--- title: eBPF Install image: description: --- # eBPF Install ###### tags: `eBPF` ## Enviroment * ubuntu 20.04 * kernel version * 5.4.0-52 (worked) * 5.4.0-54 (worked)  ## Prerequisites ```bash= $ sudo apt-get install clang llvm -y ``` ## Install * 先搜一下本身`Linux`的版本(目的是取得`src code`) ```bash= $ sudo apt-cache search linux-source ... linux-source - Linux kernel source with Ubuntu patches linux-source-5.4.0 - Linux kernel source for version 5.4.0 with Ubuntu patches linux-hwe-5.8-source-5.8.0 - Linux kernel source for version 5.8.0 with Ubuntu patches ... ``` * 安裝`linux-source-5.4.0`這個 ```bash= $ sudo apt install linux-source-5.4.0 ``` * 會在`/usr/src`下出現剛剛安裝的`src` ```bash= $ cd /usr/src/linux-source-5.4.0 $ sudo tar -xvf linux-source-5.4.0.tar.bz2 ... $ cd linux-source-5.4.0 # /usr/src/linux-source-5.4.0/linux-source-5.4.0 ``` * 這邊很容易有錯誤 ```bash= # 5.4.0.52, 5.4.0.54 皆可成功 $ sudo mkdir -p include/asm $ sudo cp /usr/src/linux-headers-`uname -r`/arch/x86/include/generated/asm/* include/asm $ sudo make menuconfig $ sudo make headers_install $ sudo make scripts $ sudo cp -r /usr/src/linux-headers-`uname -r`/include/generated/* ./include/generated $ sudo make prepare $ sudo make M=sample/bpf ``` ## TEST * 安裝完後 ```bash= $ cd sample/bpf $ sudo ./sock_example # result TCP 0 UDP 0 ICMP 0 packets TCP 0 UDP 0 ICMP 4 packets TCP 0 UDP 0 ICMP 4 packets TCP 0 UDP 0 ICMP 8 packets TCP 0 UDP 0 ICMP 12 packets TCP 0 UDP 0 ICMP 16 packets TCP 0 UDP 0 ICMP 16 packets TCP 0 UDP 0 ICMP 16 packets TCP 0 UDP 0 ICMP 16 packets TCP 0 UDP 0 ICMP 16 packets ``` ## Ref * https://blog.csdn.net/dwh0403/article/details/110457263 * https://cloudnative.to/blog/compile-bpf-examples/#tldr * https://github.com/bpftools/linux-observability-with-bpf * https://blog.csdn.net/Longyu_wlz/article/details/109900096?utm_medium=distribute.pc_relevant.none-task-blog-baidulandingword-15&spm=1001.2101.3001.4242