Check out my first novel, midnight's simulacra!
EBPF: Difference between revisions
From dankwiki
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful technique capable of compiling high-level languages into a BPF bytecode, which is JITted into local machine code, and can be inserted into a running kernel. It builds atop kprobes, and is in the same family of tools as SystemTap and DTrace. | eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful technique capable of compiling high-level languages into a BPF bytecode, which is JITted into local machine code, and can be inserted into a running kernel. It builds atop kprobes, and is in the same family of tools as SystemTap and DTrace. | ||
==bpftool== | |||
<tt>bpftool</tt> can be built in <tt>tools/bpf</tt> of the installed kernel's source. | |||
==Compiling eBPF== | ==Compiling eBPF== | ||
===LLVM=== | |||
LLVM has enjoyed <tt>bpf</tt> backend support since 3.7. Compile using <tt>-target bpf</tt>. <tt>readelf</tt> on the resulting object ought look like: | |||
<pre> | |||
ELF Header: | |||
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 | |||
Class: ELF64 | |||
Data: 2's complement, little endian | |||
Version: 1 (current) | |||
OS/ABI: UNIX - System V | |||
ABI Version: 0 | |||
Type: REL (Relocatable file) | |||
Machine: Linux BPF | |||
Version: 0x1 | |||
Entry point address: 0x0 | |||
Start of program headers: 0 (bytes into file) | |||
Start of section headers: 360 (bytes into file) | |||
Flags: 0x0 | |||
... | |||
</pre> | |||
===JIT=== | ===JIT=== | ||
* JIT requires the <tt>net.core.bpf_jit_enable</tt> [[sysctl]] to be set | * JIT requires the <tt>net.core.bpf_jit_enable</tt> [[sysctl]] to be set | ||
Revision as of 03:33, 23 September 2019
eBPF (Enhanced Berkeley Packet Filter) is a powerful technique capable of compiling high-level languages into a BPF bytecode, which is JITted into local machine code, and can be inserted into a running kernel. It builds atop kprobes, and is in the same family of tools as SystemTap and DTrace.
bpftool
bpftool can be built in tools/bpf of the installed kernel's source.
Compiling eBPF
LLVM
LLVM has enjoyed bpf backend support since 3.7. Compile using -target bpf. readelf on the resulting object ought look like:
ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: REL (Relocatable file) Machine: Linux BPF Version: 0x1 Entry point address: 0x0 Start of program headers: 0 (bytes into file) Start of section headers: 360 (bytes into file) Flags: 0x0 ...
JIT
- JIT requires the net.core.bpf_jit_enable sysctl to be set
See Also
- XDP
- Cilium.io's BPF and XDP Reference Guide
