[Zeek] Compilation without linux-vdso

Jon Siwek jsiwek at corelight.com
Fri Feb 15 09:17:27 PST 2019


On Thu, Feb 14, 2019 at 7:13 PM Nafisa Mandliwala
<nafisa.mandliwala at gmail.com> wrote:

> I've been trying the get Zeek to work on a platform that does not support linux-vdso.
>
> I see that vdso has 4 syscalls out of which the first 3 are used in the code-
> 1. gettimeofday
> 2. clock_gettime
> 3. time
> 4. getcpu
>
> A few things that I already tried doing-
> 1. For the time being, removing all usages of "gettimeofday" and "clock_gettime"
> 2. Commenting out the following from cmake files and bro-config-
> check_include_files(HAV_SYS_TIME_H)
> check_include_files("time.h;sys/time.h", TIME_WITH_SYS_TIME)
>
> I'm not sure I'm doing everything to replace/remove the occurrences of the syscalls because ldd still shows that the bro execuatble is linking to linux-vdso.so and the LD logs show that symbols for those syscalls are being fetched (segfaults at this point)

Bro shouldn't depend on vDSO directly, it's libc that optionally
depends on vDSO, so I don't think you want to patch the Bro source
code to remove those syscalls -- it's just using standard library
functionality.

I haven't looked much into how to disable vDSO, you can maybe search
that out more on your own if that's really what you need, but I'd
guess there's some kernel/boot option for it.  It also was not clear
why you say the platform doesn't support vDSO, but the kernel goes
ahead and maps/links linux-vdso.so anyway -- seems weird, so you may
have to give more specifics on the particular platform.

- Jon



More information about the Zeek mailing list