bpftrace单线命令在WSL Ubuntu中不起作用
我是EBPF的新手,内核跟踪等。我真的只是想要一个简单的EBPF简介,同时学习Rust / Aya EBPF工具 / Solana区块链。
我的Windows版本:版本10.0.19043构建19043
“ WSL -L -V”的输出IS:
NAME STATE VERSION
* Ubuntu Stopped 2
Ubuntu.22.04 Stopped 2
docker-desktop Stopped 2
docker-desktop-data Stopped 2
Ubuntu.20.04 Stopped 2
Ubuntu.21.04 Running 2
在Ubuntu:In ubuntu:
EliezerC@Ubuntu2104:~
$ bpftrace --version
bpftrace v0.11.3
此作品:
sudo bpftrace -e 'BEGIN { printf("hello world\n"); }'
没有其他单行示例可行。
而且,
EliezerC@Ubuntu2104:~
$ sudo ls -la /sys/kernel/debug/
total 0
dr-xr-xr-x 2 root root 0 Jul 2 16:36 .
drwxr-xr-x 12 root root 0 Jul 2 16:32 ..
是因为内核/调试未启用吗?我必须重新编译内核吗?
I am new to eBPF, kernel tracing, etc. I really just wanted a simple intro to eBPF while learning Rust / Aya eBPF tools / Solana blockchain.
My Windows version: Version 10.0.19043 Build 19043
Output of "wsl -l -v" is:
NAME STATE VERSION
* Ubuntu Stopped 2
Ubuntu.22.04 Stopped 2
docker-desktop Stopped 2
docker-desktop-data Stopped 2
Ubuntu.20.04 Stopped 2
Ubuntu.21.04 Running 2
In Ubuntu:
EliezerC@Ubuntu2104:~
$ bpftrace --version
bpftrace v0.11.3
This works:
sudo bpftrace -e 'BEGIN { printf("hello world\n"); }'
No other single-line example works.
And,
EliezerC@Ubuntu2104:~
$ sudo ls -la /sys/kernel/debug/
total 0
dr-xr-xr-x 2 root root 0 Jul 2 16:36 .
drwxr-xr-x 12 root root 0 Jul 2 16:32 ..
Is it because kernel/debugging not enabled? Do I have to recompile the kernel?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这是如何获得 bpftrace One Liner Tutorial 工作 :
1)默认情况下,Mount Debugfs
WSL没有debugfs,您需要安装它:
sudo mount -t debugfs debugfs/sys/kernel/debug来源: https://github.com/iovisor/bcc/issues/1878#issuecomment-403284169
您可能根本无法使用香草WSL2 Kernel进行此操作内核配置
config_debug_fs = y已设置。2)不幸的是,WSL2重新编译WSL2内核
与EBPF工具的效果不佳。 Hhoover有一个很好的教程,用于重新编译Cilium的内核: https> https:https:// harthoover。 com/compling-your-whsl2-kernel/
Cilium是EBPF工具,因此BPFtrace可能会与Hhoover的WSL2内核一起使用。 (PS他的文章显然是他对此问题页面)
另外,在了解重新编译内核的痛苦之前,一些提示:
-rm标志Hhover的教程。程序终止后,此标志将删除您的Docker映像。您可能需要以后更改内核,并且编译需要半个小时。您可以通过保持Docker图像来节省一些时间。python3,矮人和cpio/etc/resolv.conf中的名称服务器。我认为,如果您使用Docker桌面,但是您应该没事。这是您将要更改的内核文件: https://github.com/microsoft/wsl2-linux-kernel/blob/linux-msft-wsl-5.15.y/microsoft/microsoft/config-wsl
btw y 这意味着内核模块
my_conf将在构建后链接您的内核(静态链接?),它是“内置”。但是您也可能会遇到config_my_conf = m,= m是“模块”的简短,这意味着将构建模块,但不会自动链接,相反,它将是“可加载的”。如果您想通过不始终将所有内核模块填写来节省内存中的某些空间,但是您必须执行一些modprobe命令才能加载在模块中。更多信息在这里: https://wiki.archlinux.orgg/title/title/kernel_modulebpftrace 列出了尚未设置的内核标志: https://github.com/iovisor/bpftrace/blob/master/install.md#linux-kernel-requirentess
: https://github.com/iovisor/bcc/blob/master/install.md#wslwindows-subsystem-for-linux--binary 我仍然只使用Hhoover's Tutorial更多充实的东西,我知道它有效。)
3)验证您的bpftrace安装,
您知道您已经在第一堂课时就知道了吐出大约300行潜在的痕迹。
此时,我还有其他几个mods,所以如果您无法完全获得336个跟踪点,我不会担心。 (但是,如果您遵循此操作,并且确实得到336,请修改此Wiki答案。)
Here is how to get the bpftrace one liner tutorial to work:
1) Mount Debugfs
WSL doesn't have debugfs by default, you need to mount it:
sudo mount -t debugfs debugfs /sys/kernel/debugSource: https://github.com/iovisor/bcc/issues/1878#issuecomment-403284169
You probably won't be able to do this mount at all with a vanilla WSL2 kernel because I don't think the kernel configuration
CONFIG_DEBUG_FS=yis set.2) Recompile WSL2 Kernel
Unfortunately WSL2 doesn't play nicely with eBPF tooling. There's this good tutorial from hhoover for recompiling the kernel for Cilium: https://harthoover.com/compiling-your-own-wsl2-kernel/
Cilium is an eBPF tool so bpftrace will probably work right out of the box with hhoover's WSL2 kernel. (P.S. his article is clearly a copy paste of his comment on this issue page)
Also, some tips before you learn the pain that is recompiling kernels:
--rmflag when from hhover's tutorial. this flag will delete your docker image once the program terminates. You might want to change your kernel later and compiling takes a good half hour. You can save yourself some time by keeping the docker image around.python3,dwarves, andcpio/etc/resolv.confin WSL2. I think if you use docker desktop you should be fine though.This is the kernel file you will be changing: https://github.com/microsoft/WSL2-Linux-Kernel/blob/linux-msft-wsl-5.15.y/Microsoft/config-wsl
btw, if you do
CONFIG_MY_CONF=ythat means the kernel moduleMY_CONFwill be linked once you build your kernel (Statically linked?), it is "built-in". but you might also come acrossCONFIG_MY_CONF=m,=mis short for "module", this means that the module will be built but it won't be linked automatically, it will instead be "loadable". This is useful if you want to save some space in memory by not having all the kernel modules up all the time, but you will have to do somemodprobecommands to load in the module. More info here: https://wiki.archlinux.org/title/Kernel_modulebpftracelists what kernel flags you need to set if they aren't set already: https://github.com/iovisor/bpftrace/blob/master/INSTALL.md#linux-kernel-requirements(P.S. I had also discovered that BCC has a little section on compiling kernel modules for WSL: https://github.com/iovisor/bcc/blob/master/INSTALL.md#wslwindows-subsystem-for-linux---binary I would still just use hhoover's tutorial though, since hhoover's is more fleshed out and I know it works.)
3) Verify your install of bpftrace
You'll know you've done it right when lesson one spits out like 300 lines of potential tracepoints.
I have a couple other mods to my WSL2 at this point so I wouldn't fret if you don't get 336 tracepoints exactly. (But if you follow this and you do get 336 exactly, please modify this wiki answer.)