ebpf blogs

DEMYSTIFYING CONTAINER PROFILING WITH EBPF: A BEGINNER’S GUIDE

Leave a Comment / Blog / By

In the digital realm, two mighty buzzwords often flutter around: Containers and Profiling. Let’s navigate through the jungle of these tech notions, heading towards a tool that’s been gaining traction: eBPF. Imagine our technological operations as a bustling city. Containers are like individual apartments where specific software lives, and profiling is our method to check …

DEMYSTIFYING CONTAINER PROFILING WITH EBPF: A BEGINNER’S GUIDE Read More »

Socket Programming Essentials in C

Leave a Comment / Blog / By

Table of Contents “Socket Programming Essentials in C” is your ultimate guide to gaining the foundational knowledge necessary for proficient network programming. In this blog, we delve into the intricacies of socket programming, exploring key concepts, techniques, and tools essential for building robust network applications using the C programming language sock_common The struct sock_common structure represents a …

Socket Programming Essentials in C Read More »

kretprobe

Leave a Comment / Blog / By

connect() static __always_inline int trace_ret_generic(u32 id, struct pt_regs *ctx, u64 types, u32 scope) { if (skip_syscall()) return 0; sys_context_t context = {}; args_t args = {}; if (ctx == NULL) return 0; if (load_args(id, &args) != 0) return 0; init_context(&context); context.event_id = id; context.argnum = get_arg_num(types); context.retval = PT_REGS_RC(ctx); // skip if No such file/directory …

kretprobe Read More »

Kprobe

Leave a Comment / Blog / By

Read IP Function to extract addrress of the socket using connect() system call func readSockaddrFromBuff(buff io.Reader) (map[string]string, error) { res := make(map[string]string, 3) family, err := readInt16FromBuff(buff) if err != nil { return nil, err } res[“sa_family”] = getSocketDomain(uint32(family)) switch family { case 1: // AF_UNIX /* http://man7.org/linux/man-pages/man7/unix.7.html struct sockaddr_un { sa_family_t sun_family; // AF_UNIX …

Kprobe Read More »

kprobe

Leave a Comment / Blog / By

connect() Table of Contents The connect() system call is a crucial function in Linux that enables processes to establish connections between sockets. By initiating a connection request to a remote host, connect() plays a pivotal role in network communication, allowing programs to connect and exchange data over various types of connections, such as TCP/IP. Understanding the connect() system call is essential …

kprobe Read More »

Tools and libraries

Leave a Comment / Blog / By

Table of Contents Interacting with Linux BPF Ring Buffer using Package ringbuf in libbpfgo Introduction Linux BPF (Berkeley Packet Filter) ring buffer is a powerful mechanism that allows userspace programs to interact with custom events submitted by BPF programs. These events can be essential for tasks such as pushing packet samples from BPF to user …

Tools and libraries Read More »

eBPF Program

Leave a Comment / Blog / By

Table of Contents Writing an eBPF Program Using Ringbuf Map with libbpfgo   In this blog post, we will explore how to write an eBPF (extended Berkeley Packet Filter) program that utilizes a ringbuf map to transfer data. We will also learn how to process the data stored in the ringbuf map using libbpfgo, a …

eBPF Program Read More »

Scroll to Top