eBPF

可用观测点

mount | grep debugfs # debugfs_location
ls <debugfs_location>/tracing/events/syscalls/ # 获取所有可用 tracepoint
cat /proc/kallsyms # 获取所有 kprobe
cat <debugfs_location>/kprobes/blacklist # blacklist 中的 kprobe 不受支持
bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h # 获取 vmlinux.h
cat /sys/kernel/debug/tracing/trace_pipe # 持续输出调试信息
ls <linux_source>include/trace/events # raw_tracepoint 参数获取

手动编译头文件

1. 下载 Linux 源码并编译头文件

   make headers_install ARCH=<arch> INSTALL_HDR_PATH=<path>

2. 编译bpf_helper_defs.h

   python3 scripts/bpf_doc.py --header >> tools/lib/bpf/bpf_helper_defs.h

3. 设置头文件引入路径

   export CPATH="<linux_headers>/include:<linux_source_root>/tools/lib"