Errata

Learning eBPF

Errata for Learning eBPF

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted by Date submitted
PDF Page 26
footnote

Wrong statement: The lower 32 bits are the thread group ID.

Correct statement: The lower 32 bits are the thread ID; higher 32 bits are thread group ID(abbr: TGID).

Comment: The TGID is user-space-flavored PID. It is a great industrial pity that kernel-space-flavored PID has different meaning than user-space-flavored PID.

* Kernel-space PID = user-space TID(thread-ID)
* Kernel-space TGID = user-space PID.

Jimm Chen  May 29, 2024 
PDF Page 48
First paragraph

The following information is summarised under "The JIT-Compiled MachineCode":
"The bytes_jited field shows that after this conversation the program
is 108 bytes long." However output from running the bpftool prog show command on page 46 displays: "bytes_jited": 148. Furthermore, 148 bytes is confirmed later in page 48 with the bullet point "This program has been JIT-compiled, and the compilation resulted in 148 bytes of machine code. I’ll cover this shortly too.". The later reference is confusing as it states the length is 108 bytes.

Alex Harrington  Sep 07, 2023 
Printed Page 53
Detaching the Program

The post-detach "show" output has completely changed (compared to pre-attach). Although I see the concept is about "detach" command, but the flow while reading is confusing and the output is also missing the `btf_id`.

Siva Kollipara  Dec 03, 2023 
PDF Page 70
1st command

$ strace -e bpf,perf_event_open,ioctl,ppoll ./hello-buffer-config.py

When I tried it on x86_64, ppoll was not called, instead poll was called.

I checked the bcc source code and found that it calls poll instead of ppoll, but since there is no poll system call in aarch64, the glibc poll system call wrapper function calls the ppoll system call.
On the other hand, x86_64 has the poll system call, so it is called as is.

Therefore, the above command would be better to
$ strace -e bpf,perf_event_open,ioctl,poll,ppoll ./hello-buffer-config.py

or, by dividing the cases,
$ strace -e bpf,perf_event_open,ioctl,poll ./hello-buffer-config.py # for x86_64
$ strace -e bpf,perf_event_open,ioctl,ppoll ./hello-buffer-config.py # for aarch64

Mitsuru Kariya  Jan 09, 2024 
PDF Page 73
2nd last paragraph

"The user space program uses epoll_pwait() to wait until data is available in the ring buffer."

As with poll/ppoll above, bcc calls epoll_wait instead of epoll_pwait, but since there is no epoll_wait system call in aarch64, the glibc epoll_wait system call wrapper function calls the epoll_pwait system call.
On the other hand, x86_64 has the epoll_wait system call, so it is called as is.

Mitsuru Kariya  Jan 09, 2024 
PDF Page 84
2nd paragraph

To obtain this example output I ran this command while the hello-buffer-config example from Chapter 4 was running.

To obtain this example output I ran this command while the hello-buffer-config.py example from Chapter 4 was running.
(missing .py extension)

Mitsuru Kariya  Jan 09, 2024 
PDF Page 84
3rd last paragraph

... that bpftool shows about hello-buffer-config's program called hello:

... that bpftool shows about hello-buffer-config.py's program called hello:
(missing .py extension)

Mitsuru Kariya  Jan 10, 2024 
PDF Page 94
1st paragraph

These are defined in bpf/bpf_helpers_def.h along with __array, ...

These are defined in bpf/bpf_helpers.h along with __array, ...
(_def not needed)

Mitsuru Kariya  Jan 10, 2024 
PDF Page 99
2nd paragraph

You can do this by setting -D __TARGET_ARCH_($ARCH) where $ARCH is an architecture name like arm64, amd64, and so on.

You can do this by setting -D __TARGET_ARCH_$(ARCH) where $(ARCH) is an architecture name like arm64, x86, and so on.

($(ARCH) instead of ($ARCH), x86 instead of amd64)

Mitsuru Kariya  Jan 10, 2024