Skip to content

Commit

Permalink
Merge pull request #7 from takehaya/feature/update0.03
Browse files Browse the repository at this point in the history
feat: update version 0.03
  • Loading branch information
takehaya authored Oct 4, 2024
2 parents a3142ad + 2837678 commit 9b85651
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 28 deletions.
5 changes: 2 additions & 3 deletions Changes
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,5 @@ Revision history for Perl extension ebpf

{{$NEXT}}

0.02 2024-10-04T11:10:27Z

- original version
0.03 2024-10-04T13:55:42Z
- update docs
3 changes: 2 additions & 1 deletion META.json
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
},
"test" : {
"requires" : {
"IO::Interface::Simple" : "0",
"Minilla" : "0",
"Test::More" : "0.98"
}
Expand All @@ -64,7 +65,7 @@
"web" : "https://github.com/takehaya/perl-ebpf"
}
},
"version" : "0.02",
"version" : "0.03",
"x_serialization_backend" : "JSON::PP version 4.06",
"x_static_install" : 1
}
59 changes: 36 additions & 23 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,25 +5,36 @@ ebpf - Pure-Perl interface for eBPF (extended Berkeley Packet Filter)

# SYNOPSIS

use Sys::Ebpf::;

# Create a new eBPF loader
my $loader = Sys::Ebpf::loader->new();

# Load a BPF map
my $map_fd = $loader->load_bpf_map({
map_type => Sys::Ebpf::Constants::bpf_map_type::BPF_MAP_TYPE_ARRAY,
key_size => 4,
value_size => 8,
max_entries => 1,
map_flags => 0,
map_name => "my_map"
});

# Pin the map to a file
$loader->pin_bpf_map($map_fd, "/sys/fs/bpf/my_map");

# TBA...
use strict;
use warnings;
use utf8;
use Sys::Ebpf::Loader;
use Sys::Ebpf::Link::Perf::Kprobe;

my $file = "kprobe.o";
my $loader = Sys::Ebpf::Loader->new($file);
my $data = $loader->load_elf();
my $kprobe_fn = "kprobe/sys_execve";

my ( $map_data, $prog_fd ) = $loader->load_bpf($kprobe_fn);
my $map_kprobe_map = $map_data->{kprobe_map};
$map_kprobe_map->{key_schema} = [ [ 'kprobe_map_key', 'uint32' ], ];
$map_kprobe_map->{value_schema} = [ [ 'kprobe_map_value', 'uint64' ], ];

my $kprobe_info = Sys::Ebpf::Link::Perf::Kprobe::attach_kprobe( $prog_fd, $kprobe_fn );

while (1) {
my $key = { kprobe_map_key => 0 };
my $value = $map_kprobe_map->lookup($key);
if ( defined $value ) {
print Dumper($value);
printf "%s called %d times\n", $kprobe_fn, $value->{kprobe_map_value};
}
else {
warn "Failed to read map value\n";
}
sleep(1);
}

# DESCRIPTION

Expand All @@ -33,10 +44,12 @@ with the eBPF subsystem directly from Perl.

This module includes several submodules:

- `Sys::Ebpf::loader` - For loading eBPF programs and maps
- `Sys::Ebpf::asm` - eBPF assembly helpers
- `Sys::Ebpf::reader` - For reading ELF files
- `Sys::Ebpf::elf::parser` - For parsing ELF files
- `Sys::Ebpf::Loader` - For loading eBPF programs and maps
- `Sys::Ebpf::Asm` - eBPF assembly helpers
- `Sys::Ebpf::Reader` - For reading ELF files
- `Sys::Ebpf::Elf::Parser` - For parsing ELF files
- `Sys::Ebpf::Link::Netlink` - For calling BPF-related netlink commands(e.g. XDP)
- `Sys::Ebpf::Link::Perf` - For calling BPF-related perf events(e.g. kprobes)

# FUNCTIONS

Expand Down
2 changes: 1 addition & 1 deletion lib/Sys/Ebpf.pm
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use strict;
use warnings;
use utf8;

our $VERSION = '0.02';
our $VERSION = '0.03';

1;

Expand Down

0 comments on commit 9b85651

Please sign in to comment.