https://github.com/marselester/libbpf-tools
Go frontend for libbpf-tools.
https://github.com/marselester/libbpf-tools
bpf libbpf-tools
Last synced: about 1 year ago
JSON representation
Go frontend for libbpf-tools.
- Host: GitHub
- URL: https://github.com/marselester/libbpf-tools
- Owner: marselester
- Created: 2021-05-13T20:04:49.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2021-11-23T18:40:38.000Z (over 4 years ago)
- Last Synced: 2024-06-19T19:48:02.697Z (almost 2 years ago)
- Topics: bpf, libbpf-tools
- Language: C
- Homepage:
- Size: 13.3 MB
- Stars: 13
- Watchers: 2
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Go libbpf-tools
An attempt to implement a Go frontend for
[libbpf-tools](https://github.com/iovisor/bcc/tree/master/libbpf-tools)
narrated in blog posts:
- [BPF: Go frontend for execsnoop](https://marselester.com/bpf-go-frontend-for-execsnoop.html)
- [BPF: Go frontend for tcpconnect](https://marselester.com/bpf-go-frontend-for-tcpconnect.html)
- [BPF Go program in Kubernetes](https://marselester.com/bpf-go-program-in-kubernetes.html)
Start a virtual machine, install Clang and Go.
```sh
$ vagrant up
$ vagrant ssh
$ sudo apt-get update
$ sudo apt-get install clang
$ sudo snap install go --classic
$ uname -nr
ubuntu-groovy 5.8.0-53-generic
$ clang -v
Ubuntu clang version 11.0.0-2
```
Compile C BPF program into BPF bytecode and generate Go files
with [bpf2go](https://github.com/cilium/ebpf/blob/master/cmd/bpf2go/doc.go) tool.
```sh
$ cd /vagrant/
$ BPF_CFLAGS='-D__TARGET_ARCH_x86' go generate ./cmd/tcpconnect/
$ sudo go run ./cmd/tcpconnect -timestamp -print-uid
TIME(s) UID PID COMM IP SADDR DADDR DPORT
0.000 1000 240332 curl 6 ::1 ::1 8000
3.079 1000 240334 curl 4 127.0.0.1 127.0.0.1 8000
```
Note, the headers were copied from the following sources.
```sh
$ git clone git://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/groovy
$ cp ./groovy/tools/lib/bpf/bpf_helpers.h ./headers/bpf
$ cp ./groovy/tools/lib/bpf/bpf_core_read.h ./headers/bpf
$ cp ./groovy/tools/lib/bpf/bpf_tracing.h ./headers/bpf
$ git clone https://github.com/libbpf/libbpf.git
$ cp ./libbpf/src/bpf_helper_defs.h ./headers/bpf
```
`vmlinux.h` was generated as follows.
```sh
$ sudo apt-get install linux-tools-common linux-tools-5.8.0-53-generic
$ bpftool btf dump file /sys/kernel/btf/vmlinux format c > ./headers/vmlinux.h
```