2021-04-23 09:19 UTC+0200 ~ Christophe Leroy [off-list ref]

[...]

I finally managed to cross compile bpftool with libbpf, libopcodes,
readline, ncurses, libcap, libz and all needed stuff. Was not easy but I
made it.

Libcap is optional and bpftool does not use readline or ncurses. May I
ask how you tried to build it?

Now, how do I use it ?

Let say I want to dump the jitted code generated from a call to
'tcpdump'. How do I do that with 'bpftool prog dump jited' ?

I thought by calling this line I would then get programs dumped in a way
or another just like when setting 'bpf_jit_enable=2', but calling that
line just provides me some bpftool help text.

Well the purpose of this text is to help you find the way to call
bpftool to do what you want :). For dumping your programs' instructions,
you need to tell bpftool what program to dump: Bpftool isn't waiting
until you load a program to dump it, instead you need to load your
program first and then tell bpftool to retrieve the instructions from
the kernel. To reference your program you could use a pinned path, or
first list the programs on your system with "bpftool prog show":


    # bpftool prog show
    138: tracing  name foo  tag e54c922dfa54f65f  gpl
            loaded_at 2021-02-25T01:32:30+0000  uid 0
            xlated 256B  jited 154B  memlock 4096B  map_ids 64
            btf_id 235

Then you can use for example the program id displayed on the first line
to reference and dump your program:

    # bpftool prog dump jited id 138

You should find additional documentation under
tools/bpf/bpftool/Documentation.

By the way, I would be nice to have a kernel OPTION that selects all
OPTIONS required for building bpftool. Because you discover them one by
one at every build failure. I had to had CONFIG_IPV6, CONFIG_DEBUG_BTF,
CONFIG_CGROUPS, ... If there could be an option like "Build a 'bpftool'
ready kernel" that selected all those, it would be great.

Christophe

I do not believe any of these are required to build bpftool.

Quentin