Since the author, russjones, seems to be here, I'd like to ask a question regarding writing the actual BPF programs. I've been writing a term paper about BPF verification, the in-kernel verifier and research like PREVAIL [1], so I'm curious.<p>Is writing valid BPF programs really that "hard"? E.g., does one often have to rewrite programs bc. the verifier wouldn't accept them?
Do you see a need to extend BPF with more capabilities? (bounded loops have been added in Kernel 5.3, but maybe something else)<p>Thank you.<p>[1] <a href="https://vbpf.github.io/" rel="nofollow">https://vbpf.github.io/</a>
I never thought about needing streams of information like this, but now that I am, this is a great way to provide general trace-tooling for containers and other things!<p>Very interesting post. Thanks for sharing.