[Question] The type of uprobe does not match kernel

[janetat]

问题

当劫持的是BPF_PROG_LOAD时，为什么uprobe/uretprobe -> BPF_PROG_TYPE_SOCKET_FILTER?

假如使用的是bpf_prog_attach_uprobe_with_override去挂载程序（error_inject.c）。

[Officeyutong]

kernel uses BPF_PROG_TYPE_SOCKET_FILTER as program type of uprobe/uretprobe programs, so do us. Program type is not the same things as attach type.

[janetat]

But link says uprobe/uretprobe program is BPF_PROG_TYPE_KPROBE

[janetat]

BTW, After error_inject_bpf__open(), I print out the program type:

    # The bpf_prog_type is 2, BPF_PROG_TYPE_KPROBE
    fprintf(stderr, "!!!!!1: %d\n", skel->progs.do_error_inject_patch->type);
    fprintf(stderr, "!!!!!2: %s\n", skel->progs.do_error_inject_patch->name);

[yunwei37]

The key problem is that bpf_prog_attach_uprobe_with_override is not supported by kernel.

It's a self-define type only in bpftime, so we choose a type for that. Maybe we should choose a new one....