Check out my first novel, midnight's simulacra!
EBPF: Difference between revisions
From dankwiki
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful | eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful toolchain capable of compiling high-level languages into a BPF bytecode, which is JITted into local machine code, and can be inserted into a running kernel. It builds atop kprobes, and is in the same family of tools as SystemTap and DTrace. | ||
==bpftool== | ==bpftool== |
Revision as of 03:34, 23 September 2019
eBPF (Enhanced Berkeley Packet Filter) is a powerful toolchain capable of compiling high-level languages into a BPF bytecode, which is JITted into local machine code, and can be inserted into a running kernel. It builds atop kprobes, and is in the same family of tools as SystemTap and DTrace.
bpftool
bpftool can be built in tools/bpf of the installed kernel's source.
Compiling eBPF
LLVM
LLVM has enjoyed bpf backend support since 3.7. Compile using -target bpf. readelf on the resulting object ought look like:
ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: REL (Relocatable file) Machine: Linux BPF Version: 0x1 Entry point address: 0x0 Start of program headers: 0 (bytes into file) Start of section headers: 360 (bytes into file) Flags: 0x0 ...
JIT
- JIT requires the net.core.bpf_jit_enable sysctl to be set
See Also
- XDP
- Cilium.io's BPF and XDP Reference Guide