Название: Learning eBPF: High performance observability, networking, and security programming on LinuxАвтор: Michael Kehoe
Издательство: BPB Publications
Год: 2025
Страниц: 340
Язык: английский
Формат: pdf, epub (true)
Размер: 10.1 MB
Unlock the power of eBPF, the revolutionary Linux kernel technology transforming observability, networking, and security. This book serves as your comprehensive resource to master this cutting-edge technology, whether you are a beginner exploring its potential or a seasoned professional seeking in-depth knowledge.
Embark on a structured learning journey, starting with classic BPF (cBPF) and its evolution to modern eBPF, grasping its architecture and core programming primitives like the BPF syscall and various program/attachment types. Discover practical development using key eBPF programming libraries such as libbpf and bpftrace, and learn to write your first program. Explore BPF portability with CO-RE and efficient eBPF deployment. Uncover potent applications in eBPF observability (kprobes, tracepoints), eBPF networking (XDP, socket filters), and eBPF security. Finally, delve into key eBPF open-source projects like Cilium and Falco.
This chapter provides a practical guide to writing your first eBPF programs using various programming languages and frameworks. It starts by outlining the necessary steps to set up your development environment, including configuring kernel settings for eBPF functionality. Then, it dives into programming with BCC in Python, demonstrating how to write a simple "Hello World" program using kprobesand a more complex example utilizing maps and helper functions to count syscalls. The chapter also explores writing eBPF programs in C with libbpf, showcasing the process of creating, loading, and attaching BPF programs, along with using maps and helpers. Furthermore, it provides examples of eBPF development in Go using ebpf-go and in Rust using libbpf-rs, highlighting the unique features and functionalities of each framework. Finally, the chapter concludes with a discussion on best practices for writing efficient and safe eBPF programs.
By the end of this definitive guide, you will possess a robust understanding of eBPF, equipped with the practical skills to develop, deploy, and leverage its immense capabilities across diverse domains, making you a proficient practitioner in this transformative field.
What you will learn:
- cBPF history, eBPF architecture, core primitives, and deployment.
- eBPF programming, portability, observability, networking, and security.
- BPF evolution, eBPF internals, practical application, and ecosystem.
- Kernel probing, packet manipulation, and secure eBPF development.
- eBPF tools, libraries, deployment strategies, and open-source projects.
- Tracing kernel/user space, network filtering/modification, and security enforcement.
- Understanding BPF syscall, program/attach types, and map utilization.
- Developing portable eBPF, managing lifecycle, and exploring use cases.
Who this book is for:
Whether you are a software developer, network engineer, security professional, or systems administrator, this book provides the knowledge to leverage eBPF for enhanced system observability, advanced networking, and security enforcement in your environment.
Contents:
Скачать Learning eBPF: High performance observability, networking, and security programming on Linux