科技回声

russjones大约 5 年前

Author of the post here, happy to answer any questions.

评论 #22437411 未加载

评论 #22439808 未加载

评论 #22438425 未加载

评论 #22438198 未加载

评论 #22441621 未加载

评论 #22440471 未加载

kalium_xyz大约 5 年前

BPF is extremely awesome. I cant wait to see more projects using it.

justlexi93大约 5 年前

It's just that Linux's eBPF system has been extended far, far beyond packet filtering.

cptwunderlich大约 5 年前

Since the author, russjones, seems to be here, I'd like to ask a question regarding writing the actual BPF programs. I've been writing a term paper about BPF verification, the in-kernel verifier and research like PREVAIL [1], so I'm curious.<p>Is writing valid BPF programs really that "hard"? E.g., does one often have to rewrite programs bc. the verifier wouldn't accept them? Do you see a need to extend BPF with more capabilities? (bounded loops have been added in Kernel 5.3, but maybe something else)<p>Thank you.<p>[1] <a href="https://vbpf.github.io/" rel="nofollow">https://vbpf.github.io/</a>

saber6大约 5 年前

I never thought about needing streams of information like this, but now that I am, this is a great way to provide general trace-tooling for containers and other things!<p>Very interesting post. Thanks for sharing.

评论 #22440299 未加载

Using BPF to Transform SSH Sessions into Structured Events

5 条评论

Using BPF to Transform SSH Sessions into Structured Events

5 条评论