eBPF for Linux Admins: Part II
Table of Contents
eBPF - This article is part of a series.
You might be wondering, why we have to look at wrting kernel modules. The idea of kernel modules will help you to breakdown some of the key flexbilities in Linux kernel.
The Hello world module#
This module will print messages to the kernel ring buffer (is special datastructure in kernel) and we can read those message using dmesg command.
Let’s create a directory for our module and start writing our code.
mkdir -p lkmpg/hello-world
cd !$
vi hello.c
Paste below contents to the editor and save it.
/*
* hello.c - The simplest kernel module.
*/
#include <linux/module.h> /* Needed by all modules */
#include <linux/printk.h> /* Needed for pr_info() */
int init_module(void)
{
pr_info("Hello world 1.\n");
/* A non 0 return means init_module failed; module can't be loaded. */
return 0;
}
void cleanup_module(void)
{
pr_info("Goodbye world 1.\n");
}
MODULE_LICENSE("GPL");
Create a Makefile to compile the code.
vi Makefile
obj-m += hello.o
PWD := $(CURDIR)
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
Now, let’s compile the code and load it.
make
Output:-
make -C /lib/modules/6.2.0-39-generic/build M=/home/ansil/lkmpg/hello-world modules
make[1]: Entering directory '/usr/src/linux-headers-6.2.0-39-generic'
warning: the compiler differs from the one used to build the kernel
The kernel was built by: x86_64-linux-gnu-gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
You are using: gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
CC [M] /home/ansil/lkmpg/hello-world/hello.o
MODPOST /home/ansil/lkmpg/hello-world/Module.symvers
CC [M] /home/ansil/lkmpg/hello-world/hello.mod.o
LD [M] /home/ansil/lkmpg/hello-world/hello.ko
BTF [M] /home/ansil/lkmpg/hello-world/hello.ko
Skipping BTF generation for /home/ansil/lkmpg/hello-world/hello.ko due to unavailability of vmlinux
make[1]: Leaving directory '/usr/src/linux-headers-6.2.0-39-generic'
Load the module
sudo insmod hello.ko
Now execute dmesg command to see the output
sudo dmesg | tail
Output:-
...
[ 3544.575680] Hello world 1.
...
Let’s unload the module and confirm the message again.
- List the loaded module
lsmod | grep hello
- Unload the module
sudo rmmod hello
Now you can execute dmesg command again to verify the message.This time you can see the “Goodbye” message.
...
[ 3544.575680] Hello world 1.
[10666.570524] Goodbye world 1.
...
This covers the part II of the eBPF series. In next one we will write a kernel module to drop a packet.