Merge pull request #1 from SentinalFS/big-bang-init

Go logger

Author: technoBlogger-2001

.github/workflows/ci.yml

@@ -0,0 +1,63 @@
+name: Release Workflow
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23'
+
+      - name: Install GoReleaser
+        run: go install github.com/goreleaser/goreleaser@latest
+
+      - name: Check version
+        run: |
+          VERSION=$(cat VERSION.txt)
+          echo "version=$VERSION" >> $GITHUB_ENV
+          echo "Version: $VERSION"
+
+      - name: Run build using goreleaser on local
+        run: goreleaser release --snapshot --skip=publish --clean
+
+      - name: Create Tag
+        if: |
+          (github.event_name == 'push' && github.ref == 'refs/heads/main') ||
+          (github.event_name == 'pull_request' &&
+          github.event.action == 'closed' &&
+          github.event.pull_request.merged == true &&
+          github.event.pull_request.base.ref == 'main')
+        run: |
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+          git tag "v${{ env.version }}"
+          git push origin "v${{ env.version }}"
+
+      - name: Run GoReleaser Release
+        if: |
+          (github.event_name == 'push' && github.ref == 'refs/heads/main') ||
+          (github.event_name == 'pull_request' &&
+          github.event.action == 'closed' &&
+          github.event.pull_request.merged == true &&
+          github.event.pull_request.base.ref == 'main')
+        run: |
+          export GORELEASER_CURRENT_TAG="v${{ env.version }}"
+          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+          goreleaser release --clean --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -23,3 +23,6 @@ go.work.sum
 
 # env file
 .env
+
+# build
+dist

.goreleaser.yaml

@@ -0,0 +1,20 @@
+project_name: go-ebpf-logger
+
+builds:
+  - main: ./main.go
+    goos:
+      - linux
+      - darwin
+      - windows
+    goarch:
+      - amd64
+      - arm64
+
+archives:
+  - format: tar.gz
+    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+
+release:
+  github:
+    owner: siddh34
+    name: go-ebpf-logger

Dockerfile.amd64

@@ -0,0 +1,13 @@
+FROM debian:stable-slim
+
+ARG TARGETARCH
+
+WORKDIR /app
+
+COPY dist/go-ebpf-logger_linux_${TARGETARCH}_v1/go-ebpf-logger /app/go-ebpf-logger
+
+COPY monitor.bpf.o /app/monitor.bpf.o
+
+RUN chmod +x /app/go-ebpf-logger
+
+ENTRYPOINT ["/app/go-ebpf-logger"]

Dockerfile.arm64

@@ -0,0 +1,13 @@
+FROM debian:stable-slim
+
+ARG TARGETARCH
+
+WORKDIR /app
+
+COPY dist/go-ebpf-logger_linux_${TARGETARCH}/go-ebpf-logger /app/go-ebpf-logger
+
+COPY monitor.bpf.o /app/monitor.bpf.o
+
+RUN chmod +x /app/go-ebpf-logger
+
+ENTRYPOINT ["/app/go-ebpf-logger"]

README.md

@@ -1 +1,62 @@
-# go-ebpf-logger
+# go-ebpf-logger
+
+The golang code that actually runs the file monitor ebpf code
+
+## Pre-requisite
+
+Install golang, visit [link](https://go.dev/doc/install)
+
+Install goreleaser, visit [link](https://goreleaser.com/install/#aur)
+
+Install gh, visit [link](https://cli.github.com/)
+
+## Screenshots
+
+It works!
+
+![Screenshot showing go-ebpf-logger in action](./docs/assets/working.png)
+
+
+## Run it on Local
+
+Get file monitor binary from the repo
+
+Put the version accordingly here in the below command at `vX.Y.Z`
+
+```sh
+gh release download vX.Y.Z --repo SentinalFS/file-monitor --pattern "monitor.bpf.o"
+```
+
+Run it
+
+```sh
+sudo go run main.go
+```
+
+## Run it on docker
+
+Get file monitor binary from the repo
+
+Put the version accordingly here in the below command at `vX.Y.Z`
+
+```sh
+gh release download vX.Y.Z --repo SentinalFS/file-monitor --pattern "monitor.bpf.o"
+```
+
+Run go releaser on local
+
+```sh
+goreleaser release --snapshot --skip=publish --clean
+```
+
+Build it
+
+```sh
+docker build --build-arg TARGETARCH=amd64 -t go-ebpf-logger -f Dockerfile.amd64 .
+```
+
+Run it
+
+```sh
+sudo docker run --rm -it --privileged  -v /sys/fs/bpf:/sys/fs/bpf:rw go-ebpf-logger
+```

VERSION.txt

@@ -0,0 +1 @@
+0.0.1

bpf/pin_maps.go

@@ -0,0 +1,28 @@
+package bpf
+
+import (
+	"os"
+
+	"github.com/cilium/ebpf"
+
+	"fmt"
+
+	"go-ebp-logger/constants"
+)
+
+func pinMaps(m *ebpf.Map) error {
+	if m != nil {
+		path := "/sys/fs/bpf/" + constants.InodeMapName
+		if err := os.Remove(path); err != nil && !os.IsNotExist(err) {
+			fmt.Printf("Warning: failed to remove existing pin at %s: %v", path, err)
+		}
+		if err := m.Pin(path); err != nil {
+            fmt.Printf("Failed to pin map %s to %s: %v", constants.InodeMapName,path, err)
+        }
+		fmt.Printf("Map %s pinned succesfully", constants.InodeMapName)
+		return nil
+	}
+
+	fmt.Printf("Map %s not found", constants.InodeMapName)
+	return fmt.Errorf("no map was pinned")
+}

bpf/setup.go

@@ -0,0 +1,60 @@
+package bpf
+
+import (
+	"fmt"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/link"
+
+	"go-ebp-logger/constants"
+)
+
+func SetupBPF(bpfObj string) (*ebpf.Map, *ebpf.Map, func()) {
+    spec, err := ebpf.LoadCollectionSpec(bpfObj)
+    if err != nil {
+        fmt.Printf("Failed to load BPF collection spec: %v\n", err)
+    }
+
+    coll, err := ebpf.NewCollection(spec)
+    if err != nil {
+        fmt.Printf("Failed to load BPF collection: %v\n", err)
+    }
+
+    var links []*link.Link
+    for progName, fn := range constants.ProgsToFuncs {
+        prog := coll.Programs[progName]
+        if prog == nil {
+            fmt.Printf("Program '%s' not found\n", progName)
+        }
+        kp, err := link.Kprobe(fn, prog, nil)
+        if err != nil {
+            fmt.Printf("Failed to attach kprobe to %s: %v\n", fn, err)
+        }
+        links = append(links, &kp)
+    }
+
+	monitored_inode_map := coll.Maps["monitored_inodes"]
+	err = pinMaps(monitored_inode_map)
+	if err != nil {
+		panic(err)
+	}
+
+    events := coll.Maps["events"]
+    if events == nil {
+        fmt.Printf("Map 'events' not found\n")
+    }
+
+	renameEvents := coll.Maps["rename_events"]
+	if renameEvents == nil {
+		fmt.Printf("Map 'rename_events' not found\n")
+	}
+
+    cleanup := func() {
+        for _, l := range links {
+            (*l).Close()
+        }
+        coll.Close()
+    }
+
+    return events, renameEvents, cleanup
+}

constants/bpf.go

@@ -0,0 +1,13 @@
+package constants
+
+
+var ProgsToFuncs = map[string]string{
+	"trace_read":   "vfs_read",
+	"trace_write":  "vfs_write",
+	"trace_rename": "vfs_rename",
+	"trace_delete": "vfs_unlink",
+}
+
+var InodeMapName = "monitored_inodes"
+
+var BpfObjName = "monitor.bpf.o"