[root@VM-0-4-opencloudos ~]# free -h
total used free shared buff/cache available
Mem: 3.6Gi 801Mi 1.6Gi 11Mi 1.4Gi 2.8Gi
Swap: 1.0Gi 0B 1.0Gi
[root@VM-0-4-opencloudos ~]# dmesg -T | grep -i bpf
[Wed Oct 29 13:20:49 2025] LSM: initializing lsm=capability,yama,selinux,bpf,integrity
[Wed Oct 29 13:20:49 2025] LSM support for eBPF active
[Wed Oct 29 13:20:49 2025] systemd[1]: systemd v255-14.oc9.ap.2 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[Wed Oct 29 13:20:50 2025] systemd[1]: bpf-lsm: LSM BPF program attached
[Wed Oct 29 13:20:54 2025] systemd[1]: systemd v255-14.oc9.ap.2 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[Wed Oct 29 13:20:54 2025] systemd[1]: bpf-lsm: LSM BPF program attached
[root@VM-0-4-opencloudos ~]#
[root@VM-0-4-opencloudos ~]#
[root@VM-0-4-opencloudos ~]# uname -a
Linux VM-0-4-opencloudos 6.6.92-34.1.oc9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 25 21:32:13 CST 2025 x86_64 x86_64 x86_64 GNU/Linux
[root@VM-0-4-opencloudos ~]# cat /proc/sys/net/core/bpf_jit_enable
1
[root@VM-0-4-opencloudos ~]# bpftool prog
-bash: bpftool: command not found
[root@VM-0-4-opencloudos ~]# yum install bpftool
BaseOS 9 - x86_64 47 kB/s | 3.8 kB 00:00
BaseOS 9 - x86_64 3.7 MB/s | 1.2 MB 00:00
AppStream 9 - x86_64 59 kB/s | 3.8 kB 00:00
AppStream 9 - x86_64 24 MB/s | 13 MB 00:00
extras 9 - x86_64 40 kB/s | 3.0 kB 00:00
extras 9 - x86_64 6.2 kB/s | 884 B 00:00
Extra Packages for OpenCloudOS 9 - EPOL 45 kB/s | 3.0 kB 00:00
Extra Packages for OpenCloudOS 9 - EPOL 36 MB/s | 20 MB 00:00
Dependencies resolved.
=====================================================================================================================================================================================================================
Package Architecture Version Repository Size
=====================================================================================================================================================================================================================
Installing:
bpftool x86_64 6.6.104-41.oc9 BaseOS 437 k
Transaction Summary
=====================================================================================================================================================================================================================
Install 1 Package
Total download size: 437 k
Installed size: 673 k
Is this ok [y/N]: y
Downloading Packages:
bpftool-6.6.104-41.oc9.x86_64.rpm 2.0 MB/s | 437 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.0 MB/s | 437 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : bpftool-6.6.104-41.oc9.x86_64 1/1
Running scriptlet: bpftool-6.6.104-41.oc9.x86_64 1/1
Verifying : bpftool-6.6.104-41.oc9.x86_64 1/1
Installed:
bpftool-6.6.104-41.oc9.x86_64
Complete!
[root@VM-0-4-opencloudos ~]# bpftool prog
45: lsm name restrict_filesystems tag 1a17ecfe539f9b82 gpl
loaded_at 2025-10-29T13:20:54+0800 uid 0
xlated 560B jited 300B memlock 4096B map_ids 22
btf_id 70
30394: cgroup_device name sd_devices tag a42d275341448247 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 504B jited 313B memlock 4096B
30395: cgroup_skb name sd_fw_egress tag 6deef7357e7b4530 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 64B jited 58B memlock 4096B
30396: cgroup_skb name sd_fw_ingress tag 6deef7357e7b4530 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 64B jited 58B memlock 4096B
30397: cgroup_skb name sd_fw_egress tag 6deef7357e7b4530 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 64B jited 58B memlock 4096B
30398: cgroup_skb name sd_fw_ingress tag 6deef7357e7b4530 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 64B jited 58B memlock 4096B
30399: cgroup_device name sd_devices tag ee0e253c78993a24 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 416B jited 262B memlock 4096B
30400: cgroup_device name sd_devices tag ee0e253c78993a24 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 416B jited 262B memlock 4096B
30401: cgroup_device name sd_devices tag 6ceaf4d6095cca93 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 744B jited 451B memlock 4096B
30402: cgroup_skb name sd_fw_egress tag 6deef7357e7b4530 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 64B jited 58B memlock 4096B
30403: cgroup_skb name sd_fw_ingress tag 6deef7357e7b4530 gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 64B jited 58B memlock 4096B
30404: cgroup_device name sd_devices tag 2d98dfe29692d43d gpl
loaded_at 2025-11-05T13:57:13+0800 uid 0
xlated 464B jited 292B memlock 4096B
[root@VM-0-4-opencloudos ~]# ethtool -k eth0 | grep xdp
[root@VM-0-4-opencloudos ~]# ls /sys/fs/bpf
[root@VM-0-4-opencloudos ~]#
你的输出说明了一个非常典型的云厂商虚拟机 eBPF 支持状况:
✅ 已确认:你的 VM 完全支持 eBPF(包括 JIT、cgroup-bpf、LSM BPF),并且已经有多个 BPF 程序挂载运行
你看到的 bpftool 输出:
lsm
cgroup_device
cgroup_skb
这些程序 已经在 JIT 编译并运行,说明:
- eBPF JIT 是开启的(否则不会有 jited 字段)
- cgroup-bpf 可用
- LSM BPF 可用
这是完整 eBPF 支持的核心部分。
⚠ XDP 与 /sys/fs/bpf 是 “可选” 能力,不影响是否支持 eBPF
你看到:
ethtool -k eth0 | grep xdp # 空
ls /sys/fs/bpf # 空
很多人误以为这代表不支持,但其实:
❗1. XDP 不支持是因为云厂商虚拟网卡(virtio-net)通常不开 XDP
比如:
- TencentCloud
- Aliyun
- AWS Nitro(部分支持 XDP)
- OpenCloudOS 作为 tencent centos fork
通常用的是 virtio-net / veth
这些网卡若没有实现 XDP feature,就会导致:
ethtool -k eth0 | grep xdp → 空
但这不影响 eBPF 其它能力(TC、cgroup、LSM 都正常)。
这台 VM 本身就已经挂了大量 BPF 程序(见 bpftool)。
❗2. /sys/fs/bpf 为空是因为没有挂载 bpf filesystem
很多系统默认不会自动挂载:
mount -t bpf none /sys/fs/bpf
你可以手动挂载:
mount bpffs /sys/fs/bpf -t bpf
挂载后再看:
ls /sys/fs/bpf
如果你要运行 Cilium、Falco、bpftrace 等,这一步是必须的,但不影响内核是否支持 eBPF。
🧩 你的系统实际情况总结
| 能力 | 状态 | 说明 |
|---|---|---|
| eBPF 基础能力 | ✔ 已启用 | bpftool 显示 JIT 程序已加载 |
| cgroup-bpf | ✔ 已启用 | 多个 cgroup_skb / cgroup_device 程序 |
| LSM BPF | ✔ 已启用 | systemd 自动加载 |
| bpf_jit_enable | ✔(隐含) | 否则不会出现 jited 字段 |
| XDP | ✘ 未开启(网卡不支持) | 云厂商 virtio 设备 |
| bpffs | ✘ 未挂载(可手动挂载) | 不是能力问题,只是未 mount |
| TC BPF | ✔ 能用 | 内核 6.6 + JIT 已支持 |
🎯 结论:这台虚拟机完全支持 eBPF,唯一缺的是网卡不支持 XDP 与未挂 bpffs。
这是云服务器非常典型的情况。
你可以放心使用:
- Cilium eBPF datapath(非 XDP 模式完全没问题)
- Calico eBPF(需要支持 tc,不需要 XDP)
- bpftrace / BCC 工具
- tc-bpf
- cgroup-bpf
- LSM-bpf
