Skip to content
/ ebpf-strace Public

A demonstration to show how to trace syscalls by eBPF

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RinHizakura/ebpf-strace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

144 Commits
.ci
.ci
 
 
.github/workflows
.github/workflows
 
 
bpf
bpf
 
 
scripts
scripts
 
 
src
src
 
 
tests
tests
 
 
utils
utils
 
 
.clang-format
.clang-format
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 

Repository files navigation

ebpf-strace

A tiny tool to trace syscalls by eBPF

WARNING: It could only be run on x86_64 architecture currently

Usage

These dependencies are required to build ebpf-strace.

$ apt install clang llvm libelf1 libelf-dev zlib1g-dev

You will also need bpftool for the generating of vmlinux.h.

$ git clone https://github.com/libbpf/bpftool.git
$ cd bpftool
$ git submodule update --init
$ cd src
$ make
$ sudo make install

After those installation, you should be able to build ebpf-strace now. For example, we can trace which system calls are run during the execution of echo hello with the following command:

$ make
$ sudo target/debug/ebpf-strace echo hello

Note that the result doesn't perfectly match the output of strace because this project is still work in process.

About

A demonstration to show how to trace syscalls by eBPF

Topics

linux syscalls ebpf strace

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages