Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/simar7/ebpf-stuff
Just a playground of eBPF things.
https://github.com/simar7/ebpf-stuff
ebpf golang
Last synced: about 1 month ago
JSON representation
Just a playground of eBPF things.
- Host: GitHub
- URL: https://github.com/simar7/ebpf-stuff
- Owner: simar7
- Created: 2019-10-21T20:59:55.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-10-22T00:04:03.000Z (over 5 years ago)
- Last Synced: 2024-05-01T20:40:56.093Z (9 months ago)
- Topics: ebpf, golang
- Language: Go
- Size: 1.53 MB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ebpf-stuff
### Introduction
This repo hosts a bunch eBPF programs with a runner `charlie` and catcher `snoopy` written in Go.
A few examples include:
- Running a shell inside a container### How to run?
- Charlie: `make clean all run`
- Snoopy (must be run as root): `sudo -E ./snoopy.bin [options]`### Sample output
- Charlie:
```
$ make run
Hello, eBPF World from within a container!
2019/10/21 23:39:22 writing file with contents: A quick brown fox jumps over the lazy little dog.
2019/10/21 23:39:22 file written to: /charlie-481061718.tmp
2019/10/21 23:39:22 reading file from: /charlie-481061718.tmp
2019/10/21 23:39:22 read file contents: A quick brown fox jumps over the lazy little dog.
2019/10/21 23:39:22 spawning a new shell within the container...
2019/10/21 23:39:22 shell successfully spawned.
```- Snoopy (running in execve mode, scanning for spawn of new shell to a container):
```
$ sudo -E ./snoopy.bin -t -l /bin/sh
TIME(s) PCOMM PID PPID RET ARGS
2.207 sh 16254 16194 0 /bin/sh
```