Linux

In the last post we introduced the BCC framework to interface Python code with eBPF facility. Now we are ready to make one step further! #!/usr/bin/python3 import bcc bpf = bcc.BPF(text=""" #include <uapi/linux/ptrace.h> int trace_malloc(struct pt_regs *ctx, size_t size) { bpf_trace_printk("size=%d\\n",size); return 0; };""") bpf.attach_uprobe(name="c",sym="malloc",fn_name="trace_malloc") while 1: (task, pid, cpu, flags, ts, msg) = bpf.trace_fields() print(f"task={task}\tmsg={msg}") This code is a little more complex, but still quite easy: first of all we use bcc to attach an “user space probe” instead of a kernel probe, and the function being observed will be libc’s malloc. ...

eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules. Basically any user can write code for a virtual machine that can interact with the kernel data structure and functions. bcc is an high-level helper interface to eBPF (another is bpftrace). To use it, start by following installation guide , but if you have a recent Debian system, it’s just a matter of installing some packages: ...

I like playing with the D programming language and I wrote this little post to show how it’s easy to create a dynamic library (shared object, .so) that can be invoked in other programs; to have a little fun we will write a D replacement for the rand() C standard library function call. For your convenience, all the code is also on github Let’s start with the demo implementation, a C program that calls 10 times the stdlib function rand() to get a random number. ...

I am quite a fan of the D programming language and I think it deserves more attention, even if since a few months it’s becoming more and more popular, as it gained top20 in the TIOBE Index for February 2020. As an experiment in network programming, I took this simple NTP client written in C and translated to D ; in my opinion while it’s keeping the low-level nature, it’s shorter, clearer and more effective. It’s only a dozen lines of code, but full program is available on my github; stars and contributions are welcome! ...