My eBPF Journey
Dive into "My eBPF Journey," a series that narrates the exploration of eBPF programming, starting from the basics and gradually advancing to more complex applications.
The beginning of my eBPF Journey - Kprobe Adventures with BCC
Embark on a fascinating journey into the realm of eBPF programming through this blog post. We kickstart our exploration with Kprobe, a dynamic tracing tool in the Linux kernel, by delving into a simple 'Hello World' and other experiment using BCC.
IPv4 Socket Surveillance - Tracing using kprobe, kretprobe and maps with BCC
Through a simple app, this post illustrates real-time monitoring of network activities triggered by syscalls, utilizing kprobe, kretprobe, and maps. It highlights the synergy between eBPF and these probing tools, showcasing a practical approach to understanding network operations.
Beyond Observability: Modifying Syscall Behavior with eBPF - My Precious Secret Files
This article dives into a subtle application of eBPF, extending beyond its conventional use for observability to demonstrate its capability to modify system call behavior, showcased through a simple application designed to safeguard our precious files.
Beginner's Guide to XDP: A Journey Through Crafting XDP-Based Firewall with BCC
Step into the world of eBPF/XDP with this beginner's guide. Learn to build a simple SSH firewall, utilizing XDP's capabilities for secure, incoming network traffic management!
Harnessing eBPF and XDP for DDoS Mitigation: A Rust Adventure with rust-aya
DDoS Mitigation with XDP and Rust: Dive into a Rust-based eBPF program for redirecting UDP flood attacks to a honeypot. This hands-on guide demonstrates the potent synergy of XDP and Rust in network security, offering a practical approach to packet manipulation and cybersecurity.
Uprobes Siblings - Capturing HTTPS Traffic: A Rust and eBPF Odyssey
In this engaging blog post, we embark on a journey to create a basic HTTPS sniffer using Rust and eBPF, focusing on the widely used OpenSSL library. Using uprobes for monitoring OpenSSL functions and capturing unencrypted data from SSL/TLS operations.
Fooling Port Scanners: Simulating Open Ports with eBPF and Rust
Dive into the world of network security with this comprehensive guide on using eBPF and Rust to outsmart port scanners. This article explains the TCP three-way handshake, explores the popular Stealth SYN Scan technique, and demonstrates how to implement an eBPF program that simulates open ports.