Skip to content
/ strace Public

Simple demonstration of tracing processes in Go using ptrace and seccomp

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

robertmin1/strace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

strace

Simple demonstration of tracing processes in Go using ptrace and seccomp

Overview

This program allows you to trace syscalls for a specified command, and it integrates seccomp filtering to intercept and trace the connect syscall specifically.

Installation

git clone https://github.com/robertmin1/strace

go mod tidy

Usage

To trace a command and its syscalls, run the following command:

go run main.go <command> [args...]

Where is the command you want to trace, and [args...] are its arguments. For example:

go run main.go wget google.com

Seccomp Filtering

The program sets up a seccomp filter to trace only connect syscalls while allowing all other syscalls to pass through.

PS: The upstream implementation for tracking the entry and exit of syscalls while seccomp is active is not fully implemented.

Using seccomp approach speeds up tracing by avoiding unnecessary syscalls, but is still slow for larger applications. For better performance, I recommend using seccomp's user-space notification mechanism, which is up to three times faster based on personal testing.

I have a PoC in Golang that I’ll write about soon.

About

Simple demonstration of tracing processes in Go using ptrace and seccomp

Topics

golang trace ptrace tracer seccomp strace bfp seccomp-bpf seccomp-notify seccomp-addfd

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Packages

No packages published

Languages