eBPF with raspberry pi4B

ROM

LineageOS 19 (Android 12L)

编译内核

mkdir -p /root/rpi_kernel 
cd /root/rpi_kernel
git clone https://github.com/lineage-rpi/android_kernel_brcm_rpi -b lineage-19.1
git clone https://github.com/lineage-rpi/proprietary_vendor_brcm -b lineage-19.1
git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9 -b pie-release

cd /root/rpi_kernel/android_kernel_brcm_rpi
# 此commit之后的版本需要高版本的gcc
git reset --hard bf00951438ec0f2e36fa1c32c90b3e43bb58aa92

sed -i  '/CONFIG_EXTRA_FIRMWARE_DIR/s/.*/CONFIG_EXTRA_FIRMWARE_DIR="\/root\/rpi_kernel\/proprietary_vendor_brcm\/rpi4\/proprietary\/vendor\/firmware"/' arch/arm64/configs/lineageos_rpi4_defconfig
sed -i '/CONFIG_IKHEADERS/s/.*/CONFIG_IKHEADERS=y/' arch/arm64/configs/lineageos_rpi4_defconfig


ARCH=arm64 CROSS_COMPILE=/root/rpi_kernel/aarch64-linux-android-4.9/bin/aarch64-linux-androidkernel- make lineageos_rpi4_defconfig
ARCH=arm64 CROSS_COMPILE=/root/rpi_kernel/aarch64-linux-android-4.9/bin/aarch64-linux-androidkernel- make Image dtbs -j2

部署eadb环境

当 Xiaomi 12 遇到 eBPF

https://github.com/tiann/eadb

https://github.com/Magisk-Modules-Repo/ssh

source /data/eadb/run.common
chroot /data/eadb/debian /bin/bash --rcfile '.bashrc'

chmod 1777 /tmp
apt-get install vim zsh git curl tmux
mv ohmyzsh .oh-my-zsh
cp ~/.oh-my-zsh/templates/zshrc.zsh-template ~/.zshrc


# permission denied: /dev/null
rm -f /dev/null; mknod -m 666 /dev/null c 1 3

编译bcc

# scp gaction:/root/rpi_kernel/android_kernel_brcm_rpi/kernel/kheaders_data.tar.xz /tmp
mkdir -p /lib/modules/$(uname -r)/build
cd /lib/modules/$(uname -r)/build
tar xf /tmp/kheaders_data.tar.xz

cd ~
git clone --recursive https://github.com/tiann/bcc.git
cd bcc
mkdir bcc-build
cd bcc-build
cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DKERNEL_INCLUDE_DIRS=/lib/modules/$(uname -r)/build
make
make install

踩坑

出现以下错误的原因是没有执行source /data/eadb/run.common。这条命令主要是mount一些Android的路径到debian中，比如：

mount --bind /proc debian/proc/ > /dev/null
mount --bind /dev debian/dev/ > /dev/null
mount --bind /dev/pts debian/dev/pts > /dev/null

mount --bind /sys debian/sys/ > /dev/null
mount --bind /sys/fs/bpf/ debian/sys/fs/bpf/ > /dev/null
mount --bind /sys/kernel/debug/ debian/sys/kernel/debug/ > /dev/null

mount --bind /sys/kernel/tracing/ debian/sys/kernel/tracing/
#...

错误信息:

➜  ~ opopensnoop
sh: line 1: modprobe: command not found
Unable to find kernel headers. Try rebuilding kernel with CONFIG_IKHEADERS=m (module) or installing the kernel development package for your running kernel version.
chdir(/lib/modules/5.10.140-v8-gbf00951438ec-dirty/build): No such file or directory
Traceback (most recent call last):
  File "/usr/share/bcc/tools//opensnoop", line 261, in <module>
    b = BPF(text='')
  File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 475, in __init__
    raise Exception("Failed to compile BPF module %s" % (src_file or "<text>"))
Exception: Failed to compile BPF module <text>