Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Understanding eBPF in a Hurry!

Understanding eBPF in a Hurry!

eBPF is an exciting new technology that is poised to transform Linux performance engineering. eBPF enables users to dynamically and programatically trace any kernel or user space code path, safely and efficiently. However, understanding eBPF is not so simple. The goal of this talk is to give audiences a fundamental understanding of eBPF and how it interconnects existing Linux tracing technologies, to provide a powerful and flexible platform to solve any Linux performance problem, in a hurry!

3251deb9c1fc15c5312dc97abbddf435?s=128

Ray Jenkins

June 06, 2019
Tweet

Transcript

  1. None
  2. @_rayjenkins github.com/rjenkins ray@segment.com

  3. None
  4. • • • •

  5. None
  6. None
  7. None
  8. http://www.brendangregg.com/ebpf.html

  9. • • • • ◦

  10. None
  11. None
  12. • ◦ • ◦ • ◦ • ◦ ◦

  13. https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md

  14. None
  15. None
  16. http://www.brendangregg.com/ebpf.html

  17. • • • • https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/bpf.h#L145

  18. • • • https://github.com/brendangregg/perf-tools

  19. • • • • • •

  20. https://vjordan.info/log/fpga/how-linux-kprobes-works.html

  21. https://vjordan.info/log/fpga/how-linux-kprobes-works.html

  22. None
  23. None
  24. • http://web.eece.maine.edu/~vweaver/projects/perf_events/ • •

  25. • •

  26. None
  27. http://www.brendangregg.com/ebpf.html

  28. None
  29. None
  30. None
  31. None
  32. None
  33. None
  34. None
  35. https://github.com/torvalds/linux/blob/master/samples/bpf/sock_example.c

  36. None
  37. https://github.com/iovisor/bcc https://github.com/iovisor/gobpf

  38. None
  39. None
  40. None
  41. None
  42. None
  43. https://www.tcpdump.org/papers/bpf-usenix93.pdf

  44. None
  45. None
  46. None
  47. None
  48. • • • •

  49. https://blog.cloudflare.com/bpf-the-forgotten-bytecode/ http://www.networksorcery.com/enp/protocol/ip.htm

  50. http://www.brendangregg.com/ebpf.html

  51. • ◦ • ◦ ◦ ◦ ◦ • ◦ •

    ◦ • ◦ https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md
  52. • ◦ • ◦

  53. None
  54. None
  55. http://www.brendangregg.com/ebpf.html

  56. None
  57. None
  58. None
  59. None
  60. https://github.com/iovisor/bpf-docs/blob/master/eBPF.md

  61. None
  62. None
  63. None
  64. None
  65. None
  66. None
  67. None
  68. None
  69. http://www.brendangregg.com/ebpf.html

  70. None
  71. • • • • • • • • • •

  72. None
  73. None
  74. • • • •

  75. None
  76. None
  77. • https://lwn.net/Articles/740157/ • https://lwn.net/Articles/599755/ • https://www.collabora.com/news-and-blog/blog/2019/04/15/an-ebpf-overview-part-2-machine-and-bytecode/ • https://www.youtube.com/watch?v=2lbtr85Yrs4 • https://www.kernel.org/doc/Documentation/networking/filter.txt

    • http://www.brendangregg.com/ebpf.html • https://www.slideshare.net/vh21/meet-cutebetweenebpfandtracing • https://blog.cloudflare.com/bpf-the-forgotten-bytecode/ • https://www.oreilly.com/learning/using-linux-tracing-tools • https://lwn.net/Articles/742082/ • https://bolinfest.github.io/opensnoop-native/ • https://lwn.net/Articles/753601/ • http://brendangregg.com/perf.html