eBPF Examples

Kprobe - Attach a program to the entry or exit of an arbitrary kernel symbol (function).
- kprobe - Kprobe using bpf2go.
- kprobepin - Reuse a pinned map for the kprobe example. It assumes the BPF FS is mounted at /sys/fs/bpf.
- kprobe_percpu - Use a BPF_MAP_TYPE_PERCPU_ARRAY map.
- ringbuffer - Use a BPF_MAP_TYPE_RINGBUF map.
Uprobe - Attach a program to the entry or exit of an arbitrary userspace binary symbol (function).
- uretprobe - Uretprobe using bpf2go.
Tracepoint - Attach a program to predetermined kernel tracepoints.
- tracepoint_in_c - Tracepoint using bpf2go.
- tracepoint_in_go - Tracepoint using the ebpf.NewProgram API and Go eBPF assembler.
Add your use case(s) here!

How to run

cd ebpf/examples/
go run -exec sudo [./kprobe, ./uretprobe, ./ringbuffer, ...]

make -C ..

Name		Name	Last commit message	Last commit date
Latest commit History 796 Commits
.github/workflows		.github/workflows
headers		headers
kprobe		kprobe
kprobe_percpu		kprobe_percpu
kprobepin		kprobepin
ringbuffer		ringbuffer
tracepoint_in_c		tracepoint_in_c
tracepoint_in_go		tracepoint_in_go
uretprobe		uretprobe
.DS_Store		.DS_Store
.clang-format		.clang-format
.gitignore		.gitignore
.golangci.yaml		.golangci.yaml
README.md		README.md
go.mod		go.mod
go.sum		go.sum