search

joelagnel / bpfd

BPFd (Deprecated, please see README.md) : Berkeley Packet Filter daemon (BPFd). Makes it possible to run BCC tools across systems.
Apache License 2.0
95 stars 23 forks source link

generate byte code for use with BPFd on arm64 #54

Open maindoor opened 5 years ago

maindoor commented 5 years ago

Hi, How do I generate BPF byte code for feeding into bpfd on the target. compiler/kernel/bcc is on host, no direct communication between host and target (due to security concern). lwn.net article uses 'cat my_bpf_prog.base64 | bpfd' So can someone help in clarifying how to generate BPF byte code in base64 format for feeding to bpfd using bcc for a simple program like https://github.com/iovisor/bcc/blob/master/examples/hello_world.py ?

joelagnel commented 5 years ago

Hi! BPFd is deprecated because of limitations, see this thread here: https://github.com/iovisor/bcc/pull/2298 Please check the deprecation warning and what is replacing bpfd here: https://github.com/joelagnel/bpfd/blob/master/README.md

I am sorry but this BPFd repository is here only for historical reasons. I will see if I can find a better way to mark it as deprecated. Future development of BPFd is left to the community, since I am not using this technique for my projects any longer. Also: Me and folks at Facebook are working to make bpftrace run natively on Android. The community is moving towards bpftrace instead of BCC/BPFd and this what we are focusing on. Hope this helps.

maindoor commented 5 years ago

Hi Joel, Thank you for your reply.

Do you have any suggestion how I can work remotely with bcc on an embedded device ?

Maybe in the future I can move to more recent tools for now I have to somehow work with bpfd. My requirement is simple I just want to call dump_stack() at arbitrary locations within the kernel to understand different data paths a packet takes. Maybe with some arguments like length of the packet or protocol. For this bpfd works great. Small in size, python works well. I'm almost there, just need one final step to take the bytecode from my dev machine to the target and I'm home free. Any help here is appreciated.

Thanks.

joelagnel commented 5 years ago

Why not just call trace_dump_stack(0) from relevant paths in the kernel code and then check the ftrace buffer? Is it because you also want the userspace stack?

As for bcc on small devices, there is a language called ply that doesn't need bcc and can generate bpf progs. Try that?

I am working on slimming down bpftrace so may be at some point in the future you may be able to run it on your small devices. Unfortunately we are not there yet.

On Sun, Jun 23, 2019, 11:24 AM maindoor notifications@github.com wrote:

Hi Joel, Thank you for your reply.

  • Your link says that BPFd works for arm64, and my requirement is simple, so this works.
  • BPFtrace, does not allow the level of control that bpfd/bcc gives, also requires llvm backend, space not a choice for my embedded system.
  • adeb requires 2GB of free space, my entire embedded system contains only 512Mb, so adeb is not the right for me.

Do you have any suggestion how I can work remotely with bcc on an embedded device ?

Maybe in the future I can move to more recent tools for now I have to somehow work with bpfd. My requirement is simple I just want to call dump_stack() at arbitrary locations within the kernel to understand different data paths a packet takes. Maybe with some arguments like length of the packet or protocol. For this bpfd works great. Small in size, python works well. I'm almost there, just need one final step to take the bytecode from my dev machine to the target and I'm home free. Any help here is appreciated.

Thanks.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/joelagnel/bpfd/issues/54?email_source=notifications&email_token=AAAJEVADKBT7F37KOI4GKD3P36ISXA5CNFSM4H2XPV22YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYLA22I#issuecomment-504761705, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAJEVHNZWBVPIGDVB2UD6DP36ISXANCNFSM4H2XPV2Q .