EBPF: Difference between revisions

No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful Linux kernel mechanism allowing bytecode to be attached to dynamic points in kernel and userspace, and implementing JIT of said bytecode to the host ISA, all on the fly using a running kernel. It builds atop [[kprobes]], and is in the same family of tools as SystemTap and DTrace. It is driven through the [http://man7.org/linux/man-pages/man2/bpf.2.html <tt>bpf(2)</tt>] system call, though it is usually more convenient to employ the libbpf library and <tt>bpftool</tt> binary. eBPF supports its own BTF debugging information, a simplified form of [[DWARF]].
eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful Linux kernel mechanism allowing bytecode to be attached to dynamic points in kernel and userspace, and implementing JIT of said bytecode to the host ISA, all on the fly using a running kernel. It builds atop [[kprobes]], and is in the same family of tools as SystemTap and DTrace. It is driven through the [http://man7.org/linux/man-pages/man2/bpf.2.html <tt>bpf(2)</tt>] system call, though it is usually more convenient to employ the libbpf library and <tt>bpftool</tt> binary. eBPF supports its own BTF debugging information, a simplified form of [[DWARF]].


The BCC (BPF Compiler Collection) toolchain is capable of compiling high-level languages (a restricted C, Lua, etc.) into eBPF bytecode, and provides a high-level Python infrastructure around eBPF. `bpftrace` provides an awk-like language geared towards eBPF "one-liners." The [[XDP|Express Data Path (XDP)]] is built atop eBPF.
The BCC (BPF Compiler Collection) toolchain is capable of compiling high-level languages (a restricted C, Lua, etc.) into eBPF bytecode, and provides a high-level Python infrastructure around eBPF. <tt>bpftrace</tt> provides an awk-like language geared towards eBPF "one-liners." The [[XDP|eXpress Data Path (XDP)]] is built atop eBPF.


==Tools==
==Tools==
Line 18: Line 18:
| perf || lists [[kprobes]] and other tracepoints with attached programs
| perf || lists [[kprobes]] and other tracepoints with attached programs
|-
|-
| map || enumerates manipulates maps
| map || enumerates and manipulates maps
|-
|-
|}
|}