dthaler
commented
3 years ago @Alan-Jowett can you help track down what the right public APIs are to acquire this information?
Open dthaler opened 3 years ago
dthaler
commented
3 years ago @Alan-Jowett can you help track down what the right public APIs are to acquire this information?
Alan-Jowett
commented
3 years ago I think you can get this using the process snapshot APIs.
// PSS_WALK_SNAPSHOT information classes. typedef enum { PSS_WALK_AUXILIARY_PAGES = 0, PSS_WALK_VA_SPACE = 1, PSS_WALK_HANDLES = 2, PSS_WALK_THREADS = 3 } PSS_WALK_INFORMATION_CLASS;
The sequence would be: 1) Take snapshot of process list. 2) Take snapshot of each process. 3) For each handle, query eBPF for its type info.
Still researching to see if there is a simpler way to do this via public APIs.
dthaler
commented
1 year ago I verified a year ago that the APIs Alan mentions above do work. I have a personal branch somewhere with a prototype.
dthaler
commented
1 year ago bpftool pids.c has build_obj_refs_table() which returns a mapping from object (program/map/link) ID to set of PIDs, where the mapping returned includes all program IDs or map IDs or link IDs.
emit_obj_refs_plain() then filters by a given object ID and prints the set of PIDs.
dthaler
commented
1 year ago We now have a way to enumerate processes that have references to ebpf itself, but not at the granularity of individual eBPF programs, maps, or links.
The netsh helper has had the following TODO in it since the beginning:
However, this needs an API to query that information, which is required by bpftool (and netsh).