libbpf | Automated upstream mirror for libbpf stand-alone build | Recommender System library

 by   libbpf C Version: v1.2.0 License: Non-SPDX

kandi X-RAY | libbpf Summary

kandi X-RAY | libbpf Summary

libbpf is a C library typically used in Artificial Intelligence, Recommender System applications. libbpf has no bugs, it has no vulnerabilities and it has medium support. However libbpf has a Non-SPDX License. You can download it from GitHub.

Please check out [libbpf-bootstrap] and [the companion blog post] for the examples of building BPF applications with libbpf. [libbpf-tools] are also a good source of the real-world libbpf-based tracing tools. See also ["BPF CO-RE reference guide"] for the coverage of practical aspects of building BPF CO-RE applications and ["BPF CO-RE"] for general introduction into BPF portability issues and BPF CO-RE origins. All general BPF questions, including kernel functionality, libbpf APIs and their application, should be sent to bpf@vger.kernel.org mailing list. You can subscribe to it [here] and search its archive [here] Please search the archive before asking new questions. It very well might be that this was already addressed or answered before. bpf@vger.kernel.org is monitored by many more people and they will happily try to help you with whatever issue you have. This repository’s PRs and issues should be opened only for dealing with issues pertaining to specific way this libbpf mirror repo is set up and organized. Build
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              libbpf has a medium active ecosystem.
              It has 1461 star(s) with 328 fork(s). There are 66 watchers for this library.
              OutlinedDot
              It had no major release in the last 12 months.
              There are 20 open issues and 207 have been closed. On average issues are closed in 49 days. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of libbpf is v1.2.0

            kandi-Quality Quality

              libbpf has no bugs reported.

            kandi-Security Security

              libbpf has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

            kandi-License License

              libbpf has a Non-SPDX License.
              Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.

            kandi-Reuse Reuse

              libbpf releases are available to install and integrate.
              Installation instructions are not available. Examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of libbpf
            Get all kandi verified functions for this library.

            libbpf Key Features

            No Key Features are available at this moment for libbpf.

            libbpf Examples and Code Snippets

            No Code Snippets are available at this moment for libbpf.

            Community Discussions

            QUESTION

            What is the difference between syscalls openat and sys_enter_openat?
            Asked 2022-Mar-30 at 09:05

            I see for python BCC implementation the syscall __x64_sys_openat is used to attach a kprobe, however in libbpf implementation a kprobe is attached to sys_enter_openat. It seems both capture openat() syscall, I tested it with cat file.txt.

            What is the difference between them? And which one is more reliable to use?

            ...

            ANSWER

            Answered 2022-Mar-30 at 09:05

            __x64_sys_openat is the name of some function in the Linux kernel, to which BCC attaches a kprobe.

            sys_enter_openat is the name of a tracepoint in Linux, meaning that this is a (more or less) stable interface to which you can hook for tracing, including with an eBPF program. You can see the available tracepoints on your system by listing the entries under /sys/kernel/debug/tracing/events/. I think BCC also has a utility called tplist to help with it.

            When given the choice, I would recommend hooking at tracepoints if possible, because they tend to be more stable than kernel internals: The parameters for __x64_sys_openat, or the name of that function, could change between different kernel versions for example; or the name would change on an other architecture, et cætera. However, the tracepoint is unlikely to change. Note that the instability of kernel's internals is somewhat mitigated for eBPF with CO-RE.

            Then it is not always possible to hook to a tracepoint: You can only use one of the existing tracepoints from the kernel. If you want to hook to another random function where no tracepoint is present (and assuming this function was not inlined at compilation time - check this by looking for it in /proc/kallsyms), then you want to use a kprobe.

            Sometimes you also need to pay extra attention to where you hook. For example, for security use cases (i.e. blocking a syscall), syscall tracepoints (or the corresponding kernel functions, obviously) are not always the best hooking points because they might leave you open to TOCTOU attacks. LSM hooks could be a good solution for that use case.

            Source https://stackoverflow.com/questions/71668868

            QUESTION

            BPF lib documentation
            Asked 2022-Mar-22 at 23:20

            I have created an app with BPF library(https://github.com/libbpf/libbpf). Unfortunately it does not have documentation or at least I have not found it yet. Only thing I have found is this https://libbpf.readthedocs.io/en/latest/api.html, but it does not have everything I need.

            I would like to know, what is void *ctx for and what are these ring_buffer_opts in this function.

            ...

            ANSWER

            Answered 2022-Mar-22 at 23:19

            You have found the GitHub mirror for the project (the “original” sources are in the Linux kernel repository) and the official API documentation. The latter is generated from the source code, in particular from the comments in src/libbpf.h. It may be that the documentation is not entirely up-to-date, it seems that the description for a few functions is currently missing in the HTML-rendered documentation.

            However, not all functions have been documented yet, and the ring buffer API does not have much on this side to help you. So the best I can suggest is to look at the code and at existing examples. There are at least two selftests in the kernel repository which are using ring_buffer__new(): ringbuf.c and ringbuf_multi.c.

            The first one (ringbuf.c) calls it like this:

            Source https://stackoverflow.com/questions/71569944

            QUESTION

            eBPF: 'bpf_map_update()' returns the 'invalid indirect read from stack' error
            Asked 2022-Mar-22 at 22:28

            I have an eBPF program with the following map definitions:

            ...

            ANSWER

            Answered 2022-Mar-22 at 22:28

            The verifier complains because your code is trying to read uninitialised data from the stack, in particular in your variable val.

            If we look at your code:

            Source https://stackoverflow.com/questions/71529801

            QUESTION

            eBPF / XDP map not getting created
            Asked 2022-Mar-19 at 23:24

            I have an implementation in BPF for XDP, wherein I specify five maps to be created as follows:

            ...

            ANSWER

            Answered 2022-Mar-19 at 23:24

            As per the discussion in the comments, the map is not created because it is not actually used in your eBPF code (not provided in the question).

            As you realised yourself, the branch in your code that was calling the map was in fact unreachable. Based on that, it's likely that clang compiled out this portion of code, and that the map is not used in the resulting eBPF bytecode. When preparing to load your program, bpftool (libbpf) looks at what maps are necessary, and only creates the ones that are needed for your program. It may skip maps that are defined in the ELF file if no program uses them.

            One hint here is that, if the program was effectively using the map, it couldn't load successfully if the map was missing: given that your program loads, the map would necessarily be present if it was needed. Note that bpftool prog show will show you the ids of the maps used by a program.

            Source https://stackoverflow.com/questions/71510575

            QUESTION

            Unable to initialize BPF_MAP_TYPE_PERCPU_ARRAY
            Asked 2022-Mar-17 at 00:32

            Here's how I'm trying to initialize a BPF_MAP_TYPE_PERCPU_ARRAY of structs to a default value. The array contains counters the user space program will read.

            ...

            ANSWER

            Answered 2022-Mar-16 at 19:52

            This specific part is triggering this error:

            Source https://stackoverflow.com/questions/71502790

            QUESTION

            printing directory with simple ls and grep command Linux
            Asked 2022-Jan-31 at 08:11

            So I have this command ls -al -R | grep libbpf.h and it just act dump print

            ...

            ANSWER

            Answered 2022-Jan-31 at 08:11

            you can use find command

            Source https://stackoverflow.com/questions/70922399

            QUESTION

            is there a way I can share some ebpf map between ebpf program and userspace program that has value struct using libbpf for keys
            Asked 2022-Jan-16 at 11:11

            So I created a map of type BPF_MAP_TYPE_ARRAY.

            ...

            ANSWER

            Answered 2022-Jan-16 at 11:11

            TL;DR. The issue is that you're making an out-of-bound access to the packet from the verifier's point of view. You need to check the packet is long enough to actually contain the IP header first.

            Reading the verifier error message.

            Source https://stackoverflow.com/questions/70721661

            QUESTION

            cannot open shared object file: No such file or directory | including libbpf with userspace program
            Asked 2022-Jan-13 at 14:22

            So in my userspace program I am calling some functions like bpf_object__open_file which are part of libbpf library installed with PKG_CONFIG_PATH=/build/root/lib64/pkgconfig DESTDIR=/build/root make install

            So when I compile the it compiles just fine, no error with this command

            ...

            ANSWER

            Answered 2022-Jan-13 at 14:22

            You should add the libbpf library directory to your LD_LIBRARY_PATH variable.

            Source https://stackoverflow.com/questions/70696552

            QUESTION

            Trying to create map with char array field invalid field error
            Asked 2022-Jan-12 at 10:28

            I like to know how to create ebpf map with char array value

            I tried like this

            ...

            ANSWER

            Answered 2021-Dec-17 at 17:07

            The key and value should be __u32:

            Source https://stackoverflow.com/questions/70394743

            QUESTION

            I have a function call in one program and this function is depreciated.Is there any newer version that I can use in my code | perf_buffer__new in ebpf
            Asked 2022-Jan-10 at 17:07

            I have this function which is depreciated. First how one can find the new alternative to functions that are depreciated. the function exist in libbpf library and perf_buffer__new is the exact name. so basically as the name suggest its used to create perf buffer to share info between userspace and kernel. First I like to know is perf buffers are only specific to ebpf filters or not. not means I can use perf buffers in anything. for example if I have some driver code so I just add perf buffer to have info shared between some userspace app and the driver. so some searching on the web I found it specifically link to ebpf, is this true?

            So this is my code that uses call to perf_buffer__new but that function is depreciated, this function in libbpf's libbpf.h header file declarations is commented out

            So I like to new what is the new alternative that I can use in my code, if there is a change in api then i like to let u know that I am trying share buffer parameter in SEC("kprobe/__x64_sys_recvfrom") to userspace for that I have used PT_REGS_PARM2 and bpf_probe_read_kernel to and included the parameter in map data. So if api is changed then how to accomplish this this is my userspace and ebpf program

            Userspace.c

            ...

            ANSWER

            Answered 2022-Jan-10 at 17:07

            1. you are explicitly using perf_buffer__new_deprecated in your code - don't do this: Use perf_buffer_new instead. You should never call a function that already has 'deprecated' in it's name.

            2. Take a look in the header: libbpf/libbpf.h

            perf_buffer_new is defined like this:

            Source https://stackoverflow.com/questions/70417623

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install libbpf

            You can download it from GitHub.

            Support

            Please check out [libbpf-bootstrap](https://github.com/libbpf/libbpf-bootstrap) and [the companion blog post](https://nakryiko.com/posts/libbpf-bootstrap/) for the examples of building BPF applications with libbpf. [libbpf-tools](https://github.com/iovisor/bcc/tree/master/libbpf-tools) are also a good source of the real-world libbpf-based tracing tools. See also ["BPF CO-RE reference guide"](https://nakryiko.com/posts/bpf-core-reference-guide/) for the coverage of practical aspects of building BPF CO-RE applications and ["BPF CO-RE"](https://nakryiko.com/posts/bpf-portability-and-co-re/) for general introduction into BPF portability issues and BPF CO-RE origins. All general BPF questions, including kernel functionality, libbpf APIs and their application, should be sent to bpf@vger.kernel.org mailing list. You can subscribe to it [here](http://vger.kernel.org/vger-lists.html#bpf) and search its archive [here](https://lore.kernel.org/bpf/). Please search the archive before asking new questions. It very well might be that this was already addressed or answered before. bpf@vger.kernel.org is monitored by many more people and they will happily try to help you with whatever issue you have. This repository’s PRs and issues should be opened only for dealing with issues pertaining to specific way this libbpf mirror repo is set up and organized. Build [![Github Actions Builds & Tests](https://github.com/libbpf/libbpf/actions/workflows/test.yml/badge.svg)](https://github.com/libbpf/libbpf/actions/workflows/test.yml) [![Total alerts](https://img.shields.io/lgtm/alerts/g/libbpf/libbpf.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/libbpf/libbpf/alerts/) [![Coverity](https://img.shields.io/coverity/scan/18195.svg)](https://scan.coverity.com/projects/libbpf) [![OSS-Fuzz Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libbpf.svg)](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#libbpf).
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries

            Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link