DEV Community

Cover image for The beginning of my eBPF Journey - Kprobe Adventures with BCC

The beginning of my eBPF Journey - Kprobe Adventures with BCC

Douglas Makey Mendez Molero on October 16, 2023

Some time ago, I read about a technology called eBPF, which allows the creation of programs that interact with the Linux kernel without the need to...
Read full post
Collapse
 
mstryoda profile image
Emre Savcı

Hi, thanks for the article it is very insightful.

Somehow I could not be able to compile bpf code.

It gives the following error:

bpf.c:13:10: fatal error: 'uapi/linux/ptrace.h' file not found
Enter fullscreen mode Exit fullscreen mode

I installed libbpf-dev, linux-headers-generic but still could not make it work.
Any suggestion?

Collapse
 
douglasmakey profile image
Douglas Makey Mendez Molero

Hi @mstryoda, thank you for reading my article and sharing your issue. It seems like your system might not be able to find the required header files. Have you tried installing the kernel headers for your specific version? This often solves the issue!

sudo apt-get install linux-headers-$(uname -r)
Enter fullscreen mode Exit fullscreen mode
Collapse
 
mstryoda profile image
Emre Savcı • Edited

Hi @douglasmakey I tried it but unfortunately not worked for OrbStack VirtualMachine.

I switched to use Lima VM on macOS M1, somehow still not worked. But when I replace uapi/linux/ptrace.h as linux/ptrace.h it skipped that error.

Anyway, I am getting error for the following simple bpf program.

#include <linux/ptrace.h>

BPF_PERF_OUTPUT(trace);

int uprobe_ServeHTTP(struct pt_regs *ctx) {
    bpf_dbg_printk("=== uprobe/main.Test === ");

    trace.perf_submit(1);

    return 0;
}
Enter fullscreen mode Exit fullscreen mode

clang -D __TARGET_ARCH_ARM64 -I /usr/include/aarch64-linux-gnu -O2 -Wall --target=bpf -c bpf.c -o bpf.o

Error output:

bpf.c:15:1: warning: type specifier missing, defaults to 'int' [-Wimplicit-int]
BPF_PERF_OUTPUT(trace);
^
bpf.c:15:17: error: a parameter list without types is only allowed in a function definition
BPF_PERF_OUTPUT(trace);
                ^
bpf.c:17:29: warning: declaration of 'struct pt_regs' will not be visible outside of this function [-Wvisibility]
int uprobe_ServeHTTP(struct pt_regs *ctx) {
                            ^
bpf.c:18:5: warning: implicit declaration of function 'bpf_dbg_printk' is invalid in C99 [-Wimplicit-function-declaration]
    bpf_dbg_printk("=== uprobe/main.Test === ");
    ^
bpf.c:20:5: error: use of undeclared identifier 'trace'
    trace.perf_submit(1);
    ^
3 warnings and 2 errors generated.
Enter fullscreen mode Exit fullscreen mode
Thread Thread
 
douglasmakey profile image
Douglas Makey Mendez Molero

Sorry @mstryoda, are you still having the same issue ?