mirror of
https://github.com/JakeHillion/drgn.git
synced 2024-12-25 18:23:07 +00:00
6cbdebc269
Introduce bpf_inspect.py drgn script to list BPF programs and maps and their properties unavailable to user space via kernel API. The script was initially sent to kernel tree [1] but it was agreed that drgn repo is a better place for it and it's a good idea to create `tools/` directory in drgn to keep tools likes this. See [2] for details. The main use-case bpf_inspect.py covers is to show BPF programs attached to other BPF programs via freplace/fentry/fexit mechanisms introduced recently. There is no user-space API to get this info and, for example, bpftool can show all BPF programs but can't show if program A replaces a function in program B. Example: % sudo tools/bpf_inspect.py p | grep test_pkt_access 650: BPF_PROG_TYPE_SCHED_CLS test_pkt_access 654: BPF_PROG_TYPE_TRACING test_main linked:[650->25: BPF_TRAMP_FEXIT test_pkt_access->test_pkt_access()] 655: BPF_PROG_TYPE_TRACING test_subprog1 linked:[650->29: BPF_TRAMP_FEXIT test_pkt_access->test_pkt_access_subprog1()] 656: BPF_PROG_TYPE_TRACING test_subprog2 linked:[650->31: BPF_TRAMP_FEXIT test_pkt_access->test_pkt_access_subprog2()] 657: BPF_PROG_TYPE_TRACING test_subprog3 linked:[650->21: BPF_TRAMP_FEXIT test_pkt_access->test_pkt_access_subprog3()] 658: BPF_PROG_TYPE_EXT new_get_skb_len linked:[650->16: BPF_TRAMP_REPLACE test_pkt_access->get_skb_len()] 659: BPF_PROG_TYPE_EXT new_get_skb_ifindex linked:[650->23: BPF_TRAMP_REPLACE test_pkt_access->get_skb_ifindex()] 660: BPF_PROG_TYPE_EXT new_get_constant linked:[650->19: BPF_TRAMP_REPLACE test_pkt_access->get_constant()] It can be seen that there is a program test_pkt_access, id 650 and there are multiple other tracing and ext programs attached to functions in test_pkt_access. For example the line: 658: BPF_PROG_TYPE_EXT new_get_skb_len linked:[650->16: BPF_TRAMP_REPLACE test_pkt_access->get_skb_len()] means that BPF program new_get_skb_len, id 658, type BPF_PROG_TYPE_EXT replaces (BPF_TRAMP_REPLACE) function get_skb_len() that has BTF id 16 in BPF program test_pkt_access, prog id 650. Just very simple output is supported now but it can be extended in the future if needed. The script is extendable and currently implements two subcommands: * prog (alias: p) to list all BPF programs; * map (alias: m) to list all BPF maps; Developer can simply tweak the script to print interesting pieces of programs or maps. More examples of output: % sudo tools/bpf_inspect.py p | shuf -n 3 81: BPF_PROG_TYPE_CGROUP_SOCK_ADDR tw_ipt_bind 94: BPF_PROG_TYPE_CGROUP_SOCK_ADDR tw_ipt_bind 43: BPF_PROG_TYPE_KPROBE kprobe__tcp_reno_cong_avoid % sudo tools/bpf_inspect.py m | shuf -n 3 213: BPF_MAP_TYPE_HASH errors 30: BPF_MAP_TYPE_ARRAY sslwall_setting 41: BPF_MAP_TYPE_LRU_HASH flow_to_snd Help: % sudo tools/bpf_inspect.py usage: bpf_inspect.py [-h] {prog,p,map,m} ... drgn script to list BPF programs or maps and their properties unavailable via kernel API. See https://github.com/osandov/drgn/ for more details on drgn. optional arguments: -h, --help show this help message and exit subcommands: {prog,p,map,m} prog (p) list BPF programs map (m) list BPF maps [1] https://lore.kernel.org/bpf/20200228201514.GB51456@rdna-mbp/T/ [2] https://lore.kernel.org/bpf/20200228201514.GB51456@rdna-mbp/T/#mefed65e8a98116bd5d07d09a570a3eac46724951 Signed-off-by: Andrey Ignatov <rdna@fb.com> |
||
---|---|---|
.. | ||
bpf_inspect.py |