eBPF

eBPF

可用观测点

1
2
3
4
mount | grep debugfs # debugfs_location
ls <debugfs_location>/tracing/events/syscalls/ # 获取所有可用 tracepoint
cat /proc/kallsyms # 获取所有 kprobe
cat <debugfs_location>/kprobes/blacklist # blacklist 中的 kprobe 不受支持

编译

  1. 下载 Linux 源码并编译头文件
    1
    make headers_install ARCH=<arch> INSTALL_HDR_PATH=<path>
  2. 编译bpf_helper_defs.h
    1
    python3 scripts/bpf_doc.py --header >> tools/lib/bpf/bpf_helper_defs.h
  3. 设置头文件引入路径
    1
    export CPATH="<linux_headers>/include:<linux_source_root>/tools/lib"