Everand Logo

Welcome to Everand!

  • Linux Format

    Getting started with the powerful eBPF

    Sep 20, 2022 10 minutes

    Credit: https://ebpf.io

    Part One!

    Don’t miss next issue! Subscribe on page 16

    OUR EXPERT

    Mihalis Tsoukalos is a systems engineer and a technical writer. You can reach him at www. mtsoukalos.eu and @mactsouk.

    QUICK TIP

    Get the code for this tutorial from the Linux Format archive: www. linuxformat. com/archives ?issue=294.

    The subject of this tutorial is eBPF and is the first in a series of tutorials about eBPF and its capabilities. eBPF stands for Extended Berkeley Packet Filter, but despite its name it’s not restricted to just network packet filtering.

    More accurately, eBPF enables users with root privileges to load and execute custom programs inside the kernel of the operating system, which, in simple terms, is at a really low level. After a custom program is loaded, it’s verified for safety and it might be rejected if there are problems with it. However, if everything is okay then the program is attached to at least one event (this is a compulsory requirement) and is launched when that event takes place.

    As a consequence, instead of changing our software and adding extra code to it, we can collect information about our software by using an existing eBPF tool or by writing our own eBPF tools.

    The history of eBPF

    Let’s first discuss the history of BPF and eBPF, and how they’re connected. BPF was introduced in 1992 for improving the performance of packet capture tools. In 2013 Alexei Starovoitov did a major rewrite of BPF that was included in the Linux kernel in 2014 and replaced BPF. With this rewrite, BPF, which is now called eBPF, became more versatile and can be used for a variety of tasks beyond simple network packet capture.

    It’s difficult to describe precisely what

    You’re reading a preview, subscribe to read more.

    More from Linux Format

    Linux Format5 min read
    Some Ansible Advice For Around The Home!
    Of late, this writer has been busy creating new virtual hosts for different things and decided that it would be an ideal time to get stuck into Ansible. Things have evolved in system management since Bash. Ansible is a great way to deploy software c
    Linux Format14 min read
    Ubuntu at 20
    Without Ubuntu, the current Linux landscape would be unrecognisable. Back in October 2004, the first 4.10 (2004.10) release of Ubuntu, with its intriguing Warty Warthog code name, leapt from obscurity to being one of the most downloaded Linux distrib
    Linux Format3 min read
    Kernel Watch
    Linus Torvalds announced the fourth RC (Release Candidate) for what will become Linux 6.9 in another few weeks. In his announcement, he noted that there was “Nothing particularly unusual going on this week – some new hardware mitigations may stand o

    Related