EBPF: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful toolchain capable of compiling high-level languages into a BPF bytecode, which is JITted into local machine code, and can be inserted into a running kernel. It builds atop kprobes, and is in the same family of tools as SystemTap and DTrace. It is driven through the [http://man7.org/linux/man-pages/man2/bpf.2.html <tt>bpf(2)</tt>] system call. | eBPF (Enhanced [https://en.wikipedia.org/wiki/Berkeley_Packet_Filter Berkeley Packet Filter]) is a powerful toolchain capable of compiling high-level languages into a BPF bytecode, which is JITted into local machine code, and can be inserted into a running kernel. It builds atop kprobes, and is in the same family of tools as SystemTap and DTrace. It is driven through the [http://man7.org/linux/man-pages/man2/bpf.2.html <tt>bpf(2)</tt>] system call, though it is usually more convenient to employ the libbpf library and <tt>bpftool</tt> binary. | ||
eBPF supports its own BTF debugging information, a simplified form of [[DWARF]]. | eBPF supports its own BTF debugging information, a simplified form of [[DWARF]]. | ||