Episode 388: The One About eBPF
Listen now
Description
We explain what eBPF is, how it works, and its proud BSD production legacy. eBPF is a technology that you’re going to be hearing more and more about. It powers low-overhead custom analysis tools, handles network security in a containerized world, and powers tools you use every day. Links: Chris Goes to MeetBSD​Linus Torvalds talks about coming back to work on Linux | ZDNet — BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that isn't enabled until asked for.The Kernel Report - Jonathan CorbetBPF - the forgotten bytecode — All this changed in 1993 when Steven McCanne and Van Jacobson published the paper introducing a better way of filtering packets in the kernel, they called it "The BSD Packet Filter" (BPF)The BSD Packet FiltereBPF: Past, Present, and Future — The Extended Berkeley Packet Filter, or eBPF, has rapidly been adopted into a number of Linux kernel systems since its introduction into the Linux kernel in late 2014. Understanding eBPF, however, can be difficult as many try to explain it via a use of eBPF as opposed to its design. Indeed eBPF's name indicates that it is for packet filtering even though it now has uses which have nothing to do with networking.Using eBPF in Kubernetes — Cilium is a networking project that makes heavy use of eBPF superpowers to route and filter network traffic for container-based systems. By using eBPF, Cilium can dynamically generate and apply rules—even at the device level with XDP—without making changes to the Linux kernel itselfWhy is the kernel community replacing iptables with BPF? — The Linux kernel community recently announced bpfilter, which will replace the long-standing in-kernel implementation of iptables with high-performance network filtering powered by Linux BPF, all while guaranteeing a non-disruptive transition for Linux users.bpftrace (DTrace 2.0) for Linux 2018 — Created by Alastair Robertson, bpftrace is an open source high-level tracing front-end that lets you analyze systems in custom ways. It's shaping up to be a DTrace version 2.0: more capable, and built from the ground up for the modern era of the eBPF virtual machine.The bpftrace One-Liner TutorialBCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more — BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples.Linux eBPF Tracing Tools — This page shows examples of performance analysis tools using enhancements to BPF (Berkeley Packet Filter) which were added to the Linux 4.x series kernels, allowing BPF to do much more than just filtering packets. These enhancements allow custom analysis programs to be executed on Linux dynamic tracing, static tracing, and profiling events.eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the BackdoorUltimate Plumber — Ultimate Plumber is a tool for writing Linux pipes with instant live preview BSD Now 073: Pipe Dreams — Interview w/ David Maxwell about Pipecut, text processing, and commandline wizardry.
More Episodes
It's a storage showdown as Jim and Wes bust some performance myths about RAID and ZFS. Plus our favorite features from Fedora 32, and why Wes loves DNF. Links: What's new in Fedora 32 Workstation Fedora 32 ChangeSet Linux distro review: Fedora Workstation 32 TechSNAP 428: RAID Reality Check ZFS...
Published 05/29/20
Jim and Wes take the latest release of the Caddy web server for a spin, investigate Intel's Comet Lake desktop CPUs, and explore the fight over 5G between the US Military and the FCC. Links: Caddy offers TLS, HTTPS, and more in one dependency-free Go Web server Caddy 2 Caddy v2 Improvements...
Published 05/15/20
We dive deep into the world of RAID, and discuss how to choose the right topology to optimize performance and resilience. Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers. Links: AMD Claims World’s Fastest Per-Core Performance with...
Published 05/01/20