Skip to content

Instantly share code, notes, and snippets.

View cassamajor's full-sized avatar

Steven Cassamajor cassamajor

8 followers · 27 following
View GitHub Profile
@cassamajor
cassamajor / eBPF Kprobes.md
Created March 30, 2025 01:43 — forked from zigelboim-misha/eBPF Kprobes.md
Using tcp_v6_connect to know when a curl with tcp-v6 was executed on k8s

eBPF Kprobes

The goal was to receive eBPF kprobes using ebpf2go.

This will print the following traces when a tcp-v6 packet will arrive or exit:

<...>-70775   [002] d...1 14216.275232: bpf_trace_printk: sys kprobe/tcp_v6_connect exit - 70775
<...>-70775   [002] d...1 14216.275249: bpf_trace_printk: sys kprobe/tcp_v6_connect enter - 70775
<...>-70894   [003] d...1 14231.718191: bpf_trace_printk: sys kprobe/tcp_v6_connect exit - 70894
@cassamajor
cassamajor / README.md
Created October 19, 2024 04:07 — forked from weshouman/README.md
eBPF tips and tricks

The eBPF (Extended Berkeley Packet Filter) language is a low-level assembly-like language that is specifically designed for writing programs that can be loaded into the Linux kernel. These programs are typically used for networking, security, and observability tasks.

eBPF has its own domain-specific language (DSL), following are some information about it.

Characteristics of eBPF DSL:

  1. Low-Level: The language is closer to assembly than to high-level languages like C.

  2. Limited Instructions: eBPF has a limited set of instructions to ensure that programs are safe to run in the kernel space.