eBPF for Linux Admins: Part II

Table of Contents
eBPF - This article is part of a series.
Part 2: This Article

You might be wondering, why we have to look at wrting kernel modules. The idea of kernel modules will help you to breakdown some of the key flexbilities in Linux kernel.

Please refer the book The Linux Kernel Module Programming Guide for more info. Its a FREE book.

The Hello world module

This module will print messages to the kernel ring buffer (is special datastructure in kernel) and we can read those message using dmesg command.

Let’s create a directory for our module and start writing our code.

mkdir -p lkmpg/hello-world
cd !$
vi hello.c

Paste below contents to the editor and save it.

 * hello.c - The simplest kernel module. 
#include <linux/module.h> /* Needed by all modules */ 
#include <linux/printk.h> /* Needed for pr_info() */ 
int init_module(void) 
    pr_info("Hello world 1.\n"); 
    /* A non 0 return means init_module failed; module can't be loaded. */ 
    return 0; 

void cleanup_module(void) 
   pr_info("Goodbye world 1.\n"); 

Create a Makefile to compile the code.

vi Makefile
obj-m += hello.o 
    make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules 

    make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

Now, let’s compile the code and load it.



make -C /lib/modules/6.2.0-39-generic/build M=/home/ansil/lkmpg/hello-world  modules 
make[1]: Entering directory '/usr/src/linux-headers-6.2.0-39-generic'
warning: the compiler differs from the one used to build the kernel
  The kernel was built by: x86_64-linux-gnu-gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
  You are using:           gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
  CC [M]  /home/ansil/lkmpg/hello-world/hello.o
  MODPOST /home/ansil/lkmpg/hello-world/Module.symvers
  CC [M]  /home/ansil/lkmpg/hello-world/hello.mod.o
  LD [M]  /home/ansil/lkmpg/hello-world/hello.ko
  BTF [M] /home/ansil/lkmpg/hello-world/hello.ko
Skipping BTF generation for /home/ansil/lkmpg/hello-world/hello.ko due to unavailability of vmlinux
make[1]: Leaving directory '/usr/src/linux-headers-6.2.0-39-generic'

Load the module

sudo insmod hello.ko

Now execute dmesg command to see the output

sudo dmesg | tail


[ 3544.575680] Hello world 1.

Let’s unload the module and confirm the message again.

  • List the loaded module
lsmod | grep hello
  • Unload the module
sudo rmmod hello

Now you can execute dmesg command again to verify the message.This time you can see the “Goodbye” message.

[ 3544.575680] Hello world 1.
[10666.570524] Goodbye world 1.

This covers the part II of the eBPF series. In next one we will write a kernel module to drop a packet.

