Skip to content

Instantly share code, notes, and snippets.

View zigelboim-misha's full-sized avatar

Zigelboim Misha zigelboim-misha

1 follower · 5 following
View GitHub Profile
@zigelboim-misha
zigelboim-misha / eBPF Kprobes.md
Last active March 17, 2024 12:55
Using tcp_v6_connect to know when a curl with tcp-v6 was executed on k8s

eBPF Kprobes

The goal was to receive eBPF kprobes using ebpf2go.

This will print the following traces when a tcp-v6 packet will arrive or exit:

<...>-70775   [002] d...1 14216.275232: bpf_trace_printk: sys kprobe/tcp_v6_connect exit - 70775
<...>-70775   [002] d...1 14216.275249: bpf_trace_printk: sys kprobe/tcp_v6_connect enter - 70775
<...>-70894   [003] d...1 14231.718191: bpf_trace_printk: sys kprobe/tcp_v6_connect exit - 70894
@zigelboim-misha
zigelboim-misha / Docker_Engine_Config.json
Last active March 11, 2024 12:48
Changing the default MTU on a MacOS Docker Desktop to allow Linking XDP eBPF programs
{
"mtu": 1500
}
@zigelboim-misha
zigelboim-misha / Dockerfile
Last active March 10, 2024 14:54
eBPF Kernel Side - Using eBPF to Go
FROM golang:1.22.1
RUN apt update && \
apt upgrade && apt install -y wget clang llvm libbpf-dev curl git make sudo build-essential && \
ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/asm
ENTRYPOINT [ "tail", "-f", "/dev/null" ]
@zigelboim-misha
zigelboim-misha / Dockerfile
Last active March 10, 2024 12:40
eBPF Kernel Side - Print all System Write Events
FROM ubuntu:22.04
RUN apt update && apt upgrade && apt install -y wget clang llvm curl
RUN wget https://aka.pw/bpf-ecli -O ecli && chmod +x ./ecli
RUN wget https://github.com/eunomia-bpf/eunomia-bpf/releases/latest/download/ecc && chmod +x ./ecc
ENTRYPOINT [ "tail", "-f", "/dev/null" ]