Giters

criblio / scope-ebpf

eBPF capabilities potentially used with AppScope

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

scope-ebpf

example workflow

Contents

scope-ebpf is an eBPF loader.

Contents

  1. Dependencies
  2. Build
  3. Run
  4. AppScope integration

Dependencies

See the Dockerfile to get an idea what packages are required to build scope-ebpf project.

You will need to install the following required packages in the system, to build scope-ebpf from sources on host:

  • build-essential
  • clang
  • golang
  • llvm
  • libbpf-dev
  • linux-tools

Build

Pull a copy of the code with:

git clone https://github.com/criblio/scope-ebpf.git
cd scope-ebpf

Docker

To build the Docker image, run the following command:

make image

Host

To build scope-ebpf directly on the host machine, run the following command:

make all

Run

To run the scope-ebpf loader directly on the host machine, run the following command:

sudo ./bin/scope-ebpf

Docker

To run the scope-ebpf loader from the Docker image, run the following command:

docker run --rm --cap-add SYS_ADMIN -v /sys/kernel/debug:/sys/kernel/debug:ro cribl/scope-ebpf:latest scope-ebpf

AppScope integration

The scope-ebpf can be used with conjuction of AppScope. In the following example, scope-ebpf is responsible for loading the eBPF code that the scope daemon process will read from the eBPF maps.

sudo ./scope-ebpf &
sudo ./scope daemon

About

eBPF capabilities potentially used with AppScope

License:Apache License 2.0

Languages

Language:Go 48.8%Language:C 31.4%Language:Makefile 13.3%Language:Dockerfile 6.6%