Comments (8)
Check if your vmlinux.h
has a definition for BPF_MAP_TYPE_BLOOM_FILTER
.
libbpfgo/selftest/common/vmlinux.h
Line 128 in 3c5cd66
More related:
from libbpfgo.
Hi @Hugo96870, it's nice to see you trying libbpfgo.
We recommend you build it statically since you'll have a different libbpf system version (most of the time).
For building your code correctly, please refer to the selftests Makefile that sets the required flags: https://github.com/aquasecurity/libbpfgo/blob/main/selftest/common/Makefile
from libbpfgo.
Hi @Hugo96870, it's nice to see you trying libbpfgo.
We recommend you build it statically since you'll have a different libbpf system version (most of the time).
For building your code correctly, please refer to the selftests Makefile that sets the required flags: https://github.com/aquasecurity/libbpfgo/blob/main/selftest/common/Makefile
Hi @geyslan! I'm sorry for the delayed response
Upon build libbpfgo statically a new error started popping up:
go build -o ./trace_write/loader ./trace_write/loader.go
# github.com/aquasecurity/libbpfgo
../libbpfgo/map-common.go:51:39: could not determine kind of name for C.BPF_MAP_TYPE_BLOOM_FILTER
Even if I comment everything related with BPF_MAP_TYPE_BLOOM_FILTER
, we get the following error:
go build -o ./trace_write/loader ./trace_write/loader.go
# github.com/aquasecurity/libbpfgo
cgo: ../libbpfgo/prog.go:520:18: unexpected: -1-byte enum type - enum bpf_cgroup_iter_order {}
These are with the changes to use the local repos (example of my go.mod file):
module github.com/cilium/ebpf
go 1.22.0
require (
github.com/aquasecurity/libbpfgo v0.1.1
github.com/libbpf/libbpf v1.3.0
github.com/go-quicktest/qt v1.101.0
github.com/google/go-cmp v0.5.9
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2
golang.org/x/sys v0.17.0
)
replace github.com/aquasecurity/libbpfgo => ../libbpfgo
replace github.com/libbpf/libbpf => ../libbpf
require (
github.com/kr/pretty v0.3.1 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/rogpeppe/go-internal v1.11.0 // indirect
)
If I don't use the local repos the error is the one I started with as expected
from libbpfgo.
Check if your
vmlinux.h
has a definition forBPF_MAP_TYPE_BLOOM_FILTER
.libbpfgo/selftest/common/vmlinux.h
Line 128 in 3c5cd66
More related:
Yes the vmlinux.h has a definition for BPF_MAP_TYPE_BLOOM_FILTER
Upon overpassing this issue I'm now facing a new one:
sudo go build -o ./trace_write/loader ./trace_write/loader.go
# github.com/aquasecurity/libbpfgo
cgo: ../libbpfgo/prog.go:520:18: unexpected: -1-byte enum type - enum bpf_cgroup_iter_order {}
This also happens on version of libbpf 1.2 and libbpfgo v0.5.1-libbpf-1.2, from what I could gather the issue is in the struct cgo_bpf_iter_attach_opts_new
not being able to recognise bpf_cgroup_iter_order
, which is defined in libbpf
I see its definition in here: /<My_path>/libbpfgo/libbpf/.github/actions/build-selftests/vmlinux.h
and here:
/home/hugo/Desktop/libbpfgo/libbpf/include/uapi/linux/bpf.h
from libbpfgo.
Upon overpassing this issue I'm now facing a new one:
How did you solved it (BPF_MAP_TYPE_BLOOM_FILTER missing def)? I ask since the lack of bpf_cgroup_iter_order seems related to it.
This also happens on version of libbpf 1.2 and libbpfgo v0.5.1-libbpf-1.2
The last libbpfgo release - v0.6.0-libbpf-1.3 - requires libbpf 1.3.
Please, try using the last release and itslibbpf 1.3 submodule. We don't recommend to use the system or other local version.
from libbpfgo.
How did you solved it (BPF_MAP_TYPE_BLOOM_FILTER missing def)? I ask since the lack of bpf_cgroup_iter_order seems related to it.
With some local changes, but it led to a dead end.
The last libbpfgo release - v0.6.0-libbpf-1.3 - requires libbpf 1.3.
With this version the error that pops is the first one:
/root/go/pkg/mod/github.com/aquasecurity/[email protected]/map-common.go:51:39: could not determine kind of name for C.BPF_MAP_TYPE_BLOOM_FILTER
All the selftests pass and following the other threads led to dead ends as well
Also the vmlinux.h I'm using to compile the ebpf program has the type BPF_MAP_TYPE_BLOOM_FILTER
defined in the enum
bpf_map_type
from libbpfgo.
Well, I did a local test with your code and realized that your golang import is wrong:
"github.com/aquasecurity/tracee/libbpfgo"
Replace it with:
"github.com/aquasecurity/libbpfgo"
My local test:
::::::::::::::
ebpf.c
::::::::::::::
// +build ignore
#include <vmlinux.h>
#include <bpf/bpf_helpers.h>
// Define a map to hold the count of bytes written
struct {
__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
__type(key, u32);
__type(value, long);
__uint(max_entries, 64);
} write_count SEC(".maps");
SEC("kprobe/sys_write")
int bpf_prog1(const struct pt_regs *ctx)
{
u32 key = 0;
long bytes_written;
bpf_probe_read(&bytes_written, sizeof(bytes_written), (void *)ctx + 24);
// Update the map with the count of bytes written
bpf_map_update_elem(&write_count, &key, &bytes_written, BPF_ANY);
return 0;
}
char LICENSE[] SEC("license") = "GPL";
::::::::::::::
loader.go
::::::::::::::
package main
import (
"fmt"
"os"
"os/signal"
"syscall"
"github.com/aquasecurity/libbpfgo"
)
func main() {
// Load the BPF Object
bpfModule, err := libbpfgo.NewModuleFromFile("write_trace.bpf.o")
if err != nil {
fmt.Fprintf(os.Stderr, "could not load bpf module: %v\n", err)
os.Exit(1)
}
defer bpfModule.Close()
// Load and attach tracepoint
err = bpfModule.BPFLoadObject()
if err != nil {
fmt.Fprintf(os.Stderr, "could not load bpf object: %v\n", err)
os.Exit(1)
}
prog, err := bpfModule.GetProgram("bpf_prog1")
if err != nil {
fmt.Fprintf(os.Stderr, "could not get BPF program: %v\n", err)
os.Exit(1)
}
_, err = prog.AttachKprobe("sys_write")
if err != nil {
fmt.Fprintf(os.Stderr, "could not attach kprobe: %v\n", err)
os.Exit(1)
}
// Setup ring buffer
eventsMap, err := bpfModule.GetMap("events")
if err != nil {
fmt.Fprintf(os.Stderr, "could not find events map: %v\n", err)
os.Exit(1)
}
ringBuffer, err := libbpfgo.NewRingBuffer(eventsMap, func(data []byte) {
// Process each event
fmt.Println("Event received")
// Add your logic to process ring buffer events here
})
if err != nil {
fmt.Fprintf(os.Stderr, "could not create ring buffer: %v\n", err)
os.Exit(1)
}
ringBuffer.Start()
defer ringBuffer.Stop()
// Wait for the user to press Ctrl+C
fmt.Println("Waiting for events... Press Ctrl+C to stop.")
c := make(chan os.Signal, 1)
signal.Notify(c, os.Interrupt, syscall.SIGTERM)
<-c
fmt.Println("Detaching and closing BPF program")
}
::::::::::::::
go.mod
::::::::::::::
module testbpf.com
go 1.22.0
require github.com/aquasecurity/libbpfgo v0.6.0-libbpf-1.3
replace github.com/aquasecurity/libbpfgo => ./libbpfgo
::::::::::::::
go.sum
::::::::::::::
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
Command to compile it:
GOOS=linux CC=clang GOARCH=amd64 CGO_CFLAGS="-I ./libbpfgo/output -I ./libbpfgo/selftest/common" CGO_LDFLAGS="$(pkg-config --libs libelf zlib) ./libbpfgo/output/libbpf/libbpf.a" go build -ldflags='-w -extldflags "-static"' -o loader
It outputs other error since you don't have a BPF_MAP_TYPE_RINGBUF
.
from libbpfgo.
I'm going to convert it to a discussion since we didn't detect any issue.
from libbpfgo.
Related Issues (20)
- Split bpf module, progs, maps into own files
- Wrap C struct field handling
- Split bpf module and program into own files
- LinkType enum needs to align libbpf values
- attach xdp error
- Check type cast results
- [Error] in running go user space code HOT 1
- OSInfo singleton HOT 3
- LIBBPF_MAJOR_VERSION missing HOT 2
- Compiling a user space application that uses libbpfgo as dependency fails HOT 1
- Error compiling go programme HOT 2
- Incorrect parsing of IoUringRequestFlag
- TcHook.Detach() always raises the `failed to detach tc hook: invalid argument` error. HOT 7
- TcHook.Query() always raises the `failed to query tc hook: invalid argument` error. HOT 3
- cookie support HOT 2
- Some tests fail on ARM64 HOT 1
- can show an interaction example between ebpf c and golang that uses ring buffer? HOT 1
- Static builds with newer libelf require `-l zstd` HOT 3
- Redefine code style .clang-format
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libbpfgo.