{"id":16966445,"url":"https://github.com/graniet/ebpf-utils","last_synced_at":"2025-06-28T17:08:07.759Z","repository":{"id":79196372,"uuid":"512104106","full_name":"graniet/ebpf-utils","owner":"graniet","description":"Example for create, monitor eBPF probe","archived":false,"fork":false,"pushed_at":"2022-07-10T04:53:30.000Z","size":22,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-05T06:29:13.136Z","etag":null,"topics":["bpf","bpftrace","ebpf","ebpf-rust","rust","tracing"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/graniet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-09T05:43:04.000Z","updated_at":"2024-11-09T03:22:57.000Z","dependencies_parsed_at":"2023-03-12T07:18:49.727Z","dependency_job_id":null,"html_url":"https://github.com/graniet/ebpf-utils","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/graniet/ebpf-utils","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graniet%2Febpf-utils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graniet%2Febpf-utils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graniet%2Febpf-utils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graniet%2Febpf-utils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/graniet","download_url":"https://codeload.github.com/graniet/ebpf-utils/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graniet%2Febpf-utils/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262465785,"owners_count":23315641,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpf","bpftrace","ebpf","ebpf-rust","rust","tracing"],"created_at":"2024-10-14T00:05:50.010Z","updated_at":"2025-06-28T17:08:07.754Z","avatar_url":"https://github.com/graniet.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# eBPF utils\r\n\r\n### Generate a  probe :\r\n\r\n```shell\r\n./ebpf-utils generate \"__x64_sys_tgkill\" --kprobe --args \"sys_tgid:%d\" \"sys_pid:%d\" \"sys_signal:%d\" -o /tmp/tgkill.c --prober-name \"prober-tgkill.yaml\"\r\n```    \r\n\r\n```\r\ngenerate kprobe probe : [\"__x64_sys_tgkill\"]\r\nprobers : Prober {\r\n     probe_type: \"kprobe\",\r\n     probe_path: \"/tmp/tgkill.c\",\r\n     probe_init: \"do_probing\",\r\n     arguments: [\r\n         \"sys_tgid:%d\",\r\n         \"sys_pid:%d\",\r\n         \"sys_signal:%d\",\r\n     ],\r\n     map_object: \"ebpf_map_events\",\r\n     map_object_type: \"hashmap\",\r\n     probe_hook: \"__x64_sys_tgkill\",\r\n     }\r\n```\r\n\r\n### Monitor with prober :\r\n\r\n```shell\r\n$ ./ebpf-utils monitor --probes prober-tgkill.yaml\r\n```\r\n\r\n```\r\nloading BPF program /tmp/tgkill.c into BPF VM...\r\nmonitor \u003e all\r\nsource : /tmp/tgkill.c___x64_sys_tgkill\r\n{\r\n    \"sys_tgid\": \"11435\",\r\n    \"sys_pid\": \"11437\",\r\n    \"sys_signal\": \"23\",\r\n    \"comm\": \"test\",\r\n    \"pid\": \"11443\",\r\n}\r\n{\r\n    \"comm\": \"test\",\r\n    \"sys_signal\": \"2\",\r\n    \"sys_pid\": \"11435\",\r\n    \"pid\": \"11435\",\r\n    \"sys_tgid\": \"11435\",\r\n}\r\n```\r\n\r\n### Monitor with multiple probers :\r\n\r\n#### generate a second probe\r\n\r\n```shell\r\n$ ./ebpf-utils generate \"__x64_sys_openat\" --kprobe --args \"sys_f:%d\" \"sys_path:%s@user\" -o /tmp/openat.c --prober-name \"prober-openat.yaml\"\r\n```\r\n\r\n```\r\ngenerate kprobe probe : [\"__x64_sys_openat\"]\r\nprobers : Prober {\r\n    probe_type: \"kprobe\",\r\n    probe_path: \"/tmp/openat.c\",\r\n    probe_init: \"do_probing\",\r\n    arguments: [\r\n        \"sys_f:%d\",\r\n        \"sys_path:%s\",\r\n    ],\r\n    map_object: \"ebpf_map_events\",\r\n    map_object_type: \"hashmap\",\r\n    probe_hook: \"__x64_sys_openat\",\r\n}\r\n```\r\n\r\n```shell\r\n$ ./ebpf-utils monitor --probes prober-tgkill.yaml prober-openat.yaml\r\n```\r\n\r\n```\r\nmonitor \u003e all\r\nsource : /tmp/tgkill.c___x64_sys_tgkill\r\n{\r\n    \"sys_tgid\": \"11727\",\r\n    \"comm\": \"test\",\r\n    \"pid\": \"11728\",\r\n    \"sys_pid\": \"11727\",\r\n    \"sys_signal\": \"23\",\r\n}\r\n{\r\n    \"comm\": \"test\",\r\n    \"sys_signal\": \"2\",\r\n    \"sys_tgid\": \"11727\",\r\n    \"pid\": \"11727\",\r\n    \"sys_pid\": \"11727\",\r\n}\r\nsource : /tmp/openat.c___x64_sys_openat\r\n{\r\n    \"sys_path\": \"/proc/meminfo\",\r\n    \"sys_f\": \"-100\",\r\n    \"pid\": \"1569\",\r\n    \"comm\": \"MemoryPoller\",\r\n}\r\n\r\n```\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraniet%2Febpf-utils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgraniet%2Febpf-utils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraniet%2Febpf-utils/lists"}