examples: generate types via bpf2go

examples/ringbuffer/main.go

@@ -21,14 +21,6 @@ import (
 // $BPF_CLANG and $BPF_CFLAGS are set by the Makefile.
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc $BPF_CLANG -cflags $BPF_CFLAGS bpf ringbuffer.c -- -I../headers
 
-// An Event represents a ringbuf event sent to userspace from the eBPF program
-// running in the kernel. Note that this must match the C event_t structure,
-// and that both C and Go structs must be aligned same way.
-type Event struct {
-	PID  uint32
-	Comm [80]byte
-}
-
 func main() {
 	// Name of the kernel function to trace.
 	fn := "sys_execve"
@@ -89,13 +81,14 @@ func main() {
 			continue
 		}
 
-		// Parse the ringbuf event entry into an Event structure.
-		var event Event
+		// Parse the ringbuf event entry into an bpfEvent structure, which is
+		// generated by passing "-type event" to bpf2go.
+		var event bpfEvent
 		if err := binary.Read(bytes.NewBuffer(record.RawSample), binary.LittleEndian, &event); err != nil {
 			log.Printf("parsing ringbuf event: %s", err)
 			continue
 		}
 
-		log.Printf("pid: %d\tcomm: %s\n", event.PID, unix.ByteSliceToString(event.Comm[:]))
+		log.Printf("pid: %d\tcomm: %s\n", event.Pid, unix.ByteSliceToString(event.Comm[:]))
 	}
 }

examples/ringbuffer/ringbuffer.c

@@ -1,27 +1,29 @@
 // +build ignore
 
 #include "common.h"
+
 #include "bpf_helpers.h"
 
 char __license[] SEC("license") = "Dual MIT/GPL";
 
-struct event_t {
+struct event {
 	u32 pid;
-	char comm[80];
+	u8 comm[80];
 };
 
 struct {
 	__uint(type, BPF_MAP_TYPE_RINGBUF);
 	__uint(max_entries, 1 << 24);
+	__type(value, struct event);
 } events SEC(".maps");
 
 SEC("kprobe/sys_execve")
 int kprobe_execve(struct pt_regs *ctx) {
-	u64 id = bpf_get_current_pid_tgid();
+	u64 id   = bpf_get_current_pid_tgid();
 	u32 tgid = id >> 32;
-	struct event_t *task_info;
+	struct event *task_info;
 
-	task_info = bpf_ringbuf_reserve(&events, sizeof(struct event_t), 0);
+	task_info = bpf_ringbuf_reserve(&events, sizeof(struct event), 0);
 	if (!task_info) {
 		return 0;
 	}

examples/uretprobe/main.go

@@ -24,14 +24,6 @@ import (
 // $BPF_CLANG and $BPF_CFLAGS are set by the Makefile.
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc $BPF_CLANG -cflags $BPF_CFLAGS bpf uretprobe.c -- -I../headers
 
-// An Event represents a perf event sent to userspace from the eBPF program
-// running in the kernel. Note that this must match the C event_t structure,
-// and that both C and Go structs must be aligned same way.
-type Event struct {
-	PID  uint32
-	Line [80]byte
-}
-
 const (
 	// The path to the ELF binary containing the function to trace.
 	// On some distributions, the 'readline' function is provided by a
@@ -93,7 +85,8 @@ func main() {
 
 	log.Printf("Listening for events..")
 
-	var event Event
+	// bpfEvent is generated by passing "-type event" to bpf2go.
+	var event bpfEvent
 	for {
 		record, err := rd.Read()
 		if err != nil {

examples/uretprobe/uretprobe.c

@@ -1,25 +1,27 @@
 // +build ignore
 
 #include "common.h"
+
 #include "bpf_helpers.h"
 
 char __license[] SEC("license") = "Dual MIT/GPL";
 
-struct event_t {
+struct event {
 	u32 pid;
-	char str[80];
+	u8 line[80];
 };
 
 struct {
 	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+	__type(value, struct event);
 } events SEC(".maps");
 
 SEC("uretprobe/bash_readline")
 int uretprobe_bash_readline(struct pt_regs *ctx) {
-	struct event_t event;
+	struct event event;
 
 	event.pid = bpf_get_current_pid_tgid();
-	bpf_probe_read(&event.str, sizeof(event.str), (void *)PT_REGS_RC(ctx));
+	bpf_probe_read(&event.line, sizeof(event.line), (void *)PT_REGS_RC(ctx));
 
 	bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event, sizeof(event));