pwru
pwru copied to clipboard
cilium
Packet, where are you? -- eBPF-based Linux kernel networking debugger
#78 The resultant image size is that of about 80MB. Signed-off-by: Nikhil Chaudhari [email protected]
The Dockerfile ends up generating the 1.47GB image. This can be reduced by: - Use `base` image instead of `ubuntu`. - Copy the compiled `pwru` binary to a new image.
On 5.18, both `PT_REGS_IP(ctx)` and `bpf_get_func_ip(ctx)` return addrs which are +4 compared to 5.17. This breaks IP => func name resolution via `/proc/kallsyms`. @YutaroHayakawa found this commit https://github.com/torvalds/linux/commit/7f0059b58f0257d895fafd2f2e3afe3bbdf21e64 which might...
When writing bpf programs, you may need to use some basic memory operations, such as memcmp, etc. https://github.com/cilium/cilium/blob/master/bpf/include/bpf/builtins.h
Details are in the lwn article - https://lwn.net/Articles/885729/. >This information is not actually useful to the kernel, but it has been added to the existing kfree_skb tracepoint, making it available...
The Cilium's alignchecker should be extended to support BTF instead of DWARF. AFAIK, @ti-mo is planning to do so.
Mainly to catch possible discrepancies between different verifier versions.
```bash # ./pwru --output-skb 2021/11/25 16:47:00 Loading objects: field KprobeSkb1: program kprobe_skb_1: load program: invalid argument: BPF_STX uses reserved fields processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states...
