GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → trailofbits → ebpfault

trailofbits / ebpfault

Licence: Apache-2.0 license
A BPF-based syscall fault injector

Programming Languages

C++
36643 projects - #6 most used programming language
CMake
9771 projects

Labels

debuggingllvmebpffault-injectionbpf

Projects that are alternatives of or similar to ebpfault

libebpf
Experiemental userspace eBPF library
Stars: ✭ 14 (-78.46%)
Mutual labels:  llvm, ebpf, bpf
ebpfpub
ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.
Stars: ✭ 86 (+32.31%)
Mutual labels:  llvm, ebpf, bpf
Tcpdog
eBPF based TCP observability.
Stars: ✭ 119 (+83.08%)
Mutual labels:  ebpf, bpf
Xdp Project
XDP project collaboration through a git-repo
Stars: ✭ 127 (+95.38%)
Mutual labels:  ebpf, bpf
portablebpf
You came here so you could have a base code to serve you as an example on how to develop a BPF application, compatible to BCC and/or LIBBPF, specially LIBBPF, having the userland part made in C or PYTHON.
Stars: ✭ 32 (-50.77%)
Mutual labels:  ebpf, bpf
Awesome Ebpf
A curated list of awesome projects related to eBPF.
Stars: ✭ 1,102 (+1595.38%)
Mutual labels:  ebpf, bpf
Kubectl Trace
Schedule bpftrace programs on your kubernetes cluster using the kubectl
Stars: ✭ 1,194 (+1736.92%)
Mutual labels:  ebpf, bpf
alon
Remix for Solana.
Stars: ✭ 87 (+33.85%)
Mutual labels:  llvm, bpf
Goebpf
Library to work with eBPF programs from Go
Stars: ✭ 666 (+924.62%)
Mutual labels:  ebpf, bpf
surveyor
A symbolic debugger for C/C++ (via LLVM), machine code, and JVM programs
Stars: ✭ 14 (-78.46%)
Mutual labels:  debugging, llvm
Bpf Map
Generic tool to inspect BPF maps
Stars: ✭ 38 (-41.54%)
Mutual labels:  debugging, bpf
Cilium
eBPF-based Networking, Security, and Observability
Stars: ✭ 10,256 (+15678.46%)
Mutual labels:  ebpf, bpf
Ebpf exporter
Prometheus exporter for custom eBPF metrics
Stars: ✭ 829 (+1175.38%)
Mutual labels:  ebpf, bpf
Libbpf Rs
Minimal and opinionated eBPF tooling for the Rust ecosystem
Stars: ✭ 116 (+78.46%)
Mutual labels:  ebpf, bpf
Tracee
Linux Runtime Security and Forensics using eBPF
Stars: ✭ 788 (+1112.31%)
Mutual labels:  ebpf, bpf
Polycube
eBPF/XDP-based software framework for fast network services running in the Linux kernel.
Stars: ✭ 217 (+233.85%)
Mutual labels:  ebpf, bpf
Bpftrace
High-level tracing language for Linux eBPF
Stars: ✭ 4,526 (+6863.08%)
Mutual labels:  ebpf, bpf
Bpfd
Framework for running BPF programs with rules on Linux as a daemon. Container aware.
Stars: ✭ 396 (+509.23%)
Mutual labels:  ebpf, bpf
Fakepdb
Tool for PDB generation from IDA Pro database
Stars: ✭ 186 (+186.15%)
Mutual labels:  debugging, llvm
Bsodsurvivor
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!
Stars: ✭ 122 (+87.69%)
Mutual labels:  debugging, llvm
View All Similar Projects ➔

ebpfault

This tool is a syscall fault injector built on top of eBPF that has no requirements on the target machine other than a kernel version good enough to support the required features.

Usage

Sample configuration

The configuration supports both integers and errno value names.

{
  "fault_injectors": [
    {
      "syscall_name": "fchmodat",

      "error_list": [
        {
          "exit_code": "-ENOENT",
          "probability": 50
        },

        {
          "exit_code": -100,
          "probability": 30
        }
      ]
    },

    {
      "syscall_name": "openat",

      "error_list": [
        {
          "exit_code": "-ENOENT",
          "probability": 50
        }
      ]
    }
  ]
}

Against a new process

ebpfault --config /path/to/config.json --exec /path/to/program arg1 arg2

Against one or more running processes

ebpfault --config /path/to/config.json --pid_list pid1,pid2,pid3,...

System wide, excluding one or more running processes

ebpfault --config /path/to/config.json --except-pid-list --pid_list pid1,pid2,pid3,...

Building

Prerequisites

  • A recent Clang/LLVM installation (9.0 or better), compiled with BPF support
  • A recent libc++ or stdc++ library, supporting C++17
  • CMake >= 3.21.4. A pre-built binary can be downloaded from the CMake's download page.
  • Linux kernel >= 5.x (tested on Ubuntu 19.10) with the CONFIG_BPF_KPROBE_OVERRIDE option enabled

Building

  1. Download the osquery-toolchain from the following page: https://github.com/osquery/osquery-toolchain
  2. Extract the osquery-toolchain and set the TOOLCHAIN_PATH environment variable to its location
  3. Obtain the source code: git clone --recursive https://github.com/trailofbits/ebpfault
  4. In case the --recursive flag was not provided, run git submodule update --init --recursive
  5. Configure the project: cmake -S ebpfault -B build-ebpfault -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain.cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DEBPFAULT_ENABLE_INSTALL=true
  6. Build the project: cmake --build build-ebpfault
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].