-
# 问题
当劫持的是```BPF_PROG_LOAD```时,为什么```uprobe/uretprobe -> BPF_PROG_TYPE_SOCKET_FILTER```?
假如使用的是```bpf_prog_attach_uprobe_with_override```去挂载程序(error_inject.c)。
-
It looks like stacksnoop.lua is broken.
```
# ./stacksnoop.lua ext4_io_submit
[ERROR] bcc.lua:2271: bcc-lua: undefined symbol: bcc_symcache_new
stack traceback:
[C]: in function '__inde…
-
To my understanding, injecting delay into kernel kprobe point is not supported yet due to 2 factors:
- No way to sleep in BPF context
- Injecting delay needs kernel developer to define where inj…
-
my kernel release:
```
~ # uname -a
Linux (none) 4.18.0 #10 SMP Fri Jul 26 10:32:39 CST 2024 x86_64 GNU/Linux
```
libbpf version is 0.3, to adapt to the version of 4.18 kernel.
```c
...
…
-
I want to deny acess to a specific file, for example "exa.txt". But failed. (Testing like this: "vi exa.txt", I can still create it)
Anything wrong in my code?
//my code
from bcc import BPF
…
-
Gentoo found a problem when building with LTO + -Werror=odr, see [here for the bug](https://bugs.gentoo.org/938491).
I have reproduced this with 0.31.0 and despite the fact that PyPerf is "only" an…
-
I try to find out the file-descriptor from the systemcall _connect_.
For this I have created an environment with cargo generate. I selected _kprobe_ as program type and ___x64_sys_connect_ as endpo…
-
Some parts of the training introduce a lot of tools, some with shared features, some with very specific features. It would be nice to have in the training slides one big picture at which we can go bac…
-
The existing TracingPolicy is powerful but provides a very small abstraction over kernel mechanisms such as kprobes, uprobes, or tracepoints and it might be difficult for users to use them. We could c…
-
This is a request for help.
I wrote killsnoop back in 2015 before tracepoint support, and so I kprobe'd sys_kill(). It still does some derivation of that. But now there's a report it no longer work…