This repository contains two tasks demonstrating system-level programming using eBPF in Python for system call monitoring and a doubly linked list implementation in C. Both tasks aim to showcase practical skills in working with low-level systems and data structures.
Assessment_task/
├── Task_01/
│ ├── ebpf.py # Python program to trace syscalls using eBPF
│ ├── test.c # C program that triggers syscalls for testing
│
└── Task_02/
└── linked_list.c # C program implementing a doubly linked listThis task involves creating an eBPF program that monitors and logs system calls made by a process whose name is passed as a command-line argument. The program is built using BCC (BPF Compiler Collection) in Python and captures the open and write syscalls for the target process.
- Dynamically monitors system calls (
openandwrite) for any process based on the process name. - Flexible for monitoring multiple processes.
- Real-time logging of syscalls, including details like file access and process IDs.
-
Install Dependencies:
- Install BCC and necessary kernel headers:
sudo apt-get install bpfcc-tools linux-headers-$(uname -r) bpfcc-dev pip3 install bcc
- Install BCC and necessary kernel headers:
-
Compile and Run Test Program:
- Navigate to
Task_01/directory and compiletest.c:gcc -o test test.c ./test <process_name>
- Navigate to
-
Run the Python eBPF Program:
- Execute the Python script, providing the target process name:
sudo python3 ebpf.py <process_name>
- Execute the Python script, providing the target process name:
-
Output:
- The program will log system calls like:
Open syscall invoked by process: <process_name> Opening file: <filename> Process ID: <PID>
- The program will log system calls like:
- BCC: Core library for eBPF programs.
- Python: Used to manage and attach probes for syscall tracing.
- C Standard Library: Used to simulate syscalls in the test program.
- Installing BCC: Various environments (WSL, VMware, dual boot) presented unique challenges in setting up the required kernel dependencies and build tools.
- Kernel Compatibility: Different Linux kernel versions have varying syscall names, which required careful probe attachment.
- Real-time Event Handling: Managing real-time system event streams and ensuring efficient log collection.
This task involves implementing a doubly linked list in C, where each node stores a student's name and ID. The program supports essential operations like insertion, deletion, and sorting of nodes based on the student ID.
- Insertion at the head of the list.
- Display of the list in order.
- Deletion of nodes by student ID.
- Sorting the list by student ID using bubble sort.
-
Compile and Run the Linked List Program:
- Navigate to
Task_02/directory and compile thelinked_list.cfile:gcc -o linked_list linked_list.c ./linked_list
- Navigate to
-
Input Data:
- The program prompts the user to input student details (name and ID) and performs operations like insertion, sorting, and deletion.
-
Output:
- Displays the list before and after sorting, and after removing a specified node by ID.
- C Standard Library: Utilized for file handling, dynamic memory allocation, and I/O operations.
- Memory Management: Ensuring proper memory allocation and deallocation to avoid memory leaks.
- Sorting: Implementing bubble sort for the doubly linked list, ensuring data consistency while swapping node data.
This project demonstrates a blend of system-level programming and fundamental data structure implementation. The eBPF task highlights efficient syscall monitoring, crucial for low-level debugging and tracing. Meanwhile, the doubly linked list task illustrates core data structure operations that are essential in various computing problems.