Skip to content

bpftool v7.7

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Mar 01:36
· 6 commits to main since this release
v7.7.0
This tag was signed with the committer’s verified signature.
qmonnet Quentin Monnet
GPG key ID: 59224A6AED728D75
Verified
Learn about vigilant mode.
4222ef1

New features

  • Add support for signing BPF programs before loading them, using a private PEM key and X.509 certificate. This comes at the cost of an additional build dependency to OpenSSL's development library. (6b9405a, 2d37198, 865da8c)
  • Add a new command bpftool token list showing information for each BPF virtual file system mount point containing BPF token information. (91d14c3, 70d7843, 3cfb156, 9a1d7b3, 00ade8b)
  • Add support for instructions array maps (insn_array keyword), and teach the disassembler about indirect jump instructions. (6a7a050, 3db1faa)
  • Support merging multiple module BTF objects with bpftool btf dump file <path1> file <path2> .... (1664891)
  • Add a prepend option for loading tcx programs (bpftool net attach tcx_ingress name tc_prog dev lo prepend) to insert the program at the beginning of the chain. (e22710d)
  • Add support for fsession attach type for cgroup programs. (0f57bca)
  • Improve the error message when dumping a JIT-ed BPF program returns no instructions, to hint at kernel.kptr_restrict that might interfere with the dump. (0b99945)
  • Update the bpftool-prog manual page to mention newer ekfunc bpf_stream_vprintk_impl() rather than the legacy bpf_stream_vprintk(). (640fb7c)

Bug fixes

  • Fix truncated Netlink dumps. (f38edf1)
  • Fix a missing closing parenthesis when dumping BTF and printing an item with unsupported BTF kind. (60f3d88)
  • Fix symbol matching logic for showing multi-kprobe links to account for Control-flow Enforcement Technology (CET) for x86_64 architectures. (43342f4, bdf9e48)

Build fixes

  • Fix dependencies order for static build. (2381434)
  • Make skeleton C++ compatible with explicit casts. (8b1712f)
  • Build, and fix the resulting warnings, with -fms-extensions, to support for anonymous structs or unions. This is required because the kernel now builds with these extensions as well, and may leak anonymous structs or unions into the vmlinux.h BTF header generated and used by bpftool. (829b8a6)
  • Fix uninitialized-const-pointer warnings for clang >= 21. (8ed27e2)

Other internal changes

  • Remove duplicate string.h header inclusion in one source file. (66fec80)

Continuous deployment

  • Publish Docker images to GHCR on new releases. (1cb60a5)

Known bugs

  • Static builds on Ubuntu 24.04 relying on the libbfd-based disassembler may fail, because of missing linker flags to add the zstd and sframe libraries. Workarounds include using the LLVM-based disassembler instead, using no disassembler, using libbfd < 2.40, or manually overwriting all LIBS flags when building bpftool (it's ugly but it works). (#73)

Full Changelog: v7.6.0...v7.7.0

Assets 7
Loading