I'm trying to write a go program that write something in the terminal each time a new network interface is created. To do that I'm using the Go library Cilium ebpf-go (https://github.com/cilium/ebpf). I'm new to ebpf so I need a help. For the moment what I understood is that I have to use a kprobe or fentry program, since I have to attach the ebpf program to a function which not have a defined tracepoint to use. I looked in the linux kernel and I'm pretty sure that I should attach the program to dev_alloc_name or rtnl_create_link but please let me know if I'm wrong. Also, since it's the first time I write something using this library as first thing I tried to take examples from the repository and modify them. I tried with the kprobe one (https://github.com/cilium/ebpf/tree/main/examples/kprobe) and the fentry one (https://github.com/cilium/ebpf/tree/main/examples/fentry) but I'm facing some difficulties to understand how they work.
Track network interfaces with cilium ebpf-go
163 views Asked by Vincenzo Cosi At
1
There are 1 answers
Related Questions in GO
- Go Fiber and HTMX - HX-Trigger header is changed to Hx-Trigger, which is not what HTMX is listening for
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- Handling both JSON and form values in POST request body with unknown values in Golang
- invalid transaction: Transaction failed to sanitize accounts offsets correctly
- Golang lambda upload image into s3 static website
- Is there a way to get a list of selected module versions, but only for modules within the pruned graph?
- Save Interface in DB golang
- ERROR: column "country" is of type text[] but expression is of type record (SQLSTATE 42804)
- Trying to update the version.go file with the release tag from GitHub actions but its failing
- How can I optimize this transposition table for connect 4 AI?
- const declaration - How to evaluate expressions at compile time?
- How add array of authors for unique user in database in Goland IDE?
- Why is the main goroutine not blocked after write in unbuffered channel?
- Insert & Retrieve from a channel in same main function throws "goroutine 1 [chan receive]: main.main() /path exit status 2" error
- Gob error when decoding array of structs: decoding into local type but received remote type
Related Questions in LINUX-KERNEL
- Android kernel error: undefined reference to `get_hw_version_platform'
- Is there a need for BPF Linux namespace?
- Facing fatal errors while running "yum update" command on CentOS 7/Cloudlinux 7
- crash utility itself crashes while decoding kdump generated from null pointer dereference in kernel module
- How to compile the Linux kernel with -O0 for more detailed debug?
- Linux support for parallel Pixel data Image sensor
- Can't upgrade to newest version of linux-image-6.5.0-26-generic
- How to protect a page so that it cannot be write in mips arch?
- How to extract the .img file into normal kernel source file in the linux?
- Storage size of struct hash_desc desc; isn't known
- How can I intercept failed file openning calls?
- struct nameidata-Linux Kernel Module
- How to modify a 'struct msghdr' in Linux Kernel Module?
- How to allocate 500MB+ physically contiguous memory in a Linux kernel module and copy data to that memory from a userspace process?
- Hyper Threading: nosmt in grub configuration
Related Questions in EBPF
- How to monitor the traffic of Android applications uploading images?
- R2 max value is outside of the allowed memory range after explicit bounds checking
- invalid access to map value, value_size=128 off=0 size=0; libbpf: prog 'xdp_parser_func': failed to load: -13
- ebpf not displaying output with tracing_pipe
- ebpf: about the kfuncs call and MAX_BPF_STACK
- Ebpf: Invalid access to map value, with weird compiled code
- Ebpf Kernel Code: permission denied: invalid access to map value
- Invalid access to packet while iterating over packet in eBPF program , with “bpf_trace_printk”
- Where are the "hooks" for BPF functions defined?
- How to iterate vm_area in bpf/bcc program?
- BCC tool execute failed on Android by debianfs
- unknown type name ‘GElf_Nhdr’; did you mean ‘GElf_Shdr’?
- ebpf hook some points, after running for a while. the system is hang ,is kernel bug?
- How do I initialize/reinitialize BPF_MAP_TYPE_PERCPU_HASH entry to zero for all CPUs?
- BPF per CPU array is not zero initialized?
Related Questions in CILIUM
- cilium cluster mesh mTLS support
- Cilium Ingress Controller gRPC Web Stream Kubernetes
- Envoy retry_policy is not working even though the request is routed correctly
- Build Tetragon without docker
- Implications of Different Cilium Configurations on Istio Integration in Kubernetes
- eBPF uprobe Go function argument wrong output
- How does Cilium get Pod info when creating a new Pod for setting up labels for endpoints?
- cilium/ebpf came across a problem with ```PT_REGS_PARM3_CORE``` and ```PT_REGS_PARM3``` function
- Track network interfaces with cilium ebpf-go
- Split http traffic with CiliumNetworkPolicies
- Multi cluster CockroachDB with Cilium Cluster Mesh
- How to debug an eBPF program that uses cilium/ebpf to write a go user program?
- How can I get rid on "Missed tail calls" in Cilium
- CHECKSUM_NONE and TCP checksum calculation
- Attaching an eBPF program to a container cgroup
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Did you consider just using
LinkSubscribefrom the Golang netlink library, as follows?See how Cilium uses it for a more complete examples:
pkg/datapath/loader/netlink.go#L480.