Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trailofbits/ebpfault

A BPF-based syscall fault injector
https://github.com/trailofbits/ebpfault

bpf debugging ebpf fault-injection llvm

Last synced: 2 months ago
JSON representation

A BPF-based syscall fault injector

Host: GitHub
URL: https://github.com/trailofbits/ebpfault
Owner: trailofbits
License: apache-2.0
Created: 2019-12-20T23:37:02.000Z (about 5 years ago)
Default Branch: main
Last Pushed: 2023-04-12T15:08:14.000Z (almost 2 years ago)
Last Synced: 2024-10-31T01:42:40.516Z (3 months ago)
Topics: bpf, debugging, ebpf, fault-injection, llvm
Language: C++
Homepage: https://www.trailofbits.com/services/security-engineering
Size: 48.8 KB
Stars: 94
Watchers: 36
Forks: 9
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# ebpfault

This tool is a syscall fault injector built on top of eBPF that has no requirements on the target machine other than a kernel version good enough to support the required features.

## Usage

### Sample configuration

The configuration supports both integers and errno value names.

```json
{
"fault_injectors": [
{
"syscall_name": "fchmodat",

"error_list": [
{
"exit_code": "-ENOENT",
"probability": 50
},

{
"exit_code": -100,
"probability": 30
}
]
},

{
"syscall_name": "openat",

"error_list": [
{
"exit_code": "-ENOENT",
"probability": 50
}
]
}
]
}
```

### Against a new process

```
ebpfault --config /path/to/config.json --exec /path/to/program arg1 arg2
```

### Against one or more running processes

```
ebpfault --config /path/to/config.json --pid_list pid1,pid2,pid3,...
```

### System wide, excluding one or more running processes

```
ebpfault --config /path/to/config.json --except-pid-list --pid_list pid1,pid2,pid3,...
```

## Building

### Prerequisites
* A recent Clang/LLVM installation (9.0 or better), compiled with BPF support
* A recent libc++ or stdc++ library, supporting C++17
* CMake >= 3.21.4. A pre-built binary can be downloaded from the [CMake's download page](https://cmake.org/download/).
* :warning: Linux kernel >= 5.x (tested on Ubuntu 19.10) with the `CONFIG_BPF_KPROBE_OVERRIDE` option enabled

### Building

1. Download the osquery-toolchain from the following page: https://github.com/osquery/osquery-toolchain
2. Extract the osquery-toolchain and set the `TOOLCHAIN_PATH` environment variable to its location
3. Obtain the source code: `git clone --recursive https://github.com/trailofbits/ebpfault`
4. In case the `--recursive` flag was not provided, run `git submodule update --init --recursive`
7. Configure the project: `cmake -S ebpfault -B build-ebpfault -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain.cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DEBPFAULT_ENABLE_INSTALL=true`
8. Build the project: `cmake --build build-ebpfault`