Hacker News new | ask | show | jobs
The art of writing eBPF programs (sysdig.com)
137 points by leakybucket 2670 days ago
4 comments
stdcli 2670 days ago
I logged in just to say this: I love the sysdig engineering blog. Please don't stop writing blogposts. sysdig and clouflare are becoming my favorite engineering blogs.
link
deanmoriarty 2670 days ago
I agree. One of my all time favorites was https://sysdig.com/blog/container-isolation-gone-wrong/, it kept me hooked til the last line, like a thriller ^_^
link
tzhenghao 2670 days ago
There's also this 2017 LWN article on eBPF [1] which I find very interesting.

[1] - https://lwn.net/Articles/740157/

link
mjcohen 2670 days ago
Took me a while to find that eBPF was extended/enhanced Berkeley Packet Filter. Wikipedia was no help.
link
aargh_aargh 2670 days ago
While that's the original meaning of the acronym, it was generalized into a virtual machine, so it has come far from being able to just filter packets.

More details under "BPF kernel internals" here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...

link
blunte 2670 days ago
Just one place early on this page using the full words instead of the acronym would have done the job. Such a small change would make such an immense difference for outsiders.
link
deanmoriarty 2670 days ago
This is very interesting. I dabbled with eBPF before using the more traditional bcc tools and the canned scripts, but this deep dive really gives a good perspective on the implementation underneath.

I wonder how long before we will see more critical parts of the kernel machinery being implemented completely in eBPF (like XDP currently). Fascinating technology!

link