Coder Social home page Coder Social logo

zhanweiw / ebpfpub Goto Github PK

View Code? Open in Web Editor NEW

This project forked from trailofbits/ebpfpub

0.0 0.0 0.0 254 KB

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.

License: Apache License 2.0

CMake 5.52% C++ 94.48%

ebpfpub's Introduction

ebpfpub

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.
CI Status

Building

Prerequisites

  • A recent libc++ or stdc++ library, supporting C++17
  • CMake >= 3.16.2. A pre-built binary can be downloaded from the CMake's download page.
  • Linux kernel >= 4.18 (Ubuntu 18.10, CentOS 8, Red Hat Enterprise Linux 8).
    • Test for the support: grep BPF /boot/config-`uname -r` and check the output for CONFIG_BPF=y and CONFIG_BPF_SYSCALL=y
  • The package libz-dev, needed during linking.
  • Optional, but highly recommended: download and install the osquery-toolchain (see below).
    • This should work fine on any recent Linux distribution. The binaries generated with this toolchain are portable and can be deployed on any distro >= CentOS 6/Ubuntu 16.04
  • If not using the osquery-toolchain (if building with the system toolchain):
    • Clang and the C++ library must both support C++17. Recent distributions should be compatible (tested on Arch Linux, Ubuntu 19.10 and above).
    • A recent Clang/LLVM installation (8.0 or better), compiled with BPF support.
      • Test for the support: llc --version | grep bpf and check that BPF is listed as a registered target.
      • Please note that LLVM itself must be compiled with libc++ when enabling the EBPF_COMMON_ENABLE_LIBCPP option, since ebfpub will directly link against the LLVM libraries.
    • The packages llvm-devel (for LLVMConfig.cmake files), llvm-static (for additional LLVM libraries), and ncurses-devel (for libtinfo)

Installing the osquery-toolchain

As root:

cd /tmp
wget https://github.com/osquery/osquery-toolchain/releases/download/1.1.0/osquery-toolchain-1.1.0-x86_64.tar.xz 
tar -xf /tmp/ebpfpub/build/osquery-toolchain-1.1.0-x86_64.tar.xz -C /opt

Dependencies (retrieved with git)

Steps to Build

  1. Obtain the source code: git clone --recursive https://github.com/trailofbits/ebpfpub
  2. If you cloned the repo without the --recursive flag, run git submodule update --init --recursive
  3. Enter the source folder: cd ebpfpub
  4. Create and enter the build folder: mkdir build && cd build
  5. Configure the project: cmake -DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo -DEBPF_COMMON_TOOLCHAIN_PATH:PATH=/opt/osquery-toolchain -DEBPFPUB_ENABLE_INSTALL:BOOL=true -DEBPFPUB_ENABLE_EXAMPLES:BOOL=true -DEBPF_COMMON_ENABLE_TESTS:BOOL=true .. (remove -DEBPF_COMMON_TOOLCHAIN_PATH:PATH=/opt/osquery-toolchain if you are building with the system toolchain)
  6. Build the project: cmake --build . -j $(($(nproc) + 1))
  7. Run the tests: cmake --build . --target run-ebpf-common-tests

Building the package

Prerequisites for packaging

  • DEB: dpkg command
  • RPM: rpm command
  • TGZ: tar command

Steps to package

Make sure that the -DEBPFPUB_ENABLE_INSTALL:BOOL=true parameter has been passed at configure time, then run the following commands inside the build folder:

mkdir install
export DESTDIR=`realpath install`

cd build
cmake --build . --target install

Configure the packaging project:

mkdir package
cd package

cmake -DEBPFPUB_INSTALL_PATH:PATH="${DESTDIR}" /path/to/source_folder/package_generator
cmake --build . --target package

ebpfpub's People

Contributors

alessandrogario avatar mike-myers-tob avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.