Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jsturtevant/win-ebpf-demo-go
https://github.com/jsturtevant/win-ebpf-demo-go
Last synced: 12 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/jsturtevant/win-ebpf-demo-go
- Owner: jsturtevant
- License: mit
- Created: 2022-09-23T03:19:13.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-10-01T00:16:47.000Z (over 2 years ago)
- Last Synced: 2024-11-27T13:44:13.858Z (2 months ago)
- Language: Go
- Size: 28.3 KB
- Stars: 3
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
- License: LICENSE
Awesome Lists containing this project
README
# ebpf for windows example
Demo using ebpf from golang to redirect traffic. This is just a proof of concept.
Requires:
- VM that can deploy [Windows Drivers](https://github.com/microsoft/ebpf-for-windows/blob/main/docs/vm-setup.md)
- [eBPF for Windows](https://github.com/microsoft/ebpf-for-windows/blob/main/docs/InstallEbpf.md#method-1-install-a-release) installed
- [Clang 64-bit version 11.0.1](https://github.com/llvm/llvm-project/releases/download/llvmorg-11.0.1/LLVM-11.0.1-win64.exe). Note: clang versions 12 and higher are NOT yet supported. Must be on path.
- [nuget.exe](https://www.nuget.org/downloads) installed
## generate ebpf program
```powershell
#from admin prompt
# make sure services are running
./setup-box.ps1
# gen the ELF file for the ebpf
./gen-ebpf.ps1
```
## run the program
```
go run .
```
## tracing ebpf program
Needs [WDK installed](https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk)
```powershell
#from admin prompt
./trace.ps1
```
## todo
note: not sure why need to comment out `//#include // for size_t` in `eBPF-for-Windows.0.4.0\build\native\include\libbpf\src\libbpf.h` otherwise get duplicate definition with MinGW-w64 gcc compiler for `typedef uint32_t pid_t;`