Giters

ugwis / ebpf-http-parser

Parse HTTP(S) requests by eBPF hooks without APM

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cilium-ebpfebpf

eBPF HTTP Parser

Installation (self-build)

requirements

  • LLVM Clang 9
  • Go runtime
$ make
$ ./parser

https://github.com/cilium/ebpf/blob/0d439865ca157accbc60cc6f3cbeb028fa7901cb/testdata/docker/Dockerfile The Dockerfile of cilium/ebpf will be a reference for building environment.

Supported hooks

  • HTTP with sys_send() / sys_recv()
  • HTTP with sys_sendto() / sys_recvfrom()
  • HTTP with sys_write() / sys_read()

Unsupported hooks (ToDo)

  • HTTPS with Golang net/http Library
  • HTTPS with OpenSSL
  • HTTPS with LibreSSL
  • HTTPS with GnuSSL
  • HTTPS with BoringSSL
  • HTTP/2 with nghttp2

About

Parse HTTP(S) requests by eBPF hooks without APM

cilium-ebpfebpf

License:Apache License 2.0

Languages

Language:C 57.5%Language:Go 41.5%Language:Makefile 1.0%