feat: Improved `bpf_loop` probe

exein-io / pulsar

A modular and blazing fast runtime security tool for the IoT, powered by eBPF.

https://pulsar.sh

Other

888 stars 51 forks source link

feat: Improved `bpf_loop` probe #301

Closed vadorovsky closed 2 months ago

vadorovsky commented 2 months ago

The previously used ASM probe didn't work reliably on new kernels, which were rejecting the program, because of lack of valid function pointer being used as a callback.

Introduce a small C probe which has a minimal, but valid bpf_loop call.

Fixes #300