Blog page
BPF CO-RE reference guide
A practical reference guide to using the full power of BPF CO-RE (Compile Once – Run Everywhere).
Read moreeBPF Instruction Sets
Not everyone who develops BPF programs knows that several versions of the instruction set exist. This isn’t really surprising given documentation on the subject is scarce. So let’s go through the different eBPF instruction sets, why they exist, and why their choice matters.
Read moreFeatures of bpftool: the thread of tips and examples to work with eBPF objects
Working with eBPF? Discover how bpftool can help you load, inspect, update your eBPF programs, maps, and more.
Read moreHow To Add eBPF Observability To Your Product
There's an arms race to add eBPF to commercial observability products, and in this post I'll describe how to quickly do that. This is also applicable for people adding it to their own in-house monitoring systems.
Read moreBPF tips & tricks: the guide to bpf_trace_printk() and bpf_printk()
Any non-trivial BPF program always needs some amount of debugging to get it working correctly. Unfortunately, there isn't a BPF debugger yet, so the next best thing is to sprinkle printf()-like statements around and see what's going on in the BPF program. BPF equivalent of printf() is the bpf_trace_printk() helper. In this blog post we'll look at how to use it, what are its limitations, and how to work around them.
Read moreBMC: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing
Tomorrow, Yoann Ghigoff et al. will present their paper BMC: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing at NSDI 2021. In this paper, the authors propose to speed up Memcached using eBPF by implementing a transparent, first-level cache at the XDP hook. It’s not everyday we see BPF being used on application protocols!
Read moreThe Cost of BPF Tail Calls
For an upcoming blog post, I wanted to measure the cost of BPF tail calls. Tail calls allow you to jump from one BPF program to another. Their overhead varied a lot in recent kernels, with a first increase caused by Spectre mitigations and a decrease thanks to improvements in Linux 5.5.
Read moreThe Top Reasons Why You Should Give eBPF a Chance
Find out where all the hype around eBPF is coming from
Read moreeBPF assembly with LLVM
Clang and LLVM, used to compile from C to eBPF, got support for eBPF assembly in version 6.0. Let's have a look at it.
Read moreUnderstanding tc “direct action” mode for BPF
The Linux Traffic Control subsystem, “TC”, got support for running eBPF programs as classifiers. Then a “direct-action” flag appeared. Let's see how it works.
Read more