Commit Graph

6 Commits

Author SHA1 Message Date
8005624fac less fields required for MAP_CREATE 2020-01-19 02:17:14 +01:00
88f1455dd7 Pure go variant of the ebpf API
Instead of using cgo we call the syscall for BPF directly from go.  The
API hasn't changed, however, and we also closely follow the
C-implementation as given in bpf(2).

Not sure if this pure go variant is beneficial.  Manual maintenance of
all constants and structs upon changes of the BPF API would be necessary
and cumbersome.

We would at least need to complement this with auto-generation of
constants and fields from /usr/include/linux/bpf.h.
2020-01-19 02:05:41 +01:00
3672fd455b Added documentation to ebpf.go 2020-01-16 15:36:06 +01:00
a9f0f27ee2 Rough solution for Tasks 1, 2, 3
main.go:

	- reading /proc
	- iteration over entries in NNN/maps
	- filter glob-search for "*python3*" in pathname
	- find symbol and its offset in pathnanme
	- calculate offset in memory
	- add pid and offset to map

	TODO: encapsulating this into a module

ebpf.go:

	- added type MapFD int, changing all function on a FD to methods
	  This allows us to enrich the data type going forward

	- added bpf_update_elem() from the manpage ebpf2.
	  .updateElement() is the verbatim wrapper to it.

	- added .Add/.Change/.Set methods, which call .updateElement
	  with specific flags

	TODO: re-implement ebpf.go with pure go, using direct syscalls.
2020-01-15 19:04:56 +01:00
64f54c622d first steps of exploration 2020-01-15 12:48:36 +01:00
Sean Heelan
3f6517aae2 Initial import 2020-01-14 14:32:06 +00:00