BTF not support, please check it

[stevenlee87]

Describe the bug
When I execute the following command:
ecapture --help
2022/06/10 11:21:08 BTF not support, please check it. shell: cat /boot/config-uname -r | grep CONFIG_DEBUG_INFO_BTF
Or you can compile a no BTF version with youeself by make nocore command,Please read Makefile for more info.

Linux Server/Desktop (please complete the following information):
cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)

uname -r
4.19.136

github.com/ehids/ecapture/releases/download/v0.1.8/ecapture-v0.1.8.tar.gz

[stevenlee87]

cat /boot/config-uname -r | grep CONFIG_DEBUG_INFO_BTF
No output

[flyer5200]

maybe you need to recompile the kernel with option: CONFIG_DEBUG_INFO_BTF=y
refer to this guide kernel config:CONFIG_DEBUG_INFO_BTF=y

[cfc4n]

You can compile it yourself on the current system with command make nocore

[stevenlee87]

I installed the following software environment:
yum install clang
yum install llvm
go version go1.18.3 linux/amd64

git clone https://github.com/ehids/ecapture.git
cd ecapture
make nocore
cp ecapture /usr/bin/

ecapture --help
NAME:
ecapture - capture text SSL content without CA cert by ebpf hook.

USAGE:
ecapture [flags]

VERSION:
[NO_CO_RE]:--

COMMANDS:
bash capture bash command
help Help about any command
mysqld capture sql queries from mysqld 5.6/5.7/8.0 .
postgres capture sql queries from postgres 10+.
tls alias name:openssl , use to capture tls/ssl text content without CA cert.

DESCRIPTION:
eCapture is a tool that can capture plaintext packets
such as HTTPS and TLS without installing a CA certificate.
It can also capture bash commands, which is suitable for
security auditing scenarios, such as database auditing of mysqld, etc.

Repository: https://github.com/ehids/ecapture

OPTIONS:
-d, --debug[=false] enable debug logging
-h, --help[=false] help for ecapture
--hex[=false] print byte strings as hex encoded strings
--nosearch[=false] no lib search
-p, --pid=0 if pid is 0 then we target all pids