ebpf

Socket Programming Essentials in C

Table of Contents “Socket Programming Essentials in C” is your ultimate guide to gaining the foundational knowledge necessary for proficient network programming. In this blog, we delve into the intricacies of socket programming, exploring key concepts, techniques, and tools essential for building robust network applications using the C programming language sock_common The struct sock_common structure represents a …

Socket Programming Essentials in C Read More »

kretprobe

connect() static __always_inline int trace_ret_generic(u32 id, struct pt_regs *ctx, u64 types, u32 scope) { if (skip_syscall()) return 0; sys_context_t context = {}; args_t args = {}; if (ctx == NULL) return 0; if (load_args(id, &args) != 0) return 0; init_context(&context); context.event_id = id; context.argnum = get_arg_num(types); context.retval = PT_REGS_RC(ctx); // skip if No such file/directory …

kretprobe Read More »

Kprobe

Read IP Function to extract addrress of the socket using connect() system call func readSockaddrFromBuff(buff io.Reader) (map[string]string, error) { res := make(map[string]string, 3) family, err := readInt16FromBuff(buff) if err != nil { return nil, err } res[“sa_family”] = getSocketDomain(uint32(family)) switch family { case 1: // AF_UNIX /* http://man7.org/linux/man-pages/man7/unix.7.html struct sockaddr_un { sa_family_t sun_family; // AF_UNIX …

Kprobe Read More »

kprobe

connect() Table of Contents The connect() system call is a crucial function in Linux that enables processes to establish connections between sockets. By initiating a connection request to a remote host, connect() plays a pivotal role in network communication, allowing programs to connect and exchange data over various types of connections, such as TCP/IP. Understanding the connect() system call is essential …

kprobe Read More »

Tools and libraries

Table of Contents Interacting with Linux BPF Ring Buffer using Package ringbuf in libbpfgo Introduction Linux BPF (Berkeley Packet Filter) ring buffer is a powerful mechanism that allows userspace programs to interact with custom events submitted by BPF programs. These events can be essential for tasks such as pushing packet samples from BPF to user …

Tools and libraries Read More »

eBPF Program

Table of Contents Writing an eBPF Program Using Ringbuf Map with libbpfgo   In this blog post, we will explore how to write an eBPF (extended Berkeley Packet Filter) program that utilizes a ringbuf map to transfer data. We will also learn how to process the data stored in the ringbuf map using libbpfgo, a …

eBPF Program Read More »

Repository Structure with ebpf maps

Table of Contents xdp_prog_func The main function in the program is xdp_prog_func, which is the actual XDP hook function. This function is executed whenever a packet passes through the XDP hook. The function first retrieves the data record associated with the XDP_PASS action from the xdp_stats_map using the bpf_map_lookup_elem() function. If the lookup is successful, the function increments …

Repository Structure with ebpf maps Read More »

Scroll to Top