Light

yuuki / go-conntracer-bpf Goto Github PK

View Code? Open in Web Editor NEW

34.0 3.0 2.0 9.15 MB

Go library using eBPF to trace network flow events

License: Apache License 2.0

Dockerfile 0.02% C 98.81% Shell 0.04% Makefile 0.12% Go 0.98% Ruby 0.01%

ebpf libbpf tcp udp go golang kprobe bpf tracing cgo

go-conntracer-bpf's Introduction

go-conntracer-bpf

go-conntracer-bpf is a library for Go for tracing network connection (TCP/UDP) events (connect, accept, sendto, recvfrom) on BPF kprobe inspired by weaveworks/tcptracer-bpf. go-conntracer-bpf is implemented on top of libbpf, which is a representative C library for BPF included Linux kernel.

Features

Low-overhead tracing by aggregating connection events in kernel.
BPF CO-RE (Compile Once – Run Everywhere)-enabled

Prerequisites

Compilation phase

libbpf source code
Clang/LLVM >= 9

Runtime phase

Linux kernel version >= 5.6 (due to batch ops to bpf maps)
Linux kernel to be built with BTF type information. See https://github.com/libbpf/libbpf#bpf-co-re-compile-once--run-everywhere.

Common to both phase

libelf and zlib libraries

Features of Linux kernel included in go-conntracer-bpf

go-conntracer-bpf makes use of some latest features of Linux kernel.

BPF Type Format (BTF) in kernel version 4.18.
Batch API to BPF map (BPF_MAP_UPDATE_BATCH, BPF_MAP_LOOKUP_AND_DELETE_BATCH) in kernel version 5.6.
Ring Buffer in kernel version 5.8 (only a flavor of no-aggregation in kernel).

Usage

godoc

conntop

conntop is a CLI tool to show connection events.

Build conntop

$ make DOCKER=1

Projects using go-conntracer-bpf

yuuki/shawk

go-conntracer-bpf's People

Contributors

Stargazers

Watchers

Forkers

studysamooh boris257

go-conntracer-bpf's Issues

fatal error: conntracer.skel.h: No such file or directory

I am trying to run the example code.
I am pretty new to go, so I initialised my go module with go init capture.com/capture
Then did go get go get github.com/yuuki/go-conntracer-bpf@latest

I have downloaded and installed bpf and clang as well as per given requirements. But when I run the code I get the above mentioned error. Please help.

I can see the file in the installation, however for some reason the include is not working.

can't run it successfully

Hi，After I use git clone ----recursive, I can't run the program successfully
the environment：
ubntu : 21.10
&clang --version
Ubuntu clang version 13.0.0-2
$ llc --version
LLVM (http://llvm.org/):
LLVM version 13.0.0
$ uname -rs
Linux 5.15.3-051503-generic

Then I got this:

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.