book

Linux Observability with BPF

by David Calavera, Lorenzo Fontana

November 2019

Intermediate to advanced

177 pages

4h 39m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Conventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
BPF’s HistoryArchitectureConclusion
Writing BPF ProgramsBPF Program TypesSocket Filter ProgramsKprobe ProgramsTracepoint ProgramsXDP ProgramsPerf Event ProgramsCgroup Socket ProgramsCgroup Open Socket ProgramsSocket Option ProgramsSocket Map ProgramsCgroup Device ProgramsSocket Message Delivery ProgramsRaw Tracepoint ProgramsCgroup Socket Address ProgramsSocket Reuseport ProgramsFlow Dissection ProgramsOther BPF ProgramsThe BPF VerifierBPF Type FormatBPF Tail CallsConclusion
Creating BPF MapsELF Conventions to Create BPF MapsWorking with BFP MapsUpdating Elements in a BPF MapReading Elements from a BPF MapRemoving an Element from a BPF MapIterating Over Elements in a BPF MapLooking Up and Deleting ElementsConcurrent Access to Map ElementsTypes of BPF MapsHash-Table MapsArray MapsProgram Array MapsPerf Events Array MapsPer-CPU Hash MapsPer-CPU Array MapsStack Trace MapsCgroup Array MapsLRU Hash and Per-CPU Hash MapsLPM Trie MapsArray of Maps and Hash of MapsDevice Map MapsCPU Map MapsOpen Socket MapsSocket Array and Hash MapsCgroup Storage and Per-CPU Storage MapsReuseport Socket MapsQueue MapsStack MapsThe BPF Virtual FilesystemConclusion
ProbesKernel ProbesTracepointsUser-Space ProbesUser Statically Defined TracepointsVisualizing Tracing DataFlame GraphsHistogramsPerf EventsConclusion
BPFToolInstallationFeature DisplayInspecting BPF ProgramsInspecting BPF MapsInspecting Programs Attached to Specific InterfacesLoading Commands in Batch ModeDisplaying BTF InformationBPFTraceInstallationLanguage ReferenceFilteringDynamic Mappingkubectl-traceInstallationInspecting Kubernetes NodeseBPF ExporterInstallationExporting Metrics from BPFConclusion
BPF and Packet Filteringtcpdump and BPF ExpressionsPacket Filtering for Raw SocketsBPF-Based Traffic Control ClassifierTerminologyTraffic Control Classifier Program Using cls_bpfDifferences Between Traffic Control and XDPConclusion
XDP Programs OverviewOperation ModesThe Packet ProcessorXDP and iproute2 as a LoaderXDP and BCCTesting XDP ProgramsXDP Testing Using the Python Unit Testing FrameworkXDP Use CasesMonitoringDDoS MitigationLoad BalancingFirewallingConclusion
CapabilitiesSeccompSeccomp ErrorsSeccomp BPF Filter ExampleBPF LSM HooksConclusion

Sysdig eBPF God ModeFlowmill

Content preview from Linux Observability with BPF

Chapter 5. BPF Utilities

So far, we’ve talked about how you can write BPF programs to get more visibility within your systems. Over the years, many developers have built tools with BPF for that same purpose. In this chapter we talk about several of the off-the-shelf tools that you can use every day. Many of these tools are advanced versions of some BPF programs that you’ve already seen. Others are tools that will help you gain direct visibility into your own BPF programs.

This chapter covers some tools that will help you in your day-to-day work with BPF. We begin by covering BPFTool, a command-line utility to get more information about your BPF programs. We cover BPFTrace and kubectl-trace, which will help you write BPF programs more efficiently with a concise domain-specific language (DSL). Finally, we talk about eBPF Exporter, an open source project to integrate BPF with Prometheus.

BPFTool

BPFTool is a kernel utility for inspecting of BPF programs and maps. This tool doesn’t come installed by default on any Linux distribution, and it’s in heavy development, so you’ll want to compile the version that best supports your Linux kernel. We cover the version of BPFTool distributed with version 5.1 of the Linux kernel.

In the next sections we discuss how to install BPFTool onto your system and how to use it to observe and change the behavior of your BPF programs and maps from the terminal.

Installation

To install BPFTool, you need to download a copy of the kernel’s source code. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781492050193Errata Page Supplemental Content

Linux Observability with BPF

by David Calavera, Lorenzo Fontana

Chapter 5. BPF Utilities

BPFTool

Installation

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Linux Fundamentals

Linux Kernel Programming

Efficient Linux at the Command Line

Linux System Programming, 2nd Edition

Publisher Resources

Chapter 5. BPF Utilities

BPFTool

Installation

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Linux Fundamentals

Linux Kernel Programming

Efficient Linux at the Command Line

Linux System Programming, 2nd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.