Control Network and Resource Access with eBPF Cgroup Programs
eBPF programs can dynamically enforce network and resource access policies on a per-process or per-container basis by hooking into the kernel's control .
eBPF Articles
49 articles
Enforce Kubernetes Network Policy with Cilium and eBPF
Cilium isn't just another Kubernetes networking plugin; it's a fundamentally different approach to enforcing network policies, leveraging eBPF to make y.
Replace kube-proxy with Cilium eBPF Networking
Cilium replaces kube-proxy with eBPF, allowing Kubernetes networking to bypass the kernel's netfilter hooks entirely for massive performance gains.
How Cloudflare Uses eBPF XDP to Drop DDoS Traffic at Line Rate
eBPF XDP isn't just a way to inspect network packets; it's a programmable kernel engine that lets you intercept and modify traffic before it even hits t.
Write Portable eBPF Programs with CO-RE and BTF
CO-RE doesn't make eBPF programs portable by magically translating them; it uses BTF to describe the kernel's data structures, allowing your eBPF progra.
Observe Container Behavior Without Sidecars Using eBPF
eBPF lets you peer inside your containers by hooking into the kernel, bypassing the need for sidecar containers to observe network traffic or system cal.
Profile CPU Usage Across Processes with eBPF Flame Graphs
Flame graphs are an incredibly powerful way to visualize CPU usage, but most people don't realize they're not just showing what is using CPU, but how th.
Debug eBPF Programs: Verifier Errors, Maps, and Trace Logs
The eBPF verifier is failing because your program violates a fundamental safety rule, preventing it from being loaded into the kernel.
Detect Container Threats at Runtime with Falco and eBPF
Runtime threat detection in containers is surprisingly reactive, often waiting for an exploit to manifest rather than preventing it.
Trace File System Operations with eBPF
eBPF lets you instrument the kernel itself without changing its code or crashing it. Let's see eBPF trace file system operations
Get Started with eBPF: Your First Program from Scratch
eBPF programs aren't just simple scripts; they're compiled bytecode that runs in a highly secure, sandboxed virtual machine within the Linux kernel itse.
Write eBPF Programs in Go with cilium/ebpf
The first thing to understand about writing eBPF programs in Go with cilium/ebpf is that you're not really writing eBPF bytecode directly.
Detect Intrusions in Real Time with eBPF System Call Hooks
Detect Intrusions in Real Time with eBPF System Call Hooks — practical guide covering ebpf setup, configuration, and troubleshooting with real-world exa...
How Facebook Builds L4 Load Balancing with Katran and eBPF
The surprising truth about Facebook's L4 load balancing is that it's not just about distributing traffic; it's about controlling the distribution of tra.
Trace Kernel Functions for Performance Analysis with eBPF
Trace Kernel Functions for Performance Analysis with eBPF — practical guide covering ebpf setup, configuration, and troubleshooting with real-world exam...
Handle eBPF Kernel Version Compatibility with CO-RE
CO-RE Compile Once - Run Everywhere in eBPF is a lie, at least at first glance, because your eBPF programs will fail if you don't manage kernel version .
Attach eBPF Programs to Kernel Functions with Kprobes
Kernel functions are the bedrock of the operating system, and understanding how they behave is crucial for debugging, performance tuning, and security.
Trace Kubernetes Pod Network Traffic with eBPF
Kubernetes pod network traffic tracing isn't just about seeing packets; it's about understanding the invisible dance of distributed systems.
Measure Latency at Every System Layer with eBPF
eBPF lets you observe system behavior in ways that were previously impossible, but its true power lies in measuring latency across system layers, not ju.
Write eBPF Programs in C with libbpf
eBPF programs are compiled C code, but they're not just any C. They're a restricted subset, designed to run safely and efficiently within the Linux kernel
Hook into Linux Security Module Events with eBPF LSM
Hook into Linux Security Module Events with eBPF LSM — practical guide covering ebpf setup, configuration, and troubleshooting with real-world examples.
Use eBPF Map-in-Map for Advanced Per-CPU Data Structures
The most surprising thing about eBPF map-in-map is that it allows you to create truly dynamic, per-CPU data structures without writing a single line of .
Choose the Right eBPF Map Type for Your Use Case
eBPF maps are not just key-value stores; they are sophisticated, in-kernel data structures that can be shared between eBPF programs and even between the.
Detect Memory Leaks in Running Processes with eBPF
eBPF can tell you exactly which process is leaking memory, and it does it by observing memory allocation calls at the kernel level, bypassing applicatio.
Tune Network Performance with eBPF Traffic Shaping
eBPF traffic shaping lets you sculpt network packet flow at the kernel level, not just at the application or firewall layer.
Measure and Minimize eBPF Program Overhead in Production
eBPF programs don't just magically run; they consume CPU cycles, and ignoring that consumption is the fastest way to destabilize your production systems.
Auto-Instrument Kubernetes with Pixie and eBPF
Kubernetes auto-instrumentation with Pixie and eBPF is surprisingly more about observing network behavior than application code.
Deploy eBPF Programs Safely to Production
Deploying eBPF programs to production isn't about just uploading a BPF object file; it's about ensuring those programs, which run with kernel privileges.
eBPF Program Types Explained: XDP, TC, Tracepoint, and More
eBPF Program Types Explained: XDP, TC, Tracepoint, and More — practical guide covering ebpf setup, configuration, and troubleshooting with real-world ex...
Write and Run eBPF Programs with the Python BCC Toolkit
The most surprising thing about eBPF is that it allows you to run arbitrary, sandboxed C programs directly in the Linux kernel without modifying kernel .
Send High-Throughput Events from eBPF to Userspace with Ring Buffers
eBPF programs can generate a massive volume of data, and efficiently getting that data to userspace applications for analysis is a core challenge.
Monitor Runtime Security Events with eBPF
eBPF lets you run sandboxed programs directly in the Linux kernel, letting you see what's happening without modifying kernel code.
Write eBPF Programs in Rust with Aya
Rust's memory safety guarantees can help you avoid common C-based eBPF pitfalls, but writing eBPF programs in Rust with Aya isn't just about avoiding se.
Implement a Zero-Overhead Service Mesh Data Plane with eBPF
eBPF lets you inject code into the Linux kernel without changing kernel source or loading modules, and it's the secret sauce for zero-overhead service m.
Trace System Calls Across Processes with eBPF
eBPF can trace system calls across processes, but it's not actually tracing the kernel's system call mechanism directly; it's hooking into the events th.
Chain eBPF Programs Together with Tail Calls
Tail calls are the secret sauce that lets you chain eBPF programs together to build complex, multi-stage processing pipelines.
Shape and Filter Traffic with eBPF TC Programs
eBPF TC programs are not just a way to filter packets; they fundamentally change how you think about network packet processing by allowing you to inject.
Monitor Security-Relevant Events with Tetragon and eBPF
Tetragon doesn't just watch what processes do; it watches why they do it, by hooking into the kernel's most intimate secrets.
Hook into Stable Kernel Events with eBPF Tracepoints
Hook into Stable Kernel Events with eBPF Tracepoints — practical guide covering ebpf setup, configuration, and troubleshooting with real-world examples.
Trace User-Space Functions Without Recompiling with Uprobes
Uprobes let you dynamically instrument user-space code without touching the source or recompiling, acting like breakpoints that log data and don't halt .
eBPF Use Cases: Networking, Observability, and Security
eBPF Use Cases: Networking, Observability, and Security — practical guide covering ebpf setup, configuration, and troubleshooting with real-world examples.
How the eBPF Verifier Rejects Unsafe Programs
The eBPF verifier doesn't just look for unsafe programs; it actively simulates their execution to prove they'll always terminate and never access invali.
Drop DDoS Packets Before the Kernel Stack with eBPF XDP
eBPF XDP lets you drop Distributed Denial of Service DDoS attack packets at the earliest possible moment, right on the network interface card NIC before.
Process Packets at Line Rate with eBPF XDP Programs
eBPF XDP programs don't just speed up packet processing; they fundamentally change where that processing happens, moving it out of the kernel's general-.
How eBPF Works: Programs, Maps, and the Kernel Verifier
eBPF programs aren't just small snippets of code; they're actual, compiled programs that run directly within the Linux kernel without ever needing to mo.
Inspect eBPF Programs and Maps with bpftool
Inspect eBPF Programs and Maps with bpftool. bpftool is your primary tool for peeking into the kernel's eBPF runtime. Let's see it in action
Write eBPF One-Liners with bpftrace for Instant Kernel Tracing
Write eBPF One-Liners with bpftrace for Instant Kernel Tracing — practical guide covering ebpf setup, configuration, and troubleshooting with real-world...
Write eBPF Tracing Scripts with bpftrace
bpftrace can dynamically trace kernel and user-space events using a high-level scripting language, making it incredibly powerful for understanding syste.
Use BTF to Write Portable eBPF Programs Across Kernel Versions
BTF allows eBPF programs to remain portable across different kernel versions without recompilation. Let's see BTF in action