首先启用CONFIG_BPF_SYSCALL = y
┌── Enable bpf() system call ─────────────────────────────────┐
│ │
│ CONFIG_BPF_SYSCALL: │
│ │
│ Enable the bpf() system call that allows to manipulate eBPF │
│ programs and maps via file descriptors. │
│ │
│ Symbol: BPF_SYSCALL [=y] │
│ Type : bool │
│ Prompt: Enable bpf() system call │
│ Location: │
│ -> General setup │
│ Defined at init/Kconfig:1414 │
│ Selects: ANON_INODES [=y] && BPF [=y] && IRQ_WORK [=y] │
│ Selected by [n]: │
│ - AF_KCM [=n] && NET [=y] && INET [=y] │
└─────────────────────────────────────────────────────────────┘
^,然后你也可以启用CONFIG_CGROUP_BPF = y:
┌── Support for eBPF programs attached to cgroups ─────────────────┐
│ │
│ CONFIG_CGROUP_BPF: │
│ │
│ Allow attaching eBPF programs to a cgroup using the bpf(2) │
│ syscall command BPF_PROG_ATTACH. │
│ │
│ In which context these programs are accessed depends on the type │
│ of attachment. For instance, programs that are attached using │
│ BPF_CGROUP_INET_INGRESS will be executed on the ingress path of │
│ inet sockets. │
│ │
│ Symbol: CGROUP_BPF [=y] │
│ Type : bool │
│ Prompt: Support for eBPF programs attached to cgroups │
│ Location: │
│ -> General setup │
│ -> Control Group support (CGROUPS [=y]) │
│ Defined at init/Kconfig:845 │
│ Depends on: CGROUPS [=y] && BPF_SYSCALL [=y] │
│ Selects: SOCK_CGROUP_DATA [=y] │
└──────────────────────────────────────────────────────────────────┘
这就是那些系统消息消失的必要条件.
当您选择上面的内容时,这就是.config中发生的情况:
之前:
# CONFIG_BPF_SYSCALL is not set
后:
CONFIG_BPF_SYSCALL=y
# CONFIG_XDP_SOCKETS is not set
# CONFIG_BPF_STREAM_PARSER is not set
CONFIG_CGROUP_BPF=y
CONFIG_BPF_EVENTS=y
还有两个选项可用:CONFIG_XDP_SOCKETS和CONFIG_BPF_STREAM_PARSER,但没有必要启用它们.但如果你想知道它们是关于什么的:
┌── XDP sockets ────────────────────────────────────────┐
│ │
│ CONFIG_XDP_SOCKETS: │
│ │
│ XDP sockets allows a channel between XDP programs and │
│ userspace applications. │
│ │
│ Symbol: XDP_SOCKETS [=n] │
│ Type : bool │
│ Prompt: XDP sockets │
│ Location: │
│ -> Networking support (NET [=y]) │
│ -> Networking options │
│ Defined at net/xdp/Kconfig:1 │
│ Depends on: NET [=y] && BPF_SYSCALL [=y] │
└───────────────────────────────────────────────────────┘
┌── enable BPF STREAM_PARSER ───────────────────────────────────────────┐
│ │
│ CONFIG_BPF_STREAM_PARSER: │
│ │
│ Enabling this allows a stream parser to be used with │
│ BPF_MAP_TYPE_SOCKMAP. │
│ │
│ BPF_MAP_TYPE_SOCKMAP provides a map type to use with network sockets. │
│ It can be used to enforce socket policy, implement socket redirects, │
│ etc. │
│ │
│ Symbol: BPF_STREAM_PARSER [=n] │
│ Type : bool │
│ Prompt: enable BPF STREAM_PARSER │
│ Location: │
│ -> Networking support (NET [=y]) │
│ -> Networking options │
│ Defined at net/Kconfig:301 │
│ Depends on: NET [=y] && BPF_SYSCALL [=y] │
│ Selects: STREAM_PARSER [=m] │
└───────────────────────────────────────────────────────────────────────┘
如果想知道为什么CONFIG_BPF_EVENTS = y:
┌── Search Results ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ │
│ Symbol: BPF_EVENTS [=y] │
│ Type : bool │
│ Defined at kernel/trace/Kconfig:476 │
│ Depends on: TRACING_SUPPORT [=y] && FTRACE [=y] && BPF_SYSCALL [=y] && (KPROBE_EVENTS [=n] || UPROBE_EVENTS [=y]) && PERF_EVENTS [=y] │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
内核在Qubes OS 4.0内的Fedora 28 AppVM上测试了4.18.5
1615
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
