Le 23/04/2021 à 12:26, Quentin Monnet a écrit :
2021-04-23 09:19 UTC+0200 ~ Christophe Leroy <christophe.leroy@xxxxxxxxxx>
[...]
I finally managed to cross compile bpftool with libbpf, libopcodes,
readline, ncurses, libcap, libz and all needed stuff. Was not easy but I
made it.
Libcap is optional and bpftool does not use readline or ncurses. May I
ask how you tried to build it?
Now, how do I use it ?
Let say I want to dump the jitted code generated from a call to
'tcpdump'. How do I do that with 'bpftool prog dump jited' ?
I thought by calling this line I would then get programs dumped in a way
or another just like when setting 'bpf_jit_enable=2', but calling that
line just provides me some bpftool help text.
Well the purpose of this text is to help you find the way to call
bpftool to do what you want :). For dumping your programs' instructions,
you need to tell bpftool what program to dump: Bpftool isn't waiting
until you load a program to dump it, instead you need to load your
program first and then tell bpftool to retrieve the instructions from
the kernel. To reference your program you could use a pinned path, or
first list the programs on your system with "bpftool prog show":
# bpftool prog show
138: tracing name foo tag e54c922dfa54f65f gpl
loaded_at 2021-02-25T01:32:30+0000 uid 0
xlated 256B jited 154B memlock 4096B map_ids 64
btf_id 235
Got the following error:
root@vgoip:~# ./bpftool prog show
libbpf: elf: endianness mismatch in pid_iter_bpf.
libbpf: failed to initialize skeleton BPF object 'pid_iter_bpf': -4003
Error: failed to open PID iterator skeleton
Christophe