eBPF Summit 2024

Blog page

TechnologyExternal

Differentiate three types of eBPF redirections

There are three types of eBPF redirection fashions in Linux kernel that may confuse developers often: bpf_redirect_peer(), bpf_redirect_neighbor(), and bpf_redirect(). This post helps to clarify them by digging into the code in history order, and also discusses usages & related problems in real world.

Read more
TechnologyExternal

A story about AF_XDP, network namespaces and a cookie

A crash in a development version of flowtrackd (the daemon that powers our Advanced TCP Protection) highlighted the fact that libxdp (and specifically the AF_XDP part) was not Linux network namespace aware. This blogpost describes the debugging journey to find the bug, as well as a fix.

Read more
TechnologyExternal

Linux tracing/profiling 基础:符号表、调用栈、perf /bpftrace 示例等

整理一些 tracing/profiling 笔记,目前内容主要来自 Practical Linux tracing 系列几篇文章。

Read more
TechnologyExternal

Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module

Learn how to patch Linux security vulnerabilities without rebooting the hardware and how to tighten the security of your Linux operating system with eBPF Linux Security Module

Read more
How-ToExternal

Production ready eBPF, or how we fixed the BSD socket API

We are open sourcing the production tooling we’ve built for the sk_lookup hook we contributed to the Linux kernel, called tubular.

Read more
TechnologyExternal

BPF CO-RE reference guide

A practical reference guide to using the full power of BPF CO-RE (Compile Once – Run Everywhere).

Read more
TechnologyExternal

eBPF Instruction Sets

Not everyone who develops BPF programs knows that several versions of the instruction set exist. This isn’t really surprising given documentation on the subject is scarce. So let’s go through the different eBPF instruction sets, why they exist, and why their choice matters.

Read more
How-ToExternal

Features of bpftool: the thread of tips and examples to work with eBPF objects

Working with eBPF? Discover how bpftool can help you load, inspect, update your eBPF programs, maps, and more.

Read more
How-ToExternal

How To Add eBPF Observability To Your Product

There's an arms race to add eBPF to commercial observability products, and in this post I'll describe how to quickly do that. This is also applicable for people adding it to their own in-house monitoring systems.

Read more
TechnologyExternal

BPF tips & tricks: the guide to bpf_trace_printk() and bpf_printk()

Any non-trivial BPF program always needs some amount of debugging to get it working correctly. Unfortunately, there isn't a BPF debugger yet, so the next best thing is to sprinkle printf()-like statements around and see what's going on in the BPF program. BPF equivalent of printf() is the bpf_trace_printk() helper. In this blog post we'll look at how to use it, what are its limitations, and how to work around them.

Read more