README.md

catp-ebpf

Print the output of a running process (or any of its open fd) like catp does, but using eBPF instead of ptrace.

Prerequisites

1. Install a rust stable toolchain: rustup install stable
2. Install a rust nightly toolchain: rustup install nightly
3. Install bpf-linker: cargo install bpf-linker

Build eBPF

cargo xtask build-ebpf

Build Userspace

cargo build

Run

cargo xtask run -- -p <PID>

Examples