{"id":15294097,"url":"https://github.com/fbac/sklookup-go","last_synced_at":"2025-10-09T18:18:46.094Z","repository":{"id":61624651,"uuid":"538453947","full_name":"fbac/sklookup-go","owner":"fbac","description":"eBPF sk_lookup program as a golang library","archived":false,"fork":false,"pushed_at":"2023-03-29T15:48:00.000Z","size":74977,"stargazers_count":29,"open_issues_count":3,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-13T13:54:31.565Z","etag":null,"topics":["cilium","cilium-ebpf","ebpf","ebpf-programs","golang","kernel","linux","linux-kernel","networking","networking-programmability","socket","socket-programming"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fbac.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-19T10:46:17.000Z","updated_at":"2024-04-14T17:18:22.000Z","dependencies_parsed_at":"2024-06-19T17:53:30.102Z","dependency_job_id":null,"html_url":"https://github.com/fbac/sklookup-go","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/fbac/sklookup-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fsklookup-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fsklookup-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fsklookup-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fsklookup-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fbac","download_url":"https://codeload.github.com/fbac/sklookup-go/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fsklookup-go/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001947,"owners_count":26083226,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cilium","cilium-ebpf","ebpf","ebpf-programs","golang","kernel","linux","linux-kernel","networking","networking-programmability","socket","socket-programming"],"created_at":"2024-09-30T16:57:33.185Z","updated_at":"2025-10-09T18:18:46.071Z","avatar_url":"https://github.com/fbac.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sklookup-go\n\n- [sklookup-go](#sklookup-go)\n  - [What is sk_lookup](#what-is-sk_lookup-wip-section)\n  - [Use cases](#use-cases-wip-section)\n  - [Requirements](#requirements)\n  - [Usage](#usage)\n    - [As golang package](#as-golang-package)\n    - [As cli](#as-cli)\n    - [Tested OS, kernels and libbpf](#tested-os-kernels-and-libbpf)\n      - [Ubuntu 22.04.1 LTS - Jammy](#ubuntu-22041-lts---jammy)\n      - [Fedora release 36 (Thirty Six)](#fedora-release-36-thirty-six)\n  - [To Do](#to-do)\n  - [Demonstration](#demonstration)\n\n## What is sk_lookup\n\nFast introduction to technologies used:\n\n- eBPF\n- BTF\n- bpf2go\n- sk_lookup \u003chttps://www.kernel.org/doc/html/latest/bpf/prog_sk_lookup.html\u003e\n\n## Use cases\n\n- Attaching ports to an already running service\n- Serving applications from multiple ports while binding only to one\n- Ideal solution for proxies\n- Rule of cool: why not use eBPF when it's just simply so cool?\n\n## Requirements\n\n- golang 1.18\n- libbpf\n- libbpf-dev\n\n## Usage\n\n### As golang package\n\n- Additional ports can be attached to a specific pid, when the caller and target processes are not the same.\n\n```go\nimport \"github.com/fbac/sklookup-go/pkg/ebpf\"\n\nfunc main() {\n name := \"AppName\"\n pid := 165929\n ports := []uint16{222, 2222, 1111, 7878}\n loglevel := \"debug\"\n\n ebpf.NewExternalDispatcher(name, pid, ports, loglevel).InitializeDispatcher()\n}\n```\n\n- Or by attaching a file descriptor, when the caller and target processes are the same.\n  \n```go\nimport \"github.com/fbac/sklookup-go/pkg/ebpf\"\n\nfunc main() {\n // Resolve and listen to and create a listener into some address\n addr, err := net.ResolveTCPAddr(\"tcp\", fmt.Sprintf(\"%v\", \":443\"))\n if err != nil {\n  log.Fatalln(err)\n }\n\n listener, err := net.ListenTCP(\"tcp\", addr)\n if err != nil {\n  log.Fatalln(err)\n }\n defer listener.Close()\n\n // Get listener's file descriptor by retrieving it as a file\n f, _ := listener.File()\n defer f.Close()\n\n name := \"AppName\"\n fd := f.Fd() // Pass the fd into eBPF dispatcher\n ports := []uint16{1025, 1026, 1027, 1028}\n loglevel := \"debug\"\n\n ebpf.NewInternalDispatcher(name, fd, ports, loglevel).InitializeDispatcher()\n}\n```\n\n### As cli\n\n- Build\n\n```bash\nmake build-cli\n```\n\n- Usage options\n  - Note that `sk` must be run as root, since it requires loading eBPF programs and maps into kernel memory. Otherwise your system should allow unprivileged eBPF code, and that's not secure and not a scope of this project.\n\n```bash\n$ sudo bin/sk start -h\n\nStart targets a PID, and steer all the connections from the provided additional ports to the socket where it's listening\n\nUsage:\n  sk start [flags]\n\nFlags:\n  -h, --help              help for start\n  -l, --loglevel string   Log-level to run the app. Available: info, debug, panic. (default \"info\")\n  -n, --name string       Descriptive name for the application (default \"sk_lookup\")\n      --pid int           Target process PID (default -1)\n  -p, --ports uints       Additional ports (default [])\n  -t, --toggle            Help message for toggle\n```\n\n### Tested OS, kernels and libbpf\n\nThe proxy has been tested in the following OS, with the respective kernel and bpf tools versions.\n\nAlso, it's **required** to run it as **root** user.\n\nThe system must be able to run BPF programs.\n\n#### Ubuntu 22.04.1 LTS - Jammy\n\n- Kernel `5.15.0-47-generic`\n\n- golang 1.18\n\n- BPF packages:\n\n```bash\nbinutils-bpf/jammy 2.38-2ubuntu1+3 amd64\nbpftrace/jammy 0.14.0-1 amd64\nlibbpf-dev/jammy 1:0.5.0-1 amd64\nlibbpf0/jammy,now 1:0.5.0-1 amd64 [installed,automatic]\n```\n\n#### Fedora release 36 (Thirty Six)\n\n- Kernel `5.18.17-200.fc36.x86_64`\n- golang 1.18\n- BPF packages:\n\n```bash\nlibbpf-0.7.0-3.fc36.x86_64\nlibbpf-devel-0.7.0-3.fc36.x86_64\nbpftrace-0.14.1-1.fc36.x86_64\nbpftool-5.19.4-200.fc36.x86_64\n```\n\n## To Do\n\n- Use os.Env and/or viper to supply parameters\n- Finish README.md\n\n## Demonstration\n\nLet's add additional ports to an old good sshd server\n\nSaid sshd server is running inside a virtual machine.\n\n- Scanning open ports\n\n```bash\n# nmap -sT -p 1-10000 192.168.122.172\n\nStarting Nmap 7.92 ( https://nmap.org ) at 2022-09-19 16:21 CEST\nNmap scan report for 192.168.122.172\nHost is up (0.00020s latency).\nNot shown: 9999 closed tcp ports (conn-refused)\nPORT   STATE SERVICE\n22/tcp open  ssh\nMAC Address: 52:54:00:74:4B:83 (QEMU virtual NIC)\n\nNmap done: 1 IP address (1 host up) scanned in 0.66 seconds\n```\n\n- Build `sk` and copy into the vm\n\n```bash\n$ make build-cli\n\n# sklook build started\nmkdir -p bin\ngo build -o bin/sk .\n\n$ scp bin/sk root@192.168.122.172:/tmp\nsk 100% 5709KB  17.6MB/s   00:00 \n```\n\n- Login into the vm and get sshd PID\n\n```bash\n$ pidof sshd\n627\n```\n\n- Run `sk` against the target PID and with as many as additional ports as needed. (max ports 1024)\n\n```bash\nroot@vm:~# /tmp/sk start --pid 627 --ports 2,22,222,1111,1010,9999 --name sshd-vm --loglevel debug \u0026\n[1] 2109\n\nroot@vm:~# {\"level\":\"info\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"eBPF dispatcher with name sshd-vm initializing\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"Prog SkLookup(sk_dispatch)#6 is pinned: true\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"Map SockMap(target_socket)#5 is pinned: true\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"Map Hash(add_ports)#4 is pinned: true\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"listener FD: 7\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"adding port: 2\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"adding port: 22\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"adding port: 222\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"adding port: 1111\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"adding port: 1010\"}\n{\"level\":\"debug\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"adding port: 9999\"}\n{\"level\":\"info\",\"time\":\"2022-09-19T14:27:40Z\",\"message\":\"eBPF dispatcher sshd-vm initialized. Dispatching traffic from ports [2 22 222 1111 1010 9999] to original pid 627\"}\n```\n\n- From your host, scan again the vm open ports\n\n```bash\n[root@hyperion ~]# nmap -sT -p 1-10000 192.168.122.172\nStarting Nmap 7.92 ( https://nmap.org ) at 2022-09-19 16:29 CEST\nNmap scan report for 192.168.122.172\nHost is up (0.00019s latency).\nNot shown: 9994 closed tcp ports (conn-refused)\nPORT     STATE SERVICE\n2/tcp    open  compressnet\n22/tcp   open  ssh\n222/tcp  open  rsh-spx\n1010/tcp open  surf\n1111/tcp open  lmsocialserver\n9999/tcp open  abyss\nMAC Address: 52:54:00:74:4B:83 (QEMU virtual NIC)\n\nNmap done: 1 IP address (1 host up) scanned in 0.49 seconds\n```\n\n- Try to connect to any of them\n\n```bash\n[root@localhost ~]# ssh root@192.168.122.172 -p 9999\n\nThe authenticity of host '[192.168.122.172]:9999 ([192.168.122.172]:9999)' can't be established.\nED25519 key fingerprint is SHA256:MsHOzsCjHKvahbf45QnFgxpEaIF7mdhCWGiKOs8vPns.\nThis key is not known by any other names\nAre you sure you want to continue connecting (yes/no/[fingerprint])?\n```\n\n- In the vm, the pinned eBPF program and maps are pinned in a bpf filesystem\n\n```bash\nroot@proxy-last:~# ls -l //sys/fs/bpf/\ntotal 0\n-rw------- 1 root root 0 Sep 19 14:27 dispatch_link-sshd-vm\n-rw------- 1 root root 0 Sep 19 14:27 dispatch_prog-sshd-vm\n-rw------- 1 root root 0 Sep 19 14:27 port-sshd-vm\n-rw------- 1 root root 0 Sep 19 14:27 sock-sshd-vm\n```\n\n- Also, the eBPF program and maps can be debugged as usual using `bpftool`\n\n```bash\n[root@localhost ~]#  bpftool prog show pinned /sys/fs/bpf/dispatch_prog-sshd-vm\n\n201: sk_lookup  name sk_dispatch  tag da043673afd29081  gpl\n loaded_at 2022-09-19T16:34:02+0200  uid 0\n xlated 272B  jited 156B  memlock 4096B  map_ids 270,271\n btf_id 380\n pids sk(423122)\n```\n\n- Check pinned maps by id (or by path)\n\n```bash\n[root@localhost ~]# bpftool map show id 271\n\n271: sockmap  name target_socket  flags 0x0\n key 4B  value 8B  max_entries 1  memlock 4096B\n pids sk(423122)\n```\n\n- Check map contents\n\n```bash\n[root@hyperion ~]#  bpftool map dump pinned /sys/fs/bpf/sock-sshd-vm \nkey: 00 00 00 00  value: 04 20 00 00 00 00 00 00\nFound 1 element\n```\n\n```bash\n[root@hyperion ~]#  bpftool map dump pinned /sys/fs/bpf/port-sshd-vm $\n[{\n        \"key\": 1010,\n        \"value\": 0\n    },{\n        \"key\": 9999,\n        \"value\": 0\n    },{\n        \"key\": 22,\n        \"value\": 0\n    },{\n        \"key\": 1111,\n        \"value\": 0\n    },{\n        \"key\": 222,\n        \"value\": 0\n    },{\n        \"key\": 2,\n        \"value\": 0\n    }\n}]\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffbac%2Fsklookup-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffbac%2Fsklookup-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffbac%2Fsklookup-go/lists"}