ubuntu22.04中搭建eBPF环境
方案一:包安装
sudo apt-get install bpfcc-tools linux-headers-$(uname -r)
方案二:源码安装
更新系统的包
sudo apt update
安装BPF程序需要系统安装必须的linux-headers包
sudo apt install linux-headers-$(uname -r)
安装LLVM
sudo install llvm
安装Clang
sudo install clang
Ubuntu环境下构建依赖关系
# Trusty (14.04 LTS) and older
VER=trusty
echo "deb http://llvm.org/apt/$VER/ llvm-toolchain-$VER-3.7 main
deb-src http://llvm.org/apt/$VER/ llvm-toolchain-$VER-3.7 main" | \
sudo tee /etc/apt/sources.list.d/llvm.list
wget -O - http://llvm.org/apt/llvm-snapshot.gpg.key | sudo apt-key add -
sudo apt-get update
# For Bionic (18.04 LTS)
sudo apt-get -y install bison build-essential cmake flex git libedit-dev \
libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev libfl-dev python3-distutils
# For Focal (20.04.1 LTS)
sudo apt install -y bison build-essential cmake flex git libedit-dev \
libllvm12 llvm-12-dev libclang-12-dev python zlib1g-dev libelf-dev libfl-dev python3-distutils
# For Hirsute (21.04) or Impish (21.10)
sudo apt install -y bison build-essential cmake flex git libedit-dev \
libllvm11 llvm-11-dev libclang-11-dev python3 zlib1g-dev libelf-dev libfl-dev python3-distutils
# For Jammy (22.04)
sudo apt install -y bison build-essential cmake flex git libedit-dev \
libllvm14 llvm-14-dev libclang-14-dev python3 zlib1g-dev libelf-dev libfl-dev python3-distutils
# For other versions
sudo apt-get -y install bison build-essential cmake flex git libedit-dev \
libllvm3.7 llvm-3.7-dev libclang-3.7-dev python zlib1g-dev libelf-dev python3-distutils
# For Lua support
sudo apt-get -y install luajit luajit-5.1-dev
安装并编译过程
git clone https://github.com/iovisor/bcc.git
mkdir bcc/build
cd bcc/build
cmake ..
make
sudo make install
cmake -DPYTHON_CMD=python3 .. # build python3 binding
pushd src/python/
make
sudo make install
popd
出错记录:
1、克隆gethub上的bcc库,本机失败,可直接下载bcc安装包通过vscode的ssh传输到虚拟机中解压。
2、No module named 'setuptools’
分析 python默认是没有安装setuptools这个模块的,进行安装 sudo apt-get install python3-setuptools
3、
分析python库版本不一致,解决复制已编译的bcc库中的python bcc库到python3的库中sudo cp -r /home/first/bcc/build/src/python/bcc-python3/bcc/* /usr/lib/python3/dist-packages/bcc/
测试代码
#!/usr/bin/python3
#Copyright (c) PLUMgrid, Inc.
#Licensed under the Apache License, Version 2.0 (the "License")
#run in project examples directory with:
#sudo ./hello_world.py"
#see trace_fields.py for a longer example
from bcc import BPF
#This may not work for 4.17 on x64, you need replace kprobe__sys_clone with kprobe____x64_sys_clone
BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print()
运行结果
-
BCC提供了一套工具和库,用于在Linux中处理eBPF(扩展Berkeley数据包过滤器)程序。
-
LLVM:BCC依赖于LLVM(低级虚拟机)来实现即时编译(JIT)和优化功能。libbpf:BCC使用libbpf库来与BPF程序和Linux内核进行交互,包括加载和验证eBPF字节码。这个库通常是BCC的一部分,或者可以单独安装。
-
Python及其开发头文件:如果计划使用BCC的Python绑定,请确保已安装Python及其开发头文件(python-dev或python3-dev软件包)。BCC提供了用于与eBPF程序交互的Python接口。
-
内核头文件:通常需要安装与使用的Linux内核版本相对应的内核头文件,因为BCC依赖于内核的内部结构,以正确地编译和与eBPF程序进行交互。
安装依赖包以具体开发环境为主,本机项目需求bcc完全满足要求。