-
bpftrace's list option ('-l') should list the probes that would be enabled if a script is supplied or en enabling with the '-e' option'. Currently it just dumps available probes regardless:
```
# …
-
Sometimes `kretprobe`'s do not fire, depending on how many threads are currently "inside" the traced function, and the `maxactive` setting. The kernel tracks how many firings are missed. It would be…
-
Not able to compile on this system, so stuck with packages.
cannot attach kprobe, probe entry may not exist
Traceback (most recent call last):
File "./examples/hello_world.py", line 12, in
…
-
as the title says, `libbpf`'s symbol address resolver does not take into account THUMB addressing mode.
```bash
m.bieganski@hostname:~$ file libssl.so.1.1
libssl.so.1.1: ELF 32-bit LSB shared ob…
-
Hi, i'm new to ebpf and exploring how sysdig is using bpf. Sysdig is using `raw_tracepoint` type bpf programs to collect arguments and return values of different syscall functions. My understanding is…
-
## 1. env
I install bcc by source code:
```
apt purge bpfcc-tools libbpfcc python3-bpfcc
wget https://github.com/iovisor/bcc/releases/download/v0.25.0/bcc-src-with-submodule.tar.gz
tar xf bc…
-
gobpf currently uses global kprobes via debugfs/tracefs and not the Perf Event file descriptor based kprobe (Linux >=4.17, [commit](https://github.com/torvalds/linux/commit/e12f03d7031a977356e3d7b75a6…
alban updated
4 years ago
-
**1. DeviceInfo**
CentOS Linux release 8.2.2004 (Core)
4.18.0-193.6.3.el8_2.x86_64
bcc 0.30.0+e7109fa0
python 3.6
**2. HelloWorld DEMO**
`BPF(text='int kprobe__sys_clone(void *ctx) { bpf_…
-
### Windows Version
10.0.26100.2033
### WSL Version
2.2.4.0
### Are you using WSL 1 or WSL 2?
- [x] WSL 2
- [ ] WSL 1
### Kernel Version
6.6.36.6-microsoft-standard-WSL2+
### Distro Version
U…
-
# New methods required for dumping syscall table address
A once common way of exposing the system call table of the Linux kernel was to lookup the call table's address using the [`kallsym_lookup_na…