Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
Congrats to
@pchaigno for a very clear and interesting talk on strace --seccomp-bpf, earlier today at#FOSDEM2020. His contribution based on seccomp-BPF helps filtering traced syscalls, and improves performance by a factor of up to 25 (for “dd” tool)!pic.twitter.com/fNodgCtC5I
-
[50] bpftool can generate a “skeleton” header file from a BPF program for inclusion in user space apps managing this BPF prog. Pass the BPF object file to bpftool: $ bpftool gen skeleton bpf_prog.o > user_prog.h Then include "user_prog.h". Details in “bpftool-gen” man page.pic.twitter.com/Ao7FBHB0Wl
Prikaži ovu nit -
[47] Like “ip link”, bpftool can attach programs to the XDP hook (and later detach them). The program must be loaded already, and then we would type: # bpftool net attach xdp id 42 dev eth0 # bpftool net detach xdp dev eth0 (xdpgeneric/xdpdrv/xdpoffload variants also supported)pic.twitter.com/3AxTafs5pF
Prikaži ovu nit -
[45] We can now list all BTF objects loaded in the system with bpftool (in addition to seeing BTF object attached to a given program or map): # bpftool btf [show|list]pic.twitter.com/1fDU3h8gzI
Prikaži ovu nit -
[44] bpftool can run programs with BPF_PROG_TEST_RUN command available for some prog types. Manually trigger a run for a program loaded in the kernel, on input data/context provided by the user: # bpftool prog run PROG data_in <file> data_out <file> (More options in man page)pic.twitter.com/XwzE0yb8Ad
Prikaži ovu nit -
It's merged. Kernel verifier now supports bounded loops for
#eBPF! https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=2589726d12a1b12eaaa93c7f1ea64287e383c7a5 …pic.twitter.com/Ajz84WBLXs
-
[42] bpftool now has a “-d|--debug” option to print debug-level information from libbpf and (when attempting to load BPF programs) from kernel verifier, even when all steps succeed.pic.twitter.com/pyY7IVoz3C
Prikaži ovu nit -
[40] When listing BPF programs and maps, bpftool has a “--bpffs” option (short name: “-f”) to print the path(s), if any, where those objects are pinned in the virtual file system. For example: # bpftool prog show --bpffs # bpftool -f mappic.twitter.com/pBmiaKrfPO
Prikaži ovu nit -
[37] Avoid grepping plain output from bpftool, esp. in scripts. Prefer JSON output (more stable/consistent). Use jq: for example, get IDs of XDP programs attached to eth0 with: # bpftool -j net show | \ jq '.[].xdp[]|select(.devname == "eth0")|.id // .multi_attachments[].id'pic.twitter.com/B6IqEn8iVD
Prikaži ovu nit -
[36] In addition to plain output and JSON, the list of BPF features supported on the system can be dumped by bpftool as a set of macros, ready for inclusion in a C header file. After all, BPF is about programming! # bpftool feature probe kernel macros [prefix <namespace_prefix>]pic.twitter.com/cHLJ0vcxEZ
Prikaži ovu nit -
[35] Want to check what BPF features are supported on your system? # bpftool feature probe kernel Dumps a list of BPF-related kernel config options and sysctl values, as well as availability of bpf() syscall, supported BPF program and map types and supported helper functions.pic.twitter.com/1zixQ6lOuP
Prikaži ovu nit -
[34] Linux 4.20 brought stack and queue maps to BPF. We can use bpftool to manipulate them. Because such maps don't rely on keys (only values), it differs somewhat from “bpftool map lookup/update”: # bpftool map pop/dequeue/peek <map> # bpftool map push/enqueue <map> value <val>pic.twitter.com/GATtaH7S5A
Prikaži ovu nit -
[32] When BTF is available for a program (to dump the C insns), adding the “linum” keyword also prints the name of the C source file, and the line numbers related to the converted instructions. Helpful to trace where a program comes from. # bpftool prog dump xlated id <id> linumpic.twitter.com/dx8OYxwFmU
Prikaži ovu nit -
[31] With the “visual” keyword, bpftool can dump the control flow graph of a program in a format compatible with dot. Use dot on the output to generate a graph showing the possible paths of execution. # bpftool prog dump xlated id <id> visualpic.twitter.com/0vXT6CpW9u
Prikaži ovu nit -
[30] More complex than bpf_trace_printk(), but more flexible and much faster, perf events can be used to stream data to user space. And yes, bpftool can dump this data: # bpftool map event_pipe <MAP> [cpu <N> index <M>] See also bpf_perf_event_output() http://man7.org/linux/man-pages/man7/bpf-helpers.7.html …pic.twitter.com/E5eqTgy7XN
Prikaži ovu nit -
[29] bpftool can dump the trace pipe, used by BPF helper bpf_trace_printk() to print debug output. For the record, it is based after a similar feature in iproute2, “tc exec bpf dbg”. With bpftool: # bpftool prog tracelog Shorter than “cat /sys/kernel/debug/tracing/trace_pipe”.pic.twitter.com/q1xs0bekcz
Prikaži ovu nit -
[27] BTF also provides info on the structure of map entries, printable with “bpftool map dump”. Requirements for program using the map: same as in [26], plus map declaration in C sources must be annotated with the “BPF_ANNOTATE_KV_PAIR(<map name>, <key type>, <val type>)” macro.pic.twitter.com/blqfSeI5E0
Prikaži ovu nit -
[26] BTF support! As
@alexei_ast pointed out, bpftool can dump the C source code of a program in addition to BPF/jited insns. This requires: - Compiling the program with “-g” flag passed to clang. - Using a recent LLVM version, 8+ (older versions need some pahole tinkering).pic.twitter.com/hEtgCuGcY9
Prikaži ovu nit -
[24] bpftool recently got support for converting and dumping the kernel image into BPF instructions: # bpftool kernel dump Then we can edit the BPF assembly and reload this new kernel, with all verifier checks as a benefit (no reboot required!): # bpftool kernel load <file>pic.twitter.com/TpAEEUBwrg
Prikaži ovu nit -
[21] For object files with more than one BPF program, bpftool can load all of them at once: # bpftool prog loadall bpf_flow.o /sys/fs/bpf/flow type flow_dissector This is especially useful when working with BPF tail calls. Maps can be pinned by adding “pinmaps <path in bpffs>”.pic.twitter.com/rrNiOecIeb
Prikaži ovu nit
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.