-
When I deep dive into [`struct bpf_prog_info`](https://github.com/torvalds/linux/blob/75b607fab38d149f232f01eae5e6392b394dd659/include/uapi/linux/bpf.h#L6552), I find that we can retrieve ksyms and ks…
-
eBPF for Windows should support ETW, syscall and kprobe style hooks
One of the strong points of BPF on Linux is the ability to execute BPF programs in response to kprobes and system calls. This pro…
-
`opensnitchd -check-requirements`:
```
Checking system requirements for kernel version 6.11.7-zen1-1-zen
------------------------------------------------------------------------------
Chec…
-
## Description
The kernel symbol table utility relies on `CAP_SYSLOG` in order to be able to read from `/proc/kallsyms` and get actual addresses (otherwise addresses are zeroed-out).
When `NewKe…
-
现有内核选项
CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
CONFIG_CGROUPS=y
CONFIG_NET_INGRESS=y
CONFIG_NET_EGRESS=y
CONFIG_NET_SCH_INGRESS=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_CLS_ACT=y
CONFIG_…
-
### Describe the bug
Tests on arm64 fail since the new kernel doesn't have the necessary config for kprobe_multi.
```
=== Failed
=== FAIL: link TestKprobeMulti (0.00s)
kprobe_multi_test.go:…
-
The docs say this about `time(...)`:
> bpftrace uses the `strftime(3)` function for formatting time and supports the same format specifiers.
However, it doesn't seem to format `%f` correctly, wh…
-
Today Retina only watches for events from either tc prog or some drop reason kprobes, Retina should be watching for events of unix domain socket as well. This will need additional work to understand h…
-
Does this ubpf support kprobe and uprobe?
-
kprobe
======
kprobes provide kernel dynamic instrumentation
kprobes can create instrumentation events for any kernel function, and instructions within functions
The biggest risk in practice i…