search

florianl / monitoringIPbasedNetworks

This repository provides code examples to the article `Monitoring IP-based networks`.
8 stars 1 forks source link

Installation instructions / requirements to run examples #1

Open els0r opened 5 years ago

els0r commented 5 years ago

First off: great collection of network monitors and good starting point to get people off the ground with writing their own probes.

Can you shed a few words on the base requirements to get the examples running? What I have so far is (assuming debian 9 here):

Doesn't suffice though. Running go build eBPF/trafficControl/main.go yields:

# github.com/iovisor/gobpf/bcc
../../iovisor/gobpf/bcc/module.go:32:28: fatal error: bcc/bcc_common.h: No such file or directory
 #include <bcc/bcc_common.h>
                            ^
compilation terminated.
# github.com/florianl/go-tc
../go-tc/filter.go:36:32: undefined: netlink.Create
../go-tc/filter.go:36:47: undefined: netlink.Excl
../go-tc/qdisc.go:36:32: undefined: netlink.Create
../go-tc/qdisc.go:36:47: undefined: netlink.Excl
../go-tc/qdisc.go:48:32: undefined: netlink.Create
../go-tc/qdisc.go:48:47: undefined: netlink.Replace
../go-tc/qdisc.go:60:32: undefined: netlink.Replace
../go-tc/tc.go:87:11: undefined: netlink.Request
../go-tc/tc.go:87:29: undefined: netlink.Acknowledge
../go-tc/tc.go:118:11: undefined: netlink.Request
../go-tc/tc.go:118:11: too many errors

What's missing? Happy to help putting together a README.

florianl commented 5 years ago

Hi, Thanks for the feedback. go get github.com/florianl/go-tc and go get github.com/iovisor/gobpf will fetch you the needed dependencies.

I'm not sure, if the Linux kernel in debian 9 fullfills the requirements for github.com/iovisor/gobpf. For more details on this, please have a look at https://github.com/iovisor/gobpf#requirements.

florianl commented 5 years ago

At the moment, I'm thinking about to provide a Dockerfile. So everyone then just can run the Docker container and test these proof-of-concepts.

els0r commented 5 years ago

That's a great approach just to make it a bit easier to get started and discover it's usefulness. We have to check whether some of the low-level eBPF functions are feasible to run in a docker container.

This may help as a starting point: https://github.com/andrewkroh/go-ebpf/blob/master/Dockerfile

florianl commented 5 years ago

The tricky part with Docker is the kernel and it's source. All examples in https://github.com/florianl/monitoringIPbasedNetworks/tree/master/eBPF depend indirect via https://github.com/iovisor/gobpf on https://github.com/iovisor/bcc. bcc is needed to "translate" the C code into BPF byte code.

florianl commented 5 years ago

In https://github.com/florianl/monitoringIPbasedNetworks/tree/demo I will try to provide a demo environment for simple testing.