[question]: Run ebpf demo failed.

Question

[question]: Run ebpf demo failed.

yuluo-yx opened this issue 4 months ago · comments

1. env

I install bcc by source code:

apt purge bpfcc-tools libbpfcc python3-bpfcc
wget https://github.com/iovisor/bcc/releases/download/v0.25.0/bcc-src-with-submodule.tar.gz
tar xf bcc-src-with-submodule.tar.gz
cd bcc/
apt install -y python-is-python3
apt install -y bison build-essential cmake flex git libedit-dev   libllvm11 llvm-11-dev libclang-11-dev zlib1g-dev libelf-dev libfl-dev python3-distutils
apt install -y checkinstall
mkdir build
cd build/
cmake -DCMAKE_INSTALL_PREFIX=/usr -DPYTHON_CMD=python3 ..
make
checkinstall

os: ubuntu 20.04
python3

2. ebpf code

#!/usr/bin/python3

from bcc import BPF
from time import sleep

# 定义 eBPF 程序
bpf_text = """
#include <uapi/linux/ptrace.h>

BPF_HASH(stats, u32);

int count(struct pt_regs *ctx) {
    u32 key = 0;
    u64 *val, zero=0;
    val = stats.lookup_or_init(&key, &zero);
    (*val)++;
    return 0;
}
"""

# 编译 eBPF 程序
b = BPF(text=bpf_text, cflags=["-Wno-macro-redefined"])

# 加载 eBPF 程序
b.attach_kprobe(event="tcp_sendmsg", fn_name="count")

name = {
  0: "tcp_sendmsg"
}
# 输出统计结果
while True:
    try:
        #print("Total packets: %d" % b["stats"][0].value)
        for k, v in b["stats"].items():
           print("{}: {}".format(name[k.value], v.value))
        sleep(1)
    except KeyboardInterrupt:
        exit()

3. error info

bpf: Argument list too long. Program  too large (0 insns), at most 4096 insns

Traceback (most recent call last):
  File "./test.py", line 25, in <module>
    b.attach_kprobe(event="tcp_sendmsg", fn_name="count")
  File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 851, in attach_kprobe
    fn = self.load_func(fn_name, BPF.KPROBE)
  File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 526, in load_func
    raise Exception("Failed to load BPF program %s: %s" %
Exception: Failed to load BPF program b'count': Argument list too long

lixin · Answer 1 · Thu Jul 11 2024 19:51:46 GMT+0800 (China Standard Time)

CentOS Linux release 8.2.2004 (Core)
4.18.0-193.6.3.el8_2.x86_64
bcc 0.30.0
python3.6

run helloworld failed too
BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print()

error msg
bpf: Argument list too long. Program too large (0 insns), at most 4096 insns
Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib/python3.6/site-packages/bcc-0.30.0+e7109fa0-py3.6.egg/bcc/init.py", line 487, in init
File "/usr/local/lib/python3.6/site-packages/bcc-0.30.0+e7109fa0-py3.6.egg/bcc/init.py", line 1465, in _trace_autoload
File "/usr/local/lib/python3.6/site-packages/bcc-0.30.0+e7109fa0-py3.6.egg/bcc/init.py", line 527, in load_func
Exception: Failed to load BPF program b'kprobe__sys_clone': Argument list too long