e54bcde3d69d40023ae77727213d14f920eb264a)
|
||||
s390 | 4.1 | [`054623105728`](https://github.com/torvalds/linux/commit/054623105728b06852f077299e2bf1bf3d5f2b0b)
|
||||
JIT机器的常量混淆 | 4.7 | [`4f3446bb809f`](https://github.com/torvalds/linux/commit/4f3446bb809f20ad56cadf712e6006815ae7a8f9)
|
||||
PowerPC64 | 4.8 | [`156d0e290e96`](https://github.com/torvalds/linux/commit/156d0e290e969caba25f1851c52417c14d141b24)
|
||||
常量混淆 - PowerPC64 | 4.9 | [`b7b7013cac55`](https://github.com/torvalds/linux/commit/b7b7013cac55d794940bd9cb7b7c55c9dececac4)
|
||||
Sparc64 | 4.12 | [`7a12b5031c6b`](https://github.com/torvalds/linux/commit/7a12b5031c6b947cc13918237ae652b536243b76)
|
||||
MIPS | 4.13 | [`f381bf6d82f0`](https://github.com/torvalds/linux/commit/f381bf6d82f032b7410185b35d000ea370ac706b)
|
||||
ARM32 | 4.14 | [`39c13c204bb1`](https://github.com/torvalds/linux/commit/39c13c204bb1150d401e27d41a9d8b332be47c49)
|
||||
x86\_32 | 4.18 | [`03f5781be2c7`](https://github.com/torvalds/linux/commit/03f5781be2c7b7e728d724ac70ba10799cc710d7)
|
||||
RISC-V RV64G | 5.1 | [`2353ecc6f91f`](https://github.com/torvalds/linux/commit/2353ecc6f91fd15b893fa01bf85a1c7a823ee4f2)RISC-V RV32G | 5.7 | [`5f316b65e99f`](https://github.com/torvalds/linux/commit/5f316b65e99f109942c556dc8790abd4c75bcb34)
|
||||
PowerPC32 | 5.13 | [`51c66ad849a7`](https://github.com/torvalds/linux/commit/51c66ad849a703d9bbfd7704c941827aed0fd9fd)
|
||||
LoongArch | 6.1 | [`5dc615520c4d`](https://github.com/torvalds/linux/commit/5dc615520c4dfb358245680f1904bad61116648e)
|
||||
|
||||
## 主要特性
|
||||
|
||||
其中几个(但不是全部)_主要特性_ 可以转换为 eBPF 程序类型。
|
||||
您的内核支持的此类程序类型的列表可以在文件 [`include/uapi/linux/bpf.h`](https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h) 中找到:
|
||||
|
||||
```sh
|
||||
git grep -W 'bpf_prog_type {' include/uapi/linux/bpf.h
|
||||
```
|
||||
|
||||
特性 | 内核版本 | 提交
|
||||
----|---------|-----
|
||||
`AF_PACKET` (libpcap/tcpdump, `cls_bpf` 分类器, netfilter 的 `xt_bpf`, team 驱动程序的负载均衡模式…) | 3.15 | [`bd4cf0ed331a`](https://github.com/torvalds/linux/commit/bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8)
|
||||
内核助手 | 3.15 | [`bd4cf0ed331a`](https://github.com/torvalds/linux/commit/bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8)
|
||||
`bpf()` 系统调用 | 3.18 | [`99c55f7d47c0`](https://github.com/torvalds/linux/commit/99c55f7d47c0dc6fc64729f37bf435abf43f4c60)
|
||||
Maps (_又名_ 表; 详见下文) | 3.18 | [`99c55f7d47c0`](https://github.com/torvalds/linux/commit/99c55f7d47c0dc6fc64729f37bf435abf43f4c60)
|
||||
BPF 附加到套接字 | 3.19 | [`89aa075832b0`](https://github.com/torvalds/linux/commit/89aa075832b0da4402acebd698d0411dcc82d03e)
|
||||
BPF 附加到 `kprobes` | 4.1 | [`2541517c32be`](https://github.com/torvalds/linux/commit/2541517c32be2531e0da59dfd7efc1ce844644f5)
|
||||
`cls_bpf` / `act_bpf` 用于 `tc` | 4.1 | [`e2e9b6541dd4`](https://github.com/torvalds/linux/commit/e2e9b6541dd4b31848079da80fe2253daaafb549)
|
||||
尾调用 | 4.2 | [`04fd61ab36ec`](https://github.com/torvalds/linux/commit/04fd61ab36ec065e194ab5e74ae34a5240d992bb)非根程序上的套接字 | 4.4 | [`1be7f75d1668`](https://github.com/torvalds/linux/commit/1be7f75d1668d6296b80bf35dcf6762393530afc)
|
||||
持久映射和程序(虚拟文件系统) | 4.4 | [`b2197755b263`](https://github.com/torvalds/linux/commit/b2197755b2633e164a439682fb05a9b5ea48f706)
|
||||
`tc`的`direct-action`(`da`)模式 | 4.4 | [`045efa82ff56`](https://github.com/torvalds/linux/commit/045efa82ff563cd4e656ca1c2e354fa5bf6bbda4)
|
||||
`tc`的`clsact`qdisc | 4.5 | [`1f211a1b929c`](https://github.com/torvalds/linux/commit/1f211a1b929c804100e138c5d3d656992cfd5622)
|
||||
BPF连接到跟踪点 | 4.7 | [`98b5c2c65c29`](https://github.com/torvalds/linux/commit/98b5c2c65c2951772a8fc661f50d675e450e8bce)
|
||||
直接数据包访问 | 4.7 | [`969bf05eb3ce`](https://github.com/torvalds/linux/commit/969bf05eb3cedd5a8d4b7c346a85c2ede87a6d6d)
|
||||
XDP(参见下文)| 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95)
|
||||
BPF连接到性能事件 | 4.9 | [`0515e5999a46`](https://github.com/torvalds/linux/commit/0515e5999a466dfe6e1924f460da599bb6821487)
|
||||
`tc`的`cls_bpf`的硬件卸载 | 4.9 | [`332ae8e2f6ec`](https://github.com/torvalds/linux/commit/332ae8e2f6ecda5e50c5c62ed62894963e3a83f5)
|
||||
验证器暴露和内部钩子 | 4.9 | [`13a27dfc6697`](https://github.com/torvalds/linux/commit/13a27dfc669724564aafa2699976ee756029fed2)
|
||||
BPF连接到 cgroups 用于套接字过滤 | 4.10 | [`0e33661de493`](https://github.com/torvalds/linux/commit/0e33661de493db325435d565a4a722120ae4cbf3)
|
||||
轻量级隧道封装 | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2)
|
||||
**e**BPF对`xt_bpf`模块(iptables)的支持 | 4.10 | [`2c16d6033264`](https://github.com/torvalds/linux/commit/2c16d60332643e90d4fa244f4a706c454b8c7569)
|
||||
BPF程序标签 | 4.10 | [`7bd509e311f4`](https://github.com/torvalds/linux/commit/7bd509e311f408f7a5132fcdde2069af65fa05ae)跟踪点以调试BPF | 4.11(在4.18中移除) | [`a67edbf4fb6d`](https://github.com/torvalds/linux/commit/a67edbf4fb6deadcfe57a04a134abed4a5ba3bb5) [`4d220ed0f814`](https://github.com/torvalds/linux/commit/4d220ed0f8140c478ab7b0a14d96821da639b646)
|
||||
测试/基准测试BPF程序 | 4.12 | [`1cf1cae963c2`](https://github.com/torvalds/linux/commit/1cf1cae963c2e6032aebe1637e995bc2f5d330f4)
|
||||
BPF程序和映射ID | 4.13 | [`dc4bb0e23561`](https://github.com/torvalds/linux/commit/dc4bb0e2356149aee4cdae061936f3bbdd45595c)
|
||||
BPF对`sock_ops`的支持 | 4.13 | [`40304b2a1567`](https://github.com/torvalds/linux/commit/40304b2a1567fecc321f640ee4239556dd0f3ee0)
|
||||
BPF对套接字上的skb的支持 | 4.14 | [`b005fd189cec`](https://github.com/torvalds/linux/commit/b005fd189cec9407b700599e1e80e0552446ee79)
|
||||
内核源码中的bpftool实用程序 | 4.15 | [`71bb428fe2c1`](https://github.com/torvalds/linux/commit/71bb428fe2c19512ac671d5ee16ef3e73e1b49a8)
|
||||
BPF附加到cgroups作为设备控制器 | 4.15 | [`ebc614f68736`](https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92)
|
||||
bpf2bpf函数调用 | 4.16 | [`cc8b0b92a169`](https://github.com/torvalds/linux/commit/cc8b0b92a1699bc32f7fec71daa2bfc90de43a4d)
|
||||
BPF用于监视套接字RX/TX数据 | 4.17 | [`4f738adba30a`](https://github.com/torvalds/linux/commit/4f738adba30a7cfc006f605707e7aee847ffefa0)
|
||||
BPF附加到原始跟踪点 | 4.17 | [`c4f6699dfcb8`](https://github.com/torvalds/linux/commit/c4f6699dfcb8558d138fe838f741b2c10f416cf9)
|
||||
BPF附加到`bind()`系统调用 | 4.17 | [`4fbac77d2d09`](https://github.com/torvalds/linux/commit/4fbac77d2d092b475dda9eea66da674369665427) [`aac3fc320d94`](https://github.com/torvalds/linux/commit/aac3fc320d9404f2665a8b1249dc3170d5fa3caf)
|
||||
BPF附加到`connect()`系统调用 | 4.17 | [`d74bad4e74ee`](https://github.com/torvalds/linux/commit/d74bad4e74ee373787a9ae24197c17b7cdc428d5)BPF 类型格式(BTF)| 4.18 | [`69b693f0aefa`](https://github.com/torvalds/linux/commit/69b693f0aefa0ed521e8bd02260523b5ae446ad7)
|
||||
AF_XDP | 4.18 | [`fbfc504a24f5`](https://github.com/torvalds/linux/commit/fbfc504a24f53f7ebe128ab55cb5dba634f4ece8)
|
||||
bpfilter | 4.18 | [`d2ba09c17a06`](https://github.com/torvalds/linux/commit/d2ba09c17a0647f899d6c20a11bab9e6d3382f07)
|
||||
seg6local LWT 的 End.BPF 操作 | 4.18 | [`004d4b274e2a`](https://github.com/torvalds/linux/commit/004d4b274e2a1a895a0e5dc66158b90a7d463d44)
|
||||
BPF 附加到 LIRC 设备 | 4.18 | [`f4364dcfc86d`](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936)
|
||||
将映射值传递给映射助手 | 4.18 | [`d71962f3e627`](https://github.com/torvalds/linux/commit/d71962f3e627b5941804036755c844fabfb65ff5)
|
||||
BPF 套接字复用端口 | 4.19 | [`2dbb9b9e6df6`](https://github.com/torvalds/linux/commit/2dbb9b9e6df67d444fbe425c7f6014858d337adf)
|
||||
BPF 流解剖器 | 4.20 | [`d58e468b1112`](https://github.com/torvalds/linux/commit/d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9)
|
||||
BPF 1M 指令限制 | 5.2 | [`c04c0d2b968a`](https://github.com/torvalds/linux/commit/c04c0d2b968ac45d6ef020316808ef6c82325a82)
|
||||
BPF 控制组 sysctl | 5.2 | [`7b146cebe30c`](https://github.com/torvalds/linux/commit/7b146cebe30cb481b0f70d85779da938da818637)
|
||||
BPF 原始跟踪点可写 | 5.2 | [`9df1c28bb752`](https://github.com/torvalds/linux/commit/9df1c28bb75217b244257152ab7d788bb2a386d0)
|
||||
BPF 有界循环 | 5.3 | [`2589726d12a1`](https://github.com/torvalds/linux/commit/2589726d12a1b12eaaa93c7f1ea64287e383c7a5)
|
||||
BPF 跳板 | 5.5 | [`fec56f5890d9`](https://github.com/torvalds/linux/commit/fec56f5890d93fc2ed74166c397dc186b1c25951)
|
||||
BPF LSM 钩子 | 5.7 | [`fc611f47f218`](https://github.com/torvalds/linux/commit/fc611f47f2188ade2b48ff6902d5cce8baac0c58) [`641cd7b06c91`](https://github.com/torvalds/linux/commit/641cd7b06c911c5935c34f24850ea18690649917)
|
||||
BPF 迭代器 | 5.8 | [`180139dca8b3`](https://github.com/torvalds/linux/commit/180139dca8b38c858027b8360ee10064fdb2fbf7)BPF套接字查找挂钩 | 5.9 | [`e9ddbb7707ff`](https://github.com/torvalds/linux/commit/e9ddbb7707ff5891616240026062b8c1e29864ca)
|
||||
可睡眠的BPF程序 | 5.10 | [`1e6c62a88215`](https://github.com/torvalds/linux/commit/1e6c62a8821557720a9b2ea9617359b264f2f67c)
|
||||
|
||||
### 程序类型
|
||||
|
||||
程序类型 | 内核版本 | 提交 | 枚举
|
||||
-------------|----------------|--------|-----
|
||||
套接字过滤器 | 3.19 | [`ddd872bc3098`](https://github.com/torvalds/linux/commit/ddd872bc3098f9d9abe1680a6b2013e59e3337f7) | BPF_PROG_TYPE_SOCKET_FILTER
|
||||
Kprobe | 4.1 | [`2541517c32be`](https://github.com/torvalds/linux/commit/2541517c32be2531e0da59dfd7efc1ce844644f5) | BPF_PROG_TYPE_KPROBE
|
||||
流量控制(TC) | 4.1 | [`96be4325f443`](https://github.com/torvalds/linux/commit/96be4325f443dbbfeb37d2a157675ac0736531a1) | BPF_PROG_TYPE_SCHED_CLS
|
||||
流量控制(TC) | 4.1 | [`94caee8c312d`](https://github.com/torvalds/linux/commit/94caee8c312d96522bcdae88791aaa9ebcd5f22c) | BPF_PROG_TYPE_SCHED_ACT
|
||||
跟踪点 | 4.7 | [`98b5c2c65c29`](https://github.com/torvalds/linux/commit/98b5c2c65c2951772a8fc661f50d675e450e8bce) | BPF_PROG_TYPE_TRACEPOINT
|
||||
XDP | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95) | BPF_PROG_TYPE_XDP
|
||||
性能事件 | 4.9 | [`0515e5999a46`](https://github.com/torvalds/linux/commit/0515e5999a466dfe6e1924f460da599bb6821487) | BPF_PROG_TYPE_PERF_EVENT
|
||||
cgroup套接字过滤 | 4.10 | [`0e33661de493`](https://github.com/torvalds/linux/commit/0e33661de493db325435d565a4a722120ae4cbf3) | BPF_PROG_TYPE_CGROUP_SKB
|
||||
cgroup套接字修改 | 4.10 | [`610236587600`](https://github.com/torvalds/linux/commit/61023658760032e97869b07d54be9681d2529e77) | BPF_PROG_TYPE_CGROUP_SOCK
|
||||
轻量级隧道(IN) | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2) | BPF_PROG_TYPE_LWT_IN".lightweight tunnel (OUT) | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2) | BPF_PROG_TYPE_LWT_OUT
|
||||
轻量级隧道 (OUT) | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2) | BPF_PROG_TYPE_LWT_OUT
|
||||
|
||||
lightweight tunnel (XMIT) | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2) | BPF_PROG_TYPE_LWT_XMIT
|
||||
轻量级隧道 (XMIT) | 4.10 | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2) | BPF_PROG_TYPE_LWT_XMIT
|
||||
|
||||
cgroup sock ops (per conn) | 4.13 | [`40304b2a1567`](https://github.com/torvalds/linux/commit/40304b2a1567fecc321f640ee4239556dd0f3ee0) | BPF_PROG_TYPE_SOCK_OPS
|
||||
cgroup sock操作 (每个连接) | 4.13 | [`40304b2a1567`](https://github.com/torvalds/linux/commit/40304b2a1567fecc321f640ee4239556dd0f3ee0) | BPF_PROG_TYPE_SOCK_OPS
|
||||
|
||||
stream parser / stream verdict | 4.14 | [`b005fd189cec`](https://github.com/torvalds/linux/commit/b005fd189cec9407b700599e1e80e0552446ee79) | BPF_PROG_TYPE_SK_SKB
|
||||
流分析器 / 流判定 | 4.14 | [`b005fd189cec`](https://github.com/torvalds/linux/commit/b005fd189cec9407b700599e1e80e0552446ee79) | BPF_PROG_TYPE_SK_SKB
|
||||
|
||||
cgroup device manager | 4.15 | [`ebc614f68736`](https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92) | BPF_PROG_TYPE_CGROUP_DEVICE
|
||||
cgroup设备管理器 | 4.15 | [`ebc614f68736`](https://github.com/torvalds/linux/commit/ebc614f687369f9df99828572b1d85a7c2de3d92) | BPF_PROG_TYPE_CGROUP_DEVICE
|
||||
|
||||
socket msg verdict | 4.17 | [`4f738adba30a`](https://github.com/torvalds/linux/commit/4f738adba30a7cfc006f605707e7aee847ffefa0) | BPF_PROG_TYPE_SK_MSG
|
||||
套接字消息判定 | 4.17 | [`4f738adba30a`](https://github.com/torvalds/linux/commit/4f738adba30a7cfc006f605707e7aee847ffefa0) | BPF_PROG_TYPE_SK_MSG
|
||||
|
||||
Raw tracepoint | 4.17 | [`c4f6699dfcb8`](https://github.com/torvalds/linux/commit/c4f6699dfcb8558d138fe838f741b2c10f416cf9) | BPF_PROG_TYPE_RAW_TRACEPOINT
|
||||
裸跟踪点 | 4.17 | [`c4f6699dfcb8`](https://github.com/torvalds/linux/commit/c4f6699dfcb8558d138fe838f741b2c10f416cf9) | BPF_PROG_TYPE_RAW_TRACEPOINT
|
||||
|
||||
socket binding | 4.17 | [`4fbac77d2d09`](https://github.com/torvalds/linux/commit/4fbac77d2d092b475dda9eea66da674369665427) | BPF_PROG_TYPE_CGROUP_SOCK_ADDR
|
||||
套接字绑定 | 4.17 | [`4fbac77d2d09`](https://github.com/torvalds/linux/commit/4fbac77d2d092b475dda9eea66da674369665427) | BPF_PROG_TYPE_CGROUP_SOCK_ADDR
|
||||
|
||||
LWT seg6local | 4.18 | [`004d4b274e2a`](https://github.com/torvalds/linux/commit/004d4b274e2a1a895a0e5dc66158b90a7d463d44) | BPF_PROG_TYPE_LWT_SEG6LOCAL
|
||||
轻量级隧道seg6local | 4.18 | [`004d4b274e2a`](https://github.com/torvalds/linux/commit/004d4b274e2a1a895a0e5dc66158b90a7d463d44) | BPF_PROG_TYPE_LWT_SEG6LOCAL
|
||||
|
||||
lirc devices | 4.18 | [`f4364dcfc86d`](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936) | BPF_PROG_TYPE_LIRC_MODE2
|
||||
lirc设备 | 4.18 | [`f4364dcfc86d`](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936) | BPF_PROG_TYPE_LIRC_MODE2
|
||||
|
||||
lookup SO_REUSEPORT socket | 4.19 | [`2dbb9b9e6df6`](https://github.com/torvalds/linux/commit/2dbb9b9e6df67d444fbe425c7f6014858d337adf) | BPF_PROG_TYPE_SK_REUSEPORT
|
||||
查找SO_REUSEPORT套接字 | 4.19 | [`2dbb9b9e6df6`](https://github.com/torvalds/linux/commit/2dbb9b9e6df67d444fbe425c7f6014858d337adf) | BPF_PROG_TYPE_SK_REUSEPORT
|
||||
|
||||
flow dissector | 4.20 | [`d58e468b1112`](https://github.com/torvalds/linux/commit/d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9) | BPF_PROG_TYPE_FLOW_DISSECTOR
|
||||
流解析器 | 4.20 | [`d58e468b1112`](https://github.com/torvalds/linux/commit/d58e468b1112dcd1d5193c0a89ff9f98b5a3e8b9) | BPF_PROG_TYPE_FLOW_DISSECTORcgroup sysctl | 5.2 | [`7b146cebe30c`](https://github.com/torvalds/linux/commit/7b146cebe30cb481b0f70d85779da938da818637) | BPF_PROG_TYPE_CGROUP_SYSCTL
|
||||
可控 cgroup | 5.2 | [`7b146cebe30c`](https://github.com/torvalds/linux/commit/7b146cebe30cb481b0f70d85779da938da818637) | BPF_PROG_TYPE_CGROUP_SYSCTL
|
||||
|
||||
writable raw tracepoints | 5.2 | [`9df1c28bb752`](https://github.com/torvalds/linux/commit/9df1c28bb75217b244257152ab7d788bb2a386d0) | BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE
|
||||
可写原始跟踪点 | 5.2 | [`9df1c28bb752`](https://github.com/torvalds/linux/commit/9df1c28bb75217b244257152ab7d788bb2a386d0) | BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE
|
||||
|
||||
cgroup getsockopt/setsockopt | 5.3 | [`0d01da6afc54`](https://github.com/torvalds/linux/commit/0d01da6afc5402f60325c5da31b22f7d56689b49) | BPF_PROG_TYPE_CGROUP_SOCKOPT
|
||||
cgroup getsockopt/setsockopt | 5.3 | [`0d01da6afc54`](https://github.com/torvalds/linux/commit/0d01da6afc5402f60325c5da31b22f7d56689b49) | BPF_PROG_TYPE_CGROUP_SOCKOPT
|
||||
|
||||
Tracing (BTF/BPF trampoline) | 5.5 | [`f1b9509c2fb0`](https://github.com/torvalds/linux/commit/f1b9509c2fb0ef4db8d22dac9aef8e856a5d81f6) | BPF_PROG_TYPE_TRACING
|
||||
追踪 (BTF/BPF 弹跳) | 5.5 | [`f1b9509c2fb0`](https://github.com/torvalds/linux/commit/f1b9509c2fb0ef4db8d22dac9aef8e856a5d81f6) | BPF_PROG_TYPE_TRACING
|
||||
|
||||
struct ops | 5.6 | [`27ae7997a661`](https://github.com/torvalds/linux/commit/27ae7997a66174cb8afd6a75b3989f5e0c1b9e5a) | BPF_PROG_TYPE_STRUCT_OPS
|
||||
结构操作 | 5.6 | [`27ae7997a661`](https://github.com/torvalds/linux/commit/27ae7997a66174cb8afd6a75b3989f5e0c1b9e5a) | BPF_PROG_TYPE_STRUCT_OPS
|
||||
|
||||
extensions | 5.6 | [`be8704ff07d2`](https://github.com/torvalds/linux/commit/be8704ff07d2374bcc5c675526f95e70c6459683) | BPF_PROG_TYPE_EXT
|
||||
扩展 | 5.6 | [`be8704ff07d2`](https://github.com/torvalds/linux/commit/be8704ff07d2374bcc5c675526f95e70c6459683) | BPF_PROG_TYPE_EXT
|
||||
|
||||
LSM | 5.7 | [`fc611f47f218`](https://github.com/torvalds/linux/commit/fc611f47f2188ade2b48ff6902d5cce8baac0c58) | BPF_PROG_TYPE_LSM
|
||||
LSM (Linux安全模块) | 5.7 | [`fc611f47f218`](https://github.com/torvalds/linux/commit/fc611f47f2188ade2b48ff6902d5cce8baac0c58) | BPF_PROG_TYPE_LSM
|
||||
|
||||
lookup listening socket | 5.9 | [`e9ddbb7707ff`](https://github.com/torvalds/linux/commit/e9ddbb7707ff5891616240026062b8c1e29864ca) | BPF_PROG_TYPE_SK_LOOKUP
|
||||
查询监听套接字 | 5.9 | [`e9ddbb7707ff`](https://github.com/torvalds/linux/commit/e9ddbb7707ff5891616240026062b8c1e29864ca) | BPF_PROG_TYPE_SK_LOOKUP
|
||||
|
||||
Allow executing syscalls | 5.15 | [`79a7f8bdb159`](https://github.com/torvalds/linux/commit/79a7f8bdb159d9914b58740f3d31d602a6e4aca8) | BPF_PROG_TYPE_SYSCALL
|
||||
允许执行系统调用 | 5.15 | [`79a7f8bdb159`](https://github.com/torvalds/linux/commit/79a7f8bdb159d9914b58740f3d31d602a6e4aca8) | BPF_PROG_TYPE_SYSCALL
|
||||
|
||||
## Map types (_a.k.a._ 表格, 在 BCC 术语中)
|
||||
|
||||
### Map 类型
|
||||
|
||||
您内核支持的 Map 类型列表可以在文件 [`include/uapi/linux/bpf.h`](https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h) 中找到:
|
||||
|
||||
```sh
|
||||
git grep -W 'bpf_map_type {' include/uapi/linux/bpf.h
|
||||
```
|
||||
|
||||
Map 类型 | 内核版本 | 提交 | 枚举
|
||||
----------|----------------|--------|------
|
||||
哈希 | 3.19 | [`0f8e4bd8a1fc`](https://github.com/torvalds/linux/commit/0f8e4bd8a1fc8c4185f1630061d0a1f2d197a475) | BPF_MAP_TYPE_HASH".Array | 3.19 | [`28fbcfa08d8e`](https://github.com/torvalds/linux/commit/28fbcfa08d8ed7c5a50d41a0433aad222835e8e3) | BPF_MAP_TYPE_ARRAY
|
||||
Prog array | 4.2 | [`04fd61ab36ec`](https://github.com/torvalds/linux/commit/04fd61ab36ec065e194ab5e74ae34a5240d992bb) | BPF_MAP_TYPE_PROG_ARRAY
|
||||
Perf events | 4.3 | [`ea317b267e9d`](https://github.com/torvalds/linux/commit/ea317b267e9d03a8241893aa176fba7661d07579) | BPF_MAP_TYPE_PERF_EVENT_ARRAY
|
||||
Per-CPU hash | 4.6 | [`824bd0ce6c7c`](https://github.com/torvalds/linux/commit/824bd0ce6c7c43a9e1e210abf124958e54d88342) | BPF_MAP_TYPE_PERCPU_HASH
|
||||
Per-CPU array | 4.6 | [`a10423b87a7e`](https://github.com/torvalds/linux/commit/a10423b87a7eae75da79ce80a8d9475047a674ee) | BPF_MAP_TYPE_PERCPU_ARRAY
|
||||
Stack trace | 4.6 | [`d5a3b1f69186`](https://github.com/torvalds/linux/commit/d5a3b1f691865be576c2bffa708549b8cdccda19) | BPF_MAP_TYPE_STACK_TRACE
|
||||
cgroup array | 4.8 | [`4ed8ec521ed5`](https://github.com/torvalds/linux/commit/4ed8ec521ed57c4e207ad464ca0388776de74d4b) | BPF_MAP_TYPE_CGROUP_ARRAY
|
||||
LRU hash | 4.10 | [`29ba732acbee`](https://github.com/torvalds/linux/commit/29ba732acbeece1e34c68483d1ec1f3720fa1bb3) [`3a08c2fd7634`](https://github.com/torvalds/linux/commit/3a08c2fd763450a927d1130de078d6f9e74944fb) | BPF_MAP_TYPE_LRU_HASH
|
||||
LRU per-CPU hash | 4.10 | [`8f8449384ec3`](https://github.com/torvalds/linux/commit/8f8449384ec364ba2a654f11f94e754e4ff719e0) [`961578b63474`](https://github.com/torvalds/linux/commit/961578b63474d13ad0e2f615fcc2901c5197dda6) | BPF_MAP_TYPE_LRU_PERCPU_HASH
|
||||
LPM trie (longest-prefix match) | 4.11 | [`b95a5c4db09b`](https://github.com/torvalds/linux/commit/b95a5c4db09bc7c253636cb84dc9b12c577fd5a0) | BPF_MAP_TYPE_LPM_TRIE
|
||||
Array of maps | 4.12 | [`56f668dfe00d`](https://github.com/torvalds/linux/commit/56f668dfe00dcf086734f1c42ea999398fad6572) | BPF_MAP_TYPE_ARRAY_OF_MAPSHash of maps | 4.12 | [`bcc6b1b7ebf8`](https://github.com/torvalds/linux/commit/bcc6b1b7ebf857a9fe56202e2be3361131588c15) | BPF_MAP_TYPE_HASH_OF_MAPS
|
||||
Netdevice references (array) | 4.14 | [`546ac1ffb70d`](https://github.com/torvalds/linux/commit/546ac1ffb70d25b56c1126940e5ec639c4dd7413) | BPF_MAP_TYPE_DEVMAP
|
||||
Socket references (array) | 4.14 | [`174a79ff9515`](https://github.com/torvalds/linux/commit/174a79ff9515f400b9a6115643dafd62a635b7e6) | BPF_MAP_TYPE_SOCKMAP
|
||||
CPU references | 4.15 | [`6710e1126934`](https://github.com/torvalds/linux/commit/6710e1126934d8b4372b4d2f9ae1646cd3f151bf) | BPF_MAP_TYPE_CPUMAP
|
||||
AF_XDP socket (XSK) references | 4.18 | [`fbfc504a24f5`](https://github.com/torvalds/linux/commit/fbfc504a24f53f7ebe128ab55cb5dba634f4ece8) | BPF_MAP_TYPE_XSKMAP
|
||||
Socket references (hashmap) | 4.18 | [`81110384441a`](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4) | BPF_MAP_TYPE_SOCKHASH
|
||||
cgroup storage | 4.19 | [`de9cbbaadba5`](https://github.com/torvalds/linux/commit/de9cbbaadba5adf88a19e46df61f7054000838f6) | BPF_MAP_TYPE_CGROUP_STORAGE
|
||||
reuseport sockarray | 4.19 | [`5dc4c4b7d4e8`](https://github.com/torvalds/linux/commit/5dc4c4b7d4e8115e7cde96a030f98cb3ab2e458c) | BPF_MAP_TYPE_REUSEPORT_SOCKARRAY
|
||||
precpu cgroup storage | 4.20 | [`b741f1630346`](https://github.com/torvalds/linux/commit/b741f1630346defcbc8cc60f1a2bdae8b3b0036f) | BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE
|
||||
queue | 4.20 | [`f1a2e44a3aec`](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92) | BPF_MAP_TYPE_QUEUE
|
||||
stack | 4.20 | [`f1a2e44a3aec`](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92) | BPF_MAP_TYPE_STACK
|
||||
socket local storage | 5.2 | [`6ac99e8f23d4`](https://github.com/torvalds/linux/commit/6ac99e8f23d4b10258406ca0dd7bffca5f31da9d) | BPF_MAP_TYPE_SK_STORAGENetdevice references (hashmap) | 5.4 | [6f9d451ab1a3](https://github.com/torvalds/linux/commit/6f9d451ab1a33728adb72d7ff66a7b374d665176) | BPF_MAP_TYPE_DEVMAP_HASH
|
||||
struct ops | 5.6 | [85d33df357b6](https://github.com/torvalds/linux/commit/85d33df357b634649ddbe0a20fd2d0fc5732c3cb) | BPF_MAP_TYPE_STRUCT_OPS
|
||||
ring buffer | 5.8 | [457f44363a88](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab) | BPF_MAP_TYPE_RINGBUF
|
||||
inode storage | 5.10 | [8ea636848aca](https://github.com/torvalds/linux/commit/8ea636848aca35b9f97c5b5dee30225cf2dd0fe6) | BPF_MAP_TYPE_INODE_STORAGE
|
||||
task storage | 5.11 | [4cf1bc1f1045](https://github.com/torvalds/linux/commit/4cf1bc1f10452065a29d576fc5693fc4fab5b919) | BPF_MAP_TYPE_TASK_STORAGE
|
||||
Bloom filter | 5.16 | [9330986c0300](https://github.com/torvalds/linux/commit/9330986c03006ab1d33d243b7cfe598a7a3c1baa) | BPF_MAP_TYPE_BLOOM_FILTER
|
||||
user ringbuf | 6.1 | [583c1f420173](https://github.com/torvalds/linux/commit/583c1f420173f7d84413a1a1fbf5109d798b4faa) | BPF_MAP_TYPE_USER_RINGBUF
|
||||
|
||||
### Map userspace API
|
||||
|
||||
Some (but not all) of these _API features_ translate to a subcommand beginning with `BPF_MAP_`.
|
||||
The list of subcommands supported in your kernel can be found in file
|
||||
[include/uapi/linux/bpf.h](https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h):
|
||||
|
||||
```sh
|
||||
git grep -W 'bpf_cmd {' include/uapi/linux/bpf.h
|
||||
```
|
||||
|
||||
Feature | Kernel version | Commit
|
||||
--------|----------------|-------
|
||||
Basic operations (lookup, update, delete, `GET_NEXT_KEY`) | 3.18 | [db20fd2b0108](https://github.com/torvalds/linux/commit/db20fd2b01087bdfbe30bce314a198eefedcc42e)
|
||||
Pass flags to `UPDATE_ELEM` | 3.19 | [3274f52073d8](https://github.com/torvalds/linux/commit/3274f52073d88b62f3c5ace82ae9d48546232e72)
|
||||
Pre-alloc map memory by default | 4.6 | [6c9059817432](https://github.com/torvalds/linux/commit/6c90598174322b8888029e40dd84a4eb01f56afe)传递`NULL`给`GET_NEXT_KEY` | 4.12 | [`8fe45924387b`](https://github.com/torvalds/linux/commit/8fe45924387be6b5c1be59a7eb330790c61d5d10)
|
||||
创建: 选择NUMA节点 | 4.14 | [`96eabe7a40aa`](https://github.com/torvalds/linux/commit/96eabe7a40aa17e613cf3db2c742ee8b1fc764d0)
|
||||
限制从系统调用方面的访问 | 4.15 | [`6e71b04a8224`](https://github.com/torvalds/linux/commit/6e71b04a82248ccf13a94b85cbc674a9fefe53f5)
|
||||
创建: 指定映射名称 | 4.15 | [`ad5b177bd73f`](https://github.com/torvalds/linux/commit/ad5b177bd73f5107d97c36f56395c4281fb6f089)
|
||||
`LOOKUP_AND_DELETE_ELEM` | 4.20 | [`bd513cd08f10`](https://github.com/torvalds/linux/commit/bd513cd08f10cbe28856f99ae951e86e86803861)
|
||||
创建: `BPF_F_ZERO_SEED` | 5.0 | [`96b3b6c9091d`](https://github.com/torvalds/linux/commit/96b3b6c9091d23289721350e32c63cc8749686be)
|
||||
查找/更新的`BPF_F_LOCK`标志 | 5.1 | [`96049f3afd50`](https://github.com/torvalds/linux/commit/96049f3afd50fe8db69fa0068cdca822e747b1e4)
|
||||
限制从BPF方面的访问 | 5.2 | [`591fe9888d78`](https://github.com/torvalds/linux/commit/591fe9888d7809d9ee5c828020b6c6ae27c37229)
|
||||
`FREEZE` | 5.2 | [`87df15de441b`](https://github.com/torvalds/linux/commit/87df15de441bd4add7876ef584da8cabdd9a042a)
|
||||
数组映射的mmap()支持 | 5.5 | [`fc9702273e2e`](https://github.com/torvalds/linux/commit/fc9702273e2edb90400a34b3be76f7b08fa3344b)
|
||||
`LOOKUP_BATCH` | 5.6 | [`cb4d03ab499d`](https://github.com/torvalds/linux/commit/cb4d03ab499d4c040f4ab6fd4389d2b49f42b5a5)
|
||||
`UPDATE_BATCH`, `DELETE_BATCH` | 5.6 | [`aa2e93b8e58e`](https://github.com/torvalds/linux/commit/aa2e93b8e58e18442edfb2427446732415bc215e)
|
||||
`LOOKUP_AND_DELETE_BATCH` | 5.6 | [`057996380a42`](https://github.com/torvalds/linux/commit/057996380a42bb64ccc04383cfa9c0ace4ea11f0)
|
||||
`LOOKUP_AND_DELETE_ELEM`哈希映射的支持 | 5.14 | [`3e87f192b405`](https://github.com/torvalds/linux/commit/3e87f192b405960c0fe83e0925bd0dadf4f8cf43)
|
||||
|
||||
## XDP
|
||||
|
||||
您的内核支持XDP程序的驱动程序或组件的近似列表可以用以下命令检索:
|
||||
```sh````git grep -l XDP_SETUP_PROG drivers/
|
||||
|
||||
功能/驱动 | 内核版本 | 提交
|
||||
------------- | ------------ | ------
|
||||
XDP核心架构 | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95)
|
||||
操作:丢弃 | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95)
|
||||
操作:传递到堆栈 | 4.8 | [`6a773a15a1e8`](https://github.com/torvalds/linux/commit/6a773a15a1e8874e5eccd2f29190c31085912c95)
|
||||
直接转发(同一端口) | 4.8 | [`6ce96ca348a9`](https://github.com/torvalds/linux/commit/6ce96ca348a9e949f8c43f4d3e98db367d93cffd)
|
||||
直接数据包数据写入 | 4.8 | [`4acf6c0b84c9`](https://github.com/torvalds/linux/commit/4acf6c0b84c91243c705303cd9ff16421914150d)
|
||||
Mellanox `mlx4`驱动 | 4.8 | [`47a38e155037`](https://github.com/torvalds/linux/commit/47a38e155037f417c5740e24ccae6482aedf4b68)
|
||||
Mellanox `mlx5`驱动 | 4.9 | [`86994156c736`](https://github.com/torvalds/linux/commit/86994156c736978d113e7927455d4eeeb2128b9f)
|
||||
Netronome `nfp`驱动 | 4.10 | [`ecd63a0217d5`](https://github.com/torvalds/linux/commit/ecd63a0217d5f1e8a92f7516f5586d1177b95de2)
|
||||
QLogic(Cavium)`qed*`驱动 | 4.10 | [`496e05170958`](https://github.com/torvalds/linux/commit/496e051709588f832d7a6a420f44f8642b308a87)
|
||||
`virtio_net`驱动 | 4.10 | [`f600b6905015`](https://github.com/torvalds/linux/commit/f600b690501550b94e83e07295d9c8b9c4c39f4e)
|
||||
Broadcom `bnxt_en`驱动 | 4.11 | [`c6d30e8391b8`](https://github.com/torvalds/linux/commit/c6d30e8391b85e00eb544e6cf047ee0160ee9938)
|
||||
Intel `ixgbe*`驱动 | 4.12 | [`924708081629`](https://github.com/torvalds/linux/commit/9247080816297de4e31abb684939c0e53e3a8a67)
|
||||
Cavium `thunderx`驱动 | 4.12 | [`05c773f52b96`](https://github.com/torvalds/linux/commit/05c773f52b96ef3fbc7d9bfa21caadc6247ef7a8)
|
||||
通用XDP | 4.12 | [`b5cdae3291f7`](https://github.com/torvalds/linux/commit/b5cdae3291f7be7a34e75affe4c0ec1f7f328b64)`
|
||||
|
||||
**注意:**
|
||||
本次翻译仅包括翻译部分,不包括原始文本。## 帮助者
|
||||
|
||||
您的内核支持的辅助者列表可在文件中找到。
|
||||
|
||||
Intel `i40e` 驱动程序 | 4.13 | [`0c8493d90b6b`](https://github.com/torvalds/linux/commit/0c8493d90b6bb0f5c4fe9217db8f7203f24c0f28)
|
||||
|
||||
操作:重定向 | 4.14 | [`6453073987ba`](https://github.com/torvalds/linux/commit/6453073987ba392510ab6c8b657844a9312c67f7)
|
||||
|
||||
支持 tap | 4.14 | [`761876c857cb`](https://github.com/torvalds/linux/commit/761876c857cb2ef8489fbee01907151da902af91)
|
||||
|
||||
支持 veth | 4.14 | [`d445516966dc`](https://github.com/torvalds/linux/commit/d445516966dcb2924741b13b27738b54df2af01a)
|
||||
|
||||
Intel `ixgbevf` 驱动程序 | 4.17 | [`c7aec59657b6`](https://github.com/torvalds/linux/commit/c7aec59657b60f3a29fc7d3274ebefd698879301)
|
||||
|
||||
Freescale `dpaa2` 驱动程序 | 5.0 | [`7e273a8ebdd3`](https://github.com/torvalds/linux/commit/7e273a8ebdd3b83f94eb8b49fc8ee61464f47cc2)
|
||||
|
||||
Socionext `netsec` 驱动程序 | 5.3 | [`ba2b232108d3`](https://github.com/torvalds/linux/commit/ba2b232108d3c2951bab02930a00f23b0cffd5af)
|
||||
|
||||
TI `cpsw` 驱动程序 | 5.3 | [`9ed4050c0d75`](https://github.com/torvalds/linux/commit/9ed4050c0d75768066a07cf66eef4f8dc9d79b52)
|
||||
|
||||
Intel `ice` 驱动程序 |5.5| [`efc2214b6047`](https://github.com/torvalds/linux/commit/efc2214b6047b6f5b4ca53151eba62521b9452d6)
|
||||
|
||||
Solarflare `sfc` 驱动程序 | 5.5 | [`eb9a36be7f3e`](https://github.com/torvalds/linux/commit/eb9a36be7f3ec414700af9a616f035eda1f1e63e)
|
||||
|
||||
Marvell `mvneta` 驱动程序 | 5.5 | [`0db51da7a8e9`](https://github.com/torvalds/linux/commit/0db51da7a8e99f0803ec3a8e25c1a66234a219cb)
|
||||
|
||||
Microsoft `hv_netvsc` 驱动程序 | 5.6 | [`351e1581395f`](https://github.com/torvalds/linux/commit/351e1581395fcc7fb952bbd7dda01238f69968fd)
|
||||
|
||||
Amazon `ena` 驱动程序 | 5.6 | [`838c93dc5449`](https://github.com/torvalds/linux/commit/838c93dc5449e5d6378bae117b0a65a122cf7361)
|
||||
|
||||
`xen-netfront` 驱动程序 | 5.9 | [`6c5aa6fc4def`](https://github.com/torvalds/linux/commit/6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c)
|
||||
|
||||
Intel `gi` 驱动程序 | 5.10 | [`9cbc948b5a20`](https://github.com/torvalds/linux/commit/9cbc948b5a20c9c054d9631099c0426c16da546b)`include/uapi/linux/bpf.h`: [`include/uapi/linux/bpf.h`](https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h):
|
||||
|
||||
```sh
|
||||
git grep ' FN(' include/uapi/linux/bpf.h
|
||||
```
|
||||
|
||||
按字母顺序排列
|
||||
|
||||
Helper | 内核版本 | 授权许可 | 提交记录 |
|
||||
-------|----------------|---------|--------|
|
||||
`BPF_FUNC_bind()` | 4.17 | | [`d74bad4e74ee`](https://github.com/torvalds/linux/commit/d74bad4e74ee373787a9ae24197c17b7cdc428d5) |
|
||||
`BPF_FUNC_bprm_opts_set()` | 5.11 | | [`3f6719c7b62f`](https://github.com/torvalds/linux/commit/3f6719c7b62f0327c9091e26d0da10e65668229e)
|
||||
`BPF_FUNC_btf_find_by_name_kind()` | 5.14 | | [`3d78417b60fb`](https://github.com/torvalds/linux/commit/3d78417b60fba249cc555468cb72d96f5cde2964)
|
||||
`BPF_FUNC_cgrp_storage_delete()` | 6.2 | | [`c4bcfb38a95e`](https://github.com/torvalds/linux/commit/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4)
|
||||
`BPF_FUNC_cgrp_storage_get()` | 6.2 | | [`c4bcfb38a95e`](https://github.com/torvalds/linux/commit/c4bcfb38a95edb1021a53f2d0356a78120ecfbe4)
|
||||
`BPF_FUNC_check_mtu()` | 5.12 | | [`34b2021cc616`](https://github.com/torvalds/linux/commit/34b2021cc61642d61c3cf943d9e71925b827941b)
|
||||
`BPF_FUNC_clone_redirect()` | 4.2 | | [`3896d655f4d4`](https://github.com/torvalds/linux/commit/3896d655f4d491c67d669a15f275a39f713410f8)
|
||||
`BPF_FUNC_copy_from_user()` | 5.10 | | [`07be4c4a3e7a`](https://github.com/torvalds/linux/commit/07be4c4a3e7a0db148e44b16c5190e753d1c8569)
|
||||
`BPF_FUNC_copy_from_user_task()` | 5.18 | GPL | [`376040e47334`](https://github.com/torvalds/linux/commit/376040e47334c6dc6a939a32197acceb00fe4acf)
|
||||
`BPF_FUNC_csum_diff()` | 4.6 | | [`7d672345ed29`](https://github.com/torvalds/linux/commit/7d672345ed295b1356a5d9f7111da1d1d7d65867)
|
||||
`BPF_FUNC_csum_level()` | 5.7 | | [`7cdec54f9713`](https://github.com/torvalds/linux/commit/7cdec54f9713256bb170873a1fc5c75c9127c9d2)
|
||||
`BPF_FUNC_csum_update()` | 4.9 | | [`36bbef52c7eb`](https://github.com/torvalds/linux/commit/36bbef52c7eb646ed6247055a2acd3851e317857)"`BPF_FUNC_current_task_under_cgroup()` | 4.9 | | [`60d20f9195b2`](https://github.com/torvalds/linux/commit/60d20f9195b260bdf0ac10c275ae9f6016f9c069)
|
||||
`BPF_FUNC_d_path()` | 5.10 | | [`6e22ab9da793`](https://github.com/torvalds/linux/commit/6e22ab9da79343532cd3cde39df25e5a5478c692)
|
||||
`BPF_FUNC_dynptr_data()` | 5.19 | | [`34d4ef5775f7`](https://github.com/torvalds/linux/commit/34d4ef5775f776ec4b0d53a02d588bf3195cada6)
|
||||
`BPF_FUNC_dynptr_from_mem()` | 5.19 | | [`263ae152e962`](https://github.com/torvalds/linux/commit/263ae152e96253f40c2c276faad8629e096b3bad)
|
||||
`BPF_FUNC_dynptr_read()` | 5.19 | | [`13bbbfbea759`](https://github.com/torvalds/linux/commit/13bbbfbea7598ea9f8d9c3d73bf053bb57f9c4b2)
|
||||
`BPF_FUNC_dynptr_write()` | 5.19 | | [`13bbbfbea759`](https://github.com/torvalds/linux/commit/13bbbfbea7598ea9f8d9c3d73bf053bb57f9c4b2)
|
||||
`BPF_FUNC_fib_lookup()` | 4.18 | GPL | [`87f5fc7e48dd`](https://github.com/torvalds/linux/commit/87f5fc7e48dd3175b30dd03b41564e1a8e136323)
|
||||
`BPF_FUNC_find_vma()` | 5.17 | | [`7c7e3d31e785`](https://github.com/torvalds/linux/commit/7c7e3d31e7856a8260a254f8c71db416f7f9f5a1)
|
||||
`BPF_FUNC_for_each_map_elem()` | 5.13 | | [`69c087ba6225`](https://github.com/torvalds/linux/commit/69c087ba6225b574afb6e505b72cb75242a3d844)
|
||||
`BPF_FUNC_get_attach_cookie()` | 5.15 | | [`7adfc6c9b315`](https://github.com/torvalds/linux/commit/7adfc6c9b315e174cf8743b21b7b691c8766791b)
|
||||
`BPF_FUNC_get_branch_snapshot()` | 5.16 | GPL | [`856c02dbce4f`](https://github.com/torvalds/linux/commit/856c02dbce4f8d6a5644083db22c11750aa11481)
|
||||
`BPF_FUNC_get_current_ancestor_cgroup_id()` | 5.6 | | [`b4490c5c4e02`](https://github.com/torvalds/linux/commit/b4490c5c4e023f09b7d27c9a9d3e7ad7d09ea6bf)
|
||||
`BPF_FUNC_get_cgroup_classid()` | 4.3 | | [`8d20aabe1c76`](https://github.com/torvalds/linux/commit/8d20aabe1c76cccac544d9fcc3ad7823d9e98a2d)
|
||||
`BPF_FUNC_get_current_cgroup_id()` | 4.18 | | [`bf6fa2c893c5`](https://github.com/torvalds/linux/commit/bf6fa2c893c5237b48569a13fa3c673041430b6c)
|
||||
`BPF_FUNC_current_task_under_cgroup()` | 4.9 | | [`60d20f9195b2`](https://github.com/torvalds/linux/commit/60d20f9195b260bdf0ac10c275ae9f6016f9c069)
|
||||
`BPF_FUNC_d_path()` | 5.10 | | [`6e22ab9da793`](https://github.com/torvalds/linux/commit/6e22ab9da79343532cd3cde39df25e5a5478c692)
|
||||
`BPF_FUNC_dynptr_data()` | 5.19 | | [`34d4ef5775f7`](https://github.com/torvalds/linux/commit/34d4ef5775f776ec4b0d53a02d588bf3195cada6)
|
||||
`BPF_FUNC_dynptr_from_mem()` | 5.19 | | [`263ae152e962`](https://github.com/torvalds/linux/commit/263ae152e96253f40c2c276faad8629e096b3bad)
|
||||
`BPF_FUNC_dynptr_read()` | 5.19 | | [`13bbbfbea759`](https://github.com/torvalds/linux/commit/13bbbfbea7598ea9f8d9c3d73bf053bb57f9c4b2)
|
||||
`BPF_FUNC_dynptr_write()` | 5.19 | | [`13bbbfbea759`](https://github.com/torvalds/linux/commit/13bbbfbea7598ea9f8d9c3d73bf053bb57f9c4b2)
|
||||
`BPF_FUNC_fib_lookup()` | 4.18 | GPL | [`87f5fc7e48dd`](https://github.com/torvalds/linux/commit/87f5fc7e48dd3175b30dd03b41564e1a8e136323)
|
||||
`BPF_FUNC_find_vma()` | 5.17 | | [`7c7e3d31e785`](https://github.com/torvalds/linux/commit/7c7e3d31e7856a8260a254f8c71db416f7f9f5a1)
|
||||
`BPF_FUNC_for_each_map_elem()` | 5.13 | | [`69c087ba6225`](https://github.com/torvalds/linux/commit/69c087ba6225b574afb6e505b72cb75242a3d844)
|
||||
`BPF_FUNC_get_attach_cookie()` | 5.15 | | [`7adfc6c9b315`](https://github.com/torvalds/linux/commit/7adfc6c9b315e174cf8743b21b7b691c8766791b)
|
||||
`BPF_FUNC_get_branch_snapshot()` | 5.16 | GPL | [`856c02dbce4f`](https://github.com/torvalds/linux/commit/856c02dbce4f8d6a5644083db22c11750aa11481)
|
||||
`BPF_FUNC_get_current_ancestor_cgroup_id()` | 5.6 | | [`b4490c5c4e02`](https://github.com/torvalds/linux/commit/b4490c5c4e023f09b7d27c9a9d3e7ad7d09ea6bf)
|
||||
`BPF_FUNC_get_cgroup_classid()` | 4.3 | | [`8d20aabe1c76`](https://github.com/torvalds/linux/commit/8d20aabe1c76cccac544d9fcc3ad7823d9e98a2d)
|
||||
`BPF_FUNC_get_current_cgroup_id()` | 4.18 | | [`bf6fa2c893c5`](https://github.com/torvalds/linux/commit/bf6fa2c893c5237b48569a13fa3c673041430b6c)"."`BPF_FUNC_get_current_comm()` | 4.2 | | [`ffeedafbf023`](https://github.com/torvalds/linux/commit/ffeedafbf0236f03aeb2e8db273b3e5ae5f5bc89)
|
||||
`BPF_FUNC_get_current_pid_tgid()` | 4.2 | | [`ffeedafbf023`](https://github.com/torvalds/linux/commit/ffeedafbf0236f03aeb2e8db273b3e5ae5f5bc89)
|
||||
`BPF_FUNC_get_current_task()` | 4.8 | GPL | [`606274c5abd8`](https://github.com/torvalds/linux/commit/606274c5abd8e245add01bc7145a8cbb92b69ba8)
|
||||
`BPF_FUNC_get_current_task_btf()` | 5.11 | GPL | [`3ca1032ab7ab`](https://github.com/torvalds/linux/commit/3ca1032ab7ab010eccb107aa515598788f7d93bb)
|
||||
`BPF_FUNC_get_current_uid_gid()` | 4.2 | | [`ffeedafbf023`](https://github.com/torvalds/linux/commit/ffeedafbf0236f03aeb2e8db273b3e5ae5f5bc89)
|
||||
`BPF_FUNC_get_func_arg()` | 5.17 | | [`f92c1e183604`](https://github.com/torvalds/linux/commit/f92c1e183604c20ce00eb889315fdaa8f2d9e509)
|
||||
`BPF_FUNC_get_func_arg_cnt()` | 5.17 | | [`f92c1e183604`](https://github.com/torvalds/linux/commit/f92c1e183604c20ce00eb889315fdaa8f2d9e509)
|
||||
`BPF_FUNC_get_func_ip()` | 5.15 | | [`5d8b583d04ae`](https://github.com/torvalds/linux/commit/5d8b583d04aedb3bd5f6d227a334c210c7d735f9)
|
||||
`BPF_FUNC_get_func_ret()` | 5.17 | | [`f92c1e183604`](https://github.com/torvalds/linux/commit/f92c1e183604c20ce00eb889315fdaa8f2d9e509)
|
||||
`BPF_FUNC_get_retval()` | 5.18 | | [`b44123b4a3dc`](https://github.com/torvalds/linux/commit/b44123b4a3dcad4664d3a0f72c011ffd4c9c4d93)
|
||||
`BPF_FUNC_get_hash_recalc()` | 4.8 | | [`13c5c240f789`](https://github.com/torvalds/linux/commit/13c5c240f789bbd2bcacb14a23771491485ae61f)
|
||||
`BPF_FUNC_get_listener_sock()` | 5.1 | | [`dbafd7ddd623`](https://github.com/torvalds/linux/commit/dbafd7ddd62369b2f3926ab847cbf8fc40e800b7)
|
||||
`BPF_FUNC_get_local_storage()` | 4.19 | | [`cd3394317653`](https://github.com/torvalds/linux/commit/cd3394317653837e2eb5c5d0904a8996102af9fc)
|
||||
`BPF_FUNC_get_netns_cookie()` | 5.7 | | [`f318903c0bf4`](https://github.com/torvalds/linux/commit/f318903c0bf42448b4c884732df2bbb0ef7a2284)`BPF_FUNC_get_ns_current_pid_tgid()` | 5.7 | | [`b4490c5c4e02`](https://github.com/torvalds/linux/commit/b4490c5c4e023f09b7d27c9a9d3e7ad7d09ea6bf)
|
||||
`BPF_FUNC_get_numa_node_id()` | 4.10 | | [`2d0e30c30f84`](https://github.com/torvalds/linux/commit/2d0e30c30f84d08dc16f0f2af41f1b8a85f0755e)
|
||||
`BPF_FUNC_get_prandom_u32()` | 4.1 | | [`03e69b508b6f`](https://github.com/torvalds/linux/commit/03e69b508b6f7c51743055c9f61d1dfeadf4b635)
|
||||
`BPF_FUNC_get_route_realm()` | 4.4 | | [`c46646d0484f`](https://github.com/torvalds/linux/commit/c46646d0484f5d08e2bede9b45034ba5b8b489cc)
|
||||
`BPF_FUNC_get_smp_processor_id()` | 4.1 | | [`c04167ce2ca0`](https://github.com/torvalds/linux/commit/c04167ce2ca0ecaeaafef006cb0d65cf01b68e42)
|
||||
`BPF_FUNC_get_socket_cookie()` | 4.12 | | [`91b8270f2a4d`](https://github.com/torvalds/linux/commit/91b8270f2a4d1d9b268de90451cdca63a70052d6)
|
||||
`BPF_FUNC_get_socket_uid()` | 4.12 | | [`6acc5c291068`](https://github.com/torvalds/linux/commit/6acc5c2910689fc6ee181bf63085c5efff6a42bd)
|
||||
`BPF_FUNC_get_stack()` | 4.18 | GPL | [`de2ff05f48af`](https://github.com/torvalds/linux/commit/de2ff05f48afcde816ff4edb217417f62f624ab5)
|
||||
`BPF_FUNC_get_stackid()` | 4.6 | GPL | [`d5a3b1f69186`](https://github.com/torvalds/linux/commit/d5a3b1f691865be576c2bffa708549b8cdccda19)
|
||||
`BPF_FUNC_get_task_stack()` | 5.9 | | [`fa28dcb82a38`](https://github.com/torvalds/linux/commit/fa28dcb82a38f8e3993b0fae9106b1a80b59e4f0)
|
||||
`BPF_FUNC_getsockopt()` | 4.15 | | [`cd86d1fd2102`](https://github.com/torvalds/linux/commit/cd86d1fd21025fdd6daf23d1288da405e7ad0ec6)
|
||||
`BPF_FUNC_ima_file_hash()` | 5.18 | | [`174b16946e39`](https://github.com/torvalds/linux/commit/174b16946e39ebd369097e0f773536c91a8c1a4c)
|
||||
`BPF_FUNC_ima_inode_hash()` | 5.11 | | [`27672f0d280a`](https://github.com/torvalds/linux/commit/27672f0d280a3f286a410a8db2004f46ace72a17)
|
||||
`BPF_FUNC_inode_storage_delete()` | 5.10 | | [`8ea636848aca`](https://github.com/torvalds/linux/commit/8ea636848aca35b9f97c5b5dee30225cf2dd0fe6)
|
||||
RPC_FUNC_get_ns_current_pid_tgid() | 5.7 | | [b4490c5c4e02](https://github.com/torvalds/linux/commit/b4490c5c4e023f09b7d27c9a9d3e7ad7d09ea6bf)
|
||||
RPC_FUNC_get_numa_node_id() | 4.10 | | [2d0e30c30f84](https://github.com/torvalds/linux/commit/2d0e30c30f84d08dc16f0f2af41f1b8a85f0755e)
|
||||
RPC_FUNC_get_prandom_u32() | 4.1 | | [03e69b508b6f](https://github.com/torvalds/linux/commit/03e69b508b6f7c51743055c9f61d1dfeadf4b635)
|
||||
RPC_FUNC_get_route_realm() | 4.4 | | [c46646d0484f](https://github.com/torvalds/linux/commit/c46646d0484f5d08e2bede9b45034ba5b8b489cc)
|
||||
RPC_FUNC_get_smp_processor_id() | 4.1 | | [c04167ce2ca0](https://github.com/torvalds/linux/commit/c04167ce2ca0ecaeaafef006cb0d65cf01b68e42)
|
||||
RPC_FUNC_get_socket_cookie() | 4.12 | | [91b8270f2a4d](https://github.com/torvalds/linux/commit/91b8270f2a4d1d9b268de90451cdca63a70052d6)
|
||||
RPC_FUNC_get_socket_uid() | 4.12 | | [6acc5c291068](https://github.com/torvalds/linux/commit/6acc5c2910689fc6ee181bf63085c5efff6a42bd)
|
||||
RPC_FUNC_get_stack() | 4.18 | GPL | [de2ff05f48af](https://github.com/torvalds/linux/commit/de2ff05f48afcde816ff4edb217417f62f624ab5)
|
||||
RPC_FUNC_get_stackid() | 4.6 | GPL | [d5a3b1f69186](https://github.com/torvalds/linux/commit/d5a3b1f691865be576c2bffa708549b8cdccda19)
|
||||
RPC_FUNC_get_task_stack() | 5.9 | | [fa28dcb82a38](https://github.com/torvalds/linux/commit/fa28dcb82a38f8e3993b0fae9106b1a80b59e4f0)
|
||||
RPC_FUNC_getsockopt() | 4.15 | | [cd86d1fd2102](https://github.com/torvalds/linux/commit/cd86d1fd21025fdd6daf23d1288da405e7ad0ec6)
|
||||
RPC_FUNC_ima_file_hash() | 5.18 | | [174b16946e39](https://github.com/torvalds/linux/commit/174b16946e39ebd369097e0f773536c91a8c1a4c)
|
||||
RPC_FUNC_ima_inode_hash() | 5.11 | | [27672f0d280a](https://github.com/torvalds/linux/commit/27672f0d280a3f286a410a8db2004f46ace72a17)
|
||||
RPC_FUNC_inode_storage_delete() | 5.10 | | [8ea636848aca](https://github.com/torvalds/linux/commit/8ea636848aca35b9f97c5b5dee30225cf2dd0fe6)"."`BPF_FUNC_inode_storage_get()` | 5.10 | | [`8ea636848aca`](https://github.com/torvalds/linux/commit/8ea636848aca35b9f97c5b5dee30225cf2dd0fe6)
|
||||
`BPF_FUNC_jiffies64()` | 5.5 | | [`5576b991e9c1`](https://github.com/torvalds/linux/commit/5576b991e9c1a11d2cc21c4b94fc75ec27603896)
|
||||
`BPF_FUNC_kallsyms_lookup_name()` | 5.16 | | [`d6aef08a872b`](https://github.com/torvalds/linux/commit/d6aef08a872b9e23eecc92d0e92393473b13c497)
|
||||
`BPF_FUNC_kptr_xchg()` | 5.19 | | [`c0a5a21c25f3`](https://github.com/torvalds/linux/commit/c0a5a21c25f37c9fd7b36072f9968cdff1e4aa13)
|
||||
`BPF_FUNC_ktime_get_boot_ns()` | 5.8 | | [`71d19214776e`](https://github.com/torvalds/linux/commit/71d19214776e61b33da48f7c1b46e522c7f78221)
|
||||
`BPF_FUNC_ktime_get_coarse_ns()` | 5.11 | | [`d05512618056`](https://github.com/torvalds/linux/commit/d055126180564a57fe533728a4e93d0cb53d49b3)
|
||||
`BPF_FUNC_ktime_get_ns()` | 4.1 | | [`d9847d310ab4`](https://github.com/torvalds/linux/commit/d9847d310ab4003725e6ed1822682e24bd406908)
|
||||
`BPF_FUNC_ktime_get_tai_ns()` | 6.1 | | [`c8996c98f703`](https://github.com/torvalds/linux/commit/c8996c98f703b09afe77a1d247dae691c9849dc1)
|
||||
`BPF_FUNC_l3_csum_replace()` | 4.1 | | [`91bc4822c3d6`](https://github.com/torvalds/linux/commit/91bc4822c3d61b9bb7ef66d3b77948a4f9177954)
|
||||
`BPF_FUNC_l4_csum_replace()` | 4.1 | | [`91bc4822c3d6`](https://github.com/torvalds/linux/commit/91bc4822c3d61b9bb7ef66d3b77948a4f9177954)
|
||||
`BPF_FUNC_load_hdr_opt()` | 5.10 | | [`0813a841566f`](https://github.com/torvalds/linux/commit/0813a841566f0962a5551be7749b43c45f0022a0)
|
||||
`BPF_FUNC_loop()` | 5.17 | | [`e6f2dd0f8067`](https://github.com/torvalds/linux/commit/e6f2dd0f80674e9d5960337b3e9c2a242441b326)
|
||||
`BPF_FUNC_lwt_push_encap()` | 4.18 | | [`fe94cc290f53`](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee79)
|
||||
`BPF_FUNC_lwt_seg6_action()` | 4.18 | | [`fe94cc290f53`](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee79)\`BPF_FUNC_lwt_seg6_adjust_srh()\` | 4.18 | | [`fe94cc290f53`](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee79)
|
||||
\`BPF_FUNC_lwt_seg6_store_bytes()\` | 4.18 | | [`fe94cc290f53`](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee79)
|
||||
\`BPF_FUNC_map_delete_elem()\` | 3.19 | | [`d0003ec01c66`](https://github.com/torvalds/linux/commit/d0003ec01c667b731c139e23de3306a8b328ccf5)
|
||||
\`BPF_FUNC_map_lookup_elem()\` | 3.19 | | [`d0003ec01c66`](https://github.com/torvalds/linux/commit/d0003ec01c667b731c139e23de3306a8b328ccf5)
|
||||
\`BPF_FUNC_map_lookup_percpu_elem()\` | 5.19 | | [`07343110b293`](https://github.com/torvalds/linux/commit/07343110b293456d30393e89b86c4dee1ac051c8)
|
||||
\`BPF_FUNC_map_peek_elem()\` | 4.20 | | [`f1a2e44a3aec`](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92)
|
||||
\`BPF_FUNC_map_pop_elem()\` | 4.20 | | [`f1a2e44a3aec`](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92)
|
||||
\`BPF_FUNC_map_push_elem()\` | 4.20 | | [`f1a2e44a3aec`](https://github.com/torvalds/linux/commit/f1a2e44a3aeccb3ff18d3ccc0b0203e70b95bd92)
|
||||
\`BPF_FUNC_map_update_elem()\` | 3.19 | | [`d0003ec01c66`](https://github.com/torvalds/linux/commit/d0003ec01c667b731c139e23de3306a8b328ccf5)
|
||||
\`BPF_FUNC_msg_apply_bytes()\` | 4.17 | | [`2a100317c9eb`](https://github.com/torvalds/linux/commit/2a100317c9ebc204a166f16294884fbf9da074ce)
|
||||
\`BPF_FUNC_msg_cork_bytes()\` | 4.17 | | [`91843d540a13`](https://github.com/torvalds/linux/commit/91843d540a139eb8070bcff8aa10089164436deb)
|
||||
\`BPF_FUNC_msg_pop_data()\` | 5.0 | | [`7246d8ed4dcc`](https://github.com/torvalds/linux/commit/7246d8ed4dcce23f7509949a77be15fa9f0e3d28)
|
||||
\`BPF_FUNC_msg_pull_data()\` | 4.17 | | [`015632bb30da`](https://github.com/torvalds/linux/commit/015632bb30daaaee64e1bcac07570860e0bf3092)
|
||||
\`BPF_FUNC_msg_push_data()\` | 4.20 | | [`6fff607e2f14`](https://github.com/torvalds/linux/commit/6fff607e2f14bd7c63c06c464a6f93b8efbabe28)".`BPF_FUNC_msg_redirect_hash()` | 4.18 | | [`81110384441a`](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4)
|
||||
`BPF_FUNC_msg_redirect_map()` | 4.17 | | [`4f738adba30a`](https://github.com/torvalds/linux/commit/4f738adba30a7cfc006f605707e7aee847ffefa0)
|
||||
`BPF_FUNC_per_cpu_ptr()` | 5.10 | | [`eaa6bcb71ef6`](https://github.com/torvalds/linux/commit/eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b) |
|
||||
`BPF_FUNC_perf_event_output()` | 4.4 | GPL | [`a43eec304259`](https://github.com/torvalds/linux/commit/a43eec304259a6c637f4014a6d4767159b6a3aa3)
|
||||
`BPF_FUNC_perf_event_read()` | 4.3 | GPL | [`35578d798400`](https://github.com/torvalds/linux/commit/35578d7984003097af2b1e34502bc943d40c1804)
|
||||
`BPF_FUNC_perf_event_read_value()` | 4.15 | GPL | [`908432ca84fc`](https://github.com/torvalds/linux/commit/908432ca84fc229e906ba164219e9ad0fe56f755)
|
||||
`BPF_FUNC_perf_prog_read_value()` | 4.15 | GPL | [`4bebdc7a85aa`](https://github.com/torvalds/linux/commit/4bebdc7a85aa400c0222b5329861e4ad9252f1e5)
|
||||
`BPF_FUNC_probe_read()` | 4.1 | GPL | [`2541517c32be`](https://github.com/torvalds/linux/commit/2541517c32be2531e0da59dfd7efc1ce844644f5)
|
||||
`BPF_FUNC_probe_read_kernel()` | 5.5 | GPL | [`6ae08ae3dea2`](https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47)
|
||||
`BPF_FUNC_probe_read_kernel_str()` | 5.5 | GPL | [`6ae08ae3dea2`](https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47)
|
||||
`BPF_FUNC_probe_read_user()` | 5.5 | GPL | [`6ae08ae3dea2`](https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47)
|
||||
`BPF_FUNC_probe_read_user_str()` | 5.5 | GPL | [`6ae08ae3dea2`](https://github.com/torvalds/linux/commit/6ae08ae3dea2cfa03dd3665a3c8475c2d429ef47)
|
||||
`BPF_FUNC_probe_read_str()` | 4.11 | GPL | [`a5e8c07059d0`](https://github.com/torvalds/linux/commit/a5e8c07059d0f0b31737408711d44794928ac218)
|
||||
`BPF_FUNC_probe_write_user()` | 4.8 | GPL | [`96ae52279594`](https://github.com/torvalds/linux/commit/96ae52279594470622ff0585621a13e96b700600)"`BPF_FUNC_rc_keydown()` | 4.18 | GPL | [`f4364dcfc86d`](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936)
|
||||
`BPF_FUNC_rc_pointer_rel()` | 5.0 | GPL | [`01d3240a04f4`](https://github.com/torvalds/linux/commit/01d3240a04f4c09392e13c77b54d4423ebce2d72)
|
||||
`BPF_FUNC_rc_repeat()` | 4.18 | GPL | [`f4364dcfc86d`](https://github.com/torvalds/linux/commit/f4364dcfc86df7c1ca47b256eaf6b6d0cdd0d936)
|
||||
`BPF_FUNC_read_branch_records()` | 5.6 | GPL | [`fff7b64355ea`](https://github.com/torvalds/linux/commit/fff7b64355eac6e29b50229ad1512315bc04b44e)
|
||||
`BPF_FUNC_redirect()` | 4.4 | | [`27b29f63058d`](https://github.com/torvalds/linux/commit/27b29f63058d26c6c1742f1993338280d5a41dc6)
|
||||
`BPF_FUNC_redirect_map()` | 4.14 | | [`97f91a7cf04f`](https://github.com/torvalds/linux/commit/97f91a7cf04ff605845c20948b8a80e54cbd3376)
|
||||
`BPF_FUNC_redirect_neigh()` | 5.10 | | [`b4ab31414970`](https://github.com/torvalds/linux/commit/b4ab31414970a7a03a5d55d75083f2c101a30592)
|
||||
`BPF_FUNC_redirect_peer()` | 5.10 | | [`9aa1206e8f48`](https://github.com/torvalds/linux/commit/9aa1206e8f48222f35a0c809f33b2f4aaa1e2661)
|
||||
`BPF_FUNC_reserve_hdr_opt()` | 5.10 | | [`0813a841566f`](https://github.com/torvalds/linux/commit/0813a841566f0962a5551be7749b43c45f0022a0)
|
||||
`BPF_FUNC_ringbuf_discard()` | 5.8 | | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab)
|
||||
`BPF_FUNC_ringbuf_discard_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_ringbuf_output()` | 5.8 | | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab)
|
||||
`BPF_FUNC_ringbuf_query()` | 5.8 | | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab)
|
||||
`BPF_FUNC_ringbuf_reserve()` | 5.8 | | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab)
|
||||
`BPF_FUNC_ringbuf_reserve_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_ringbuf_submit()` | 5.8 | | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab)
|
||||
`BPF_FUNC_ringbuf_submit_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_send_signal()` | 5.3 | | [`8b401f9ed244`](https://github.com/torvalds/linux/commit/8b401f9ed2441ad9e219953927a842d24ed051fc)
|
||||
`BPF_FUNC_send_signal_thread()` | 5.5 | | [`8482941f0906`](https://github.com/torvalds/linux/commit/8482941f09067da42f9c3362e15bfb3f3c19d610)
|
||||
`BPF_FUNC_seq_printf()` | 5.7 | GPL | [`492e639f0c22`](https://github.com/torvalds/linux/commit/492e639f0c222784e2e0f121966375f641c61b15)
|
||||
`BPF_FUNC_seq_printf_btf()` | 5.10 | | [`eb411377aed9`](https://github.com/torvalds/linux/commit/eb411377aed9e27835e77ee0710ee8f4649958f3)
|
||||
`BPF_FUNC_seq_write()` | 5.7 | GPL | [`492e639f0c22`](https://github.com/torvalds/linux/commit/492e639f0c222784e2e0f121966375f641c61b15)
|
||||
`BPF_FUNC_set_hash()` | 4.13 | | [`ded092cd73c2`](https://github.com/torvalds/linux/commit/ded092cd73c2c56a394b936f86897f29b2e131c0)
|
||||
`BPF_FUNC_set_hash_invalid()` | 4.9 | | [`7a4b28c6cc9f`](https://github.com/torvalds/linux/commit/7a4b28c6cc9ffac50f791b99cc7e46106436e5d8)
|
||||
`BPF_FUNC_set_retval()` | 5.18 | | [`b44123b4a3dc`](https://github.com/torvalds/linux/commit/b44123b4a3dcad4664d3a0f72c011ffd4c9c4d93)
|
||||
`BPF_FUNC_setsockopt()` | 4.13 | | [`8c4b4c7e9ff0`](https://github.com/torvalds/linux/commit/8c4b4c7e9ff0447995750d9329949fa082520269)
|
||||
`BPF_FUNC_sk_ancestor_cgroup_id()` | 5.7 | | [`f307fa2cb4c9`](https://github.com/torvalds/linux/commit/f307fa2cb4c935f7f1ff0aeb880c7b44fb9a642b)
|
||||
`BPF_FUNC_sk_assign()` | 5.6 | | [`cf7fbe660f2d`](https://github.com/torvalds/linux/commit/cf7fbe660f2dbd738ab58aea8e9b0ca6ad232449)`BPF_FUNC_ringbuf_reserve_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_ringbuf_submit()` | 5.8 | | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab)
|
||||
`BPF_FUNC_ringbuf_submit_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_send_signal()` | 5.3 | | [`8b401f9ed244`](https://github.com/torvalds/linux/commit/8b401f9ed2441ad9e219953927a842d24ed051fc)
|
||||
`BPF_FUNC_send_signal_thread()` | 5.5 | | [`8482941f0906`](https://github.com/torvalds/linux/commit/8482941f09067da42f9c3362e15bfb3f3c19d610)
|
||||
`BPF_FUNC_seq_printf()` | 5.7 | GPL | [`492e639f0c22`](https://github.com/torvalds/linux/commit/492e639f0c222784e2e0f121966375f641c61b15)
|
||||
`BPF_FUNC_seq_printf_btf()` | 5.10 | | [`eb411377aed9`](https://github.com/torvalds/linux/commit/eb411377aed9e27835e77ee0710ee8f4649958f3)
|
||||
`BPF_FUNC_seq_write()` | 5.7 | GPL | [`492e639f0c22`](https://github.com/torvalds/linux/commit/492e639f0c222784e2e0f121966375f641c61b15)
|
||||
`BPF_FUNC_set_hash()` | 4.13 | | [`ded092cd73c2`](https://github.com/torvalds/linux/commit/ded092cd73c2c56a394b936f86897f29b2e131c0)
|
||||
`BPF_FUNC_set_hash_invalid()` | 4.9 | | [`7a4b28c6cc9f`](https://github.com/torvalds/linux/commit/7a4b28c6cc9ffac50f791b99cc7e46106436e5d8)
|
||||
`BPF_FUNC_set_retval()` | 5.18 | | [`b44123b4a3dc`](https://github.com/torvalds/linux/commit/b44123b4a3dcad4664d3a0f72c011ffd4c9c4d93)
|
||||
`BPF_FUNC_setsockopt()` | 4.13 | | [`8c4b4c7e9ff0`](https://github.com/torvalds/linux/commit/8c4b4c7e9ff0447995750d9329949fa082520269)
|
||||
`BPF_FUNC_sk_ancestor_cgroup_id()` | 5.7 | | [`f307fa2cb4c9`](https://github.com/torvalds/linux/commit/f307fa2cb4c935f7f1ff0aeb880c7b44fb9a642b)
|
||||
`BPF_FUNC_sk_assign()` | 5.6 | | [`cf7fbe660f2d`](https://github.com/torvalds/linux/commit/cf7fbe660f2dbd738ab58aea8e9b0ca6ad232449)
|
||||
`BPF_FUNC_ringbuf_reserve_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_ringbuf_submit()` | 5.8 | | [`457f44363a88`](https://github.com/torvalds/linux/commit/457f44363a8894135c85b7a9afd2bd8196db24ab)
|
||||
`BPF_FUNC_ringbuf_submit_dynptr()` | 5.19 | | [`bc34dee65a65`](https://github.com/torvalds/linux/commit/bc34dee65a65e9c920c420005b8a43f2a721a458)
|
||||
`BPF_FUNC_send_signal()` | 5.3 | | [`8b401f9ed244`](https://github.com/torvalds/linux/commit/8b401f9ed2441ad9e219953927a842d24ed051fc)
|
||||
`BPF_FUNC_send_signal_thread()` | 5.5 | | [`8482941f0906`](https://github.com/torvalds/linux/commit/8482941f09067da42f9c3362e15bfb3f3c19d610)
|
||||
`BPF_FUNC_seq_printf()` | 5.7 | GPL | [`492e639f0c22`](https://github.com/torvalds/linux/commit/492e639f0c222784e2e0f121966375f641c61b15)
|
||||
`BPF_FUNC_seq_printf_btf()` | 5.10 | | [`eb411377aed9`](https://github.com/torvalds/linux/commit/eb411377aed9e27835e77ee0710ee8f4649958f3)
|
||||
`BPF_FUNC_seq_write()` | 5.7 | GPL | [`492e639f0c22`](https://github.com/torvalds/linux/commit/492e639f0c222784e2e0f121966375f641c61b15)
|
||||
`BPF_FUNC_set_hash()` | 4.13 | | [`ded092cd73c2`](https://github.com/torvalds/linux/commit/ded092cd73c2c56a394b936f86897f29b2e131c0)
|
||||
`BPF_FUNC_set_hash_invalid()` | 4.9 | | [`7a4b28c6cc9f`](https://github.com/torvalds/linux/commit/7a4b28c6cc9ffac50f791b99cc7e46106436e5d8)
|
||||
`BPF_FUNC_set_retval()` | 5.18 | | [`b44123b4a3dc`](https://github.com/torvalds/linux/commit/b44123b4a3dcad4664d3a0f72c011ffd4c9c4d93)
|
||||
`BPF_FUNC_setsockopt()` | 4.13 | | [`8c4b4c7e9ff0`](https://github.com/torvalds/linux/commit/8c4b4c7e9ff0447995750d9329949fa082520269)
|
||||
`BPF_FUNC_sk_ancestor_cgroup_id()` | 5.7 | | [`f307fa2cb4c9`](https://github.com/torvalds/linux/commit/f307fa2cb4c935f7f1ff0aeb880c7b44fb9a642b)
|
||||
`BPF_FUNC_sk_assign()` | 5.6 | | [`cf7fbe660f2d`](https://github.com/torvalds/linux/commit/cf7fbe660f2dbd738ab58aea8e9b0ca6ad232449)"."`BPF_FUNC_sk_cgroup_id()` | 5.7 | | [`f307fa2cb4c9`](https://github.com/torvalds/linux/commit/f307fa2cb4c935f7f1ff0aeb880c7b44fb9a642b)
|
||||
`BPF_FUNC_sk_fullsock()` | 5.1 | | [`46f8bc92758c`](https://github.com/torvalds/linux/commit/46f8bc92758c6259bcf945e9216098661c1587cd)
|
||||
`BPF_FUNC_sk_lookup_tcp()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_lookup_udp()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_redirect_hash()` | 4.18 | | [`81110384441a`](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4)
|
||||
`BPF_FUNC_sk_redirect_map()` | 4.14 | | [`174a79ff9515`](https://github.com/torvalds/linux/commit/174a79ff9515f400b9a6115643dafd62a635b7e6)
|
||||
`BPF_FUNC_sk_release()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_select_reuseport()` | 4.19 | | [`2dbb9b9e6df6`](https://github.com/torvalds/linux/commit/2dbb9b9e6df67d444fbe425c7f6014858d337adf)
|
||||
`BPF_FUNC_sk_storage_delete()` | 5.2 | | [`6ac99e8f23d4`](https://github.com/torvalds/linux/commit/6ac99e8f23d4b10258406ca0dd7bffca5f31da9d)
|
||||
`BPF_FUNC_sk_storage_get()` | 5.2 | | [`6ac99e8f23d4`](https://github.com/torvalds/linux/commit/6ac99e8f23d4b10258406ca0dd7bffca5f31da9d)
|
||||
`BPF_FUNC_skb_adjust_room()` | 4.13 | | [`2be7e212d541`](https://github.com/torvalds/linux/commit/2be7e212d5419a400d051c84ca9fdd083e5aacac)
|
||||
`BPF_FUNC_skb_ancestor_cgroup_id()` | 4.19 | | [`7723628101aa`](https://github.com/torvalds/linux/commit/7723628101aaeb1d723786747529b4ea65c5b5c5)
|
||||
`BPF_FUNC_skb_change_head()` | 4.10 | | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2)
|
||||
`BPF_FUNC_skb_change_proto()` | 4.8 | | [`6578171a7ff0`](https://github.com/torvalds/linux/commit/6578171a7ff0c31dc73258f93da7407510abf085)
|
||||
`BPF_FUNC_sk_cgroup_id()` | 5.7 | | [`f307fa2cb4c9`](https://github.com/torvalds/linux/commit/f307fa2cb4c935f7f1ff0aeb880c7b44fb9a642b)
|
||||
`BPF_FUNC_sk_fullsock()` | 5.1 | | [`46f8bc92758c`](https://github.com/torvalds/linux/commit/46f8bc92758c6259bcf945e9216098661c1587cd)
|
||||
`BPF_FUNC_sk_lookup_tcp()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_lookup_udp()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_redirect_hash()` | 4.18 | | [`81110384441a`](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4)
|
||||
`BPF_FUNC_sk_redirect_map()` | 4.14 | | [`174a79ff9515`](https://github.com/torvalds/linux/commit/174a79ff9515f400b9a6115643dafd62a635b7e6)
|
||||
`BPF_FUNC_sk_release()` | 4.20 | | [`6acc9b432e67`](https://github.com/torvalds/linux/commit/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71)
|
||||
`BPF_FUNC_sk_select_reuseport()` | 4.19 | | [`2dbb9b9e6df6`](https://github.com/torvalds/linux/commit/2dbb9b9e6df67d444fbe425c7f6014858d337adf)
|
||||
`BPF_FUNC_sk_storage_delete()` | 5.2 | | [`6ac99e8f23d4`](https://github.com/torvalds/linux/commit/6ac99e8f23d4b10258406ca0dd7bffca5f31da9d)
|
||||
`BPF_FUNC_sk_storage_get()` | 5.2 | | [`6ac99e8f23d4`](https://github.com/torvalds/linux/commit/6ac99e8f23d4b10258406ca0dd7bffca5f31da9d)
|
||||
`BPF_FUNC_skb_adjust_room()` | 4.13 | | [`2be7e212d541`](https://github.com/torvalds/linux/commit/2be7e212d5419a400d051c84ca9fdd083e5aacac)
|
||||
`BPF_FUNC_skb_ancestor_cgroup_id()` | 4.19 | | [`7723628101aa`](https://github.com/torvalds/linux/commit/7723628101aaeb1d723786747529b4ea65c5b5c5)
|
||||
`BPF_FUNC_skb_change_head()` | 4.10 | | [`3a0af8fd61f9`](https://github.com/torvalds/linux/commit/3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2)
|
||||
`BPF_FUNC_skb_change_proto()` | 4.8 | | [`6578171a7ff0`](https://github.com/torvalds/linux/commit/6578171a7ff0c31dc73258f93da7407510abf085)`。"`BPF_FUNC_skb_change_tail()`| 4.9 | | [`5293efe62df8`](https://github.com/torvalds/linux/commit/5293efe62df81908f2e90c9820c7edcc8e61f5e9)
|
||||
`BPF_FUNC_skb_change_type()`| 4.8 | | [`d2485c4242a8`](https://github.com/torvalds/linux/commit/d2485c4242a826fdf493fd3a27b8b792965b9b9e)
|
||||
`BPF_FUNC_skb_cgroup_classid()`| 5.10 | | [`b426ce83baa7`](https://github.com/torvalds/linux/commit/b426ce83baa7dff947fb354118d3133f2953aac8)
|
||||
`BPF_FUNC_skb_cgroup_id()`| 4.18 | | [`cb20b08ead40`](https://github.com/torvalds/linux/commit/cb20b08ead401fd17627a36f035c0bf5bfee5567)
|
||||
`BPF_FUNC_skb_ecn_set_ce()`| 5.1 | | [`f7c917ba11a6`](https://github.com/torvalds/linux/commit/f7c917ba11a67632a8452ea99fe132f626a7a2cc)
|
||||
`BPF_FUNC_skb_get_tunnel_key()`| 4.3 | | [`d3aa45ce6b94`](https://github.com/torvalds/linux/commit/d3aa45ce6b94c65b83971257317867db13e5f492)
|
||||
`BPF_FUNC_skb_get_tunnel_opt()`| 4.6 | | [`14ca0751c96f`](https://github.com/torvalds/linux/commit/14ca0751c96f8d3d0f52e8ed3b3236f8b34d3460)
|
||||
`BPF_FUNC_skb_get_xfrm_state()`| 4.18 | | [`12bed760a78d`](https://github.com/torvalds/linux/commit/12bed760a78da6e12ac8252fec64d019a9eac523)
|
||||
`BPF_FUNC_skb_load_bytes()`| 4.5 | | [`05c74e5e53f6`](https://github.com/torvalds/linux/commit/05c74e5e53f6cb07502c3e6a820f33e2777b6605)
|
||||
`BPF_FUNC_skb_load_bytes_relative()`| 4.18 | | [`4e1ec56cdc59`](https://github.com/torvalds/linux/commit/4e1ec56cdc59746943b2acfab3c171b930187bbe)
|
||||
`BPF_FUNC_skb_output()`| 5.5 | | [`a7658e1a4164`](https://github.com/torvalds/linux/commit/a7658e1a4164ce2b9eb4a11aadbba38586e93bd6)
|
||||
`BPF_FUNC_skb_pull_data()`| 4.9 | | [`36bbef52c7eb`](https://github.com/torvalds/linux/commit/36bbef52c7eb646ed6247055a2acd3851e317857)
|
||||
`BPF_FUNC_skb_set_tstamp()`| 5.18 | | [`9bb984f28d5b`](https://github.com/torvalds/linux/commit/9bb984f28d5bcb917d35d930fcfb89f90f9449fd)
|
||||
`BPF_FUNC_skb_set_tunnel_key()`| 4.3 | | [`d3aa45ce6b94`](https://github.com/torvalds/linux/commit/d3aa45ce6b94c65b83971257317867db13e5f492)
|
||||
`BPF_FUNC_skb_set_tunnel_opt()`| 4.6 | | [`14ca0751c96f`](https://github.com/torvalds/linux/commit/14ca0751c96f8d3d0f52e8ed3b3236f8b34d3460)
|
||||
`BPF_FUNC_skb_store_bytes()`| 4.1 | | [`91bc4822c3d6`](https://github.com/torvalds/linux/commit/91bc4822c3d61b9bb7ef66d3b77948a4f9177954)
|
||||
`BPF_FUNC_skb_under_cgroup()`| 4.8 | | [`4a482f34afcc`](https://github.com/torvalds/linux/commit/4a482f34afcc162d8456f449b137ec2a95be60d8)
|
||||
`BPF_FUNC_skb_vlan_pop()`| 4.3 | | [`4e10df9a60d9`](https://github.com/torvalds/linux/commit/4e10df9a60d96ced321dd2af71da558c6b750078)
|
||||
`BPF_FUNC_skb_vlan_push()`| 4.3 | | [`4e10df9a60d9`](https://github.com/torvalds/linux/commit/4e10df9a60d96ced321dd2af71da558c6b750078)
|
||||
`BPF_FUNC_skc_lookup_tcp()`| 5.2 | | [`edbf8c01de5a`](https://github.com/torvalds/linux/commit/edbf8c01de5a104a71ed6df2bf6421ceb2836a8e)
|
||||
`BPF_FUNC_skc_to_mctcp_sock()`| 5.19 | | [`3bc253c2e652`](https://github.com/torvalds/linux/commit/3bc253c2e652cf5f12cd8c00d80d8ec55d67d1a7)
|
||||
`BPF_FUNC_skc_to_tcp_sock()`| 5.9 | | [`478cfbdf5f13`](https://github.com/torvalds/linux/commit/478cfbdf5f13dfe09cfd0b1cbac821f5e27f6108)
|
||||
`BPF_FUNC_skc_to_tcp_request_sock()`| 5.9 | | [`478cfbdf5f13`](https://github.com/torvalds/linux/commit/478cfbdf5f13dfe09cfd0b1cbac821f5e27f6108)
|
||||
`BPF_FUNC_skc_to_tcp_timewait_sock()`| 5.9 | | [`478cfbdf5f13`](https://github.com/torvalds/linux/commit/478cfbdf5f13dfe09cfd0b1cbac821f5e27f6108)
|
||||
`BPF_FUNC_skc_to_tcp6_sock()`| 5.9 | | [`af7ec1383361`](https://github.com/torvalds/linux/commit/af7ec13833619e17f03aa73a785a2f871da6d66b)
|
||||
`BPF_FUNC_skc_to_udp6_sock()`| 5.9 | | [`0d4fad3e57df`](https://github.com/torvalds/linux/commit/0d4fad3e57df2bf61e8ffc8d12a34b1caf9b8835)
|
||||
`BPF_FUNC_skc_to_unix_sock()`| 5.16 | | [`9eeb3aa33ae0`](https://github.com/torvalds/linux/commit/9eeb3aa33ae005526f672b394c1791578463513f)
|
||||
`BPF_FUNC_snprintf()`| 5.13 | | [`7b15523a989b`](https://github.com/torvalds/linux/commit/7b15523a989b63927c2bb08e9b5b0bbc10b58bef)"."`BPF_FUNC_snprintf_btf()`| 5.10 | | [`c4d0bfb45068`](https://github.com/torvalds/linux/commit/c4d0bfb45068d853a478b9067a95969b1886a30f)
|
||||
`BPF_FUNC_sock_from_file()`| 5.11 | | [`4f19cab76136`](https://github.com/torvalds/linux/commit/4f19cab76136e800a3f04d8c9aa4d8e770e3d3d8)
|
||||
`BPF_FUNC_sock_hash_update()`| 4.18 | | [`81110384441a`](https://github.com/torvalds/linux/commit/81110384441a59cff47430f20f049e69b98c17f4)
|
||||
`BPF_FUNC_sock_map_update()`| 4.14 | | [`174a79ff9515`](https://github.com/torvalds/linux/commit/174a79ff9515f400b9a6115643dafd62a635b7e6)
|
||||
`BPF_FUNC_spin_lock()`| 5.1 | | [`d83525ca62cf`](https://github.com/torvalds/linux/commit/d83525ca62cf8ebe3271d14c36fb900c294274a2)
|
||||
`BPF_FUNC_spin_unlock()`| 5.1 | | [`d83525ca62cf`](https://github.com/torvalds/linux/commit/d83525ca62cf8ebe3271d14c36fb900c294274a2)
|
||||
`BPF_FUNC_store_hdr_opt()`| 5.10 | | [`0813a841566f`](https://github.com/torvalds/linux/commit/0813a841566f0962a5551be7749b43c45f0022a0)
|
||||
`BPF_FUNC_strncmp()`| 5.17 | | [`c5fb19937455`](https://github.com/torvalds/linux/commit/c5fb19937455095573a19ddcbff32e993ed10e35)
|
||||
`BPF_FUNC_strtol()`| 5.2 | | [`d7a4cb9b6705`](https://github.com/torvalds/linux/commit/d7a4cb9b6705a89937d12c8158a35a3145dc967a)
|
||||
`BPF_FUNC_strtoul()`| 5.2 | | [`d7a4cb9b6705`](https://github.com/torvalds/linux/commit/d7a4cb9b6705a89937d12c8158a35a3145dc967a)
|
||||
`BPF_FUNC_sys_bpf()`| 5.14 | | [`79a7f8bdb159`](https://github.com/torvalds/linux/commit/79a7f8bdb159d9914b58740f3d31d602a6e4aca8)
|
||||
`BPF_FUNC_sys_close()`| 5.14 | | [`3abea089246f`](https://github.com/torvalds/linux/commit/3abea089246f76c1517b054ddb5946f3f1dbd2c0)
|
||||
`BPF_FUNC_sysctl_get_current_value()`| 5.2 | | [`1d11b3016cec`](https://github.com/torvalds/linux/commit/1d11b3016cec4ed9770b98e82a61708c8f4926e7)
|
||||
`BPF_FUNC_sysctl_get_name()`| 5.2 | | [`808649fb787d`](https://github.com/torvalds/linux/commit/808649fb787d918a48a360a668ee4ee9023f0c11)".
|
||||
格式:只返回翻译后的内容,不包括原文。`BPF_FUNC_sysctl_get_new_value()`| 5.2| | [`4e63acdff864`](https://github.com/torvalds/linux/commit/4e63acdff864654cee0ac5aaeda3913798ee78f6)
|
||||
`BPF_FUNC_sysctl_set_new_value()`|5.2| | [`4e63acdff864`](https://github.com/torvalds/linux/commit/4e63acdff864654cee0ac5aaeda3913798ee78f6)
|
||||
`BPF_FUNC_tail_call()`|4.2| | [`04fd61ab36ec`](https://github.com/torvalds/linux/commit/04fd61ab36ec065e194ab5e74ae34a5240d992bb)
|
||||
`BPF_FUNC_task_pt_regs()`|5.15| GPL | [`dd6e10fbd9f`](https://github.com/torvalds/linux/commit/dd6e10fbd9fb86a571d925602c8a24bb4d09a2a7)
|
||||
`BPF_FUNC_task_storage_delete()`|5.11| | [`4cf1bc1f1045`](https://github.com/torvalds/linux/commit/4cf1bc1f10452065a29d576fc5693fc4fab5b919)
|
||||
`BPF_FUNC_task_storage_get()`|5.11| | [`4cf1bc1f1045`](https://github.com/torvalds/linux/commit/4cf1bc1f10452065a29d576fc5693fc4fab5b919)
|
||||
`BPF_FUNC_tcp_check_syncookie()`|5.2| | [`399040847084`](https://github.com/torvalds/linux/commit/399040847084a69f345e0a52fd62f04654e0fce3)
|
||||
`BPF_FUNC_tcp_gen_syncookie()`|5.3| | [`70d66244317e`](https://github.com/torvalds/linux/commit/70d66244317e958092e9c971b08dd5b7fd29d9cb#diff-05da4bf36c7fbcd176254e1615d98b28)
|
||||
`BPF_FUNC_tcp_raw_check_syncookie_ipv4()`|6.0| | [`33bf9885040c`](https://github.com/torvalds/linux/commit/33bf9885040c399cf6a95bd33216644126728e14)
|
||||
`BPF_FUNC_tcp_raw_check_syncookie_ipv6()`|6.0| | [`33bf9885040c`](https://github.com/torvalds/linux/commit/33bf9885040c399cf6a95bd33216644126728e14)
|
||||
`BPF_FUNC_tcp_raw_gen_syncookie_ipv4()`|6.0| | [`33bf9885040c`](https://github.com/torvalds/linux/commit/33bf9885040c399cf6a95bd33216644126728e14)
|
||||
`BPF_FUNC_tcp_raw_gen_syncookie_ipv6()`|6.0| | [`33bf9885040c`](https://github.com/torvalds/linux/commit/33bf9885040c399cf6a95bd33216644126728e14)
|
||||
`BPF_FUNC_tcp_send_ack()`|5.5 | | [`206057fe020a`](https://github.com/torvalds/linux/commit/206057fe020ac5c037d5e2dd6562a9bd216ec765)`BPF_FUNC_tcp_sock()`| 5.1 | | [`655a51e536c0`](https://github.com/torvalds/linux/commit/655a51e536c09d15ffa3603b1b6fce2b45b85a1f)
|
||||
`BPF_FUNC_this_cpu_ptr()` | 5.10 | | [`63d9b80dcf2c`](https://github.com/torvalds/linux/commit/63d9b80dcf2c67bc5ade61cbbaa09d7af21f43f1)
|
||||
`BPF_FUNC_timer_init()` | 5.15 | | [`b00628b1c7d5`](https://github.com/torvalds/linux/commit/b00628b1c7d595ae5b544e059c27b1f5828314b4)
|
||||
`BPF_FUNC_timer_set_callback()` | 5.15 | | [`b00628b1c7d5`](https://github.com/torvalds/linux/commit/b00628b1c7d595ae5b544e059c27b1f5828314b4)
|
||||
`BPF_FUNC_timer_start()` | 5.15 | | [`b00628b1c7d5`](https://github.com/torvalds/linux/commit/b00628b1c7d595ae5b544e059c27b1f5828314b4)
|
||||
`BPF_FUNC_timer_cancel()` | 5.15 | | [`b00628b1c7d5`](https://github.com/torvalds/linux/commit/b00628b1c7d595ae5b544e059c27b1f5828314b4)
|
||||
`BPF_FUNC_trace_printk()` | 4.1 | GPL | [`9c959c863f82`](https://github.com/torvalds/linux/commit/9c959c863f8217a2ff3d7c296e8223654d240569)
|
||||
`BPF_FUNC_trace_vprintk()` | 5.16 | GPL | [`10aceb629e19`](https://github.com/torvalds/linux/commit/10aceb629e198429c849d5e995c3bb1ba7a9aaa3)
|
||||
`BPF_FUNC_user_ringbuf_drain()` | 6.1 | | [`205715673844`](https://github.com/torvalds/linux/commit/20571567384428dfc9fe5cf9f2e942e1df13c2dd)
|
||||
`BPF_FUNC_xdp_adjust_head()` | 4.10 | | [`17bedab27231`](https://github.com/torvalds/linux/commit/17bedab2723145d17b14084430743549e6943d03)
|
||||
`BPF_FUNC_xdp_adjust_meta()` | 4.15 | | [`de8f3a83b0a0`](https://github.com/torvalds/linux/commit/de8f3a83b0a0fddb2cf56e7a718127e9619ea3da)
|
||||
`BPF_FUNC_xdp_adjust_tail()` | 4.18 | | [`b32cc5b9a346`](https://github.com/torvalds/linux/commit/b32cc5b9a346319c171e3ad905e0cddda032b5eb)
|
||||
`BPF_FUNC_xdp_get_buff_len()` | 5.18 | | [`0165cc817075`](https://github.com/torvalds/linux/commit/0165cc817075cf701e4289838f1d925ff1911b3e)
|
||||
`BPF_FUNC_xdp_load_bytes()` | 5.18 | | [`3f364222d032`](https://github.com/torvalds/linux/commit/3f364222d032eea6b245780e845ad213dab28cdd)
|
||||
`BPF_FUNC_xdp_store_bytes()` | 5.18 | | [`3f364222d032`](https://github.com/torvalds/linux/commit/3f364222d032eea6b245780e845ad213dab28cdd)
|
||||
`BPF_FUNC_xdp_output()` | 5.6 | GPL | [`d831ee84bfc9`](https://github.com/torvalds/linux/commit/d831ee84bfc9173eecf30dbbc2553ae81b996c60)
|
||||
`BPF_FUNC_override_return()` | 4.16 | GPL | [`9802d86585db`](https://github.com/torvalds/linux/commit/9802d86585db91655c7d1929a4f6bbe0952ea88e)
|
||||
`BPF_FUNC_sock_ops_cb_flags_set()` | 4.16 | | [`b13d88072172`](<https://github.com/torvalds/linux/commit/b13d880721729384757f235166068c315326f4a1>)
|
||||
|
||||
注:仅GPL兼容的BPF助手需要GPL兼容的许可证。内核所认可的当前GPL兼容许可证有:
|
||||
|
||||
* GPL
|
||||
* GPL v2
|
||||
* GPL和其他权利
|
||||
* 双BSD/GPL
|
||||
* 双MIT/GPL
|
||||
* 双MPL/GPL
|
||||
|
||||
在您的[内核源代码](https://github.com/torvalds/linux/blob/master/include/linux/license.h)中查看GPL兼容许可证的列表。
|
||||
|
||||
## 程序类型
|
||||
|
||||
可以使用以下命令获取程序类型和支持的辅助函数列表:
|
||||
|
||||
```sh
|
||||
git grep -W 'func_proto(enum bpf_func_id func_id' kernel/ net/ drivers/
|
||||
```
|
||||
|
||||
|程序类型| 辅助函数|
|
||||
|---------|---------|
|
||||
|`BPF_PROG_TYPE_SOCKET_FILTER`|`BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_skb_load_bytes_relative()` <br> `BPF_FUNC_get_socket_cookie()` <br> `BPF_FUNC_get_socket_uid()` <br> `BPF_FUNC_perf_event_output()` <br> `基础函数`|
|
||||
|`BPF_PROG_TYPE_KPROBE`|`BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_stackid()` <br> `BPF_FUNC_get_stack()` <br> `BPF_FUNC_perf_event_read_value()` <br> `BPF_FUNC_override_return()` <br> `跟踪函数`|".| `BPF_PROG_TYPE_SCHED_CLS` <br> `BPF_PROG_TYPE_SCHED_ACT` | `BPF_FUNC_skb_store_bytes()` <br> `BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_skb_load_bytes_relative()` <br> `BPF_FUNC_skb_pull_data()` <br> `BPF_FUNC_csum_diff()` <br> `BPF_FUNC_csum_update()` <br> `BPF_FUNC_l3_csum_replace()` <br> `BPF_FUNC_l4_csum_replace()` <br> `BPF_FUNC_clone_redirect()` <br> `BPF_FUNC_get_cgroup_classid()` <br> `BPF_FUNC_skb_vlan_push()` <br> `BPF_FUNC_skb_vlan_pop()` <br> `BPF_FUNC_skb_change_proto()` <br> `BPF_FUNC_skb_change_type()` <br> `BPF_FUNC_skb_adjust_room()` <br> `BPF_FUNC_skb_change_tail()` <br> `BPF_FUNC_skb_get_tunnel_key()` <br> `BPF_FUNC_skb_set_tunnel_key()` <br> `BPF_FUNC_skb_get_tunnel_opt()` <br> `BPF_FUNC_skb_set_tunnel_opt()` <br> `BPF_FUNC_redirect()` <br> `BPF_FUNC_get_route_realm()` <br> `BPF_FUNC_get_hash_recalc()` <br> `BPF_FUNC_set_hash_invalid()` <br> `BPF_FUNC_set_hash()` <br> `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_skb_under_cgroup()` <br> `BPF_FUNC_get_socket_cookie()` <br> `BPF_FUNC_get_socket_uid()` <br> `BPF_FUNC_fib_lookup()` <br> `BPF_FUNC_skb_get_xfrm_state()` <br> `BPF_FUNC_skb_cgroup_id()` <br> `基础函数` |
|
||||
| `BPF_PROG_TYPE_TRACEPOINT` | `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_stackid()` <br> `BPF_FUNC_get_stack()` <br> `BPF_FUNC_d_path()` <br> `跟踪函数` |
|
||||
| `BPF_PROG_TYPE_XDP` | `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_csum_diff()` <br> `BPF_FUNC_xdp_adjust_head()` <br> `BPF_FUNC_xdp_adjust_meta()` <br> `BPF_FUNC_redirect()` <br> `BPF_FUNC_redirect_map()` <br> `BPF_FUNC_xdp_adjust_tail()` <br> `BPF_FUNC_fib_lookup()` <br> `基础函数` |
|
||||
| `BPF_PROG_TYPE_PERF_EVENT` | `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_stackid()` <br> `BPF_FUNC_get_stack()` <br> `BPF_FUNC_perf_prog_read_value()` <br> `跟踪函数` |\|`BPF_PROG_TYPE_CGROUP_SKB`|\|[`BPF_FUNC_skb_load_bytes()`]() <br> [`BPF_FUNC_skb_load_bytes_relative()`]() <br> [`BPF_FUNC_get_socket_cookie()`]() <br> [`BPF_FUNC_get_socket_uid()`]() <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_CGROUP_SOCK`|\|[`BPF_FUNC_get_current_uid_gid()`]() <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_LWT_IN`|\|[`BPF_FUNC_lwt_push_encap()`]() <br> `LWT功能` <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_LWT_OUT`| `LWT功能` <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_LWT_XMIT`| \|[`BPF_FUNC_skb_get_tunnel_key()`]() <br> [`BPF_FUNC_skb_set_tunnel_key()`]() <br> [`BPF_FUNC_skb_get_tunnel_opt()`]() <br> [`BPF_FUNC_skb_set_tunnel_opt()`]() <br> [`BPF_FUNC_redirect()`]() <br> [`BPF_FUNC_clone_redirect()`]() <br> [`BPF_FUNC_skb_change_tail()`]() <br> [`BPF_FUNC_skb_change_head()`]() <br> [`BPF_FUNC_skb_store_bytes()`]() <br> [`BPF_FUNC_csum_update()`]() <br> [`BPF_FUNC_l3_csum_replace()`]() <br> [`BPF_FUNC_l4_csum_replace()`]() <br> [`BPF_FUNC_set_hash_invalid()`]() <br> `LWT功能`|
|
||||
|`BPF_PROG_TYPE_SOCK_OPS`|\|[`BPF_FUNC_setsockopt()`]() <br> [`BPF_FUNC_getsockopt()`]() <br> [`BPF_FUNC_sock_ops_cb_flags_set()`]() <br> [`BPF_FUNC_sock_map_update()`]() <br> [`BPF_FUNC_sock_hash_update()`]() <br> [`BPF_FUNC_get_socket_cookie()`]() <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_SK_SKB`|\|[`BPF_FUNC_skb_store_bytes()`]() <br> [`BPF_FUNC_skb_load_bytes()`]() <br> [`BPF_FUNC_skb_pull_data()`]() <br> [`BPF_FUNC_skb_change_tail()`]() <br> [`BPF_FUNC_skb_change_head()`]() <br> [`BPF_FUNC_get_socket_cookie()`]() <br> [`BPF_FUNC_get_socket_uid()`]() <br> [`BPF_FUNC_sk_redirect_map()`]() <br> [`BPF_FUNC_sk_redirect_hash()`]() <br> [`BPF_FUNC_sk_lookup_tcp()`]() <br> [`BPF_FUNC_sk_lookup_udp()`]() <br> [`BPF_FUNC_sk_release()`]() <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_CGROUP_DEVICE`| \|[`BPF_FUNC_map_lookup_elem()`]() <br> [`BPF_FUNC_map_update_elem()`]() <br> [`BPF_FUNC_map_delete_elem()`]() <br> [`BPF_FUNC_get_current_uid_gid()`]() <br> [`BPF_FUNC_trace_printk()`]() ||`BPF_PROG_TYPE_SK_MSG`|`BPF_FUNC_msg_redirect_map()` <br> `BPF_FUNC_msg_redirect_hash()` <br> `BPF_FUNC_msg_apply_bytes()` <br> `BPF_FUNC_msg_cork_bytes()` <br> `BPF_FUNC_msg_pull_data()` <br> `BPF_FUNC_msg_push_data()` <br> `BPF_FUNC_msg_pop_data()` <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_RAW_TRACEPOINT`|`BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_stackid()` <br> `BPF_FUNC_get_stack()` <br> `BPF_FUNC_skb_output()` <br> `跟踪功能`|
|
||||
|`BPF_PROG_TYPE_CGROUP_SOCK_ADDR`|`BPF_FUNC_get_current_uid_gid()` <br> `BPF_FUNC_bind()` <br> `BPF_FUNC_get_socket_cookie()` <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_LWT_SEG6LOCAL`|`BPF_FUNC_lwt_seg6_store_bytes()` <br> `BPF_FUNC_lwt_seg6_action()` <br> `BPF_FUNC_lwt_seg6_adjust_srh()` <br> `LWT功能`|
|
||||
|`BPF_PROG_TYPE_LIRC_MODE2`|`BPF_FUNC_rc_repeat()` <br> `BPF_FUNC_rc_keydown()` <br> `BPF_FUNC_rc_pointer_rel()` <br> `BPF_FUNC_map_lookup_elem()` <br> `BPF_FUNC_map_update_elem()` <br> `BPF_FUNC_map_delete_elem()` <br> `BPF_FUNC_ktime_get_ns()` <br> `BPF_FUNC_tail_call()` <br> `BPF_FUNC_get_prandom_u32()` <br> `BPF_FUNC_trace_printk()`|
|
||||
|`BPF_PROG_TYPE_SK_REUSEPORT`|`BPF_FUNC_sk_select_reuseport()` <br> `BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_load_bytes_relative()` <br> `基本功能`|
|
||||
|`BPF_PROG_TYPE_FLOW_DISSECTOR`|`BPF_FUNC_skb_load_bytes()` <br> `基本功能`|
|
||||
|
||||
|功能组| 功能|
|
||||
|------------------|-------|
|
||||
|`基本功能`| `BPF_FUNC_map_lookup_elem()` <br> `BPF_FUNC_map_update_elem()` <br> `BPF_FUNC_map_delete_elem()` <br> `BPF_FUNC_map_peek_elem()` <br> `BPF_FUNC_map_pop_elem()` <br> `BPF_FUNC_map_push_elem()` <br> `BPF_FUNC_get_prandom_u32()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_get_numa_node_id()` <br> `BPF_FUNC_tail_call()` <br> `BPF_FUNC_ktime_get_boot_ns()` <br> `BPF_FUNC_ktime_get_ns()` <br> `BPF_FUNC_trace_printk()` <br> `BPF_FUNC_spin_lock()` <br> `BPF_FUNC_spin_unlock()` |"|`跟踪函数`|`BPF_FUNC_map_lookup_elem()` <br> `BPF_FUNC_map_update_elem()` <br> `BPF_FUNC_map_delete_elem()` <br> `BPF_FUNC_probe_read()` <br> `BPF_FUNC_ktime_get_boot_ns()` <br> `BPF_FUNC_ktime_get_ns()` <br> `BPF_FUNC_tail_call()` <br> `BPF_FUNC_get_current_pid_tgid()` <br> `BPF_FUNC_get_current_task()` <br> `BPF_FUNC_get_current_uid_gid()` <br> `BPF_FUNC_get_current_comm()` <br> `BPF_FUNC_trace_printk()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_get_numa_node_id()` <br> `BPF_FUNC_perf_event_read()` <br> `BPF_FUNC_probe_write_user()` <br> `BPF_FUNC_current_task_under_cgroup()` <br> `BPF_FUNC_get_prandom_u32()` <br> `BPF_FUNC_probe_read_str()` <br> `BPF_FUNC_get_current_cgroup_id()` <br> `BPF_FUNC_send_signal()` <br> `BPF_FUNC_probe_read_kernel()` <br> `BPF_FUNC_probe_read_kernel_str()` <br> `BPF_FUNC_probe_read_user()` <br> `BPF_FUNC_probe_read_user_str()` <br> `BPF_FUNC_send_signal_thread()` <br> `BPF_FUNC_get_ns_current_pid_tgid()` <br> `BPF_FUNC_xdp_output()` <br> `BPF_FUNC_get_task_stack()`|
|
||||
|`LWT函数`| `BPF_FUNC_skb_load_bytes()` <br> `BPF_FUNC_skb_pull_data()` <br> `BPF_FUNC_csum_diff()` <br> `BPF_FUNC_get_cgroup_classid()` <br> `BPF_FUNC_get_route_realm()` <br> `BPF_FUNC_get_hash_recalc()` <br> `BPF_FUNC_perf_event_output()` <br> `BPF_FUNC_get_smp_processor_id()` <br> `BPF_FUNC_skb_under_cgroup()`|
|
||||
@@ -1,47 +0,0 @@
|
||||
# Kernel Configuration for BPF Features
|
||||
|
||||
## BPF Related Kernel Configurations
|
||||
|
||||
| Functionalities | Kernel Configuration | Description |
|
||||
|:----------------|:---------------------|:------------|
|
||||
| **Basic** | CONFIG_BPF_SYSCALL | Enable the bpf() system call |
|
||||
| | CONFIG_BPF_JIT | BPF programs are normally handled by a BPF interpreter. This option allows the kernel to generate native code when a program is loaded into the kernel. This will significantly speed-up processing of BPF programs |
|
||||
| | CONFIG_HAVE_BPF_JIT | Enable BPF Just In Time compiler |
|
||||
| | CONFIG_HAVE_EBPF_JIT | Extended BPF JIT (eBPF) |
|
||||
| | CONFIG_HAVE_CBPF_JIT | Classic BPF JIT (cBPF) |
|
||||
| | CONFIG_MODULES | Enable to build loadable kernel modules |
|
||||
| | CONFIG_BPF | BPF VM interpreter |
|
||||
| | CONFIG_BPF_EVENTS | Allow the user to attach BPF programs to kprobe, uprobe, and tracepoint events |
|
||||
| | CONFIG_PERF_EVENTS | Kernel performance events and counters |
|
||||
| | CONFIG_HAVE_PERF_EVENTS | Enable perf events |
|
||||
| | CONFIG_PROFILING | Enable the extended profiling support mechanisms used by profilers |
|
||||
| **BTF** | CONFIG_DEBUG_INFO_BTF | Generate deduplicated BTF type information from DWARF debug info |
|
||||
| | CONFIG_PAHOLE_HAS_SPLIT_BTF | Generate BTF for each selected kernel module |
|
||||
| | CONFIG_DEBUG_INFO_BTF_MODULES | Generate compact split BTF type information for kernel modules |
|
||||
| **Security** | CONFIG_BPF_JIT_ALWAYS_ON | Enable BPF JIT and removes BPF interpreter to avoid speculative execution |
|
||||
| | CONFIG_BPF_UNPRIV_DEFAULT_OFF | Disable unprivileged BPF by default by setting |
|
||||
| **Cgroup** | CONFIG_CGROUP_BPF | Support for BPF programs attached to cgroups |
|
||||
| **Network** | CONFIG_BPFILTER | BPF based packet filtering framework (BPFILTER) |
|
||||
| | CONFIG_BPFILTER_UMH | This builds bpfilter kernel module with embedded user mode helper |
|
||||
| | CONFIG_NET_CLS_BPF | BPF-based classifier - to classify packets based on programmable BPF (JIT'ed) filters as an alternative to ematches |
|
||||
| | CONFIG_NET_ACT_BPF | Execute BPF code on packets. The BPF code will decide if the packet should be dropped or not |
|
||||
| | CONFIG_BPF_STREAM_PARSER | Enable this to allow a TCP stream parser to be used with BPF_MAP_TYPE_SOCKMAP |
|
||||
| | CONFIG_LWTUNNEL_BPF | Allow to run BPF programs as a nexthop action following a route lookup for incoming and outgoing packets |
|
||||
| | CONFIG_NETFILTER_XT_MATCH_BPF | BPF matching applies a linux socket filter to each packet and accepts those for which the filter returns non-zero |
|
||||
| | CONFIG_IPV6_SEG6_BPF | To support BPF seg6local hook. bpf: Add IPv6 Segment Routing helpersy. [Reference](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee7) |
|
||||
| **kprobes** | CONFIG_KPROBE_EVENTS | This allows the user to add tracing events (similar to tracepoints) on the fly via the ftrace interface |
|
||||
| | CONFIG_KPROBES | Enable kprobes-based dynamic events |
|
||||
| | CONFIG_HAVE_KPROBES | Check if krpobes enabled |
|
||||
| | CONFIG_HAVE_REGS_AND_STACK_ACCESS_API | This symbol should be selected by an architecture if it supports the API needed to access registers and stack entries from pt_regs. For example the kprobes-based event tracer needs this API. |
|
||||
| | CONFIG_KPROBES_ON_FTRACE | Have kprobes on function tracer if arch supports full passing of pt_regs to function tracing |
|
||||
| **kprobe multi** | CONFIG_FPROBE | Enable fprobe to attach the probe on multiple functions at once |
|
||||
| **kprobe override** | CONFIG_BPF_KPROBE_OVERRIDE | Enable BPF programs to override a kprobed function |
|
||||
| **uprobes** | CONFIG_UPROBE_EVENTS | Enable uprobes-based dynamic events |
|
||||
| | CONFIG_ARCH_SUPPORTS_UPROBES | Arch specific uprobes support |
|
||||
| | CONFIG_UPROBES | Uprobes is the user-space counterpart to kprobes: they enable instrumentation applications (such as 'perf probe') to establish unintrusive probes in user-space binaries and libraries, by executing handler functions when the probes are hit by user-space applications. |
|
||||
| | CONFIG_MMU | MMU-based virtualised addressing space support by paged memory management |
|
||||
| **Tracepoints** | CONFIG_TRACEPOINTS | Enable inserting tracepoints in the kernel and connect to proble functions |
|
||||
| | CONFIG_HAVE_SYSCALL_TRACEPOINTS | Enable syscall enter/exit tracing |
|
||||
| **Raw Tracepoints** | Same as Tracepoints | |
|
||||
| **LSM** | CONFIG_BPF_LSM | Enable instrumentation of the security hooks with BPF programs for implementing dynamic MAC and Audit Policies |
|
||||
| **LIRC** | CONFIG_BPF_LIRC_MODE2 | Allow attaching BPF programs to a lirc device |
|
||||
@@ -1,45 +0,0 @@
|
||||
# BPF 特性的内核配置
|
||||
|
||||
## 与 BPF 相关的内核配置
|
||||
|
||||
| 功能 | 内核配置 | 描述 |
|
||||
|:----|:----------|:-----|
|
||||
| **基础** | CONFIG_BPF_SYSCALL | 启用 bpf() 系统调用 |
|
||||
| | CONFIG_BPF_JIT | BPF 程序通常由 BPF 解释器处理。此选项允许内核在加载程序时生成本地代码。这将显著加速 BPF 程序的处理 |
|
||||
| | CONFIG_HAVE_BPF_JIT | 启用 BPF 即时编译器 |
|
||||
| | CONFIG_HAVE_EBPF_JIT | 扩展 BPF JIT (eBPF) |
|
||||
| | CONFIG_HAVE_CBPF_JIT | 经典 BPF JIT (cBPF) |
|
||||
| | CONFIG_MODULES | 启用可加载内核模块的构建 |
|
||||
| | CONFIG_BPF | BPF VM 解释器 |
|
||||
| | CONFIG_BPF_EVENTS | 允许用户将 BPF 程序附加到 kprobe、uprobe 和 tracepoint 事件上 |
|
||||
| | CONFIG_PERF_EVENTS | 内核性能事件和计数器 |
|
||||
| | CONFIG_HAVE_PERF_EVENTS | 启用性能事件 |
|
||||
| | CONFIG_PROFILING | 启用分析器使用的扩展分析支持机制 |
|
||||
| **BTF** | CONFIG_DEBUG_INFO_BTF | 从 DWARF 调试信息生成去重的 BTF 类型信息 |
|
||||
| | CONFIG_PAHOLE_HAS_SPLIT_BTF | 为每个选定的内核模块生成 BTF |
|
||||
| | CONFIG_DEBUG_INFO_BTF_MODULES | 为内核模块生成紧凑的分割 BTF 类型信息 |
|
||||
| **安全** | CONFIG_BPF_JIT_ALWAYS_ON | 启用 BPF JIT 并删除 BPF 解释器以避免猜测执行 |
|
||||
| | CONFIG_BPF_UNPRIV_DEFAULT_OFF | 通过设置默认禁用非特权 BPF |
|
||||
| **Cgroup** | CONFIG_CGROUP_BPF | 支持将 BPF 程序附加到 cgroup 上 |
|
||||
| **网络** | CONFIG_BPFILTER | 基于 BPF 的数据包过滤框架 (BPFILTER) |
|
||||
| | CONFIG_BPFILTER_UMH | 使用内嵌的用户模式助手构建 bpfilter 内核模块 |
|
||||
| | CONFIG_NET_CLS_BPF | 基于可编程 BPF (JIT'ed) 过滤器进行数据包分类的基于 BPF 的分类器的替代方法 || | CONFIG_NET_ACT_BPF | 在数据包上执行BPF代码。BPF代码将决定是否丢弃数据包 |
|
||||
| | CONFIG_BPF_STREAM_PARSER | 启用此功能,允许使用BPF_MAP_TYPE_SOCKMAP与TCP流解析器配合使用 |
|
||||
| | CONFIG_LWTUNNEL_BPF | 在路由查找入站和出站数据包后,允许作为下一跳操作运行BPF程序 |
|
||||
| | CONFIG_NETFILTER_XT_MATCH_BPF | BPF匹配将对每个数据包应用Linux套接字过滤器,并接受过滤器返回非零值的数据包 |
|
||||
| | CONFIG_IPV6_SEG6_BPF | 为支持BPF seg6local挂钩,添加IPv6 Segement Routing助手 [参考](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee7) |
|
||||
| **kprobes** | CONFIG_KPROBE_EVENTS | 允许用户通过ftrace接口动态添加跟踪事件(类似于tracepoints) |
|
||||
| | CONFIG_KPROBES | 启用基于kprobes的动态事件 |
|
||||
| | CONFIG_HAVE_KPROBES | 检查是否启用了kprobes |
|
||||
| | CONFIG_HAVE_REGS_AND_STACK_ACCESS_API | 如果架构支持从pt_regs访问寄存器和堆栈条目所需的API,则应该选择此符号。例如,基于kprobes的事件跟踪器需要此API |
|
||||
| | CONFIG_KPROBES_ON_FTRACE | 如果架构支持将pt_regs完全传递给函数跟踪,则在函数跟踪器上有kprobes |
|
||||
| **kprobe multi** | CONFIG_FPROBE | 启用fprobe以一次性在多个函数上附加探测点 |
|
||||
| **kprobe override** | CONFIG_BPF_KPROBE_OVERRIDE | 启用BPF程序覆盖kprobed函数 |
|
||||
| **uprobes** | CONFIG_UPROBE_EVENTS | 启用基于uprobes的动态事件 |
|
||||
| | CONFIG_ARCH_SUPPORTS_UPROBES | 架构特定的uprobes支持 |
|
||||
| | CONFIG_UPROBES | Uprobes是kprobes的用户空间对应项:它们允许仪器应用程序(如'perf probe')在用户空间二进制文件和库中建立非侵入性探测点,并在用户空间应用程序触发探测点时执行处理函数。 || | CONFIG_MMU | 基于MMU的虚拟化寻址空间支持,通过分页内存管理 |
|
||||
| **Tracepoints** | CONFIG_TRACEPOINTS | 启用在内核中插入Tracepoints并与问题函数连接 |
|
||||
| | CONFIG_HAVE_SYSCALL_TRACEPOINTS | 启用系统调用进入/退出跟踪 |
|
||||
| **Raw Tracepoints** | Same as Tracepoints | |
|
||||
| **LSM** | CONFIG_BPF_LSM | 使用BPF程序对安全钩子进行仪器化,实现动态MAC和审计策略 |
|
||||
| **LIRC** | CONFIG_BPF_LIRC_MODE2 | 允许将BPF程序附加到lirc设备 |
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,125 +0,0 @@
|
||||
# Special Filtering
|
||||
|
||||
Some tools have special filtering capabilities, the main use case is to trace
|
||||
processes running in containers, but those mechanisms are generic and could
|
||||
be used in other cases as well.
|
||||
|
||||
## Filtering by cgroups
|
||||
|
||||
Some tools have an option to filter by cgroup by referencing a pinned BPF hash
|
||||
map managed externally.
|
||||
|
||||
Examples of commands:
|
||||
|
||||
```sh
|
||||
# ./opensnoop --cgroupmap /sys/fs/bpf/test01
|
||||
# ./execsnoop --cgroupmap /sys/fs/bpf/test01
|
||||
# ./tcpconnect --cgroupmap /sys/fs/bpf/test01
|
||||
# ./tcpaccept --cgroupmap /sys/fs/bpf/test01
|
||||
# ./tcptracer --cgroupmap /sys/fs/bpf/test01
|
||||
```
|
||||
|
||||
The commands above will only display results from processes that belong to one
|
||||
of the cgroups whose id, returned by `bpf_get_current_cgroup_id()`, is in the
|
||||
pinned BPF hash map.
|
||||
|
||||
The BPF hash map can be created by:
|
||||
|
||||
```sh
|
||||
# bpftool map create /sys/fs/bpf/test01 type hash key 8 value 8 entries 128 \
|
||||
name cgroupset flags 0
|
||||
```
|
||||
|
||||
To get a shell in a new cgroup, you can use:
|
||||
|
||||
```sh
|
||||
# systemd-run --pty --unit test bash
|
||||
```
|
||||
|
||||
The shell will be running in the cgroup
|
||||
`/sys/fs/cgroup/unified/system.slice/test.service`.
|
||||
|
||||
The cgroup id can be discovered using the `name_to_handle_at()` system call. In
|
||||
the examples/cgroupid, you will find an example of program to get the cgroup
|
||||
id.
|
||||
|
||||
```sh
|
||||
# cd examples/cgroupid
|
||||
# make
|
||||
# ./cgroupid hex /sys/fs/cgroup/unified/system.slice/test.service
|
||||
```
|
||||
|
||||
or, using Docker:
|
||||
|
||||
```sh
|
||||
# cd examples/cgroupid
|
||||
# docker build -t cgroupid .
|
||||
# docker run --rm --privileged -v /sys/fs/cgroup:/sys/fs/cgroup \
|
||||
cgroupid cgroupid hex /sys/fs/cgroup/unified/system.slice/test.service
|
||||
```
|
||||
|
||||
This prints the cgroup id as a hexadecimal string in the host endianness such
|
||||
as `77 16 00 00 01 00 00 00`.
|
||||
|
||||
```sh
|
||||
# FILE=/sys/fs/bpf/test01
|
||||
# CGROUPID_HEX="77 16 00 00 01 00 00 00"
|
||||
# bpftool map update pinned $FILE key hex $CGROUPID_HEX value hex 00 00 00 00 00 00 00 00 any
|
||||
```
|
||||
|
||||
Now that the shell started by systemd-run has its cgroup id in the BPF hash
|
||||
map, bcc tools will display results from this shell. Cgroups can be added and
|
||||
removed from the BPF hash map without restarting the bcc tool.
|
||||
|
||||
This feature is useful for integrating bcc tools in external projects.
|
||||
|
||||
## Filtering by mount by namespace
|
||||
|
||||
The BPF hash map can be created by:
|
||||
|
||||
```sh
|
||||
# bpftool map create /sys/fs/bpf/mnt_ns_set type hash key 8 value 4 entries 128 \
|
||||
name mnt_ns_set flags 0
|
||||
```
|
||||
|
||||
Execute the `execsnoop` tool filtering only the mount namespaces
|
||||
in `/sys/fs/bpf/mnt_ns_set`:
|
||||
|
||||
```sh
|
||||
# tools/execsnoop.py --mntnsmap /sys/fs/bpf/mnt_ns_set
|
||||
```
|
||||
|
||||
Start a terminal in a new mount namespace:
|
||||
|
||||
```sh
|
||||
# unshare -m bash
|
||||
```
|
||||
|
||||
Update the hash map with the mount namespace ID of the terminal above:
|
||||
|
||||
```sh
|
||||
FILE=/sys/fs/bpf/mnt_ns_set
|
||||
if [ $(printf '\1' | od -dAn) -eq 1 ]; then
|
||||
HOST_ENDIAN_CMD=tac
|
||||
else
|
||||
HOST_ENDIAN_CMD=cat
|
||||
fi
|
||||
|
||||
NS_ID_HEX="$(printf '%016x' $(stat -Lc '%i' /proc/self/ns/mnt) | sed 's/.\{2\}/&\n/g' | $HOST_ENDIAN_CMD)"
|
||||
bpftool map update pinned $FILE key hex $NS_ID_HEX value hex 00 00 00 00 any
|
||||
```
|
||||
|
||||
Execute a command in this terminal:
|
||||
|
||||
```sh
|
||||
# ping kinvolk.io
|
||||
```
|
||||
|
||||
You'll see how on the `execsnoop` terminal you started above the call is logged:
|
||||
|
||||
```sh
|
||||
# tools/execsnoop.py --mntnsmap /sys/fs/bpf/mnt_ns_set
|
||||
[sudo] password for mvb:
|
||||
PCOMM PID PPID RET ARGS
|
||||
ping 8096 7970 0 /bin/ping kinvolk.io
|
||||
```
|
||||
@@ -1,113 +0,0 @@
|
||||
# 特殊过滤
|
||||
|
||||
某些工具具有特殊的过滤能力,主要用例是跟踪运行在容器中的进程,但这些机制是通用的,也可以在其他情况下使用。
|
||||
|
||||
## 按 cgroups过滤
|
||||
|
||||
某些工具有一个通过引用外部管理的固定的BPF哈希映射来按cgroup过滤的选项。
|
||||
|
||||
命令示例:
|
||||
|
||||
```sh
|
||||
# ./opensnoop --cgroupmap /sys/fs/bpf/test01
|
||||
# ./execsnoop --cgroupmap /sys/fs/bpf/test01
|
||||
# ./tcpconnect --cgroupmap /sys/fs/bpf/test01
|
||||
# ./tcpaccept --cgroupmap /sys/fs/bpf/test01
|
||||
# ./tcptracer --cgroupmap /sys/fs/bpf/test01
|
||||
```
|
||||
|
||||
上述命令将仅显示属于一个或多个cgroup的进程的结果,这些cgroup的ID由`bpf_get_current_cgroup_id()`返回,并存在固定的BPF哈希映射中。
|
||||
|
||||
通过以下方式创建BPF哈希映射:
|
||||
|
||||
```sh
|
||||
# bpftool map create /sys/fs/bpf/test01 type hash key 8 value 8 entries 128 \
|
||||
name cgroupset flags 0
|
||||
```
|
||||
|
||||
要在新cgroup中获取一个shell,可以使用:
|
||||
|
||||
```sh
|
||||
# systemd-run --pty --unit test bash
|
||||
```
|
||||
|
||||
该shell将在cgroup`/sys/fs/cgroup/unified/system.slice/test.service`中运行。
|
||||
|
||||
可以使用`name_to_handle_at()`系统调用来发现cgroup ID。在examples/cgroupid中,您可以找到一个获取cgroup ID的程序示例。
|
||||
|
||||
```sh
|
||||
# cd examples/cgroupid
|
||||
# make
|
||||
# ./cgroupid hex /sys/fs/cgroup/unified/system.slice/test.service
|
||||
```
|
||||
|
||||
或者,使用Docker:
|
||||
|
||||
```sh
|
||||
# cd examples/cgroupid
|
||||
# docker build -t cgroupid .
|
||||
# docker run --rm --privileged -v /sys/fs/cgroup:/sys/fs/cgroup \
|
||||
cgroupid cgroupid hex /sys/fs/cgroup/unified/system.slice/test.service
|
||||
```
|
||||
|
||||
这将以主机的字节序(hexadecimal string)打印出cgroup ID,例如`77 16 00 00 01 00 00 00`。
|
||||
|
||||
```sh
|
||||
# FILE=/sys/fs/bpf/test01
|
||||
# CGROUPID_HEX="77 16 00 00 01 00 00 00"
|
||||
# bpftool map update pinned $FILE key hex $CGROUPID_HEX value hex 00 00 00 00 00 00 00 00 any
|
||||
```
|
||||
|
||||
现在,通过systemd-run启动的shell的cgroup ID已经存在于BPF哈希映射中,bcc工具将显示来自该shell的结果。可以添加和。从BPF哈希映射中删除而不重新启动bcc工具。
|
||||
|
||||
这个功能对于将bcc工具集成到外部项目中非常有用。
|
||||
|
||||
## 按命名空间选择挂载点进行过滤
|
||||
|
||||
BPF哈希映射可以通过以下方式创建:
|
||||
|
||||
```sh
|
||||
# bpftool map create /sys/fs/bpf/mnt_ns_set type hash key 8 value 4 entries 128 \
|
||||
name mnt_ns_set flags 0
|
||||
```
|
||||
|
||||
仅执行`execsnoop`工具,过滤挂载命名空间在`/sys/fs/bpf/mnt_ns_set`中:
|
||||
|
||||
```sh
|
||||
# tools/execsnoop.py --mntnsmap /sys/fs/bpf/mnt_ns_set
|
||||
```
|
||||
|
||||
在新的挂载命名空间中启动一个终端:
|
||||
|
||||
```sh
|
||||
# unshare -m bash
|
||||
```
|
||||
|
||||
使用上述终端的挂载命名空间ID更新哈希映射:
|
||||
|
||||
```sh
|
||||
FILE=/sys/fs/bpf/mnt_ns_set
|
||||
if [ $(printf '\1' | od -dAn) -eq 1 ]; then
|
||||
HOST_ENDIAN_CMD=tac
|
||||
else
|
||||
HOST_ENDIAN_CMD=cat
|
||||
fi
|
||||
|
||||
NS_ID_HEX="$(printf '%016x' $(stat -Lc '%i' /proc/self/ns/mnt) | sed 's/.\{2\}/&\n/g' | $HOST_ENDIAN_CMD)"
|
||||
bpftool map update pinned $FILE key hex $NS_ID_HEX value hex 00 00 00 00 any
|
||||
```
|
||||
|
||||
在这个终端中执行命令:
|
||||
|
||||
```sh
|
||||
# ping kinvolk.io
|
||||
```
|
||||
|
||||
你会看到在上述你启动的`execsnoop`终端中,这个调用被记录下来:
|
||||
|
||||
```sh
|
||||
# tools/execsnoop.py --mntnsmap /sys/fs/bpf/mnt_ns_set
|
||||
[sudo] password for mvb:
|
||||
PCOMM PID PPID RET ARGS
|
||||
ping 8096 7970 0 /bin/ping kinvolk.io
|
||||
```。
|
||||
@@ -1,422 +0,0 @@
|
||||
# bcc Tutorial
|
||||
|
||||
This tutorial covers how to use [bcc](https://github.com/iovisor/bcc) tools to quickly solve performance, troubleshooting, and networking issues. If you want to develop new bcc tools, see [tutorial_bcc_python_developer.md](tutorial_bcc_python_developer.md) for that tutorial.
|
||||
|
||||
It is assumed for this tutorial that bcc is already installed, and you can run tools like execsnoop successfully. See [INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md). This uses enhancements added to the Linux 4.x series.
|
||||
|
||||
## Observability
|
||||
|
||||
Some quick wins.
|
||||
|
||||
### 0. Before bcc
|
||||
|
||||
Before using bcc, you should start with the Linux basics. One reference is the [Linux Performance Analysis in 60,000 Milliseconds](https://www.brendangregg.com/Articles/Netflix_Linux_Perf_Analysis_60s.pdf) post, which covers these commands:
|
||||
|
||||
1. uptime
|
||||
1. dmesg | tail
|
||||
1. vmstat 1
|
||||
1. mpstat -P ALL 1
|
||||
1. pidstat 1
|
||||
1. iostat -xz 1
|
||||
1. free -m
|
||||
1. sar -n DEV 1
|
||||
1. sar -n TCP,ETCP 1
|
||||
1. top
|
||||
|
||||
### 1. General Performance
|
||||
|
||||
Here is a generic checklist for performance investigations with bcc, first as a list, then in detail:
|
||||
|
||||
1. execsnoop
|
||||
1. opensnoop
|
||||
1. ext4slower (or btrfs\*, xfs\*, zfs\*)
|
||||
1. biolatency
|
||||
1. biosnoop
|
||||
1. cachestat
|
||||
1. tcpconnect
|
||||
1. tcpaccept
|
||||
1. tcpretrans
|
||||
1. runqlat
|
||||
1. profile
|
||||
|
||||
These tools may be installed on your system under /usr/share/bcc/tools, or you can run them from the bcc github repo under /tools where they have a .py extension. Browse the 50+ tools available for more analysis options.
|
||||
|
||||
#### 1.1 execsnoop
|
||||
|
||||
```sh
|
||||
# ./execsnoop
|
||||
PCOMM PID RET ARGS
|
||||
supervise 9660 0 ./run
|
||||
supervise 9661 0 ./run
|
||||
mkdir 9662 0 /bin/mkdir -p ./main
|
||||
run 9663 0 ./run
|
||||
[...]
|
||||
```
|
||||
|
||||
execsnoop prints one line of output for each new process. Check for short-lived processes. These can consume CPU resources, but not show up in most monitoring tools that periodically take snapshots of which processes are running.
|
||||
|
||||
It works by tracing exec(), not the fork(), so it will catch many types of new processes but not all (eg, it won't see an application launching working processes, that doesn't exec() anything else).
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/execsnoop_example.txt).
|
||||
|
||||
#### 1.2. opensnoop
|
||||
|
||||
```sh
|
||||
# ./opensnoop
|
||||
PID COMM FD ERR PATH
|
||||
1565 redis-server 5 0 /proc/1565/stat
|
||||
1565 redis-server 5 0 /proc/1565/stat
|
||||
1565 redis-server 5 0 /proc/1565/stat
|
||||
1603 snmpd 9 0 /proc/net/dev
|
||||
1603 snmpd 11 0 /proc/net/if_inet6
|
||||
1603 snmpd -1 2 /sys/class/net/eth0/device/vendor
|
||||
1603 snmpd 11 0 /proc/sys/net/ipv4/neigh/eth0/retrans_time_ms
|
||||
1603 snmpd 11 0 /proc/sys/net/ipv6/neigh/eth0/retrans_time_ms
|
||||
1603 snmpd 11 0 /proc/sys/net/ipv6/conf/eth0/forwarding
|
||||
[...]
|
||||
```
|
||||
|
||||
opensnoop prints one line of output for each open() syscall, including details.
|
||||
|
||||
Files that are opened can tell you a lot about how applications work: identifying their data files, config files, and log files. Sometimes applications can misbehave, and perform poorly, when they are constantly attempting to read files that do not exist. opensnoop gives you a quick look.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/opensnoop_example.txt).
|
||||
|
||||
#### 1.3. ext4slower (or btrfs\*, xfs\*, zfs\*)
|
||||
|
||||
```sh
|
||||
# ./ext4slower
|
||||
Tracing ext4 operations slower than 10 ms
|
||||
TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME
|
||||
06:35:01 cron 16464 R 1249 0 16.05 common-auth
|
||||
06:35:01 cron 16463 R 1249 0 16.04 common-auth
|
||||
06:35:01 cron 16465 R 1249 0 16.03 common-auth
|
||||
06:35:01 cron 16465 R 4096 0 10.62 login.defs
|
||||
06:35:01 cron 16464 R 4096 0 10.61 login.defs
|
||||
```
|
||||
|
||||
ext4slower traces the ext4 file system and times common operations, and then only prints those that exceed a threshold.
|
||||
|
||||
This is great for identifying or exonerating one type of performance issue: show individually slow disk i/O via the file system. Disks process I/O asynchronously, and it can be difficult to associate latency at that layer with the latency applications experience. Tracing higher up in the kernel stack, at the VFS -> file system interface, will more closely match what an application suffers. Use this tool to identify if file system latency exceeds a given threshold.
|
||||
|
||||
Similar tools exist in bcc for other file systems: btrfsslower, xfsslower, and zfsslower. There is also fileslower, which works at the VFS layer and traces everything (although at some higher overhead).
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/ext4slower_example.txt).
|
||||
|
||||
#### 1.4. biolatency
|
||||
|
||||
```sh
|
||||
# ./biolatency
|
||||
Tracing block device I/O... Hit Ctrl-C to end.
|
||||
^C
|
||||
usecs : count distribution
|
||||
0 -> 1 : 0 | |
|
||||
2 -> 3 : 0 | |
|
||||
4 -> 7 : 0 | |
|
||||
8 -> 15 : 0 | |
|
||||
16 -> 31 : 0 | |
|
||||
32 -> 63 : 0 | |
|
||||
64 -> 127 : 1 | |
|
||||
128 -> 255 : 12 |******** |
|
||||
256 -> 511 : 15 |********** |
|
||||
512 -> 1023 : 43 |******************************* |
|
||||
1024 -> 2047 : 52 |**************************************|
|
||||
2048 -> 4095 : 47 |********************************** |
|
||||
4096 -> 8191 : 52 |**************************************|
|
||||
8192 -> 16383 : 36 |************************** |
|
||||
16384 -> 32767 : 15 |********** |
|
||||
32768 -> 65535 : 2 |* |
|
||||
65536 -> 131071 : 2 |* |
|
||||
```
|
||||
|
||||
biolatency traces disk I/O latency (time from device issue to completion), and when the tool ends (Ctrl-C, or a given interval), it prints a histogram summary of the latency.
|
||||
|
||||
This is great for understanding disk I/O latency beyond the average times given by tools like iostat. I/O latency outliers will be visible at the end of the distribution, as well as multi-mode distributions.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/biolatency_example.txt).
|
||||
|
||||
#### 1.5. biosnoop
|
||||
|
||||
```sh
|
||||
# ./biosnoop
|
||||
TIME(s) COMM PID DISK T SECTOR BYTES LAT(ms)
|
||||
0.000004001 supervise 1950 xvda1 W 13092560 4096 0.74
|
||||
0.000178002 supervise 1950 xvda1 W 13092432 4096 0.61
|
||||
0.001469001 supervise 1956 xvda1 W 13092440 4096 1.24
|
||||
0.001588002 supervise 1956 xvda1 W 13115128 4096 1.09
|
||||
1.022346001 supervise 1950 xvda1 W 13115272 4096 0.98
|
||||
1.022568002 supervise 1950 xvda1 W 13188496 4096 0.93
|
||||
[...]
|
||||
```
|
||||
|
||||
biosnoop prints a line of output for each disk I/O, with details including latency (time from device issue to completion).
|
||||
|
||||
This allows you to examine disk I/O in more detail, and look for time-ordered patterns (eg, reads queueing behind writes). Note that the output will be verbose if your system performs disk I/O at a high rate.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/biosnoop_example.txt).
|
||||
|
||||
#### 1.6. cachestat
|
||||
|
||||
```sh
|
||||
# ./cachestat
|
||||
HITS MISSES DIRTIES READ_HIT% WRITE_HIT% BUFFERS_MB CACHED_MB
|
||||
1074 44 13 94.9% 2.9% 1 223
|
||||
2195 170 8 92.5% 6.8% 1 143
|
||||
182 53 56 53.6% 1.3% 1 143
|
||||
62480 40960 20480 40.6% 19.8% 1 223
|
||||
7 2 5 22.2% 22.2% 1 223
|
||||
348 0 0 100.0% 0.0% 1 223
|
||||
[...]
|
||||
```
|
||||
|
||||
cachestat prints a one line summary every second (or every custom interval) showing statistics from the file system cache.
|
||||
|
||||
Use this to identify a low cache hit ratio, and a high rate of misses: which gives one lead for performance tuning.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/cachestat_example.txt).
|
||||
|
||||
#### 1.7. tcpconnect
|
||||
|
||||
```sh
|
||||
# ./tcpconnect
|
||||
PID COMM IP SADDR DADDR DPORT
|
||||
1479 telnet 4 127.0.0.1 127.0.0.1 23
|
||||
1469 curl 4 10.201.219.236 54.245.105.25 80
|
||||
1469 curl 4 10.201.219.236 54.67.101.145 80
|
||||
1991 telnet 6 ::1 ::1 23
|
||||
2015 ssh 6 fe80::2000:bff:fe82:3ac fe80::2000:bff:fe82:3ac 22
|
||||
[...]
|
||||
```
|
||||
|
||||
tcpconnect prints one line of output for every active TCP connection (eg, via connect()), with details including source and destination addresses.
|
||||
|
||||
Look for unexpected connections that may point to inefficiencies in application configuration, or an intruder.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/tcpconnect_example.txt).
|
||||
|
||||
#### 1.8. tcpaccept
|
||||
|
||||
```sh
|
||||
# ./tcpaccept
|
||||
PID COMM IP RADDR LADDR LPORT
|
||||
907 sshd 4 192.168.56.1 192.168.56.102 22
|
||||
907 sshd 4 127.0.0.1 127.0.0.1 22
|
||||
5389 perl 6 1234:ab12:2040:5020:2299:0:5:0 1234:ab12:2040:5020:2299:0:5:0 7001
|
||||
[...]
|
||||
```
|
||||
|
||||
tcpaccept prints one line of output for every passive TCP connection (eg, via accept()), with details including source and destination addresses.
|
||||
|
||||
Look for unexpected connections that may point to inefficiencies in application configuration, or an intruder.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/tcpaccept_example.txt).
|
||||
|
||||
#### 1.9. tcpretrans
|
||||
|
||||
```sh
|
||||
# ./tcpretrans
|
||||
TIME PID IP LADDR:LPORT T> RADDR:RPORT STATE
|
||||
01:55:05 0 4 10.153.223.157:22 R> 69.53.245.40:34619 ESTABLISHED
|
||||
01:55:05 0 4 10.153.223.157:22 R> 69.53.245.40:34619 ESTABLISHED
|
||||
01:55:17 0 4 10.153.223.157:22 R> 69.53.245.40:22957 ESTABLISHED
|
||||
[...]
|
||||
```
|
||||
|
||||
tcprerans prints one line of output for every TCP retransmit packet, with details including source and destination addresses, and kernel state of the TCP connection.
|
||||
|
||||
TCP retransmissions cause latency and throughput issues. For ESTABLISHED retransmits, look for patterns with networks. For SYN_SENT, this may point to target kernel CPU saturation and kernel packet drops.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/tcpretrans_example.txt).
|
||||
|
||||
#### 1.10. runqlat
|
||||
|
||||
```sh
|
||||
# ./runqlat
|
||||
Tracing run queue latency... Hit Ctrl-C to end.
|
||||
^C
|
||||
usecs : count distribution
|
||||
0 -> 1 : 233 |*********** |
|
||||
2 -> 3 : 742 |************************************ |
|
||||
4 -> 7 : 203 |********** |
|
||||
8 -> 15 : 173 |******** |
|
||||
16 -> 31 : 24 |* |
|
||||
32 -> 63 : 0 | |
|
||||
64 -> 127 : 30 |* |
|
||||
128 -> 255 : 6 | |
|
||||
256 -> 511 : 3 | |
|
||||
512 -> 1023 : 5 | |
|
||||
1024 -> 2047 : 27 |* |
|
||||
2048 -> 4095 : 30 |* |
|
||||
4096 -> 8191 : 20 | |
|
||||
8192 -> 16383 : 29 |* |
|
||||
16384 -> 32767 : 809 |****************************************|
|
||||
32768 -> 65535 : 64 |*** |
|
||||
```
|
||||
|
||||
runqlat times how long threads were waiting on the CPU run queues, and prints this as a histogram.
|
||||
|
||||
This can help quantify time lost waiting for a turn on CPU, during periods of CPU saturation.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/runqlat_example.txt).
|
||||
|
||||
#### 1.11. profile
|
||||
|
||||
```sh
|
||||
# ./profile
|
||||
Sampling at 49 Hertz of all threads by user + kernel stack... Hit Ctrl-C to end.
|
||||
^C
|
||||
00007f31d76c3251 [unknown]
|
||||
47a2c1e752bf47f7 [unknown]
|
||||
- sign-file (8877)
|
||||
1
|
||||
|
||||
ffffffff813d0af8 __clear_user
|
||||
ffffffff813d5277 iov_iter_zero
|
||||
ffffffff814ec5f2 read_iter_zero
|
||||
ffffffff8120be9d __vfs_read
|
||||
ffffffff8120c385 vfs_read
|
||||
ffffffff8120d786 sys_read
|
||||
ffffffff817cc076 entry_SYSCALL_64_fastpath
|
||||
00007fc5652ad9b0 read
|
||||
- dd (25036)
|
||||
4
|
||||
|
||||
0000000000400542 func_a
|
||||
0000000000400598 main
|
||||
00007f12a133e830 __libc_start_main
|
||||
083e258d4c544155 [unknown]
|
||||
- func_ab (13549)
|
||||
5
|
||||
|
||||
[...]
|
||||
|
||||
ffffffff8105eb66 native_safe_halt
|
||||
ffffffff8103659e default_idle
|
||||
ffffffff81036d1f arch_cpu_idle
|
||||
ffffffff810bba5a default_idle_call
|
||||
ffffffff810bbd07 cpu_startup_entry
|
||||
ffffffff8104df55 start_secondary
|
||||
- swapper/1 (0)
|
||||
75
|
||||
```
|
||||
|
||||
profile is a CPU profiler, which takes samples of stack traces at timed intervals, and prints a summary of unique stack traces and a count of their occurrence.
|
||||
|
||||
Use this tool to understand the code paths that are consuming CPU resources.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/profile_example.txt).
|
||||
|
||||
### 2. Observability with Generic Tools
|
||||
|
||||
In addition to the above tools for performance tuning, below is a checklist for bcc generic tools, first as a list, and in detail:
|
||||
|
||||
1. trace
|
||||
1. argdist
|
||||
1. funccount
|
||||
|
||||
These generic tools may be useful to provide visibility to solve your specific problems.
|
||||
|
||||
#### 2.1. trace
|
||||
|
||||
##### Example 1
|
||||
|
||||
Suppose you want to track file ownership change. There are three syscalls, `chown`, `fchown` and `lchown` which users can use to change file ownership. The corresponding syscall entry is `SyS_[f|l]chown`. The following command can be used to print out syscall parameters and the calling process user id. You can use `id` command to find the uid of a particular user.
|
||||
|
||||
```sh
|
||||
$ trace.py \
|
||||
'p::SyS_chown "file = %s, to_uid = %d, to_gid = %d, from_uid = %d", arg1, arg2, arg3, $uid' \
|
||||
'p::SyS_fchown "fd = %d, to_uid = %d, to_gid = %d, from_uid = %d", arg1, arg2, arg3, $uid' \
|
||||
'p::SyS_lchown "file = %s, to_uid = %d, to_gid = %d, from_uid = %d", arg1, arg2, arg3, $uid'
|
||||
PID TID COMM FUNC -
|
||||
1269255 1269255 python3.6 SyS_lchown file = /tmp/dotsync-usisgezu/tmp, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
1269441 1269441 zstd SyS_chown file = /tmp/dotsync-vic7ygj0/dotsync-package.zst, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
1269255 1269255 python3.6 SyS_lchown file = /tmp/dotsync-a40zd7ev/tmp, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
1269442 1269442 zstd SyS_chown file = /tmp/dotsync-gzp413o_/dotsync-package.zst, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
1269255 1269255 python3.6 SyS_lchown file = /tmp/dotsync-whx4fivm/tmp/.bash_profile, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
```
|
||||
|
||||
##### Example 2
|
||||
|
||||
Suppose you want to count nonvoluntary context switches (`nvcsw`) in your bpf based performance monitoring tools and you do not know what is the proper method. `/proc/<pid>/status` already tells you the number (`nonvoluntary_ctxt_switches`) for a pid and you can use `trace.py` to do a quick experiment to verify your method. With kernel source code, the `nvcsw` is counted at file `linux/kernel/sched/core.c` function `__schedule` and under condition
|
||||
```c
|
||||
!(!preempt && prev->state) // i.e., preempt || !prev->state
|
||||
```
|
||||
|
||||
The `__schedule` function is marked as `notrace`, and the best place to evaluate the above condition seems in `sched/sched_switch` tracepoint called inside function `__schedule` and defined in `linux/include/trace/events/sched.h`. `trace.py` already has `args` being the pointer to the tracepoint `TP_STRUCT__entry`. The above condition in function `__schedule` can be represented as
|
||||
```c
|
||||
args->prev_state == TASK_STATE_MAX || args->prev_state == 0
|
||||
```
|
||||
|
||||
The below command can be used to count the involuntary context switches (per process or per pid) and compare to `/proc/<pid>/status` or `/proc/<pid>/task/<task_id>/status` for correctness, as in typical cases, involuntary context switches are not very common.
|
||||
```sh
|
||||
$ trace.py -p 1134138 't:sched:sched_switch (args->prev_state == TASK_STATE_MAX || args->prev_state == 0)'
|
||||
PID TID COMM FUNC
|
||||
1134138 1134140 contention_test sched_switch
|
||||
1134138 1134142 contention_test sched_switch
|
||||
...
|
||||
$ trace.py -L 1134140 't:sched:sched_switch (args->prev_state == TASK_STATE_MAX || args->prev_state == 0)'
|
||||
PID TID COMM FUNC
|
||||
1134138 1134140 contention_test sched_switch
|
||||
1134138 1134140 contention_test sched_switch
|
||||
...
|
||||
```
|
||||
|
||||
##### Example 3
|
||||
|
||||
This example is related to issue [1231](https://github.com/iovisor/bcc/issues/1231) and [1516](https://github.com/iovisor/bcc/issues/1516) where uprobe does not work at all in certain cases. First, you can do a `strace` as below
|
||||
|
||||
```sh
|
||||
$ strace trace.py 'r:bash:readline "%s", retval'
|
||||
...
|
||||
perf_event_open(0x7ffd968212f0, -1, 0, -1, 0x8 /* PERF_FLAG_??? */) = -1 EIO (Input/output error)
|
||||
...
|
||||
```
|
||||
|
||||
The `perf_event_open` syscall returns `-EIO`. Digging into kernel uprobe related codes in `/kernel/trace` and `/kernel/events` directories to search `EIO`, the function `uprobe_register` is the most suspicious. Let us find whether this function is called or not and what is the return value if it is called. In one terminal using the following command to print out the return value of uprobe_register,
|
||||
```sh
|
||||
$ trace.py 'r::uprobe_register "ret = %d", retval'
|
||||
```
|
||||
In another terminal run the same bash uretprobe tracing example, and you should get
|
||||
```sh
|
||||
$ trace.py 'r::uprobe_register "ret = %d", retval'
|
||||
PID TID COMM FUNC -
|
||||
1041401 1041401 python2.7 uprobe_register ret = -5
|
||||
```
|
||||
|
||||
The `-5` error code is EIO. This confirms that the following code in function `uprobe_register` is the most suspicious culprit.
|
||||
```c
|
||||
if (!inode->i_mapping->a_ops->readpage && !shmem_mapping(inode->i_mapping))
|
||||
return -EIO;
|
||||
```
|
||||
The `shmem_mapping` function is defined as
|
||||
```c
|
||||
bool shmem_mapping(struct address_space *mapping)
|
||||
{
|
||||
return mapping->a_ops == &shmem_aops;
|
||||
}
|
||||
```
|
||||
|
||||
To confirm the theory, find what is `inode->i_mapping->a_ops` with the following command
|
||||
```sh
|
||||
$ trace.py -I 'linux/fs.h' 'p::uprobe_register(struct inode *inode) "a_ops = %llx", inode->i_mapping->a_ops'
|
||||
PID TID COMM FUNC -
|
||||
814288 814288 python2.7 uprobe_register a_ops = ffffffff81a2adc0
|
||||
^C$ grep ffffffff81a2adc0 /proc/kallsyms
|
||||
ffffffff81a2adc0 R empty_aops
|
||||
```
|
||||
|
||||
The kernel symbol `empty_aops` does not have `readpage` defined and hence the above suspicious condition is true. Further examining the kernel source code shows that `overlayfs` does not provide its own `a_ops` while some other file systems (e.g., ext4) define their own `a_ops` (e.g., `ext4_da_aops`), and `ext4_da_aops` defines `readpage`. Hence, uprobe works fine on ext4 while not on overlayfs.
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/trace_example.txt).
|
||||
|
||||
#### 2.2. argdist
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/argdist_example.txt).
|
||||
|
||||
#### 2.3. funccount
|
||||
|
||||
More [examples](https://github.com/iovisor/bcc/tree/master/tools/funccount_example.txt).
|
||||
|
||||
## Networking
|
||||
|
||||
To do.
|
||||
@@ -1,421 +0,0 @@
|
||||
# bcc 教程
|
||||
|
||||
本教程介绍如何使用[bcc](https://github.com/iovisor/bcc)工具快速解决性能、故障排除和网络问题。如果你想开发新的bcc工具,请参考[tutorial_bcc_python_developer.md](tutorial_bcc_python_developer.md)教程。
|
||||
|
||||
本教程假设bcc已经安装好,并且你可以成功运行像execsnoop这样的工具。参见[INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md)。这些功能是在Linux 4.x系列中增加的。
|
||||
|
||||
## 可观察性
|
||||
|
||||
一些快速的收获。
|
||||
|
||||
### 0. 使用bcc之前
|
||||
|
||||
在使用bcc之前,你应该从Linux基础知识开始。可以参考[Linux Performance Analysis in 60,000 Milliseconds](https://www.brendangregg.com/Articles/Netflix_Linux_Perf_Analysis_60s.pdf)文章,其中介绍了以下命令:
|
||||
|
||||
1. uptime
|
||||
1. dmesg | tail
|
||||
1. vmstat 1
|
||||
1. mpstat -P ALL 1
|
||||
1. pidstat 1
|
||||
1. iostat -xz 1
|
||||
1. free -m
|
||||
1. sar -n DEV 1
|
||||
1. sar -n TCP,ETCP 1
|
||||
1. top
|
||||
|
||||
### 1. 性能分析
|
||||
|
||||
这是一个用于性能调查的通用检查清单,首先有一个列表,然后详细描述:
|
||||
|
||||
1. execsnoop
|
||||
1. opensnoop
|
||||
1. ext4slower(或btrfs\*,xfs\*,zfs\*)
|
||||
1. biolatency
|
||||
1. biosnoop
|
||||
1. cachestat
|
||||
1. tcpconnect
|
||||
1. tcpaccept
|
||||
1. tcpretrans
|
||||
1. runqlat
|
||||
1. profile
|
||||
|
||||
这些工具可能已经安装在你的系统的/usr/share/bcc/tools目录下,或者你可以从bcc github仓库的/tools目录中运行它们,这些工具使用.py扩展名。浏览50多个可用的工具,获得更多的分析选项。
|
||||
|
||||
#### 1.1 execsnoop
|
||||
|
||||
```sh
|
||||
# ./execsnoop
|
||||
PCOMM PID RET ARGS
|
||||
supervise 9660 0 ./run
|
||||
supervise 9661 0 ./run
|
||||
mkdir 9662 0 /bin/mkdir -p ./main
|
||||
run 9663 0 ./run
|
||||
[...]
|
||||
```
|
||||
|
||||
execsnoop对于每个新进程打印一行输出。检查短生命周期的进程。这些进程可能会消耗CPU资源,但不会在大多数周期性运行的进程监控工具中显示出来。它通过跟踪`exec()`来工作,而不是`fork()`,所以它可以捕获许多类型的新进程,但不是所有类型(例如,它不会看到启动工作进程的应用程序,该应用程序没有`exec()`其他任何内容)。
|
||||
|
||||
更多[例子](https://github.com/iovisor/bcc/tree/master/tools/execsnoop_example.txt)。
|
||||
|
||||
#### 1.2. opensnoop
|
||||
|
||||
```sh
|
||||
# ./opensnoop
|
||||
PID COMM FD ERR PATH
|
||||
1565 redis-server 5 0 /proc/1565/stat
|
||||
1565 redis-server 5 0 /proc/1565/stat
|
||||
1565 redis-server 5 0 /proc/1565/stat
|
||||
1603 snmpd 9 0 /proc/net/dev
|
||||
1603 snmpd 11 0 /proc/net/if_inet6
|
||||
1603 snmpd -1 2 /sys/class/net/eth0/device/vendor
|
||||
1603 snmpd 11 0 /proc/sys/net/ipv4/neigh/eth0/retrans_time_ms
|
||||
1603 snmpd 11 0 /proc/sys/net/ipv6/neigh/eth0/retrans_time_ms
|
||||
1603 snmpd 11 0 /proc/sys/net/ipv6/conf/eth0/forwarding
|
||||
[...]
|
||||
```
|
||||
|
||||
opensnoop每次open() syscall执行时打印一行输出,包括详细信息。
|
||||
|
||||
打开的文件可以告诉你很多关于应用程序的工作方式的信息:它们的数据文件、配置文件和日志文件。有时候应用程序可能会表现不正常,当它们不断尝试读取不存在的文件时则会表现得很差。opensnoop能够快速帮助你查看。
|
||||
|
||||
更多[例子](https://github.com/iovisor/bcc/tree/master/tools/opensnoop_example.txt)。
|
||||
|
||||
#### 1.3. ext4slower(或btrfs\*,xfs\*,zfs\*)
|
||||
|
||||
```sh
|
||||
# ./ext4slower
|
||||
追踪超过10毫秒的ext4操作
|
||||
时间 进程 进程ID T 字节数 偏移KB 延迟(ms) 文件名
|
||||
06:35:01 cron 16464 R 1249 0 16.05 common-auth
|
||||
06:35:01 cron 16463 R 1249 0 16.04 common-auth
|
||||
06:35:01 cron 16465 R 1249 0 16.03 common-auth
|
||||
06:35:01 cron 16465 R 4096 0 10.62 login.defs
|
||||
06:35:01 cron 16464 R 4096 0 10.61 login.defs
|
||||
```
|
||||
|
||||
ext4slower跟踪ext4文件系统,并计时常见操作,然后只打印超过阈值的操作。这对于识别或证明一种性能问题非常方便:通过文件系统单独显示较慢的磁盘 I/O。磁盘以异步方式处理 I/O,很难将该层的延迟与应用程序所经历的延迟关联起来。在内核堆栈中更高层的追踪,即在 VFS -> 文件系统接口中,会更接近应用程序遭受的延迟。使用此工具来判断文件系统的延迟是否超过了给定的阈值。
|
||||
|
||||
在 bcc 中存在其他文件系统的类似工具:btrfsslower、xfsslower 和 zfsslower。还有一个名为 fileslower 的工具,它在 VFS 层工作并跟踪所有内容(尽管会有更高的开销)。
|
||||
|
||||
更多[示例](https://github.com/iovisor/bcc/tree/master/tools/ext4slower_example.txt)。
|
||||
|
||||
#### 1.4. biolatency
|
||||
|
||||
```sh
|
||||
# ./biolatency
|
||||
跟踪块设备的 I/O... 按 Ctrl-C 结束。
|
||||
^C
|
||||
微秒 : 数量 分布
|
||||
0 -> 1 : 0 | |
|
||||
2 -> 3 : 0 | |
|
||||
4 -> 7 : 0 | |
|
||||
8 -> 15 : 0 | |
|
||||
16 -> 31 : 0 | |
|
||||
32 -> 63 : 0 | |
|
||||
64 -> 127 : 1 | |
|
||||
128 -> 255 : 12 |******** |
|
||||
256 -> 511 : 15 |********** |
|
||||
512 -> 1023 : 43 |******************************* |
|
||||
1024 -> 2047 : 52 |**************************************|
|
||||
2048 -> 4095 : 47 |********************************** |
|
||||
4096 -> 8191 : 52 |**************************************|
|
||||
8192 -> 16383 : 36 |************************** |
|
||||
16384 -> 32767 : 15 |********** |。32768 -> 65535 : 2 |* |
|
||||
65536 -> 131071 : 2 |* |
|
||||
```
|
||||
|
||||
biolatency跟踪磁盘I/O延迟(从设备执行到完成的时间),当工具结束(Ctrl-C,或给定的间隔)时,它会打印延迟的直方图摘要。
|
||||
|
||||
这对于了解超出iostat等工具提供的平均时间的磁盘I/O延迟非常有用。在分布的末尾将可见I/O延迟的异常值,以及多种模式的分布。
|
||||
|
||||
更多[示例](https://github.com/iovisor/bcc/tree/master/tools/biolatency_example.txt)。
|
||||
|
||||
#### 1.5. biosnoop
|
||||
|
||||
```sh
|
||||
# ./biosnoop
|
||||
TIME(s) COMM PID DISK T SECTOR BYTES LAT(ms)
|
||||
0.000004001 supervise 1950 xvda1 W 13092560 4096 0.74
|
||||
0.000178002 supervise 1950 xvda1 W 13092432 4096 0.61
|
||||
0.001469001 supervise 1956 xvda1 W 13092440 4096 1.24
|
||||
0.001588002 supervise 1956 xvda1 W 13115128 4096 1.09
|
||||
1.022346001 supervise 1950 xvda1 W 13115272 4096 0.98
|
||||
1.022568002 supervise 1950 xvda1 W 13188496 4096 0.93
|
||||
[...]
|
||||
```
|
||||
|
||||
biosnoop为每个磁盘I/O打印一行输出,其中包括延迟(从设备执行到完成的时间)等详细信息。
|
||||
|
||||
这让您可以更详细地研究磁盘I/O,并寻找按时间排序的模式(例如,读取在写入后排队)。请注意,如果您的系统以高速率执行磁盘I/O,则输出将冗长。
|
||||
|
||||
更多[示例](https://github.com/iovisor/bcc/tree/master/tools/biosnoop_example.txt)。
|
||||
|
||||
#### 1.6. cachestat
|
||||
|
||||
```sh
|
||||
# ./cachestat
|
||||
HITS MISSES DIRTIES READ_HIT% WRITE_HIT% BUFFERS_MB CACHED_MB
|
||||
1074 44 13 94.9% 2.9% 1 223
|
||||
2195 170 8 92.5% 6.8% 1 143
|
||||
182 53 56 53.6% 1.3% 1 143
|
||||
62480 40960 20480 40.6% 19.8% 1 223"。
|
||||
格式:仅返回翻译后的内容,不包括原始文本。```
|
||||
7 2 5 22.2% 22.2% 1 223
|
||||
348 0 0 100.0% 0.0% 1 223
|
||||
[...]
|
||||
```
|
||||
|
||||
cachestat 每秒(或每个自定义时间间隔)打印一行摘要,显示文件系统缓存的统计信息。
|
||||
|
||||
可以用它来识别低缓存命中率和高缺失率,这是性能调优的线索之一。
|
||||
|
||||
更多 [示例](https://github.com/iovisor/bcc/tree/master/tools/cachestat_example.txt)。
|
||||
|
||||
#### 1.7. tcpconnect
|
||||
|
||||
```sh
|
||||
# ./tcpconnect
|
||||
PID COMM IP SADDR DADDR DPORT
|
||||
1479 telnet 4 127.0.0.1 127.0.0.1 23
|
||||
1469 curl 4 10.201.219.236 54.245.105.25 80
|
||||
1469 curl 4 10.201.219.236 54.67.101.145 80
|
||||
1991 telnet 6 ::1 ::1 23
|
||||
2015 ssh 6 fe80::2000:bff:fe82:3ac fe80::2000:bff:fe82:3ac 22
|
||||
[...]
|
||||
```
|
||||
|
||||
tcpconnect 每个活动的 TCP 连接(例如通过 connect())打印一行输出,包括源地址和目标地址的详细信息。
|
||||
|
||||
寻找可能指向应用程序配置问题或入侵者的意外连接。
|
||||
|
||||
更多 [示例](https://github.com/iovisor/bcc/tree/master/tools/tcpconnect_example.txt)。
|
||||
|
||||
#### 1.8. tcpaccept
|
||||
|
||||
```sh
|
||||
# ./tcpaccept
|
||||
PID COMM IP RADDR LADDR LPORT
|
||||
907 sshd 4 192.168.56.1 192.168.56.102 22
|
||||
907 sshd 4 127.0.0.1 127.0.0.1 22
|
||||
5389 perl 6 1234:ab12:2040:5020:2299:0:5:0 1234:ab12:2040:5020:2299:0:5:0 7001
|
||||
[...]
|
||||
```
|
||||
|
||||
tcpaccept 每个被动的 TCP 连接(例如通过 accept())打印一行输出,包括源地址和目标地址的详细信息。
|
||||
|
||||
寻找可能指向应用程序配置问题或入侵者的意外连接。
|
||||
|
||||
更多 [示例](https://github.com/iovisor/bcc/tree/master/tools/tcpaccept_example.txt)。
|
||||
|
||||
#### 1.9. tcpretrans
|
||||
|
||||
```sh
|
||||
# ./tcpretrans".
|
||||
```时间 PID IP LADDR:LPORT T> RADDR:RPORT 状态
|
||||
01:55:05 0 4 10.153.223.157:22 R> 69.53.245.40:34619 已建立
|
||||
01:55:05 0 4 10.153.223.157:22 R> 69.53.245.40:34619 已建立
|
||||
01:55:17 0 4 10.153.223.157:22 R> 69.53.245.40:22957 已建立
|
||||
[...]
|
||||
```
|
||||
|
||||
tcpretrans为每个TCP重传数据包打印一行输出,其中包括源地址、目的地址以及TCP连接的内核状态。
|
||||
|
||||
TCP重传会导致延迟和吞吐量问题。对于已建立的重传,可以查找与网络有关的模式。对于SYN_SENT,可能指向目标内核CPU饱和和内核数据包丢失。
|
||||
|
||||
更多[示例](https://github.com/iovisor/bcc/tree/master/tools/tcpretrans_example.txt)。
|
||||
|
||||
#### 1.10. runqlat
|
||||
|
||||
```sh
|
||||
# ./runqlat
|
||||
跟踪运行队列延迟... 按Ctrl-C结束。
|
||||
^C
|
||||
微秒数 : 计数 分布
|
||||
0 -> 1 : 233 |*********** |
|
||||
2 -> 3 : 742 |************************************ |
|
||||
4 -> 7 : 203 |********** |
|
||||
8 -> 15 : 173 |******** |
|
||||
16 -> 31 : 24 |* |
|
||||
32 -> 63 : 0 | |
|
||||
64 -> 127 : 30 |* |
|
||||
128 -> 255 : 6 | |
|
||||
256 -> 511 : 3 | |
|
||||
512 -> 1023 : 5 | |
|
||||
1024 -> 2047 : 27 |* |
|
||||
2048 -> 4095 : 30 |* |
|
||||
4096 -> 8191 : 20 | |
|
||||
8192 -> 16383 : 29 |* |".16384 -> 32767 : 809 |****************************************|
|
||||
32768 -> 65535 : 64 |*** |
|
||||
```
|
||||
|
||||
这可以帮助量化在CPU饱和期间等待获取CPU的时间损失。
|
||||
|
||||
更多[示例](https://github.com/iovisor/bcc/tree/master/tools/runqlat_example.txt)。
|
||||
|
||||
#### 1.11. 分析
|
||||
|
||||
```sh
|
||||
# ./profile
|
||||
以每秒49次的频率对所有线程进行采样,包括用户和内核栈...按Ctrl-C结束。
|
||||
^C
|
||||
00007f31d76c3251 [未知]
|
||||
47a2c1e752bf47f7 [未知]
|
||||
- sign-file (8877)
|
||||
1
|
||||
|
||||
ffffffff813d0af8 __clear_user
|
||||
ffffffff813d5277 iov_iter_zero
|
||||
ffffffff814ec5f2 read_iter_zero
|
||||
ffffffff8120be9d __vfs_read
|
||||
ffffffff8120c385 vfs_read
|
||||
ffffffff8120d786 sys_read
|
||||
ffffffff817cc076 entry_SYSCALL_64_fastpath
|
||||
00007fc5652ad9b0 read
|
||||
- dd (25036)
|
||||
4
|
||||
|
||||
0000000000400542 func_a
|
||||
0000000000400598 main
|
||||
00007f12a133e830 __libc_start_main
|
||||
083e258d4c544155 [未知]
|
||||
- func_ab (13549)
|
||||
5
|
||||
|
||||
[...]
|
||||
|
||||
ffffffff8105eb66 native_safe_halt
|
||||
ffffffff8103659e default_idle
|
||||
ffffffff81036d1f arch_cpu_idle
|
||||
ffffffff810bba5a default_idle_call
|
||||
ffffffff810bbd07 cpu_startup_entry
|
||||
ffffffff8104df55 start_secondary
|
||||
- swapper/1 (0)
|
||||
75
|
||||
```
|
||||
|
||||
profile是一个CPU分析工具,它在定时间隔内采样堆栈跟踪,并打印唯一堆栈跟踪的摘要及其出现次数。
|
||||
|
||||
使用此工具来了解消耗CPU资源的代码路径。
|
||||
|
||||
更多[示例](https://github.com/iovisor/bcc/tree/master/tools/profile_example.txt)。
|
||||
|
||||
### 2. 使用通用工具进行可观察性
|
||||
|
||||
除了上述用于性能调整的工具外,下面是一个bcc通用工具的清单,首先是一个列表,然后详细说明:
|
||||
|
||||
1. trace
|
||||
1. argdist
|
||||
1. funccount这些通用工具可能有助于解决您特定问题的可视化。
|
||||
|
||||
#### 2.1. 跟踪
|
||||
|
||||
##### 示例 1
|
||||
|
||||
假设您想要跟踪文件所有权更改。有三个系统调用,`chown`、`fchown`和`lchown`,用户可以使用它们来更改文件所有权。相应的系统调用入口是`SyS_[f|l]chown`。可以使用以下命令打印系统调用参数和调用进程的用户ID。您可以使用`id`命令查找特定用户的UID。
|
||||
|
||||
```sh
|
||||
$ trace.py \
|
||||
'p::SyS_chown "file = %s, to_uid = %d, to_gid = %d, from_uid = %d", arg1, arg2, arg3, $uid' \
|
||||
'p::SyS_fchown "fd = %d, to_uid = %d, to_gid = %d, from_uid = %d", arg1, arg2, arg3, $uid' \
|
||||
'p::SyS_lchown "file = %s, to_uid = %d, to_gid = %d, from_uid = %d", arg1, arg2, arg3, $uid'
|
||||
PID TID COMM FUNC -
|
||||
1269255 1269255 python3.6 SyS_lchown file = /tmp/dotsync-usisgezu/tmp, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
1269441 1269441 zstd SyS_chown file = /tmp/dotsync-vic7ygj0/dotsync-package.zst, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
1269255 1269255 python3.6 SyS_lchown file = /tmp/dotsync-a40zd7ev/tmp, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
1269442 1269442 zstd SyS_chown file = /tmp/dotsync-gzp413o_/dotsync-package.zst, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
1269255 1269255 python3.6 SyS_lchown file = /tmp/dotsync-whx4fivm/tmp/.bash_profile, to_uid = 128203, to_gid = 100, from_uid = 128203
|
||||
```
|
||||
|
||||
##### 示例 2
|
||||
|
||||
假设您想要统计基于bpf的性能监控工具中的非自愿上下文切换(`nvcsw`),而您不知道正确的方法是什么。`/proc/<pid>/status`已经告诉您进程的非自愿上下文切换(`nonvoluntary_ctxt_switches`)的数量,并且您可以使用`trace.py`进行快速实验以验证您的方法。根据内核源代码,`nvcsw`在文件`linux/kernel/sched/core.c`的`__schedule`函数中计数,并满足以下条件:
|
||||
|
||||
```c
|
||||
.!(!preempt && prev->state) // 即 preempt || !prev->state
|
||||
```
|
||||
|
||||
`__schedule` 函数被标记为 `notrace` ,评估上述条件的最佳位置似乎在函数 `__schedule` 内部的 `sched/sched_switch` 跟踪点中,并且在 `linux/include/trace/events/sched.h` 中定义。`trace.py` 已经将 `args` 设置为跟踪点 `TP_STRUCT__entry` 的指针。函数 `__schedule` 中的上述条件可以表示为
|
||||
|
||||
```c
|
||||
args->prev_state == TASK_STATE_MAX || args->prev_state == 0
|
||||
```
|
||||
|
||||
可以使用以下命令来计算非自愿上下文切换(每个进程或每个进程ID),并与 `/proc/<pid>/status` 或 `/proc/<pid>/task/<task_id>/status` 进行比较,以确保正确性,因为在典型情况下,非自愿上下文切换并不常见。
|
||||
|
||||
```sh
|
||||
$ trace.py -p 1134138 't:sched:sched_switch (args->prev_state == TASK_STATE_MAX || args->prev_state == 0)'
|
||||
PID TID COMM FUNC
|
||||
1134138 1134140 contention_test sched_switch
|
||||
1134138 1134142 contention_test sched_switch
|
||||
...
|
||||
$ trace.py -L 1134140 't:sched:sched_switch (args->prev_state == TASK_STATE_MAX || args->prev_state == 0)'
|
||||
PID TID COMM FUNC
|
||||
1134138 1134140 contention_test sched_switch
|
||||
1134138 1134140 contention_test sched_switch
|
||||
...
|
||||
```
|
||||
|
||||
##### 示例 3
|
||||
|
||||
此示例与问题 [1231](https://github.com/iovisor/bcc/issues/1231) 和 [1516](https://github.com/iovisor/bcc/issues/1516) 相关,其中在某些情况下,uprobes 完全无法工作。首先,你可以执行以下 `strace`
|
||||
|
||||
```sh
|
||||
$ strace trace.py 'r:bash:readline "%s", retval'
|
||||
...
|
||||
perf_event_open(0x7ffd968212f0, -1, 0, -1, 0x8 /* PERF_FLAG_??? */) = -1 EIO (Input/output error)
|
||||
...
|
||||
```
|
||||
|
||||
`perf_event_open`系统调用返回`-EIO`。在`/kernel/trace`和`/kernel/events`目录中查找与`EIO`相关的内核uprobe代码,函数`uprobe_register`最可疑。让我们找出是否调用了这个函数,如果调用了,返回值是什么。在一个终端中使用以下命令打印出`uprobe_register`的返回值:
|
||||
|
||||
```sh
|
||||
trace.py 'r::uprobe_register "ret = %d", retval'
|
||||
```
|
||||
|
||||
在另一个终端中运行相同的bash uretprobe跟踪示例,您应该得到:
|
||||
|
||||
```sh
|
||||
$ trace.py 'r::uprobe_register "ret = %d", retval'
|
||||
PID TID COMM FUNC -
|
||||
1041401 1041401 python2.7 uprobe_register ret = -5
|
||||
```
|
||||
|
||||
错误代码`-5`是EIO。这证实了函数`uprobe_register`中的以下代码是最可疑的罪魁祸首。
|
||||
|
||||
```c
|
||||
if (!inode->i_mapping->a_ops->readpage && !shmem_mapping(inode->i_mapping))
|
||||
return -EIO;
|
||||
```
|
||||
|
||||
`shmem_mapping`函数定义如下:
|
||||
|
||||
```c
|
||||
bool shmem_mapping(struct address_space *mapping)
|
||||
{
|
||||
return mapping->a_ops == &shmem_aops;
|
||||
}
|
||||
```
|
||||
|
||||
为了确认这个理论,使用以下命令找出`inode->i_mapping->a_ops`的值:
|
||||
|
||||
```sh
|
||||
$ trace.py -I 'linux/fs.h' 'p::uprobe_register(struct inode *inode) "a_ops = %llx", inode->i_mapping->a_ops'
|
||||
PID TID COMM FUNC -
|
||||
814288 814288 python2.7 uprobe_register a_ops = ffffffff81a2adc0
|
||||
^C$ grep ffffffff81a2adc0 /proc/kallsyms
|
||||
ffffffff81a2adc0 R empty_aops
|
||||
```
|
||||
|
||||
内核符号`empty_aops`没有定义`readpage`,因此上述可疑条件为真。进一步检查内核源代码显示,`overlayfs`没有提供自己的`a_ops`,而其他一些文件系统(例如ext4)定义了自己的`a_ops`(例如`ext4_da_aops`),并且`ext4_da_aops`定义了`readpage`。因此,uprobe对于ext4正常工作,但在overlayfs上不正常工作。
|
||||
|
||||
更多[示例](https://github.com/iovisor/bcc/tree/master/tools/trace_example.txt)。
|
||||
|
||||
#### 2.2. argdist"。更多[示例](https://github.com/iovisor/bcc/tree/master/tools/argdist_example.txt)
|
||||
|
||||
#### 2.3. funccount
|
||||
|
||||
更多[示例](https://github.com/iovisor/bcc/tree/master/tools/funccount_example.txt).
|
||||
|
||||
## 网络
|
||||
|
||||
To do.
|
||||
@@ -1,724 +0,0 @@
|
||||
# bcc Python Developer Tutorial
|
||||
|
||||
This tutorial is about developing [bcc](https://github.com/iovisor/bcc) tools and programs using the Python interface. There are two parts: observability then networking. Snippets are taken from various programs in bcc: see their files for licences.
|
||||
|
||||
Also see the bcc developer's [reference_guide.md](reference_guide.md), and a tutorial for end-users of tools: [tutorial.md](tutorial.md). There is also a lua interface for bcc.
|
||||
|
||||
## Observability
|
||||
|
||||
This observability tutorial contains 17 lessons, and 46 enumerated things to learn.
|
||||
|
||||
### Lesson 1. Hello World
|
||||
|
||||
Start by running [examples/hello_world.py](https://github.com/iovisor/bcc/tree/master/examples/hello_world.py), while running some commands (eg, "ls") in another session. It should print "Hello, World!" for new processes. If not, start by fixing bcc: see [INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md).
|
||||
|
||||
```sh
|
||||
# ./examples/hello_world.py
|
||||
bash-13364 [002] d... 24573433.052937: : Hello, World!
|
||||
bash-13364 [003] d... 24573436.642808: : Hello, World!
|
||||
[...]
|
||||
```
|
||||
|
||||
Here's the code for hello_world.py:
|
||||
|
||||
```Python
|
||||
from bcc import BPF
|
||||
BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print()
|
||||
```
|
||||
|
||||
There are six things to learn from this:
|
||||
|
||||
1. ```text='...'```: This defines a BPF program inline. The program is written in C.
|
||||
|
||||
1. ```kprobe__sys_clone()```: This is a short-cut for kernel dynamic tracing via kprobes. If the C function begins with ``kprobe__``, the rest is treated as a kernel function name to instrument, in this case, ```sys_clone()```.
|
||||
|
||||
1. ```void *ctx```: ctx has arguments, but since we aren't using them here, we'll just cast it to ```void *```.
|
||||
|
||||
1. ```bpf_trace_printk()```: A simple kernel facility for printf() to the common trace_pipe (/sys/kernel/debug/tracing/trace_pipe). This is ok for some quick examples, but has limitations: 3 args max, 1 %s only, and trace_pipe is globally shared, so concurrent programs will have clashing output. A better interface is via BPF_PERF_OUTPUT(), covered later.
|
||||
|
||||
1. ```return 0;```: Necessary formality (if you want to know why, see [#139](https://github.com/iovisor/bcc/issues/139)).
|
||||
|
||||
1. ```.trace_print()```: A bcc routine that reads trace_pipe and prints the output.
|
||||
|
||||
### Lesson 2. sys_sync()
|
||||
|
||||
Write a program that traces the sys_sync() kernel function. Print "sys_sync() called" when it runs. Test by running ```sync``` in another session while tracing. The hello_world.py program has everything you need for this.
|
||||
|
||||
Improve it by printing "Tracing sys_sync()... Ctrl-C to end." when the program first starts. Hint: it's just Python.
|
||||
|
||||
### Lesson 3. hello_fields.py
|
||||
|
||||
This program is in [examples/tracing/hello_fields.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/hello_fields.py). Sample output (run commands in another session):
|
||||
|
||||
```sh
|
||||
# examples/tracing/hello_fields.py
|
||||
TIME(s) COMM PID MESSAGE
|
||||
24585001.174885999 sshd 1432 Hello, World!
|
||||
24585001.195710000 sshd 15780 Hello, World!
|
||||
24585001.991976000 systemd-udevd 484 Hello, World!
|
||||
24585002.276147000 bash 15787 Hello, World!
|
||||
```
|
||||
|
||||
Code:
|
||||
|
||||
```Python
|
||||
from bcc import BPF
|
||||
|
||||
# define BPF program
|
||||
prog = """
|
||||
int hello(void *ctx) {
|
||||
bpf_trace_printk("Hello, World!\\n");
|
||||
return 0;
|
||||
}
|
||||
"""
|
||||
|
||||
# load BPF program
|
||||
b = BPF(text=prog)
|
||||
b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello")
|
||||
|
||||
# header
|
||||
print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "MESSAGE"))
|
||||
|
||||
# format output
|
||||
while 1:
|
||||
try:
|
||||
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
|
||||
except ValueError:
|
||||
continue
|
||||
print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
|
||||
```
|
||||
|
||||
This is similar to hello_world.py, and traces new processes via sys_clone() again, but has a few more things to learn:
|
||||
|
||||
1. ```prog =```: This time we declare the C program as a variable, and later refer to it. This is useful if you want to add some string substitutions based on command line arguments.
|
||||
|
||||
1. ```hello()```: Now we're just declaring a C function, instead of the ```kprobe__``` shortcut. We'll refer to this later. All C functions declared in the BPF program are expected to be executed on a probe, hence they all need to take a ```pt_reg* ctx``` as first argument. If you need to define some helper function that will not be executed on a probe, they need to be defined as ```static inline``` in order to be inlined by the compiler. Sometimes you would also need to add ```_always_inline``` function attribute to it.
|
||||
|
||||
1. ```b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello")```: Creates a kprobe for the kernel clone system call function, which will execute our defined hello() function. You can call attach_kprobe() more than once, and attach your C function to multiple kernel functions.
|
||||
|
||||
1. ```b.trace_fields()```: Returns a fixed set of fields from trace_pipe. Similar to trace_print(), this is handy for hacking, but for real tooling we should switch to BPF_PERF_OUTPUT().
|
||||
|
||||
### Lesson 4. sync_timing.py
|
||||
|
||||
Remember the days of sysadmins typing ```sync``` three times on a slow console before ```reboot```, to give the first asynchronous sync time to complete? Then someone thought ```sync;sync;sync``` was clever, to run them all on one line, which became industry practice despite defeating the original purpose! And then sync became synchronous, so more reasons it was silly. Anyway.
|
||||
|
||||
The following example times how quickly the ```do_sync``` function is called, and prints output if it has been called more recently than one second ago. A ```sync;sync;sync``` will print output for the 2nd and 3rd sync's:
|
||||
|
||||
```sh
|
||||
# examples/tracing/sync_timing.py
|
||||
Tracing for quick sync's... Ctrl-C to end
|
||||
At time 0.00 s: multiple syncs detected, last 95 ms ago
|
||||
At time 0.10 s: multiple syncs detected, last 96 ms ago
|
||||
```
|
||||
|
||||
This program is [examples/tracing/sync_timing.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/sync_timing.py):
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF
|
||||
|
||||
# load BPF program
|
||||
b = BPF(text="""
|
||||
#include <uapi/linux/ptrace.h>
|
||||
|
||||
BPF_HASH(last);
|
||||
|
||||
int do_trace(struct pt_regs *ctx) {
|
||||
u64 ts, *tsp, delta, key = 0;
|
||||
|
||||
// attempt to read stored timestamp
|
||||
tsp = last.lookup(&key);
|
||||
if (tsp != NULL) {
|
||||
delta = bpf_ktime_get_ns() - *tsp;
|
||||
if (delta < 1000000000) {
|
||||
// output if time is less than 1 second
|
||||
bpf_trace_printk("%d\\n", delta / 1000000);
|
||||
}
|
||||
last.delete(&key);
|
||||
}
|
||||
|
||||
// update stored timestamp
|
||||
ts = bpf_ktime_get_ns();
|
||||
last.update(&key, &ts);
|
||||
return 0;
|
||||
}
|
||||
""")
|
||||
|
||||
b.attach_kprobe(event=b.get_syscall_fnname("sync"), fn_name="do_trace")
|
||||
print("Tracing for quick sync's... Ctrl-C to end")
|
||||
|
||||
# format output
|
||||
start = 0
|
||||
while 1:
|
||||
(task, pid, cpu, flags, ts, ms) = b.trace_fields()
|
||||
if start == 0:
|
||||
start = ts
|
||||
ts = ts - start
|
||||
print("At time %.2f s: multiple syncs detected, last %s ms ago" % (ts, ms))
|
||||
```
|
||||
|
||||
Things to learn:
|
||||
|
||||
1. ```bpf_ktime_get_ns()```: Returns the time as nanoseconds.
|
||||
1. ```BPF_HASH(last)```: Creates a BPF map object that is a hash (associative array), called "last". We didn't specify any further arguments, so it defaults to key and value types of u64.
|
||||
1. ```key = 0```: We'll only store one key/value pair in this hash, where the key is hardwired to zero.
|
||||
1. ```last.lookup(&key)```: Lookup the key in the hash, and return a pointer to its value if it exists, else NULL. We pass the key in as an address to a pointer.
|
||||
1. ```if (tsp != NULL) {```: The verifier requires that pointer values derived from a map lookup must be checked for a null value before they can be dereferenced and used.
|
||||
1. ```last.delete(&key)```: Delete the key from the hash. This is currently required because of [a kernel bug in `.update()`](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=a6ed3ea65d9868fdf9eff84e6fe4f666b8d14b02) (fixed in 4.8.10).
|
||||
1. ```last.update(&key, &ts)```: Associate the value in the 2nd argument to the key, overwriting any previous value. This records the timestamp.
|
||||
|
||||
### Lesson 5. sync_count.py
|
||||
|
||||
Modify the sync_timing.py program (prior lesson) to store the count of all kernel sync system calls (both fast and slow), and print it with the output. This count can be recorded in the BPF program by adding a new key index to the existing hash.
|
||||
|
||||
### Lesson 6. disksnoop.py
|
||||
|
||||
Browse the [examples/tracing/disksnoop.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/disksnoop.py) program to see what is new. Here is some sample output:
|
||||
|
||||
```sh
|
||||
# disksnoop.py
|
||||
TIME(s) T BYTES LAT(ms)
|
||||
16458043.436012 W 4096 3.13
|
||||
16458043.437326 W 4096 4.44
|
||||
16458044.126545 R 4096 42.82
|
||||
16458044.129872 R 4096 3.24
|
||||
[...]
|
||||
```
|
||||
|
||||
And a code snippet:
|
||||
|
||||
```Python
|
||||
[...]
|
||||
REQ_WRITE = 1 # from include/linux/blk_types.h
|
||||
|
||||
# load BPF program
|
||||
b = BPF(text="""
|
||||
#include <uapi/linux/ptrace.h>
|
||||
#include <linux/blk-mq.h>
|
||||
|
||||
BPF_HASH(start, struct request *);
|
||||
|
||||
void trace_start(struct pt_regs *ctx, struct request *req) {
|
||||
// stash start timestamp by request ptr
|
||||
u64 ts = bpf_ktime_get_ns();
|
||||
|
||||
start.update(&req, &ts);
|
||||
}
|
||||
|
||||
void trace_completion(struct pt_regs *ctx, struct request *req) {
|
||||
u64 *tsp, delta;
|
||||
|
||||
tsp = start.lookup(&req);
|
||||
if (tsp != 0) {
|
||||
delta = bpf_ktime_get_ns() - *tsp;
|
||||
bpf_trace_printk("%d %x %d\\n", req->__data_len,
|
||||
req->cmd_flags, delta / 1000);
|
||||
start.delete(&req);
|
||||
}
|
||||
}
|
||||
""")
|
||||
if BPF.get_kprobe_functions(b'blk_start_request'):
|
||||
b.attach_kprobe(event="blk_start_request", fn_name="trace_start")
|
||||
b.attach_kprobe(event="blk_mq_start_request", fn_name="trace_start")
|
||||
if BPF.get_kprobe_functions(b'__blk_account_io_done'):
|
||||
b.attach_kprobe(event="__blk_account_io_done", fn_name="trace_completion")
|
||||
else:
|
||||
b.attach_kprobe(event="blk_account_io_done", fn_name="trace_completion")
|
||||
[...]
|
||||
```
|
||||
|
||||
Things to learn:
|
||||
|
||||
1. ```REQ_WRITE```: We're defining a kernel constant in the Python program because we'll use it there later. If we were using REQ_WRITE in the BPF program, it should just work (without needing to be defined) with the appropriate #includes.
|
||||
1. ```trace_start(struct pt_regs *ctx, struct request *req)```: This function will later be attached to kprobes. The arguments to kprobe functions are ```struct pt_regs *ctx```, for registers and BPF context, and then the actual arguments to the function. We'll attach this to blk_start_request(), where the first argument is ```struct request *```.
|
||||
1. ```start.update(&req, &ts)```: We're using the pointer to the request struct as a key in our hash. What? This is commonplace in tracing. Pointers to structs turn out to be great keys, as they are unique: two structs can't have the same pointer address. (Just be careful about when it gets free'd and reused.) So what we're really doing is tagging the request struct, which describes the disk I/O, with our own timestamp, so that we can time it. There's two common keys used for storing timestamps: pointers to structs, and, thread IDs (for timing function entry to return).
|
||||
1. ```req->__data_len```: We're dereferencing members of ```struct request```. See its definition in the kernel source for what members are there. bcc actually rewrites these expressions to be a series of ```bpf_probe_read_kernel()``` calls. Sometimes bcc can't handle a complex dereference, and you need to call ```bpf_probe_read_kernel()``` directly.
|
||||
|
||||
This is a pretty interesting program, and if you can understand all the code, you'll understand many important basics. We're still using the bpf_trace_printk() hack, so let's fix that next.
|
||||
|
||||
### Lesson 7. hello_perf_output.py
|
||||
|
||||
Let's finally stop using bpf_trace_printk() and use the proper BPF_PERF_OUTPUT() interface. This will also mean we stop getting the free trace_field() members like PID and timestamp, and will need to fetch them directly. Sample output while commands are run in another session:
|
||||
|
||||
```sh
|
||||
# hello_perf_output.py
|
||||
TIME(s) COMM PID MESSAGE
|
||||
0.000000000 bash 22986 Hello, perf_output!
|
||||
0.021080275 systemd-udevd 484 Hello, perf_output!
|
||||
0.021359520 systemd-udevd 484 Hello, perf_output!
|
||||
0.021590610 systemd-udevd 484 Hello, perf_output!
|
||||
[...]
|
||||
```
|
||||
|
||||
Code is [examples/tracing/hello_perf_output.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/hello_perf_output.py):
|
||||
|
||||
```Python
|
||||
from bcc import BPF
|
||||
|
||||
# define BPF program
|
||||
prog = """
|
||||
#include <linux/sched.h>
|
||||
|
||||
// define output data structure in C
|
||||
struct data_t {
|
||||
u32 pid;
|
||||
u64 ts;
|
||||
char comm[TASK_COMM_LEN];
|
||||
};
|
||||
BPF_PERF_OUTPUT(events);
|
||||
|
||||
int hello(struct pt_regs *ctx) {
|
||||
struct data_t data = {};
|
||||
|
||||
data.pid = bpf_get_current_pid_tgid();
|
||||
data.ts = bpf_ktime_get_ns();
|
||||
bpf_get_current_comm(&data.comm, sizeof(data.comm));
|
||||
|
||||
events.perf_submit(ctx, &data, sizeof(data));
|
||||
|
||||
return 0;
|
||||
}
|
||||
"""
|
||||
|
||||
# load BPF program
|
||||
b = BPF(text=prog)
|
||||
b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello")
|
||||
|
||||
# header
|
||||
print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "MESSAGE"))
|
||||
|
||||
# process event
|
||||
start = 0
|
||||
def print_event(cpu, data, size):
|
||||
global start
|
||||
event = b["events"].event(data)
|
||||
if start == 0:
|
||||
start = event.ts
|
||||
time_s = (float(event.ts - start)) / 1000000000
|
||||
print("%-18.9f %-16s %-6d %s" % (time_s, event.comm, event.pid,
|
||||
"Hello, perf_output!"))
|
||||
|
||||
# loop with callback to print_event
|
||||
b["events"].open_perf_buffer(print_event)
|
||||
while 1:
|
||||
b.perf_buffer_poll()
|
||||
```
|
||||
|
||||
Things to learn:
|
||||
|
||||
1. ```struct data_t```: This defines the C struct we'll use to pass data from kernel to user space.
|
||||
1. ```BPF_PERF_OUTPUT(events)```: This names our output channel "events".
|
||||
1. ```struct data_t data = {};```: Create an empty data_t struct that we'll then populate.
|
||||
1. ```bpf_get_current_pid_tgid()```: Returns the process ID in the lower 32 bits (kernel's view of the PID, which in user space is usually presented as the thread ID), and the thread group ID in the upper 32 bits (what user space often thinks of as the PID). By directly setting this to a u32, we discard the upper 32 bits. Should you be presenting the PID or the TGID? For a multi-threaded app, the TGID will be the same, so you need the PID to differentiate them, if that's what you want. It's also a question of expectations for the end user.
|
||||
1. ```bpf_get_current_comm()```: Populates the first argument address with the current process name.
|
||||
1. ```events.perf_submit()```: Submit the event for user space to read via a perf ring buffer.
|
||||
1. ```def print_event()```: Define a Python function that will handle reading events from the ```events``` stream.
|
||||
1. ```b["events"].event(data)```: Now get the event as a Python object, auto-generated from the C declaration.
|
||||
1. ```b["events"].open_perf_buffer(print_event)```: Associate the Python ```print_event``` function with the ```events``` stream.
|
||||
1. ```while 1: b.perf_buffer_poll()```: Block waiting for events.
|
||||
|
||||
### Lesson 8. sync_perf_output.py
|
||||
|
||||
Rewrite sync_timing.py, from a prior lesson, to use ```BPF_PERF_OUTPUT```.
|
||||
|
||||
### Lesson 9. bitehist.py
|
||||
|
||||
The following tool records a histogram of disk I/O sizes. Sample output:
|
||||
|
||||
```sh
|
||||
# bitehist.py
|
||||
Tracing... Hit Ctrl-C to end.
|
||||
^C
|
||||
kbytes : count distribution
|
||||
0 -> 1 : 3 | |
|
||||
2 -> 3 : 0 | |
|
||||
4 -> 7 : 211 |********** |
|
||||
8 -> 15 : 0 | |
|
||||
16 -> 31 : 0 | |
|
||||
32 -> 63 : 0 | |
|
||||
64 -> 127 : 1 | |
|
||||
128 -> 255 : 800 |**************************************|
|
||||
```
|
||||
|
||||
Code is [examples/tracing/bitehist.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/bitehist.py):
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF
|
||||
from time import sleep
|
||||
|
||||
# load BPF program
|
||||
b = BPF(text="""
|
||||
#include <uapi/linux/ptrace.h>
|
||||
#include <linux/blkdev.h>
|
||||
|
||||
BPF_HISTOGRAM(dist);
|
||||
|
||||
int kprobe__blk_account_io_done(struct pt_regs *ctx, struct request *req)
|
||||
{
|
||||
dist.increment(bpf_log2l(req->__data_len / 1024));
|
||||
return 0;
|
||||
}
|
||||
""")
|
||||
|
||||
# header
|
||||
print("Tracing... Hit Ctrl-C to end.")
|
||||
|
||||
# trace until Ctrl-C
|
||||
try:
|
||||
sleep(99999999)
|
||||
except KeyboardInterrupt:
|
||||
print()
|
||||
|
||||
# output
|
||||
b["dist"].print_log2_hist("kbytes")
|
||||
```
|
||||
|
||||
A recap from earlier lessons:
|
||||
|
||||
- ```kprobe__```: This prefix means the rest will be treated as a kernel function name that will be instrumented using kprobe.
|
||||
- ```struct pt_regs *ctx, struct request *req```: Arguments to kprobe. The ```ctx``` is registers and BPF context, the ```req``` is the first argument to the instrumented function: ```blk_account_io_done()```.
|
||||
- ```req->__data_len```: Dereferencing that member.
|
||||
|
||||
New things to learn:
|
||||
|
||||
1. ```BPF_HISTOGRAM(dist)```: Defines a BPF map object that is a histogram, and names it "dist".
|
||||
1. ```dist.increment()```: Increments the histogram bucket index provided as first argument by one by default. Optionally, custom increments can be passed as the second argument.
|
||||
1. ```bpf_log2l()```: Returns the log-2 of the provided value. This becomes the index of our histogram, so that we're constructing a power-of-2 histogram.
|
||||
1. ```b["dist"].print_log2_hist("kbytes")```: Prints the "dist" histogram as power-of-2, with a column header of "kbytes". The only data transferred from kernel to user space is the bucket counts, making this efficient.
|
||||
|
||||
### Lesson 10. disklatency.py
|
||||
|
||||
Write a program that times disk I/O, and prints a histogram of their latency. Disk I/O instrumentation and timing can be found in the disksnoop.py program from a prior lesson, and histogram code can be found in bitehist.py from a prior lesson.
|
||||
|
||||
### Lesson 11. vfsreadlat.py
|
||||
|
||||
This example is split into separate Python and C files. Example output:
|
||||
|
||||
```sh
|
||||
# vfsreadlat.py 1
|
||||
Tracing... Hit Ctrl-C to end.
|
||||
usecs : count distribution
|
||||
0 -> 1 : 0 | |
|
||||
2 -> 3 : 2 |*********** |
|
||||
4 -> 7 : 7 |****************************************|
|
||||
8 -> 15 : 4 |********************** |
|
||||
|
||||
usecs : count distribution
|
||||
0 -> 1 : 29 |****************************************|
|
||||
2 -> 3 : 28 |************************************** |
|
||||
4 -> 7 : 4 |***** |
|
||||
8 -> 15 : 8 |*********** |
|
||||
16 -> 31 : 0 | |
|
||||
32 -> 63 : 0 | |
|
||||
64 -> 127 : 0 | |
|
||||
128 -> 255 : 0 | |
|
||||
256 -> 511 : 2 |** |
|
||||
512 -> 1023 : 0 | |
|
||||
1024 -> 2047 : 0 | |
|
||||
2048 -> 4095 : 0 | |
|
||||
4096 -> 8191 : 4 |***** |
|
||||
8192 -> 16383 : 6 |******** |
|
||||
16384 -> 32767 : 9 |************ |
|
||||
32768 -> 65535 : 6 |******** |
|
||||
65536 -> 131071 : 2 |** |
|
||||
|
||||
usecs : count distribution
|
||||
0 -> 1 : 11 |****************************************|
|
||||
2 -> 3 : 2 |******* |
|
||||
4 -> 7 : 10 |************************************ |
|
||||
8 -> 15 : 8 |***************************** |
|
||||
16 -> 31 : 1 |*** |
|
||||
32 -> 63 : 2 |******* |
|
||||
[...]
|
||||
```
|
||||
|
||||
Browse the code in [examples/tracing/vfsreadlat.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/vfsreadlat.py) and [examples/tracing/vfsreadlat.c](https://github.com/iovisor/bcc/tree/master/examples/tracing/vfsreadlat.c). Things to learn:
|
||||
|
||||
1. ```b = BPF(src_file = "vfsreadlat.c")```: Read the BPF C program from a separate source file.
|
||||
1. ```b.attach_kretprobe(event="vfs_read", fn_name="do_return")```: Attaches the BPF C function ```do_return()``` to the return of the kernel function ```vfs_read()```. This is a kretprobe: instrumenting the return from a function, rather than its entry.
|
||||
1. ```b["dist"].clear()```: Clears the histogram.
|
||||
|
||||
### Lesson 12. urandomread.py
|
||||
|
||||
Tracing while a ```dd if=/dev/urandom of=/dev/null bs=8k count=5``` is run:
|
||||
|
||||
```sh
|
||||
# urandomread.py
|
||||
TIME(s) COMM PID GOTBITS
|
||||
24652832.956994001 smtp 24690 384
|
||||
24652837.726500999 dd 24692 65536
|
||||
24652837.727111001 dd 24692 65536
|
||||
24652837.727703001 dd 24692 65536
|
||||
24652837.728294998 dd 24692 65536
|
||||
24652837.728888001 dd 24692 65536
|
||||
```
|
||||
|
||||
Hah! I caught smtp by accident. Code is [examples/tracing/urandomread.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/urandomread.py):
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF
|
||||
|
||||
# load BPF program
|
||||
b = BPF(text="""
|
||||
TRACEPOINT_PROBE(random, urandom_read) {
|
||||
// args is from /sys/kernel/debug/tracing/events/random/urandom_read/format
|
||||
bpf_trace_printk("%d\\n", args->got_bits);
|
||||
return 0;
|
||||
}
|
||||
""")
|
||||
|
||||
# header
|
||||
print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS"))
|
||||
|
||||
# format output
|
||||
while 1:
|
||||
try:
|
||||
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
|
||||
except ValueError:
|
||||
continue
|
||||
print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
|
||||
```
|
||||
|
||||
Things to learn:
|
||||
|
||||
1. ```TRACEPOINT_PROBE(random, urandom_read)```: Instrument the kernel tracepoint ```random:urandom_read```. These have a stable API, and thus are recommend to use instead of kprobes, wherever possible. You can run ```perf list``` for a list of tracepoints. Linux >= 4.7 is required to attach BPF programs to tracepoints.
|
||||
1. ```args->got_bits```: ```args``` is auto-populated to be a structure of the tracepoint arguments. The comment above says where you can see that structure. Eg:
|
||||
|
||||
```sh
|
||||
# cat /sys/kernel/debug/tracing/events/random/urandom_read/format
|
||||
name: urandom_read
|
||||
ID: 972
|
||||
format:
|
||||
field:unsigned short common_type; offset:0; size:2; signed:0;
|
||||
field:unsigned char common_flags; offset:2; size:1; signed:0;
|
||||
field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
|
||||
field:int common_pid; offset:4; size:4; signed:1;
|
||||
|
||||
field:int got_bits; offset:8; size:4; signed:1;
|
||||
field:int pool_left; offset:12; size:4; signed:1;
|
||||
field:int input_left; offset:16; size:4; signed:1;
|
||||
|
||||
print fmt: "got_bits %d nonblocking_pool_entropy_left %d input_entropy_left %d", REC->got_bits, REC->pool_left, REC->input_left
|
||||
```
|
||||
|
||||
In this case, we were printing the ```got_bits``` member.
|
||||
|
||||
### Lesson 13. disksnoop.py fixed
|
||||
|
||||
Convert disksnoop.py from a previous lesson to use the ```block:block_rq_issue``` and ```block:block_rq_complete``` tracepoints.
|
||||
|
||||
### Lesson 14. strlen_count.py
|
||||
|
||||
This program instruments a user-level function, the ```strlen()``` library function, and frequency counts its string argument. Example output:
|
||||
|
||||
```sh
|
||||
# strlen_count.py
|
||||
Tracing strlen()... Hit Ctrl-C to end.
|
||||
^C COUNT STRING
|
||||
1 " "
|
||||
1 "/bin/ls"
|
||||
1 "."
|
||||
1 "cpudist.py.1"
|
||||
1 ".bashrc"
|
||||
1 "ls --color=auto"
|
||||
1 "key_t"
|
||||
[...]
|
||||
10 "a7:~# "
|
||||
10 "/root"
|
||||
12 "LC_ALL"
|
||||
12 "en_US.UTF-8"
|
||||
13 "en_US.UTF-8"
|
||||
20 "~"
|
||||
70 "#%^,~:-=?+/}"
|
||||
340 "\x01\x1b]0;root@bgregg-test: ~\x07\x02root@bgregg-test:~# "
|
||||
```
|
||||
|
||||
These are various strings that are being processed by this library function while tracing, along with their frequency counts. ```strlen()``` was called on "LC_ALL" 12 times, for example.
|
||||
|
||||
Code is [examples/tracing/strlen_count.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/strlen_count.py):
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF
|
||||
from time import sleep
|
||||
|
||||
# load BPF program
|
||||
b = BPF(text="""
|
||||
#include <uapi/linux/ptrace.h>
|
||||
|
||||
struct key_t {
|
||||
char c[80];
|
||||
};
|
||||
BPF_HASH(counts, struct key_t);
|
||||
|
||||
int count(struct pt_regs *ctx) {
|
||||
if (!PT_REGS_PARM1(ctx))
|
||||
return 0;
|
||||
|
||||
struct key_t key = {};
|
||||
u64 zero = 0, *val;
|
||||
|
||||
bpf_probe_read_user(&key.c, sizeof(key.c), (void *)PT_REGS_PARM1(ctx));
|
||||
// could also use `counts.increment(key)`
|
||||
val = counts.lookup_or_try_init(&key, &zero);
|
||||
if (val) {
|
||||
(*val)++;
|
||||
}
|
||||
return 0;
|
||||
};
|
||||
""")
|
||||
b.attach_uprobe(name="c", sym="strlen", fn_name="count")
|
||||
|
||||
# header
|
||||
print("Tracing strlen()... Hit Ctrl-C to end.")
|
||||
|
||||
# sleep until Ctrl-C
|
||||
try:
|
||||
sleep(99999999)
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
|
||||
# print output
|
||||
print("%10s %s" % ("COUNT", "STRING"))
|
||||
counts = b.get_table("counts")
|
||||
for k, v in sorted(counts.items(), key=lambda counts: counts[1].value):
|
||||
print("%10d \"%s\"" % (v.value, k.c.encode('string-escape')))
|
||||
```
|
||||
|
||||
Things to learn:
|
||||
|
||||
1. ```PT_REGS_PARM1(ctx)```: This fetches the first argument to ```strlen()```, which is the string.
|
||||
1. ```b.attach_uprobe(name="c", sym="strlen", fn_name="count")```: Attach to library "c" (if this is the main program, use its pathname), instrument the user-level function ```strlen()```, and on execution call our C function ```count()```.
|
||||
|
||||
### Lesson 15. nodejs_http_server.py
|
||||
|
||||
This program instruments a user statically-defined tracing (USDT) probe, which is the user-level version of a kernel tracepoint. Sample output:
|
||||
|
||||
```sh
|
||||
# nodejs_http_server.py 24728
|
||||
TIME(s) COMM PID ARGS
|
||||
24653324.561322998 node 24728 path:/index.html
|
||||
24653335.343401998 node 24728 path:/images/welcome.png
|
||||
24653340.510164998 node 24728 path:/images/favicon.png
|
||||
```
|
||||
|
||||
Relevant code from [examples/tracing/nodejs_http_server.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/nodejs_http_server.py):
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF, USDT
|
||||
import sys
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
print("USAGE: nodejs_http_server PID")
|
||||
exit()
|
||||
pid = sys.argv[1]
|
||||
debug = 0
|
||||
|
||||
# load BPF program
|
||||
bpf_text = """
|
||||
#include <uapi/linux/ptrace.h>
|
||||
int do_trace(struct pt_regs *ctx) {
|
||||
uint64_t addr;
|
||||
char path[128]={0};
|
||||
bpf_usdt_readarg(6, ctx, &addr);
|
||||
bpf_probe_read_user(&path, sizeof(path), (void *)addr);
|
||||
bpf_trace_printk("path:%s\\n", path);
|
||||
return 0;
|
||||
};
|
||||
"""
|
||||
|
||||
# enable USDT probe from given PID
|
||||
u = USDT(pid=int(pid))
|
||||
u.enable_probe(probe="http__server__request", fn_name="do_trace")
|
||||
if debug:
|
||||
print(u.get_text())
|
||||
print(bpf_text)
|
||||
|
||||
# initialize BPF
|
||||
b = BPF(text=bpf_text, usdt_contexts=[u])
|
||||
```
|
||||
|
||||
Things to learn:
|
||||
|
||||
1. ```bpf_usdt_readarg(6, ctx, &addr)```: Read the address of argument 6 from the USDT probe into ```addr```.
|
||||
1. ```bpf_probe_read_user(&path, sizeof(path), (void *)addr)```: Now the string ```addr``` points to into our ```path``` variable.
|
||||
1. ```u = USDT(pid=int(pid))```: Initialize USDT tracing for the given PID.
|
||||
1. ```u.enable_probe(probe="http__server__request", fn_name="do_trace")```: Attach our ```do_trace()``` BPF C function to the Node.js ```http__server__request``` USDT probe.
|
||||
1. ```b = BPF(text=bpf_text, usdt_contexts=[u])```: Need to pass in our USDT object, ```u```, to BPF object creation.
|
||||
|
||||
### Lesson 16. task_switch.c
|
||||
|
||||
This is an older tutorial included as a bonus lesson. Use this for recap and to reinforce what you've already learned.
|
||||
|
||||
This is a slightly more complex tracing example than Hello World. This program
|
||||
will be invoked for every task change in the kernel, and record in a BPF map
|
||||
the new and old pids.
|
||||
|
||||
The C program below introduces a new concept: the prev argument. This
|
||||
argument is treated specially by the BCC frontend, such that accesses
|
||||
to this variable are read from the saved context that is passed by the
|
||||
kprobe infrastructure. The prototype of the args starting from
|
||||
position 1 should match the prototype of the kernel function being
|
||||
kprobed. If done so, the program will have seamless access to the
|
||||
function parameters.
|
||||
|
||||
```c
|
||||
#include <uapi/linux/ptrace.h>
|
||||
#include <linux/sched.h>
|
||||
|
||||
struct key_t {
|
||||
u32 prev_pid;
|
||||
u32 curr_pid;
|
||||
};
|
||||
|
||||
BPF_HASH(stats, struct key_t, u64, 1024);
|
||||
int count_sched(struct pt_regs *ctx, struct task_struct *prev) {
|
||||
struct key_t key = {};
|
||||
u64 zero = 0, *val;
|
||||
|
||||
key.curr_pid = bpf_get_current_pid_tgid();
|
||||
key.prev_pid = prev->pid;
|
||||
|
||||
// could also use `stats.increment(key);`
|
||||
val = stats.lookup_or_try_init(&key, &zero);
|
||||
if (val) {
|
||||
(*val)++;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
```
|
||||
|
||||
The userspace component loads the file shown above, and attaches it to the
|
||||
`finish_task_switch` kernel function.
|
||||
The `[]` operator of the BPF object gives access to each BPF_HASH in the
|
||||
program, allowing pass-through access to the values residing in the kernel. Use
|
||||
the object as you would any other python dict object: read, update, and deletes
|
||||
are all allowed.
|
||||
```python
|
||||
from bcc import BPF
|
||||
from time import sleep
|
||||
|
||||
b = BPF(src_file="task_switch.c")
|
||||
b.attach_kprobe(event="finish_task_switch", fn_name="count_sched")
|
||||
|
||||
# generate many schedule events
|
||||
for i in range(0, 100): sleep(0.01)
|
||||
|
||||
for k, v in b["stats"].items():
|
||||
print("task_switch[%5d->%5d]=%u" % (k.prev_pid, k.curr_pid, v.value))
|
||||
```
|
||||
|
||||
These programs can be found in the files [examples/tracing/task_switch.c](https://github.com/iovisor/bcc/tree/master/examples/tracing/task_switch.c) and [examples/tracing/task_switch.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/task_switch.py) respectively.
|
||||
|
||||
### Lesson 17. Further Study
|
||||
|
||||
For further study, see Sasha Goldshtein's [linux-tracing-workshop](https://github.com/goldshtn/linux-tracing-workshop), which contains additional labs. There are also many tools in bcc /tools to study.
|
||||
|
||||
Please read [CONTRIBUTING-SCRIPTS.md](https://github.com/iovisor/bcc/tree/master/CONTRIBUTING-SCRIPTS.md) if you wish to contribute tools to bcc. At the bottom of the main [README.md](https://github.com/iovisor/bcc/tree/master/README.md), you'll also find methods for contacting us. Good luck, and happy tracing!
|
||||
|
||||
## Networking
|
||||
|
||||
To do.
|
||||
@@ -1,703 +0,0 @@
|
||||
# bcc Python 开发者教程
|
||||
|
||||
本教程介绍使用 Python 接口开发 [bcc](https://github.com/iovisor/bcc) 工具和程序。分为两个部分:可观测性和网络。代码片段取自 bcc 的各个程序,请查阅其文件以了解许可证情况。
|
||||
|
||||
还请参阅 bcc 开发者的[参考指南](reference_guide.md),以及针对工具的用户的教程:[教程](tutorial.md)。还有适用于 bcc 的 lua 接口。
|
||||
|
||||
## 可观测性
|
||||
|
||||
这个可观测性教程包含17个课程和46个要学习的枚举事项。
|
||||
|
||||
### 第1课. 你好,世界
|
||||
|
||||
首先运行 [examples/hello_world.py](https://github.com/iovisor/bcc/tree/master/examples/hello_world.py),同时在另一个会话中运行一些命令(例如,“ls”)。它应该会为新进程打印“Hello, World!”。如果没有打印,请先修复bcc:请参阅 [INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md)。
|
||||
|
||||
```sh
|
||||
# ./examples/hello_world.py
|
||||
bash-13364 [002] d... 24573433.052937: : Hello, World!
|
||||
bash-13364 [003] d... 24573436.642808: : Hello, World!
|
||||
[...]
|
||||
```
|
||||
|
||||
以下是 hello_world.py 的代码示例:
|
||||
|
||||
```Python
|
||||
from bcc import BPF
|
||||
BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print()
|
||||
```
|
||||
|
||||
从中可以学到六件事情:
|
||||
|
||||
1. ```text='...'```:这定义了内联的 BPF 程序。该程序是用 C 编写的。
|
||||
|
||||
1. ```kprobe__sys_clone()```:这是通过 kprobes 动态跟踪内核的一种快捷方式。如果 C 函数以 ```kprobe__``` 开头,其余部分将被视为要定位的内核函数名称,本例中为 ```sys_clone()```。
|
||||
|
||||
1. ```void *ctx```:ctx 是参数,但由于我们在此处未使用它们,所以我们将其转换为 ```void*``` 类型。
|
||||
1. ```bpf_trace_printk()```: 用于将 printf() 打印到通用 trace_pipe (/sys/kernel/debug/tracing/trace_pipe) 的简单内核工具。 这对于一些快速示例是可以的,但有一些限制:最多只有 3 个参数,只能有一个 %s,并且 trace_pipe 是全局共享的,所以并发程序会有冲突的输出。更好的接口是通过 BPF_PERF_OUTPUT() 实现的,稍后会介绍。
|
||||
|
||||
1. ```return 0;```: 必要的规范性代码(如果想知道原因,请参见 [#139](https://github.com/iovisor/bcc/issues/139))。
|
||||
|
||||
1. ```.trace_print()```: 一个读取 trace_pipe 并打印输出的 bcc 程序。
|
||||
|
||||
### 第二课 sys_sync()
|
||||
|
||||
编写一个跟踪 sys_sync() 内核函数的程序。运行时打印 "sys_sync() called"。在跟踪时,在另一个会话中运行 ```sync``` 进行测试。hello_world.py 程序中包含了这一切所需的内容。
|
||||
|
||||
通过在程序刚启动时打印 "Tracing sys_sync()... Ctrl-C to end." 来改进它。提示:它只是 Python 代码。
|
||||
|
||||
### 第三课 hello_fields.py
|
||||
|
||||
该程序位于 [examples/tracing/hello_fields.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/hello_fields.py)。样本输出(在另一个会话中运行命令):
|
||||
|
||||
```sh
|
||||
# examples/tracing/hello_fields.py
|
||||
时间(s) 进程名 进程 ID 消息
|
||||
24585001.174885999 sshd 1432 你好,世界!
|
||||
24585001.195710000 sshd 15780 你好,世界!
|
||||
24585001.991976000 systemd-udevd 484 你好,世界!
|
||||
24585002.276147000 bash 15787 你好,世界!
|
||||
```
|
||||
|
||||
代码:
|
||||
|
||||
```Python
|
||||
from bcc import BPF
|
||||
|
||||
# 定义 BPF 程序
|
||||
prog = """
|
||||
int hello(void *ctx) {
|
||||
bpf_trace_printk("你好,世界!\\n");
|
||||
return 0;
|
||||
}
|
||||
"""
|
||||
|
||||
# 加载 BPF 程序
|
||||
b = BPF(text=prog)
|
||||
b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello")
|
||||
|
||||
# 头部
|
||||
print("%-18s %-16s %-6s %s" % ("时间(s)", "进程名", "进程 ID", "消息"))
|
||||
|
||||
# 格式化输出
|
||||
while 1:
|
||||
try:
|
||||
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
|
||||
except ValueError:
|
||||
continue
|
||||
print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
|
||||
```
|
||||
|
||||
这与hello_world.py类似,并通过sys_clone()再次跟踪新进程,但是还有一些要学习的内容:
|
||||
|
||||
1. `prog =`:这次我们将C程序声明为变量,然后引用它。如果您想根据命令行参数添加一些字符串替换,这将非常有用。
|
||||
|
||||
1. `hello()`:现在我们只是声明了一个C函数,而不是使用`kprobe__`的快捷方式。我们稍后会引用它。在BPF程序中声明的所有C函数都希望在探测器上执行,因此它们都需要以`pt_reg* ctx`作为第一个参数。如果您需要定义一些不会在探测器上执行的辅助函数,则需要将其定义为`static inline`,以便由编译器内联。有时您还需要为其添加`_always_inline`函数属性。
|
||||
|
||||
1. `b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello")`:为内核clone系统调用函数创建一个kprobe,该函数将执行我们定义的hello()函数。您可以多次调用attach_kprobe(),并将您的C函数附加到多个内核函数上。
|
||||
|
||||
1. `b.trace_fields()`:从trace_pipe中返回一组固定的字段。与trace_print()类似,它对于编写脚本很方便,但是对于实际的工具化需求,我们应该切换到BPF_PERF_OUTPUT()。
|
||||
|
||||
### Lesson 4. sync_timing.py
|
||||
|
||||
还记得以前系统管理员在缓慢的控制台上输入`sync`三次然后才重启吗?后来有人认为`sync;sync;sync`很聪明,将它们都写在一行上运行,尽管这违背了最初的目的!然后,sync变成了同步操作,所以更加愚蠢。无论如何。
|
||||
|
||||
以下示例计算了`do_sync`函数被调用的速度,并且如果它在一秒钟之内被调用,则输出信息。`sync;sync;sync`将为第2个和第3个sync打印输出:
|
||||
|
||||
```sh
|
||||
# examples/tracing/sync_timing.py
|
||||
追踪快速sync... 按Ctrl-C结束"。
|
||||
```
|
||||
|
||||
在时间0.00秒时:检测到多个同步,上次发生在95毫秒前
|
||||
在时间0.10秒时:检测到多个同步,上次发生在96毫秒前
|
||||
|
||||
此程序是[examples/tracing/sync_timing.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/sync_timing.py):
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF
|
||||
|
||||
# 加载BPF程序
|
||||
b = BPF(text="""
|
||||
#include <uapi/linux/ptrace.h>
|
||||
|
||||
BPF_HASH(last);
|
||||
|
||||
int do_trace(struct pt_regs *ctx) {
|
||||
u64 ts, *tsp, delta, key = 0;
|
||||
|
||||
// 尝试读取存储的时间戳
|
||||
tsp = last.lookup(&key);
|
||||
if (tsp != NULL) {
|
||||
delta = bpf_ktime_get_ns() - *tsp;
|
||||
if (delta < 1000000000) {
|
||||
// 时间小于1秒则输出
|
||||
bpf_trace_printk("%d\\n", delta / 1000000);
|
||||
}
|
||||
last.delete(&key);
|
||||
}
|
||||
|
||||
// 更新存储的时间戳
|
||||
ts = bpf_ktime_get_ns();
|
||||
last.update(&key, &ts);
|
||||
return 0;
|
||||
}
|
||||
""")
|
||||
|
||||
b.attach_kprobe(event=b.get_syscall_fnname("sync"), fn_name="do_trace")
|
||||
print("跟踪快速同步... 按Ctrl-C结束")
|
||||
|
||||
# 格式化输出
|
||||
start = 0
|
||||
while 1:
|
||||
(task, pid, cpu, flags, ts, ms) = b.trace_fields()
|
||||
if start == 0:
|
||||
start = ts
|
||||
ts = ts - start
|
||||
print("在时间%.2f秒处:检测到多个同步,上次发生在%s毫秒前" % (ts, ms))
|
||||
```
|
||||
|
||||
学习内容:
|
||||
|
||||
1. ```bpf_ktime_get_ns()```: 返回时间,单位为纳秒。
|
||||
1. ```BPF_HASH(last)```: 创建一个BPF映射对象,类型为哈希(关联数组),名为"last"。我们没有指定其他参数,因此默认的键和值类型为u64。
|
||||
1. ```key = 0```: 我们只会在哈希中存储一个键值对,其中键被硬编码为零。
|
||||
1. ```last.lookup(&key)```: 在哈希中查找键,并如果存在则返回其值的指针,否则返回NULL。我们将键作为指针的地址传递给该函数。
|
||||
1. ```if (tsp != NULL) {```: 验证器要求在将从映射查找得到的指针值解引用使用之前,必须先检查其是否为null。1. ```last.delete(&key)```: 从哈希表中删除key。目前需要这样做是因为[`.update()`中存在一个内核错误](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=a6ed3ea65d9868fdf9eff84e6fe4f666b8d14b02)(在4.8.10中已经修复)。
|
||||
1. ```last.update(&key, &ts)```: 将第二个参数的值与key关联起来,覆盖之前的任何值。这会记录时间戳。
|
||||
|
||||
### 第5课. sync_count.py
|
||||
|
||||
修改sync_timing.py程序(前一课)以存储所有内核同步系统调用(包括快速和慢速)的计数,并将其与输出一起打印出来。可以通过向现有哈希表添加一个新的键索引来在BPF程序中记录此计数。
|
||||
|
||||
### 第6课. disksnoop.py
|
||||
|
||||
浏览[examples/tracing/disksnoop.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/disksnoop.py)程序以了解新内容。以下是一些示例输出:
|
||||
|
||||
```sh
|
||||
# disksnoop.py
|
||||
时间(s) T 字节 延迟(ms)
|
||||
16458043.436012 W 4096 3.13
|
||||
16458043.437326 W 4096 4.44
|
||||
16458044.126545 R 4096 42.82
|
||||
16458044.129872 R 4096 3.24
|
||||
[...]
|
||||
```
|
||||
|
||||
以及代码片段:
|
||||
|
||||
```Python
|
||||
[...]
|
||||
REQ_WRITE = 1 # 来自include/linux/blk_types.h
|
||||
|
||||
# 加载BPF程序
|
||||
b = BPF(text="""
|
||||
#include <uapi/linux/ptrace.h>
|
||||
#include <linux/blk-mq.h>
|
||||
|
||||
BPF_HASH(start, struct request *);
|
||||
|
||||
void trace_start(struct pt_regs *ctx, struct request *req) {
|
||||
// 使用请求指针存储开始时间戳
|
||||
u64 ts = bpf_ktime_get_ns();
|
||||
|
||||
start.update(&req, &ts);
|
||||
}
|
||||
|
||||
void trace_completion(struct pt_regs *ctx, struct request *req) {
|
||||
u64 *tsp, delta;
|
||||
|
||||
tsp = start.lookup(&req);
|
||||
if (tsp != 0) {
|
||||
delta = bpf_ktime_get_ns() - *tsp;
|
||||
bpf_trace_printk("%d %x %d\\n", req->__data_len,
|
||||
req->cmd_flags, delta / 1000);
|
||||
start.delete(&req);
|
||||
}
|
||||
}
|
||||
""")
|
||||
if BPF.get_kprobe_functions(b'blk_start_request'):
|
||||
b.attach_kprobe(event="blk_start_request", fn_name="trace_start")
|
||||
b.attach_kprobe(event="blk_mq_start_request", fn_name="trace_start")
|
||||
if BPF.get_kprobe_functions(b'__blk_account_io_done'):
|
||||
b.attach_kprobe(event="__blk_account_io_done", fn_name="trace_completion") else: b.attach_kprobe(event="blk_account_io_done", fn_name="trace_completion")
|
||||
[...]
|
||||
```
|
||||
|
||||
学习内容:
|
||||
|
||||
1. ```REQ_WRITE```: 我们在Python程序中定义了一个内核常量,因为我们后面会在Python程序中使用它。如果我们在BPF程序中使用REQ_WRITE,它应该可以正常工作(无需定义),只需使用适当的```#includes```。
|
||||
2. ```trace_start(struct pt_regs *ctx, struct request*req)```: 这个函数将在后面附加到kprobe上。kprobe函数的参数是```struct pt_regs *ctx```,用于寄存器和BPF上下文,然后是函数的实际参数。我们将把它附加到blk_start_request()上,其中第一个参数是```struct request*```。
|
||||
3. ```start.update(&req, &ts)```: 我们使用请求结构的指针作为哈希中的键。这在跟踪中很常见。结构体指针是非常好的键,因为它们是唯一的:两个结构体不能具有相同的指针地址。(只需小心何时释放和重用指针。)所以我们实际上是给描述磁盘I/O的请求结构体打上我们自己的时间戳,以便我们可以计时。存储时间戳常用的两个键是结构体指针和线程ID(用于记录函数入口到返回的时间)。
|
||||
4. ```req->__data_len```: 我们在解引用```struct request```的成员。请参阅内核源代码中对其定义的部分以获得有关哪些成员可用的信息。bcc实际上会将这些表达式重写为一系列```bpf_probe_read_kernel()```调用。有时bcc无法处理复杂的解引用,此时您需要直接调用```bpf_probe_read_kernel()```。
|
||||
|
||||
这是一个非常有趣的程序,如果您能理解所有的代码,您就会理解很多重要的基础知识。我们仍然在使用```bpf_trace_printk()```的技巧,我们下一步要解决这个问题。
|
||||
|
||||
### Lesson 7. hello_perf_output.py
|
||||
|
||||
让我们最终停止使用bpf_trace_printk(),并使用适当的BPF_PERF_OUTPUT()接口。这也意味着我们将停止获取免费的trace_field()成员,如PID和时间戳,并且需要直接获取它们。在另一个会话中运行命令时的示例输出
|
||||
|
||||
```sh
|
||||
# hello_perf_output.py
|
||||
TIME(s) COMM PID MESSAGE
|
||||
0.000000000 bash 22986 你好,perf_output!
|
||||
0.021080275 systemd-udevd 484 你好,perf_output!
|
||||
0.021359520 systemd-udevd 484 你好,perf_output!
|
||||
0.021590610 systemd-udevd 484 你好,perf_output!
|
||||
[...]
|
||||
```
|
||||
|
||||
代码位于[examples/tracing/hello_perf_output.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/hello_perf_output.py):
|
||||
|
||||
```Python
|
||||
from bcc import BPF
|
||||
|
||||
// 定义BPF程序
|
||||
prog = """
|
||||
#include <linux/sched.h>
|
||||
|
||||
// 在C中定义输出数据结构
|
||||
struct data_t {
|
||||
u32 pid;
|
||||
u64 ts;
|
||||
char comm[TASK_COMM_LEN];
|
||||
};
|
||||
BPF_PERF_OUTPUT(events);
|
||||
|
||||
int hello(struct pt_regs *ctx) {
|
||||
struct data_t data = {};
|
||||
|
||||
data.pid = bpf_get_current_pid_tgid();
|
||||
data.ts = bpf_ktime_get_ns();
|
||||
bpf_get_current_comm(&data.comm, sizeof(data.comm));
|
||||
|
||||
events.perf_submit(ctx, &data, sizeof(data));
|
||||
|
||||
return 0;
|
||||
}
|
||||
"""
|
||||
|
||||
// 加载BPF程序
|
||||
b = BPF(text=prog)
|
||||
b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello")
|
||||
|
||||
//标题
|
||||
print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "MESSAGE"))
|
||||
|
||||
//处理事件
|
||||
start = 0
|
||||
def print_event(cpu, data, size):
|
||||
global start
|
||||
event = b["events"].event(data)
|
||||
if start == 0:
|
||||
start = event.ts
|
||||
time_s = (float(event.ts - start)) / 1000000000
|
||||
print("%-18.9f %-16s %-6d %s" % (time_s, event.comm, event.pid, "你好,perf_output!"))
|
||||
|
||||
//循环并回调print_event
|
||||
b["events"].open_perf_buffer(print_event)
|
||||
while 1:
|
||||
b.perf_buffer_poll()
|
||||
```
|
||||
|
||||
学习的内容:
|
||||
|
||||
1. ```struct data_t```: 这定义了一个C结构体,我们将用它来从内核传递数据到用户空间。1. `BPF_PERF_OUTPUT(events)`: 这里给我们的输出通道命名为"events"。
|
||||
1. `struct data_t data = {};`: 创建一个空的`data_t`结构体,我们将在之后填充它。
|
||||
1. `bpf_get_current_pid_tgid()`: 返回低32位的进程ID(内核视图中的PID,用户空间中通常被表示为线程ID),以及高32位的线程组ID(用户空间通常认为是PID)。通过直接将其设置为`u32`,我们丢弃了高32位。应该显示PID还是TGID?对于多线程应用程序,TGID将是相同的,所以如果你想要区分它们,你需要PID。这也是对最终用户期望的一个问题。
|
||||
1. `bpf_get_current_comm()`: 将当前进程的名称填充到第一个参数的地址中。
|
||||
1. `events.perf_submit()`: 通过perf环形缓冲区将事件提交给用户空间以供读取。
|
||||
1. `def print_event()`: 定义一个Python函数来处理从`events`流中读取的事件。
|
||||
1. `b["events"].event(data)`: 现在将事件作为一个Python对象获取,该对象是根据C声明自动生成的。
|
||||
1. `b["events"].open_perf_buffer(print_event)`: 将Python的`print_event`函数与`events`流关联起来。
|
||||
1. `while 1: b.perf_buffer_poll()`: 阻塞等待事件。
|
||||
|
||||
### 第八课。 sync_perf_output.py
|
||||
|
||||
重写之前的课程中的sync_timing.py,使用```BPF_PERF_OUTPUT```。
|
||||
|
||||
### 第九课。 bitehist.py
|
||||
|
||||
以下工具记录了磁盘I/O大小的直方图。样本输出:
|
||||
|
||||
```sh
|
||||
# bitehist.py
|
||||
跟踪中... 按Ctrl-C结束。
|
||||
^C
|
||||
kbytes : count distribution
|
||||
0 -> 1 : 3 | |
|
||||
2 -> 3 : 0 | |
|
||||
4 -> 7 : 211 |********** |
|
||||
8 -> 15 : 0 | |
|
||||
16 -> 31 : 0 | |".32 -> 63 : 0 | |
|
||||
64 -> 127 : 1 | |
|
||||
128 -> 255 : 800 |**************************************|
|
||||
```
|
||||
|
||||
代码在[examples/tracing/bitehist.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/bitehist.py):
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF
|
||||
from time import sleep
|
||||
|
||||
# 加载BPF程序
|
||||
b = BPF(text="""
|
||||
#include <uapi/linux/ptrace.h>
|
||||
#include <linux/blkdev.h>
|
||||
|
||||
BPF_HISTOGRAM(dist);
|
||||
|
||||
int kprobe__blk_account_io_done(struct pt_regs *ctx, struct request *req)
|
||||
{
|
||||
dist.increment(bpf_log2l(req->__data_len / 1024));
|
||||
return 0;
|
||||
}
|
||||
""")
|
||||
|
||||
# 头部
|
||||
print("跟踪中... 按Ctrl-C结束.")
|
||||
|
||||
# 跟踪直到按下Ctrl-C
|
||||
try:
|
||||
sleep(99999999)
|
||||
except KeyboardInterrupt:
|
||||
print()
|
||||
|
||||
# 输出
|
||||
b["dist"].print_log2_hist("kbytes")
|
||||
```
|
||||
|
||||
之前课程的总结:
|
||||
|
||||
- ```kprobe__```: 这个前缀意味着其余部分将被视为一个将使用kprobe进行插桩的内核函数名。
|
||||
- ```struct pt_regs *ctx, struct request*req```: kprobe的参数。```ctx``` 是寄存器和BPF上下文,```req``` 是被插桩函数 ```blk_account_io_done()``` 的第一个参数。
|
||||
- ```req->__data_len```: 解引用该成员。
|
||||
|
||||
新知识:
|
||||
|
||||
1. ```BPF_HISTOGRAM(dist)```: 定义了一个名为 "dist" 的BPF映射对象,它是一个直方图。
|
||||
1. ```dist.increment()```: 默认情况下,将第一个参数提供的直方图桶索引加1。也可以作为第二个参数传递自定义的增量。
|
||||
1. ```bpf_log2l()```: 返回所提供值的对数值。这将成为我们直方图的索引,这样我们构建了一个以2为底的幂直方图。
|
||||
1. ```b["dist"].print_log2_hist("kbytes")```: 以2为底的幂形式打印 "dist" 直方图,列标题为 "kbytes"。这样只有桶计数从内核传输到用户空间,因此效率高。
|
||||
|
||||
### Lesson 10. disklatency.py”。#### Lesson 11. vfsreadlat.py
|
||||
|
||||
这个例子分为独立的Python和C文件。示例输出:
|
||||
|
||||
```sh
|
||||
# vfsreadlat.py 1
|
||||
跟踪中... 按Ctrl-C停止。
|
||||
微秒 : 数量 分布
|
||||
0 -> 1 : 0 | |
|
||||
2 -> 3 : 2 |*********** |
|
||||
4 -> 7 : 7 |****************************************|
|
||||
8 -> 15 : 4 |********************** |
|
||||
|
||||
微秒 : 数量 分布
|
||||
0 -> 1 : 29 |****************************************|
|
||||
2 -> 3 : 28 |************************************** |
|
||||
4 -> 7 : 4 |***** |
|
||||
8 -> 15 : 8 |*********** |
|
||||
16 -> 31 : 0 | |
|
||||
32 -> 63 : 0 | |
|
||||
64 -> 127 : 0 | |
|
||||
128 -> 255 : 0 | |
|
||||
256 -> 511 : 2 |** |
|
||||
512 -> 1023 : 0 | |
|
||||
1024 -> 2047 : 0 | |
|
||||
2048 -> 4095 : 0 | |
|
||||
4096 -> 8191 : 4 |***** |
|
||||
8192 -> 16383 : 6 |******** |
|
||||
16384 -> 32767 : 9 |************ |```.32768 -> 65535 : 6 |******** |
|
||||
65536 -> 131071 : 2 |** |
|
||||
|
||||
usecs : count distribution
|
||||
0 -> 1 : 11 |****************************************|
|
||||
2 -> 3 : 2 |******* |
|
||||
4 -> 7 : 10 |************************************ |
|
||||
8 -> 15 : 8 |***************************** |
|
||||
16 -> 31 : 1 |*** |
|
||||
32 -> 63 : 2 |******* |
|
||||
[...]
|
||||
```
|
||||
|
||||
浏览 [examples/tracing/vfsreadlat.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/vfsreadlat.py) 和 [examples/tracing/vfsreadlat.c](https://github.com/iovisor/bcc/tree/master/examples/tracing/vfsreadlat.c) 中的代码。
|
||||
|
||||
学习的内容:
|
||||
|
||||
1. `b = BPF(src_file = "vfsreadlat.c")`: 从单独的源代码文件中读取 BPF C 程序。
|
||||
2. `b.attach_kretprobe(event="vfs_read", fn_name="do_return")`: 将 BPF C 函数 `do_return()` 链接到内核函数 `vfs_read()` 的返回值上。这是一个 kretprobe:用于检测函数返回值,而不是函数的入口。
|
||||
3. `b["dist"].clear()`: 清除直方图。
|
||||
|
||||
### Lesson 12. urandomread.py
|
||||
|
||||
当运行 `dd if=/dev/urandom of=/dev/null bs=8k count=5` 时进行跟踪:
|
||||
|
||||
```sh
|
||||
# urandomread.py
|
||||
TIME(s) COMM PID GOTBITS
|
||||
24652832.956994001 smtp 24690 384
|
||||
24652837.726500999 dd 24692 65536
|
||||
24652837.727111001 dd 24692 65536
|
||||
24652837.727703001 dd 24692 65536
|
||||
24652837.728294998 dd 24692 65536
|
||||
24652837.728888001 dd 24692 65536
|
||||
```
|
||||
|
||||
哈!我意外地捕捉到了 smtp。代码在 [examples/tracing/urandomread.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/urandomread.py) 中:
|
||||
|
||||
```Python
|
||||
from __future__ import print_function".```python
|
||||
from bcc import BPF
|
||||
|
||||
# 加载BPF程序
|
||||
b = BPF(text="""
|
||||
TRACEPOINT_PROBE(random, urandom_read) {
|
||||
// args is from /sys/kernel/debug/tracing/events/random/urandom_read/format
|
||||
bpf_trace_printk("%d\\n", args->got_bits);
|
||||
return 0;
|
||||
}
|
||||
""")
|
||||
|
||||
# header
|
||||
print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS"))
|
||||
|
||||
# format output
|
||||
while 1:
|
||||
try:
|
||||
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
|
||||
except ValueError:
|
||||
continue
|
||||
print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
|
||||
```
|
||||
|
||||
要学到的东西:
|
||||
|
||||
1. ```TRACEPOINT_PROBE(random, urandom_read)```: 对内核跟踪点 ```random:urandom_read``` 进行注入。这些具有稳定的API,因此在可能的情况下建议使用它们来代替kprobe。您可以运行 ```perf list``` 来获取跟踪点列表。至少需要 Linux 版本 4.7 来将 BPF 程序附加到跟踪点上。
|
||||
2. ```args->got_bits```: ```args``` 是自动填充的跟踪点参数结构。上面的注释指出了可以查看这个结构的位置。例如:
|
||||
|
||||
```sh
|
||||
# cat /sys/kernel/debug/tracing/events/random/urandom_read/format
|
||||
name: urandom_read
|
||||
ID: 972
|
||||
format:
|
||||
field:unsigned short common_type; offset:0; size:2; signed:0;
|
||||
field:unsigned char common_flags; offset:2; size:1; signed:0;
|
||||
field:unsigned char common_preempt_count; offset:3; size:1; signed:0;
|
||||
field:int common_pid; offset:4; size:4; signed:1;
|
||||
|
||||
field:int got_bits; offset:8; size:4; signed:1;
|
||||
field:int pool_left; offset:12; size:4; signed:1;
|
||||
field:int input_left; offset:16; size:4; signed:1;
|
||||
|
||||
print fmt: "got_bits %d nonblocking_pool_entropy_left %d input_entropy_left %d", REC->got_bits, REC->pool_left, REC->input_left
|
||||
```
|
||||
|
||||
在这种情况下,我们正在打印 ```got_bits``` 成员。
|
||||
|
||||
### 第13课. disksnoop.py已修复
|
||||
|
||||
将上一课的 disksnoop.py 修改为使用 ```block:block_rq_issue``` 和 ```block:block_rq_complete``` 跟踪点。
|
||||
|
||||
### 第14课. strlen_count.py.
|
||||
|
||||
这个程序对用户级函数进行插桩,其中包括 ```strlen()``` 库函数,并对其字符串参数进行频率统计。例如输出
|
||||
|
||||
```sh
|
||||
# strlen_count.py
|
||||
跟踪 strlen()... 按 Ctrl-C 结束。
|
||||
^C 数量 字符串
|
||||
1 " "
|
||||
1 "/bin/ls"
|
||||
1 "."
|
||||
1 "cpudist.py.1"
|
||||
1 ".bashrc"
|
||||
1 "ls --color=auto"
|
||||
1 "key_t"
|
||||
[...]
|
||||
10 "a7:~# "
|
||||
10 "/root"
|
||||
12 "LC_ALL"
|
||||
12 "en_US.UTF-8"
|
||||
13 "en_US.UTF-8"
|
||||
20 "~"
|
||||
70 "#%^,~:-=?+/}"
|
||||
340 "\x01\x1b]0;root@bgregg-test: ~\x07\x02root@bgregg-test:~# "
|
||||
```
|
||||
|
||||
这些是在跟踪时由此库函数处理的各种字符串以及它们的频率计数。例如,"LC_ALL" 被调用了12次。
|
||||
|
||||
代码在 [examples/tracing/strlen_count.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/strlen_count.py) 中:
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF
|
||||
from time import sleep
|
||||
|
||||
# 载入 BPF 程序
|
||||
b = BPF(text="""
|
||||
#include <uapi/linux/ptrace.h>
|
||||
|
||||
struct key_t {
|
||||
char c[80];
|
||||
};
|
||||
BPF_HASH(counts, struct key_t);
|
||||
|
||||
int count(struct pt_regs *ctx) {
|
||||
if (!PT_REGS_PARM1(ctx))
|
||||
return 0;
|
||||
|
||||
struct key_t key = {};
|
||||
u64 zero = 0, *val;
|
||||
|
||||
bpf_probe_read_user(&key.c, sizeof(key.c), (void *)PT_REGS_PARM1(ctx));
|
||||
// 也可以使用 `counts.increment(key)`
|
||||
val = counts.lookup_or_try_init(&key, &zero);
|
||||
if (val) {
|
||||
(*val)++;
|
||||
}
|
||||
return 0;
|
||||
};
|
||||
""")
|
||||
b.attach_uprobe(name="c", sym="strlen", fn_name="count")
|
||||
|
||||
# 头部
|
||||
print("跟踪 strlen()... 按 Ctrl-C 结束。")
|
||||
|
||||
# 睡眠直到按下 Ctrl-C
|
||||
try:
|
||||
sleep(99999999)
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
|
||||
# 打印输出
|
||||
print("%10s %s" % ("数量", "字符串"))
|
||||
counts = b.get_table("counts")
|
||||
for k, v in sorted(counts.items(), key=lambda counts: counts[1].value):
|
||||
print("%10d \"%s\"" % (v.value, k.c.encode('string-escape')))
|
||||
```
|
||||
|
||||
要学习的内容:1. ```PT_REGS_PARM1(ctx)```: 这个参数会获取传递给 ```strlen()``` 的第一个参数,也就是字符串。
|
||||
|
||||
1. ```b.attach_uprobe(name="c", sym="strlen", fn_name="count")```: 附加到库 "c"(如果这是主程序,则使用其路径名),对用户级函数 ```strlen()``` 进行插装,并在执行时调用我们的 C 函数 ```count()```。
|
||||
|
||||
### 第15课。nodejs_http_server.py
|
||||
|
||||
本程序会对用户静态定义的跟踪 (USDT) 探测点进行插装,这是内核跟踪点的用户级版本。示例输出:
|
||||
|
||||
```sh
|
||||
# nodejs_http_server.py 24728
|
||||
TIME(s) COMM PID ARGS
|
||||
24653324.561322998 node 24728 path:/index.html
|
||||
24653335.343401998 node 24728 path:/images/welcome.png
|
||||
24653340.510164998 node 24728 path:/images/favicon.png
|
||||
```
|
||||
|
||||
来自 [examples/tracing/nodejs_http_server.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/nodejs_http_server.py) 的相关代码:
|
||||
|
||||
```Python
|
||||
from __future__ import print_function
|
||||
from bcc import BPF, USDT
|
||||
import sys
|
||||
|
||||
if len(sys.argv) < 2:
|
||||
print("USAGE: nodejs_http_server PID")
|
||||
exit()
|
||||
pid = sys.argv[1]
|
||||
debug = 0
|
||||
|
||||
# load BPF program
|
||||
bpf_text = """
|
||||
#include <uapi/linux/ptrace.h>
|
||||
int do_trace(struct pt_regs *ctx) {
|
||||
uint64_t addr;
|
||||
char path[128]={0};
|
||||
bpf_usdt_readarg(6, ctx, &addr);
|
||||
bpf_probe_read_user(&path, sizeof(path), (void *)addr);
|
||||
bpf_trace_printk("path:%s\\n", path);
|
||||
return 0;
|
||||
};
|
||||
"""
|
||||
|
||||
# enable USDT probe from given PID
|
||||
u = USDT(pid=int(pid))
|
||||
u.enable_probe(probe="http__server__request", fn_name="do_trace")
|
||||
if debug:
|
||||
print(u.get_text())
|
||||
print(bpf_text)
|
||||
|
||||
# initialize BPF
|
||||
b = BPF(text=bpf_text, usdt_contexts=[u])
|
||||
```
|
||||
|
||||
学习内容:
|
||||
|
||||
1. ```bpf_usdt_readarg(6, ctx, &addr)```: 从 USDT 探测点中读取参数 6 的地址到 ```addr```。
|
||||
1. ```bpf_probe_read_user(&path, sizeof(path), (void *)addr)```: 现在字符串 ```addr``` 指向我们的 ```path``` 变量。
|
||||
1. ```u = USDT(pid=int(pid))```: 为给定的 PID 初始化 USDT 跟踪。1. ```u.enable_probe(probe="http__server__request", fn_name="do_trace")```: 将我们的 ```do_trace()``` BPF C 函数附加到 Node.js 的 ```http__server__request``` USDT 探针。
|
||||
1. ```b = BPF(text=bpf_text, usdt_contexts=[u])```: 需要将我们的 USDT 对象 ```u``` 传递给 BPF 对象的创建。
|
||||
|
||||
### 第16课. task_switch.c
|
||||
|
||||
这是一个早期的教程,作为额外的课程包含其中。用它来复习和加深你已经学到的内容。
|
||||
|
||||
这是一个比 Hello World 更复杂的示例程序。该程序将在内核中每次任务切换时被调用,并在一个 BPF 映射中记录新旧进程的 pid。
|
||||
|
||||
下面的 C 程序引入了一个新的概念:prev 参数。BCC 前端会特殊处理这个参数,从而使得对这个变量的访问从由 kprobe 基础设施传递的保存上下文中进行读取。从位置1开始的参数的原型应该与被 kprobed 的内核函数的原型匹配。如果这样做,程序就可以无缝访问函数参数。
|
||||
|
||||
```c
|
||||
#include <uapi/linux/ptrace.h>
|
||||
#include <linux/sched.h>
|
||||
|
||||
struct key_t {
|
||||
u32 prev_pid;
|
||||
u32 curr_pid;
|
||||
};
|
||||
|
||||
BPF_HASH(stats, struct key_t, u64, 1024);
|
||||
int count_sched(struct pt_regs *ctx, struct task_struct *prev) {
|
||||
struct key_t key = {};
|
||||
u64 zero = 0, *val;
|
||||
|
||||
key.curr_pid = bpf_get_current_pid_tgid();
|
||||
key.prev_pid = prev->pid;
|
||||
|
||||
// could also use `stats.increment(key);`
|
||||
val = stats.lookup_or_try_init(&key, &zero);
|
||||
if (val) {
|
||||
(*val)++;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
```
|
||||
|
||||
用户空间组件加载上面显示的文件,并将其附加到 `finish_task_switch` 内核函数上。
|
||||
BPF 对象的 `[]` 运算符允许访问程序中的每个 BPF_HASH,允许对内核中的值进行通行访问。可以像使用任何其他 python dict 对象一样使用该对象:读取、更新和删除操作都是允许的。
|
||||
|
||||
```python
|
||||
from bcc import BPF
|
||||
from time import sleep
|
||||
|
||||
b = BPF(src_file="task_switch.c")".```markdown
|
||||
```Chinese
|
||||
b.attach_kprobe(event="finish_task_switch", fn_name="count_sched")
|
||||
|
||||
# 生成多个调度事件
|
||||
for i in range(0, 100): sleep(0.01)
|
||||
|
||||
for k, v in b["stats"].items():
|
||||
print("task_switch[%5d->%5d]=%u" % (k.prev_pid, k.curr_pid, v.value))
|
||||
```
|
||||
|
||||
这些程序可以在文件 [examples/tracing/task_switch.c](https://github.com/iovisor/bcc/tree/master/examples/tracing/task_switch.c) 和 [examples/tracing/task_switch.py](https://github.com/iovisor/bcc/tree/master/examples/tracing/task_switch.py) 中找到。
|
||||
|
||||
### 第17课. 进一步研究
|
||||
|
||||
要进行进一步研究,请参阅 Sasha Goldshtein 的 [linux-tracing-workshop](https://github.com/goldshtn/linux-tracing-workshop),其中包含了额外的实验。bcc/tools 中还有许多工具可供研究。
|
||||
|
||||
如果您希望为 bcc 贡献工具,请阅读 [CONTRIBUTING-SCRIPTS.md](https://github.com/iovisor/bcc/tree/master/CONTRIBUTING-SCRIPTS.md)。在主要的 [README.md](https://github.com/iovisor/bcc/tree/master/README.md) 的底部,您还会找到与我们联系的方法。祝您好运,祝您成功追踪!
|
||||
|
||||
## 网络
|
||||
|
||||
TODO
|
||||
Reference in New Issue
Block a user