How to get linux ebpf build?

I want to learn linux ebpf vm if I write the ebpf test.c program using llvm:
clang -O2 -target bpf -o test.o test.c. How to get an ebpf assembly, e.g. tcpdump -d in classic bpf, thanks.

+4
source share
1 answer

It depends on what you mean by "learn [ing] linux ebpf vm".

Language itself

If you mean learning the instructions of eBPF, the assembly language itself, you can look at the documentation from the kernel (rather dense) or this generalized version of the syntax from the Bcc project.

Virtual machine

, eBPF, ( . ), ; linux/kernel/bpf ( , core.c). , .

dump eBPF

, , C eBPF, .

, tc-bpf man page:

__bcc() {
        clang -O2 -emit-llvm -c $1 -o - | \
        llc -march=bpf -filetype=obj -o "`basename $1 .c`.o"
}
alias bcc=__bcc

eBPF ELF. , objdump readelf. , classifier:

$ bcc return_zero.c
$ readelf -x classifier return_zero.o

Hex dump of section 'classifier':
   0x00000000 b7000000 02000000 95000000 00000000 ................

( - , 0x, ). , :

b7 0 0 0000 00000002 // Load 0x02 in register r0
95 0 0 0000 00000000 // Exit and return value in r0

, BPF , , , -.

bcc ( 16- ), BPF, tc filter add dev eth0 bpf obj … verbose verbose .

(uBPF) , : " (add32 r0, r1 ..) .

, , , , BPF, LLVM: , (. ) netdev. , clang/LLVM 4.0+ llvm-objdump -S -no-show-raw-insn my_file.o .

+3

Source: https://habr.com/ru/post/1657495/


All Articles