* Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote: > tracex1_kern.c - C program compiled into BPF. > It attaches to kprobe:netif_receive_skb > When skb->dev->name == "lo", it prints sample debug message into trace_pipe > via bpf_trace_printk() helper function. > > tracex1_user.c - corresponding user space component that: > - loads bpf program via bpf() syscall > - opens kprobes:netif_receive_skb event via perf_event_open() syscall > - attaches the program to event via ioctl(event_fd, PERF_EVENT_IOC_SET_BPF, prog_fd); > - prints from trace_pipe > > Note, this bpf program is completely non-portable. It must be recompiled > with current kernel headers. kprobe is not a stable ABI and bpf+kprobe scripts > may stop working any time. > > bpf verifier will detect that it's using bpf_trace_printk() and kernel will > print warning banner: > ** trace_printk() being used. Allocating extra memory. ** Printing this might be OK. > ** ** > ** This means that this is a DEBUG kernel and it is ** > ** unsafe for production use. ** But I think printing that it's unsafe for production use is over the top: it's up to the admin whether it's safe or unsafe, just like inserting a kprobe can be safe or unsafe. Informing that something happened is enough. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
