@@ -19,23 +19,72 @@ of currently bound API's. Contributions are welcome.
1919
2020# Usage
2121See ` examples ` directory on how ocaml\_ libbpf can be used to interact
22- with eBPF programs defined in * .bpf.c source files. The high-level
23- API's provided in ocaml\_ libbpf make it easy to perform repetitive
24- tasks like open/load/linking/initializing/teardown. The BPF\_ maps module
25- also make interacting with maps simpler than the C API.
26-
27- "To run these examples, use ` make <minimal/kprobe/bootstrap> ` . These
28- examples are taken from
29- [ libbpf-bootstrap] ( https://github.com/libbpf/libbpf-bootstrap )
30- repository and rewritten in OCaml
22+ with eBPF kernel programs defined in * .bpf.c source files. The
23+ high-level API's provided in ocaml\_ libbpf make it easy to perform
24+ repetitive tasks like open/load/linking/initializing/teardown.
25+
26+ To run these examples, clone this repository and set up the package with
27+ ``` bash
28+ git clone git@github.com:koonwen/ocaml-libbpf.git
29+ cd ocaml_libbpf
30+ opam install . --deps-only
31+ eval $( opam env)
32+ ```
3133
32- Let's run through an example of how we would use ocaml\_ libbpf
34+ then use ` make <minimal/kprobe/bootstrap> ` . These examples are taken
35+ from [ libbpf-bootstrap] ( https://github.com/libbpf/libbpf-bootstrap )
36+ repository and rewritten in OCaml.
3337
3438### Open/Load/Link
35- Loading eBPF programs into the kernel are often repetitive and
36- tedious, ocaml\_ libbpf provides an easy API to do this, users need to
37- provide the path to the compiled bpf object, the name of the program
38- and optionally an initialization function.
39+ Now let's run through an example of how we would use
40+ ocaml\_ libbpf. This usage tutorial assumes some knowledge of how to
41+ write eBPF programs in C. If not, you can check out this
42+ [ resource] ( https://nakryiko.com/posts/libbpf-bootstrap/#the-bpf-side ) . ocaml\_ libbpf
43+ provides an easy API to install your eBPF program into the kernel. Say
44+ your eBPF kernel program looks like this.
45+
46+ ``` c
47+ // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
48+ /* Copyright (c) 2020 Facebook */
49+ #include < linux/bpf.h>
50+ #include " bpf/bpf_helpers.h" /* This is from our libbpf library */
51+
52+ char LICENSE[] SEC(" license" " Dual BSD/GPL"
53+
54+ /* Globals implemented as an array */
55+ struct {
56+ __uint (type, BPF_MAP_TYPE_ARRAY);
57+ __uint (max_entries, 1);
58+ __type (key, int);
59+ __type (value, long);
60+ } globals SEC (".maps");
61+
62+ int my_pid_index = 0;
63+
64+ SEC("tp/syscalls/sys_enter_write")
65+ int handle_tp(void * ctx) {
66+ int pid = bpf_get_current_pid_tgid() >> 32;
67+
68+ long * my_pid;
69+ my_pid = bpf_map_lookup_elem(&globals, &my_pid_index);
70+ if (my_pid == NULL) {
71+ bpf_printk("Error got NULL");
72+ return 1;
73+ };
74+
75+ if (pid != * my_pid)
76+ return 0;
77+
78+ bpf_printk("Hello, BPF triggered from PID %d", pid);
79+
80+ return 0;
81+ }
82+
83+ ```
84+
85+ Users just need to provide the path to the compiled bpf
86+ object, the name of the program and optionally an initialization
87+ function.
3988
4089```ocaml
4190let obj_path = "minimal.bpf.o"
@@ -76,12 +125,7 @@ example usage of them can be found in
76125[ examples/bootstrap.ml] ( ./examples/bootstrap.ml ) . This has been
77126packaged separately since it drags in ` libffi ` dependency.
78127
79- ## TODO
80- - [X] Generate vmlinux
81- - [ ] BPF CORE bindings?
82- - [ ] Add generated odoc
83-
84- ## Would be nice to support
128+ ### Would be nice to support
85129- [ ] Integration with bpftool & bindings for generated skel code
86130
87131# Developer Notes
0 commit comments