How to solve 'BPF' object has no attribute 'get_syscall_fnname'?

Dec 31, 2024

Cowrie

Dev @ Bswen

This post will show you how to solve ‘BPF’ object has no attribute ‘get_syscall_fnname’ when run bpf program in linux ?

What is BPF program?

A Linux BPF (Berkeley Packet Filter) program is a type of code that can be executed in the kernel space of the Linux operating system. BPF programs are used for a variety of tasks, including network packet filtering, performance monitoring, and security enforcement. They are highly efficient and can be dynamically loaded into the kernel without the need for recompilation or rebooting.

Problem

When you run a python bpf_program in linux, you run this command:

For example, if our bpf program’s name is example.py:

python example.py

The example.py content is:

example.py

from bcc import BPF

bpf_source = """
#include <uapi/linux/ptrace.h>

int do_sys_execve(struct pt_regs *ctx) {
  char comm[16];
  bpf_get_current_comm(&comm, sizeof(comm));
  bpf_trace_printk("executing program: %s\\n", comm);
  return 0;
}
"""

bpf = BPF(text=bpf_source)
execve_function = bpf.get_syscall_fnname("execve")
bpf.attach_kprobe(event=execve_function, fn_name="do_sys_execve")
bpf.trace_print()

You get this error:

root@launch:~/linux-observability-with-bpf/code/chapter-4/kprobes# python example.py
Traceback (most recent call last):
  File "example.py", line 15, in <module>
    execve_function = bpf.get_syscall_fnname("execve")
AttributeError: 'BPF' object has no attribute 'get_syscall_fnname'

The error AttributeError: 'BPF' object has no attribute 'get_syscall_fnname' indicates that the BPF class from the bcc module does not have a method named get_syscall_fnname.

Environment

You check your os version by this command:

root@launch:~# cat /etc/os-release

NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"

Python version:

Python 2.7.17 (default, Apr 15 2020, 17:20:14)
[GCC 7.5.0] on linux2

Solution: Install the bcc dependencies

According to python bcc documents, you should install the libbcc and python bcc into system.

# add key server
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D4284CDD
# add iovisor to repo
echo "deb https://repo.iovisor.org/apt/bionic bionic main" | sudo tee /etc/apt/sources.list.d/iovisor.list
# update the repo
sudo apt-get update
# install libbcc
sudo apt-get install libbcc
# install python-bcc
sudo apt-get install python-bcc

what is libbcc?

libbcc

libbcc is a library that is part of the BPF Compiler Collection (BCC). BCC is a set of tools and libraries for creating efficient kernel tracing and manipulation programs using BPF (Berkeley Packet Filter). libbcc provides a high-level framework for writing BPF programs in C and Python, and it includes various utilities for loading, compiling, and interacting with BPF programs.

In summary, libbcc is essential for developing and running BPF-based tools and applications on Linux systems.

and what is python-bcc:

python-bcc

python-bcc is a Python binding for the BPF Compiler Collection (BCC). It allows you to write and run BPF programs using Python. python-bcc provides a high-level interface to interact with BPF programs, making it easier to develop and deploy BPF-based tools and applications in Python.

In summary, python-bcc enables Python developers to leverage the power of BPF for tasks such as system tracing, monitoring, and performance analysis on Linux systems.

After all done, you can run the python bpf script again:

root@launch:~/linux-observability-with-bpf/code/chapter-4/kprobes# python example.py
            bash-12522 [001] .... 330817.825407: 0x00000001: executing program: bash

It works!

Final Words + More Resources

My intention with this article was to help others who might be considering solving such problem. So I hope that’s been the case here. If you still have any questions, don’t hesitate to ask me by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

• 👨‍💻 Python bpf library: bcc
• 👨‍💻 bcc Python Developer Tutorial

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Tags:

• python
• sys

How to install wrk on linux system?

How to solve Error assembling WAR webxml attribute is required exception when building spring boot wars