tutorial.md

Tutorials

Helper Materials

• BCC Python Developer Guide
• BCC Reference Guide

eBPF Tutorial tasks

Excercise 1: Getting Started

1. Try the Python 'Hello World' (Lesson 1) example here
2. Try writing your own eBPF program with the 'sys_sync' (Lesson 2) example here

Excercise 2: Bitehost

1. Try the Python 'bitehist' (Lesson 9) example here
2. Now it's time to try writing your own tool, try the 'disklatency' (Lesson 10) tutorial here

Excercise 3: Disksnoop

1. Try the Python 'disksnoop' (Lesson 6) example here
2. Now modify the program to print which Task/ PID is interacting with the disk

Excercise 4: TCPConnect

1. Try running the tcpv4connect.py script in the tracing folder
2. Make a copy of this program and add functionality to print when a TCP connection is closed (Hint: You can find the available tracing funtions in /sys/kernel/debug/tracing/available_filter_functions)

Excercise 5: DDOS

1. Write a program to detect a DDOS (More than 1000 packets in 1000000ns) coming to port TCP/80 from the "localhost" source-address by attaching a program to a raw socket (attach_raw_socket())

Hints:

• Use the mtr program to test your code: sudo yum install mtr
• Look at the dns_matching.py and dddos.py files

Extra Study

• You can find extra tutorials from Sasha Goldstein here
• You can find extra examples in the Linux Kernel (written in C) here