Getting -EACCES when callig kfunc from ebpf code
I am looking into kfunc mechanism and wrote a simple kernel module that exposes a kfunc which i try to call from ebpf code:
Hook file deletion with EBPF
I want to deny file deletion on a linux machine if the filename starts by “t”.
For eBPF verifier, how to eliminate the detection of “void return” of functions?
As eBPF verifier is quite strict, it only allows functions with return value. Is there any way to stop the check of void return? Which function of verifier should I modify?
For eBPF verifier, how to eliminate the detection of “void return” of functions?
As eBPF verifier is quite strict, it only allows functions with return value. Is there any way to stop the check of void return? Which function of verifier should I modify?
ebpf how to check the syscalls available
I am looking at an eBPF sample code it has this
Where can I find tracepoint event tcp_v4_connect?
I need to use tracepoint tcp_v4_connect to populate ebpf struct __sk_buff, but I found only these events in my kernel 6.6 tracing directory: tcp:tcp_cong_state_set, tcp:tcp_bad_csum, tcp:tcp_probe, tcp:tcp_retransmit_synack, tcp:tcp_rcv_space_adjust, tcp:tcp_destroy_sock, tcp:tcp_receive_reset, tcp:tcp_send_reset, tcp:tcp_retransmit_skb
How to get payload data from tcp_probe tracepoint via ebpf?
I need to read the payload of TCP packets. The following code always print an empty payload, even though payloadSize is greater than zero. What am I doing wrong?
Failed to load eBPF program
I am eBPF newbie, for learning trying to tweak existing filetop from https://github.com/iovisor/bcc/blob/master/tools/filetop.py.