So I have llvm, kernel headers(5.14.1), clang, and also libbpf along with that I copied bpf_helpers.h in ebpf program directory from linux source. This is a simple program that I like to get it loaded and run when execve system get called from any program

#include <errno.h>
#include <stdio.h>
#include <string.h>
#include "bpf_helpers.h" // some helpers not found, why is that?

#define SEC(NAME) __attribute__((section(NAME), used))

SEC("kprobe/execve")
int bpf_prog1(struct pt_regs *ctx)
{
        char m[]="hello world";
        bpf_trace_printk(m,sizeof(m));
        
        return 0;
}

char _license[] SEC("license") = "GPL"; 

Really a simple program,

I compiled the program with clang but when I do llvm-objdump -S ./one.o but it gives message that unrecognized format,

so If my llvm is not understanding my .o file I like to know what that means. can I ignore this warning of llvm-objdum and move on to load the .o file using ebpf loader program, or is the way i created .o file and compiled with clang is wrong so in that case can some one tell how to create ebpf program from ebpf .c file and load it using loader program.

CodePudding user response：

If you run on Ubuntu and you installed libbpf-dev, you should be able to include libbpf headers like this:

#include <bpf/bpf_helpers.h>

and (in a loader program):

#include <bpf/libbpf.h>

As for llvm-objdump complaining, it may depend on the command that you are using to compile. Are you passing the -t bpf target? What command do you use exactly?