-
ebpf
ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
The Kernel side is written in C or Rust (We'll be using C), and is compiled into the eBPF byte code format that is verified and JIT-compiled in the kernel. I'll be writing the XDP application with a User-Space controller written in Go. I should mention that writing complex eBPF programs requires much more context than what we'll be doing today. There is a lot to know about eBPF and XDP. We will barely scratch the surface. All the code for this project can be found in here.
ebpf-go by Cilium which is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
gobpf by iovisor which provides go bindings for the bcc framework as well as low-level routines to load and use eBPF programs from .elf files.
libbpfgo by aquasecurity which is built around libbpf - the standard library for interacting with eBPF programs
goebpf by Dropbox - A nice and convenient way to work with eBPF programs / perf events from Go.
Related posts
-
Memory Tracing
-
How do I intercept executed commands in user space?
-
Debian 10 - Potentially infected by Hajime Threat
-
#Tracee: Seguridad y análisis forense en tiempo de ejecución con eBPF 🛡
-
aquasecurity/tracee - Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns