Linux Observability with BPF
- Length: 180 pages
- Edition: 1
- Language: English
- Publisher: O'Reilly Media
- Publication Date: 2019-12-03
- ISBN-10: 1492050202
- ISBN-13: 9781492050209
- Sales Rank: #459996 (See Top 100 Books)
Build your expertise in the BPF virtual machine in the Linux kernel with this practical guide for systems engineers. You’ll not only dive into the BPF program lifecycle but also learn to write applications that observe and modify the kernel’s behavior; inject code to monitor, trace, and securely observe events in the kernel; and more.
Authors David Calavera and Lorenzo Fontana help you harness the power of BPF to make any computing system more observable. Familiarize yourself with the essential concepts you’ll use on a day-to-day basis and augment your knowledge about performance optimization, networking, and security. Then see how it all comes together with code examples in C, Go, and Python.
- Write applications that use BPF to observe and modify the Linux kernel’s behavior on demand
- Inject code to monitor, trace, and observe events in the kernel in a secure way—no need to recompile the kernel or reboot the system
- Explore code examples in C, Go, and Python
- Gain a more thorough understanding of the BPF program lifecycle
Foreword Preface Conventions Used in This Book Using Code Examples O’Reilly Online Learning How to Contact Us Acknowledgments 1. Introduction BPF’s History Architecture Conclusion 2. Running Your First BPF Programs Writing BPF Programs BPF Program Types Socket Filter Programs Kprobe Programs Tracepoint Programs XDP Programs Perf Event Programs Cgroup Socket Programs Cgroup Open Socket Programs Socket Option Programs Socket Map Programs Cgroup Device Programs Socket Message Delivery Programs Raw Tracepoint Programs Cgroup Socket Address Programs Socket Reuseport Programs Flow Dissection Programs Other BPF Programs The BPF Verifier BPF Type Format BPF Tail Calls Conclusion 3. BPF Maps Creating BPF Maps ELF Conventions to Create BPF Maps Working with BFP Maps Updating Elements in a BPF Map Reading Elements from a BPF Map Removing an Element from a BPF Map Iterating Over Elements in a BPF Map Looking Up and Deleting Elements Concurrent Access to Map Elements Types of BPF Maps Hash-Table Maps Array Maps Program Array Maps Perf Events Array Maps Per-CPU Hash Maps Per-CPU Array Maps Stack Trace Maps Cgroup Array Maps LRU Hash and Per-CPU Hash Maps LPM Trie Maps Array of Maps and Hash of Maps Device Map Maps CPU Map Maps Open Socket Maps Socket Array and Hash Maps Cgroup Storage and Per-CPU Storage Maps Reuseport Socket Maps Queue Maps Stack Maps The BPF Virtual Filesystem Conclusion 4. Tracing with BPF Probes Kernel Probes Kprobes Kretprobes Tracepoints User-Space Probes Uprobes Uretprobes User Statically Defined Tracepoints USDTs bindings for other languages Visualizing Tracing Data Flame Graphs Histograms Perf Events Conclusion 5. BPF Utilities BPFTool Installation Feature Display Inspecting BPF Programs Inspecting BPF Maps Inspecting Programs Attached to Specific Interfaces Loading Commands in Batch Mode Displaying BTF Information BPFTrace Installation Language Reference Filtering Dynamic Mapping kubectl-trace Installation Inspecting Kubernetes Nodes eBPF Exporter Installation Exporting Metrics from BPF Conclusion 6. Linux Networking and BPF BPF and Packet Filtering tcpdump and BPF Expressions Packet Filtering for Raw Sockets The BPF program Load and attach to a network interface BPF-Based Traffic Control Classifier Terminology Queueing disciplines Classful qdiscs, filters, and classes Classless qdiscs Traffic Control Classifier Program Using cls_bpf Notes on act_bpf and how cls_bpf is different Differences Between Traffic Control and XDP Conclusion 7. Express Data Path XDP Programs Overview Operation Modes Native XDP Offloaded XDP Generic XDP The Packet Processor XDP result codes (packet processor actions) XDP and iproute2 as a Loader XDP and BCC Testing XDP Programs XDP Testing Using the Python Unit Testing Framework XDP Use Cases Monitoring DDoS Mitigation Load Balancing Firewalling Conclusion 8. Linux Kernel Security, Capabilities, and Seccomp Capabilities Seccomp Seccomp Errors Seccomp BPF Filter Example BPF LSM Hooks Conclusion 9. Real-World Use Cases Sysdig eBPF God Mode Flowmill Index
Donate to keep this site alive
How to download source code?
1. Go to: https://www.oreilly.com/
2. Search the book title: Linux Observability with BPF
, sometime you may not get the results, please search the main title
3. Click the book title in the search results
3. Publisher resources
section, click Download Example Code
.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.