Название: Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security (Early Release)
Автор: Liz Rice
Издательство: O’Reilly Media, Inc.
Год: 2022-10-13
Язык: английский
Формат: epub (true), mobi
Размер: MB
What is eBPF? With this revolutionary technology, you can write custom code that dynamically changes the way the kernel behaves. It's an extraordinary platform for building a whole new generation of security, observability, and networking tools. This practical book is ideal for developers, system administrators, operators, and students who are curious about eBPF and want to know how it works. Author Liz Rice, chief open source officer with cloud native networking and security specialists Isovalent, also provides a foundation for those who want to explore writing eBPF programs themselves. The entire eBPF program is defined as a string called “program” in the Python code. This C program needs to be compiled before it can be executed, but BCC takes care of that for you. The eBPF program is loaded into the kernel and attached to an event, so the program will be triggered whenever a new executable gets launched on the machine. All that remains to do in the Python code is to read the tracing that is output by the kernel, and write it on screen. eBPF programs can be used to dynamically change the behavior of the system. There’s no need to reboot the machine or restart existing processes - eBPF code starts taking effect as soon as it is attached to an event.