EBPF: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful Linux kernel mechanism allowing bytecode to be attached to dynamic points in kernel and userspace, and implementing JIT of said bytecode to the host ISA, all on the fly using a running kernel. It builds atop [[kprobes]], and is in the same family of tools as SystemTap and DTrace. It is driven through the [http://man7.org/linux/man-pages/man2/bpf.2.html <tt>bpf(2)</tt>] system call, though it is usually more convenient to employ the libbpf library and <tt>bpftool</tt> binary. eBPF supports its own BTF debugging information, a simplified form of [[DWARF]]. | eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful Linux kernel mechanism allowing bytecode to be attached to dynamic points in kernel and userspace, and implementing JIT of said bytecode to the host ISA, all on the fly using a running kernel. It builds atop [[kprobes]], and is in the same family of tools as SystemTap and DTrace. It is driven through the [http://man7.org/linux/man-pages/man2/bpf.2.html <tt>bpf(2)</tt>] system call, though it is usually more convenient to employ the libbpf library and <tt>bpftool</tt> binary. eBPF supports its own BTF debugging information, a simplified form of [[DWARF]]. | ||
The BCC (BPF Compiler Collection) toolchain is capable of compiling high-level languages (a restricted C, Lua, etc.) into eBPF bytecode, and provides a high-level Python infrastructure around eBPF. | The BCC (BPF Compiler Collection) toolchain is capable of compiling high-level languages (a restricted C, Lua, etc.) into eBPF bytecode, and provides a high-level Python infrastructure around eBPF. <tt>bpftrace</tt> provides an awk-like language geared towards eBPF "one-liners." The [[XDP|Express Data Path (XDP)]] is built atop eBPF. | ||
==Tools== | ==Tools== | ||