启动容器
- sudo docker run --rm -it --privileged \
- -v /lib/modules:/lib/modules:ro \
- -v /sys:/sys:ro \
- -v /usr/src:/usr/src:ro \
- alpine:3.12
安装依赖
- sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
-
- apk add bcc-tools bcc-doc
hello.c
- int hello_world(void *ctx)
- {
- bpf_trace_printk("Hello, World");
- return 0;
- }
hello.py
- from bcc import BPF
-
- b = BPF(src_file="hello.c")
- b.attach_kprobe(event="do_sys_openat2", fn_name="hello_world")
-
- b.trace_print()
执行,可看到打印出了hello world
- / # python3 hello.py
-
- In file included from
:2: - In file included from /virtual/include/bcc/bpf.h:12:
- In file included from include/linux/types.h:6:
- In file included from include/uapi/linux/types.h:14:
- In file included from ./include/uapi/linux/posix_types.h:5:
- In file included from include/linux/stddef.h:5:
- In file included from include/uapi/linux/stddef.h:5:
- In file included from include/linux/compiler_types.h:90:
- include/linux/compiler-clang.h:41:9: warning: '__HAVE_BUILTIN_BSWAP32__' macro redefined [-Wmacro-redefined]
- #define __HAVE_BUILTIN_BSWAP32__
- ^
- <command line>:4:9: note: previous definition is here
- #define __HAVE_BUILTIN_BSWAP32__ 1
- ^
- In file included from
:2: - In file included from /virtual/include/bcc/bpf.h:12:
- In file included from include/linux/types.h:6:
- In file included from include/uapi/linux/types.h:14:
- In file included from ./include/uapi/linux/posix_types.h:5:
- In file included from include/linux/stddef.h:5:
- In file included from include/uapi/linux/stddef.h:5:
- In file included from include/linux/compiler_types.h:90:
- include/linux/compiler-clang.h:42:9: warning: '__HAVE_BUILTIN_BSWAP64__' macro redefined [-Wmacro-redefined]
- #define __HAVE_BUILTIN_BSWAP64__
- ^
- <command line>:5:9: note: previous definition is here
- #define __HAVE_BUILTIN_BSWAP64__ 1
- ^
- In file included from
:2: - In file included from /virtual/include/bcc/bpf.h:12:
- In file included from include/linux/types.h:6:
- In file included from include/uapi/linux/types.h:14:
- In file included from ./include/uapi/linux/posix_types.h:5:
- In file included from include/linux/stddef.h:5:
- In file included from include/uapi/linux/stddef.h:5:
- In file included from include/linux/compiler_types.h:90:
- include/linux/compiler-clang.h:43:9: warning: '__HAVE_BUILTIN_BSWAP16__' macro redefined [-Wmacro-redefined]
- #define __HAVE_BUILTIN_BSWAP16__
- ^
- <command line>:3:9: note: previous definition is here
- #define __HAVE_BUILTIN_BSWAP16__ 1
- ^
- 3 warnings generated.
- b' python3-1056231 [005] d..31 1056012.574165: bpf_trace_printk: Hello, World'
- b' python3-1056231 [005] d..31 1056012.574277: bpf_trace_printk: Hello, World'
- b' python3-1056231 [005] d..31 1056012.574734: bpf_trace_printk: Hello, World'
- b' <...>-1059946 [006] d..31 1056300.636287: bpf_trace_printk: Hello, World'
- b' <...>-6346 [001] d..31 1056300.673240: bpf_trace_printk: Hello, World'
- b' <...>-6346 [001] d..31 1056300.673277: bpf_trace_printk: Hello, World'
- b' <...>-6346 [001] d..31 1056300.673287: bpf_trace_printk: Hello, World'
- b' <...>-6346 [001] d..31 1056300.673648: bpf_trace_printk: Hello, World'
- b' <...>-6346 [001] d..31 1056300.673666: bpf_trace_printk: Hello, World'
- b' <...>-6346 [001] d..31 1056300.673676: bpf_trace_printk: Hello, World'
- b' <...>-6346 [001] d..31 1056300.673685: bpf_trace_printk: Hello, World'