varun-r-mallya/python-bpf
1
0
Fork 0
mirror of https://github.com/varun-r-mallya/Python-BPF.git synced 2026-02-07 21:50:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: Fix quickstart and add alternative compile option

Browse Source
This commit is contained in:
Pragyansh Chaturvedi
2026-01-25 13:23:09 +05:30
parent c6aa1077de
commit 2e95b77ceb
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/getting-started/quickstart.md
View File

@ -68,7 +68,7 @@ from ctypes import c_void_p, c_int64
* `section` - Decorator to specify which kernel event to attach to * `section` - Decorator to specify which kernel event to attach to
* `bpfglobal` - Decorator for BPF global variables * `bpfglobal` - Decorator for BPF global variables
* `BPF` - Class to compile, load, and attach BPF programs * `BPF` - Class to compile, load, and attach BPF programs
* `trace_pipe` - Utility to read kernel trace output * `trace_pipe` - Utility to read kernel trace output (similar to BCC)
* `c_void_p`, `c_int64` - C types for function signatures * `c_void_p`, `c_int64` - C types for function signatures
### The BPF Function ### The BPF Function
@ -84,7 +84,7 @@ def hello_world(ctx: c_void_p) -> c_int64:
* `@bpf` - Marks this function to be compiled to BPF bytecode * `@bpf` - Marks this function to be compiled to BPF bytecode
* `@section("tracepoint/syscalls/sys_enter_execve")` - Attaches to the execve syscall tracepoint (called when processes start) * `@section("tracepoint/syscalls/sys_enter_execve")` - Attaches to the execve syscall tracepoint (called when processes start)
* `ctx: c_void_p` - Context parameter (required for all BPF functions) * `ctx: c_void_p` - Context parameter (required for all BPF functions)
* `print()` - In BPF context, this outputs to the kernel trace buffer * `print()` - the PythonBPF API for `bpf_printk` helper function
* `return 0` - BPF functions must return an integer * `return 0` - BPF functions must return an integer
### License Declaration ### License Declaration
@ -114,6 +114,14 @@ trace_pipe()
* `b.attach_all()` - Attaches all BPF programs to their specified hooks * `b.attach_all()` - Attaches all BPF programs to their specified hooks
* `trace_pipe()` - Reads and displays output from the kernel trace buffer * `trace_pipe()` - Reads and displays output from the kernel trace buffer
Alternatively, you can also use the `compile()` function to compile the BPF code to an object file:
```python
from pythonbpf import compile
```
This object file can then be loaded using any other userspace library in any language.
## Next Example: Tracking Process IDs ## Next Example: Tracking Process IDs
Let's make a more interesting program that tracks which processes are being created: Let's make a more interesting program that tracks which processes are being created: