Skip to content

eBPF

for grabbing bpftool

When sudo apt install bpftool doesn't work

# For latest build follow below link
# https://github.com/libbpf/bpftool/releases

wget https://github.com/libbpf/bpftool/releases/download/v7.5.0/bpftool-v7.5.0-amd64.tar.gz
tar xf bpftool*
chmod +x ./bpftool
./bpftool

for loading program

sudo mount -t bpf bpffs /sys/fs/bpf
sudo bpftool prog load ./sample.o /sys/fs/bpf/sample

for `bpf_printk()` logs

# with bpftool
sudo bpftool prog tracelog

# for k8s-debug pod
echo > /host/sys/kernel/debug/tracing/trace
cat /host/sys/kernel/debug/tracing/trace_pipe

https://unix.stackexchange.com/questions/747990/how-to-clear-the-sys-kernel-debug-tracing-trace-pipe-quickly

for ebpf-lsm & kprobe-override status

# for ebpf-lsm
cat /sys/kernel/security/lsm

# for override
cat /boot/config-`uname -r` | grep CONFIG_BPF_KPROBE_OVERRIDE

for observing performance of eBPF programs

https://github.com/Netflix/bpftop