This repository contains a set of tools that use the results of the analysis of a pcap file to interact with BPF programs using a wrapper to the libbpf library and the libcuckoo library.
Before using the tools, you need to compile the shared libraries that will be loaded at runtime by the Python scripts.
To do so, go inside the libcuckoo-bpf folder and run the following commands:
$ git submodule update --init --recursive
$ make -C src allThis script is used to interact with the BPF program that uses the libcuckoo library.
Inside the python script, you can instantiate the Libcuckoo class that will load the shared library and will allow you to interact with the BPF program.
import libcuckoo
cuckoo_api = libcuckoo.Libcuckoo(libcuckoo_path, libbpf_path)The libcuckoo_path and libbpf_path parameters are the paths to the shared libraries that you compiled before.
The test-flow.py script contains an example of how to use the Libcuckoo class.