cleanup and rename

examples/binops_demo.py

@@ -6,8 +6,8 @@ from ctypes import c_void_p, c_int64, c_uint64
 
 # Instructions to how to run this program
 # 1. Install PythonBPF: pip install pythonbpf
-# 2. Run the program: python demo/pybpf3.py
-# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf3.o
+# 2. Run the program: python examples/binops_demo.py
+# 3. Run the program with sudo: sudo tools/check.sh run examples/binops_demo.py
 # 4. Start up any program and watch the output
 
 @bpf

examples/clone_plot.py

@@ -12,7 +12,7 @@ import matplotlib.pyplot as plt
 # and then plots the distribution as a histogram using matplotlib.
 # It provides a quick view of process creation activity over 10 seconds.
 # Everything is done with Python only code and with the new pylibbpf library.
-# Run `sudo /path/to/python/binary/ pybpf4.py`
+# Run `sudo /path/to/python/binary/ clone_plot.py`
 
 @bpf
 @map

examples/execve2.py

@@ -1,35 +0,0 @@
-from pythonbpf.decorators import bpf, map, section, bpfglobal
-from ctypes import c_void_p, c_int64, c_int32, c_uint64
-from pythonbpf.helpers import ktime
-from pythonbpf.maps import HashMap
-
-
-@bpf
-@map
-def last() -> HashMap:
-    return HashMap(key=c_uint64, value=c_uint64, max_entries=1)
-
-
-@bpf
-@section("tracepoint/syscalls/sys_enter_execve")
-def hello(ctx: c_void_p) -> c_int32:
-    print("entered")
-    print("multi constant support")
-    return c_int32(0)
-
-
-@bpf
-@section("tracepoint/syscalls/sys_exit_execve")
-def hello_again(ctx: c_void_p) -> c_int64:
-    print("exited")
-    key = 0
-    tsp = last().lookup(key)
-    print(tsp)
-    ts = ktime()
-    return c_int64(0)
-
-
-@bpf
-@bpfglobal
-def LICENSE() -> str:
-    return "GPL"

examples/execve3.py

@@ -1,45 +0,0 @@
-from pythonbpf import bpf, map, section, bpfglobal, compile
-from pythonbpf.helpers import ktime, deref
-from pythonbpf.maps import HashMap
-
-from ctypes import c_void_p, c_int64, c_int32, c_uint64
-
-
-@bpf
-@map
-def last() -> HashMap:
-    return HashMap(key=c_uint64, value=c_uint64, max_entries=3)
-
-@bpf
-@section("tracepoint/syscalls/sys_exit_execve")
-def hello_again(ctx: c_void_p) -> c_int64:
-    print("multi constant support")
-    print("exited")
-    key = 0
-    delta = 0
-    dddelta = 0
-    tsp = last().lookup(key)
-    if True:
-        delta = ktime()
-        ddelta = deref(delta)
-        ttsp = deref(deref(tsp))
-        dddelta = ddelta - ttsp
-        if dddelta < 1000000000:
-            print("execve called within last second")
-        last().delete(key)
-    ts = ktime()
-    last().update(key, ts)
-
-    va = 8
-    nm = 5 + va
-    al = 6 & 3
-    print(f"this is a variable {nm}")
-
-    return c_int64(0)
-
-@bpf
-@bpfglobal
-def LICENSE() -> str:
-    return "GPL"
-
-compile()

examples/hello_world.py

@@ -1,11 +1,9 @@
-from pythonbpf import bpf, section, bpfglobal, compile
-
+from pythonbpf import bpf, section, bpfglobal, compile, BPF
 from ctypes import c_void_p, c_int64
 
 # Instructions to how to run this program
 # 1. Install PythonBPF: pip install pythonbpf
-# 2. Run the program: python demo/pybpf0.py
-# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf0.o
+# 2. Run the program: sudo python examples/hello_world.py
 # 4. Start up any program and watch the output
 
 
@@ -20,4 +18,11 @@ def hello_world(ctx: c_void_p) -> c_int64:
 def LICENSE() -> str:
     return "GPL"
 
-compile()
+b = BPF()
+b.load_and_attach()
+if b.is_loaded() and b.is_attached():
+    print("Successfully loaded and attached")
+else:
+    print("Could not load successfully")
+
+# Now cat /sys/kernel/debug/tracing/trace_pipe to see results of the execve syscall.

examples/sys_sync.py

@@ -6,8 +6,8 @@ from ctypes import c_void_p, c_int64, c_uint64
 
 # Instructions to how to run this program
 # 1. Install PythonBPF: pip install pythonbpf
-# 2. Run the program: python demo/pybpf2.py
-# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf2.o
+# 2. Run the program: python examples/sys_sync.py
+# 3. Run the program with sudo: sudo tools/check.sh run examples/sys_sync.o
 # 4. Start a Python repl and `import os` and then keep entering `os.sync()` to see reponses.
 
 @bpf

examples/xdp_pass.py

@@ -6,9 +6,9 @@ from ctypes import c_void_p, c_int64
 
 # Instructions to how to run this program
 # 1. Install PythonBPF: pip install pythonbpf
-# 2. Run the program: python demo/pybpf1.py
-# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf1.o
-# 4. Attach object file to any network device with something like ./check.sh xdp ../demo/pybpf1.o tailscale0
+# 2. Run the program: python examples/xdp_pass.py
+# 3. Run the program with sudo: sudo tools/check.sh run examples/xdp_pass.o
+# 4. Attach object file to any network device with something like ./check.sh xdp examples/xdp_pass.o tailscale0
 # 5. send traffic through the device and observe effects
 
 @bpf

tools/compile.py

@@ -1,20 +0,0 @@
-#!/usr/bin/env python3
-import argparse, subprocess, os
-from pythonbpf import codegen
-
-def main():
-    parser = argparse.ArgumentParser()
-    parser.add_argument("source", help="Python BPF program")
-    args = parser.parse_args()
-
-    ll_file = os.path.splitext(args.source)[0] + ".ll"
-    o_file = os.path.splitext(args.source)[0] + ".o"
-
-    print(f"[+] Compiling {args.source} → {ll_file}")
-    codegen.compile_to_ir(args.source, ll_file)
-
-    print("[+] Running llc -march=bpf")
-    subprocess.run(["llc", "-march=bpf", "-filetype=obj", "-O2", ll_file, "-o", o_file], check=True)
-
-if __name__ == "__main__":
-    main()