{"id":15056977,"url":"https://github.com/zigelboim-misha/kernel-system-enter-write-test","last_synced_at":"2026-01-02T21:03:04.241Z","repository":{"id":226922438,"uuid":"769968006","full_name":"zigelboim-misha/kernel-system-enter-write-test","owner":"zigelboim-misha","description":"Using eBPF to print each a line every time a system enter write event is executed on the kernel","archived":false,"fork":false,"pushed_at":"2024-03-10T15:12:39.000Z","size":2258,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-21T04:28:09.626Z","etag":null,"topics":["clang","dockerfile","ebpf","golang"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zigelboim-misha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-03-10T15:08:04.000Z","updated_at":"2024-03-10T15:11:09.000Z","dependencies_parsed_at":"2024-03-10T16:27:46.936Z","dependency_job_id":null,"html_url":"https://github.com/zigelboim-misha/kernel-system-enter-write-test","commit_stats":null,"previous_names":["zigelboim-misha/kernel-system-enter-write-test"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zigelboim-misha%2Fkernel-system-enter-write-test","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zigelboim-misha%2Fkernel-system-enter-write-test/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zigelboim-misha%2Fkernel-system-enter-write-test/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zigelboim-misha%2Fkernel-system-enter-write-test/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zigelboim-misha","download_url":"https://codeload.github.com/zigelboim-misha/kernel-system-enter-write-test/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243558478,"owners_count":20310574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clang","dockerfile","ebpf","golang"],"created_at":"2024-09-24T21:59:43.728Z","updated_at":"2026-01-02T21:03:04.173Z","avatar_url":"https://github.com/zigelboim-misha.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"In this repository we will compile, build and run our eBPF kernel side script.\n\n## Golang Project\n\nFirst we must initiate a go project:\n\n```shell\ngo mod init ebpf-test\ngo mod tidy\n```\n\n## Generating our Go files from Clang\n\nUsing `go generate` to compile the `.c` file into `.o` and `.go` files.\n\n## Running the eBPF script on the Kernel\n\nBy executing `go generate \u0026\u0026 go build \u0026\u0026 sudo ./ebpf-test` for a couple of seconds and then using `ctrl+c` we wrote some traces into `/sys/kernel/debug/tracing/trace_pipe`.\n\nThey can be viewed by `sudo cat /sys/kernel/debug/tracing/trace_pipe | grep \"BPF triggered sys_enter_write\"`.\n\n## Enabling Tracing\n\nIf your Linux distribution (e.g. Ubuntu) does not have the tracing subsystem enabled by default, you may not see any output. Use the following command to enable this feature:\n\n- `sudo mount -t debugfs none /sys/kernel/debug`\n- `sudo echo 1 \u003e /sys/kernel/debug/tracing/tracing_on`\n\n## Dockerfile\n\nThe Dockerfile contains everything that is needed to compile the `.c` code, build the `.go` files and run it on the kernel:\n\nBuild the image using `docker build -t ebpf2go .`\nRun the Dockerfile using `docker run --privileged -v C:\\Path\\To\\Files:/ebpf ebpf2go:latest`\n\n## MacOS\n\nIn the `dockerfile` there is a need to change the existing `ln` to `ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/asm`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzigelboim-misha%2Fkernel-system-enter-write-test","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzigelboim-misha%2Fkernel-system-enter-write-test","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzigelboim-misha%2Fkernel-system-enter-write-test/lists"}