Clone the repository and run make all to compile and load the eBPF program.
git clone https://github.com/lumbrjx/ebpf-NTA.git
cd ebpf-NTA
make all
Before using the Makefile, ensure you have the following installed on your system:
The Makefile contains the following targets:
Description: Installs the necessary dependencies for building and running the eBPF and user-space programs.
Usage:
make install-deps
Description: Compiles the eBPF program (tc.c) into a binary object file (tc.o).
Usage:
make tc.o
Description: Loads the compiled eBPF program into the kernel using the tc command. This sets up a classifier-action (clsact) qdisc and attaches the eBPF program to the ingress and egress filters on the specified network interface.
Usage:
make load
Description: Views the output of bpf_printk in the kernel trace pipe.
Usage:
make view
Description: Filters the trace_pipe output to show only TCP-related logs.
Usage:
make view-tcp
Description: Filters the trace_pipe output to show only UDP-related logs.
Usage:
make view-udp
Description: Compiles the Go user-space program (tc.go) located in the user_space directory.
Usage:
make build-US
Description: Starts the compiled user-space program (tc_US).
Usage:
make start-US
Description: Cleans up the environment by removing the compiled eBPF object file, the user-space binary, and detaching the eBPF program from the network interface.
Usage:
make clean
Description: Executes all the steps in sequence: installs dependencies, compiles the eBPF program, builds the user-space program, and starts the user-space program.
Usage:
make all
The default network interface used in this Makefile is enp1s0. If your network interface is different, modify the INTERFACE variable in the Makefile. Ensure you have root privileges to execute some of these commands as they interact with the network interface and kernel tracing features.
This project is licensed under the MIT License.