Check out my first novel, midnight's simulacra!
EBPF
From dankwiki
eBPF (Enhanced Berkeley Packet Filter) is a powerful toolchain capable of compiling high-level languages into a BPF bytecode, which is JITted into local machine code, and can be inserted into a running kernel. It builds atop kprobes, and is in the same family of tools as SystemTap and DTrace.
eBPF supports its own BTF debugging information, a simplified form of DWARF.
bpftool
bpftool can be built in tools/bpf of the installed kernel's source.
Compiling eBPF
LLVM
LLVM has enjoyed bpf backend support since 3.7. Compile using -target bpf. readelf on the resulting object ought look like:
ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: REL (Relocatable file) Machine: Linux BPF Version: 0x1 Entry point address: 0x0 Start of program headers: 0 (bytes into file) Start of section headers: 360 (bytes into file) Flags: 0x0 ...
JIT
- JIT requires the net.core.bpf_jit_enable sysctl to be set
See Also
- XDP
- Cilium.io's BPF and XDP Reference Guide