Book description
Build your expertise in the BPF virtual machine in the Linux kernel with this practical guide for systems engineers. You’ll not only dive into the BPF program lifecycle but also learn to write applications that observe and modify the kernel’s behavior; inject code to monitor, trace, and securely observe events in the kernel; and more.
Authors David Calavera and Lorenzo Fontana help you harness the power of BPF to make any computing system more observable. Familiarize yourself with the essential concepts you’ll use on a day-to-day basis and augment your knowledge about performance optimization, networking, and security. Then see how it all comes together with code examples in C, Go, and Python.
- Write applications that use BPF to observe and modify the Linux kernel’s behavior on demand
- Inject code to monitor, trace, and observe events in the kernel in a secure way—no need to recompile the kernel or reboot the system
- Explore code examples in C, Go, and Python
- Gain a more thorough understanding of the BPF program lifecycle
Publisher resources
Table of contents
- Foreword
- Preface
- 1. Introduction
-
2. Running Your First BPF Programs
- Writing BPF Programs
-
BPF Program Types
- Socket Filter Programs
- Kprobe Programs
- Tracepoint Programs
- XDP Programs
- Perf Event Programs
- Cgroup Socket Programs
- Cgroup Open Socket Programs
- Socket Option Programs
- Socket Map Programs
- Cgroup Device Programs
- Socket Message Delivery Programs
- Raw Tracepoint Programs
- Cgroup Socket Address Programs
- Socket Reuseport Programs
- Flow Dissection Programs
- Other BPF Programs
- The BPF Verifier
- BPF Type Format
- BPF Tail Calls
- Conclusion
-
3. BPF Maps
- Creating BPF Maps
- Working with BFP Maps
-
Types of BPF Maps
- Hash-Table Maps
- Array Maps
- Program Array Maps
- Perf Events Array Maps
- Per-CPU Hash Maps
- Per-CPU Array Maps
- Stack Trace Maps
- Cgroup Array Maps
- LRU Hash and Per-CPU Hash Maps
- LPM Trie Maps
- Array of Maps and Hash of Maps
- Device Map Maps
- CPU Map Maps
- Open Socket Maps
- Socket Array and Hash Maps
- Cgroup Storage and Per-CPU Storage Maps
- Reuseport Socket Maps
- Queue Maps
- Stack Maps
- The BPF Virtual Filesystem
- Conclusion
- 4. Tracing with BPF
- 5. BPF Utilities
- 6. Linux Networking and BPF
- 7. Express Data Path
- 8. Linux Kernel Security, Capabilities, and Seccomp
- 9. Real-World Use Cases
- Index
Product information
- Title: Linux Observability with BPF
- Author(s):
- Release date: November 2019
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492050209
You might also like
video
Linux Under the Hood
Over 9Hours of Video Instruction Description Learn all about Linux internals and how Linux really works. …
book
Linux Kernel Programming
Learn how to write high-quality kernel module code, solve common Linux kernel programming issues, and understand …
video
Linux Fundamentals
The second edition of this video title is available. Please go to Linux Fundamentals, 2nd Edition …
book
Linux Cookbook, 2nd Edition
This handy cookbook teaches new-to-intermediate Linux users the essential skills necessary to manage a Linux system, …