static void test_bpf_perf_event(void) { struct perf_event_attr attr_type_hw = { .sample_freq = SAMPLE_FREQ, .freq = 1, .type = PERF_TYPE_HARDWARE, .config = PERF_COUNT_HW_CPU_CYCLES, .inherit = 1, }; struct perf_event_attr attr_type_sw = { .sample_freq = SAMPLE_FREQ, .freq = 1, .type = PERF_TYPE_SOFTWARE, .config = PERF_COUNT_SW_CPU_CLOCK, .inherit = 1, }; test_perf_event_all_cpu(&attr_type_hw); test_perf_event_task(&attr_type_hw); test_perf_event_all_cpu(&attr_type_sw); test_perf_event_task(&attr_type_sw); } int main(int argc, char **argv) { struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; char filename[256]; snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); setrlimit(RLIMIT_MEMLOCK, &r); signal(SIGINT, int_exit); if (load_kallsyms()) { printf("failed to process /proc/kallsyms\n"); return 1; } if (load_bpf_file(filename)) { printf("%s", bpf_log_buf); return 2; } if (fork() == 0) { read_trace_pipe(); return 0; } test_bpf_perf_event(); int_exit(0); return 0; }
/* install fake seccomp program to enable seccomp code path inside the kernel, * so that our kprobe attached to seccomp_phase1() can be triggered */ static void install_accept_all_seccomp(void) { struct sock_filter filter[] = { BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), }; struct sock_fprog prog = { .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), .filter = filter, }; if (prctl(PR_SET_SECCOMP, 2, &prog)) perror("prctl"); } int main(int ac, char **argv) { FILE *f; char filename[256]; struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); setrlimit(RLIMIT_MEMLOCK, &r); if (load_bpf_file(filename)) { printf("%s", bpf_log_buf); return 1; } install_accept_all_seccomp(); f = popen("dd if=/dev/zero of=/dev/null count=5", "r"); (void) f; read_trace_pipe(); return 0; }
int main(int argc, char **argv) { int logFlag = 0; int error = 0; char *cg_path; char fn[500]; char *prog; int cg_fd; if (argc < 3) usage(argv[0]); if (!strcmp(argv[1], "-r")) { cg_path = argv[2]; cg_fd = open(cg_path, O_DIRECTORY, O_RDONLY); error = bpf_prog_detach(cg_fd, BPF_CGROUP_SOCK_OPS); if (error) { printf("ERROR: bpf_prog_detach: %d (%s)\n", error, strerror(errno)); return 2; } return 0; } else if (!strcmp(argv[1], "-h")) { usage(argv[0]); } else if (!strcmp(argv[1], "-l")) { logFlag = 1; if (argc < 4) usage(argv[0]); } prog = argv[argc - 1]; cg_path = argv[argc - 2]; if (strlen(prog) > 480) { fprintf(stderr, "ERROR: program name too long (> 480 chars)\n"); return 3; } cg_fd = open(cg_path, O_DIRECTORY, O_RDONLY); if (!strcmp(prog + strlen(prog)-2, ".o")) strcpy(fn, prog); else sprintf(fn, "%s_kern.o", prog); if (logFlag) printf("loading bpf file:%s\n", fn); if (load_bpf_file(fn)) { printf("ERROR: load_bpf_file failed for: %s\n", fn); printf("%s", bpf_log_buf); return 4; } if (logFlag) printf("TCP BPF Loaded %s\n", fn); error = bpf_prog_attach(prog_fd[0], cg_fd, BPF_CGROUP_SOCK_OPS, 0); if (error) { printf("ERROR: bpf_prog_attach: %d (%s)\n", error, strerror(errno)); return 5; } else if (logFlag) { read_trace_pipe(); } return error; }