eBPF 101: Talking to Your Linux KernelCheck Reference
The Linux kernel is a complex piece of software, but it can be difficult to interact with from userspace. Extended Berkeley Packet Filters (eBPF) is a new technology that allows you to write programs that run in the kernel, but interact easily with a program in userspace.
In this talk, we'll show you how to leverage eBPF to talk to the Linux kernel. We'll start by covering the basics of eBPF, including how it works and how to write eBPF programs. Then, we'll show you how to use Python to interact with eBPF programs. We'll also provide examples of some real-world use cases for Python-powered eBPF, such as:
- Tracing kernel functions- Implementing custom network filters- Monitoring memory allocation calls made by userspace applications
We'll also touch on some of the OSS tools that leverage eBPF in different and varied ways and understand the building blocks that they use (eg. Pyroscope, Cilium, Katran, Calico). By the end of this talk, the expectation is that you'll be able to build your own custom eBPF programs, what are the interesting things you can do with eBPF, and have a deeper understanding on how to "communicate" with your kernel.