Skip to content

Commit

Permalink
feat: README for test code
Browse files Browse the repository at this point in the history
  • Loading branch information
takehaya committed Oct 4, 2024
1 parent 1a79679 commit 96d2a95
Showing 1 changed file with 28 additions and 13 deletions.
41 changes: 28 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,25 +5,40 @@ ebpf - Pure-Perl interface for eBPF (extended Berkeley Packet Filter)

# SYNOPSIS

use Sys::Ebpf::;
use utf8;
use Sys::Ebpf::Loader;
use Sys::Ebpf::Link::Perf::Kprobe;

# Create a new eBPF loader
my $loader = Sys::Ebpf::loader->new();
my $file = "kprobe.o";
my $loader = Sys::Ebpf::Loader->new($file);
my $data = $loader->load_elf();

# Load a BPF map
my $map_fd = $loader->load_bpf_map({
map_type => Sys::Ebpf::Constants::bpf_map_type::BPF_MAP_TYPE_ARRAY,
key_size => 4,
value_size => 8,
max_entries => 1,
map_flags => 0,
map_name => "my_map"
});
my $kprobe_fn = "kprobe/sys_execve";

my ( $map_data, $prog_fd ) = $loader->load_bpf($kprobe_fn);
my $map_kprobe_map = $map_data->{kprobe_map};
$map_kprobe_map->{key_schema} = [ [ 'kprobe_map_key', 'uint32' ], ];
$map_kprobe_map->{value_schema} = [ [ 'kprobe_map_value', 'uint64' ], ];

# Pin the map to a file
$loader->pin_bpf_map($map_fd, "/sys/fs/bpf/my_map");

# TBA...
# attach kprobe
my $kprobe_info = Sys::Ebpf::Link::Perf::Kprobe::attach_kprobe( $prog_fd, $kprobe_fn );

# show map code from kprobe
while (1) {
my $key = { kprobe_map_key => 0 };
my $value = $map_kprobe_map->lookup($key);
if ( defined $value ) {
print Dumper($value);
printf "%s called %d times\n", $kprobe_fn, $value->{kprobe_map_value};
}
else {
warn "Failed to read map value\n";
}
sleep(1);
}

# DESCRIPTION

Expand Down

0 comments on commit 96d2a95

Please sign in to comment.