Hacker News with Generative AI: eBPF

Why Does My eBPF Program Work on One Kernel but Fail on Another? (ebpfchirp.substack.com)
In a perfect world, everyone’s systems would be fully updated, patched regularly, and running the latest kernel.

eBPF, Linux Kernel, Debugging, Software Development, Operating Systems

105 points by musha68k 3 days ago | 22 comments

Isolated Execution Environment for eBPF (ebpf.foundation)
The post below is an update on a research project sponsored by the eBPF Foundation. It is the first in a series of posts about this research. The post was prepared by Zhe Wang (Institute of Computing Technology, Chinese Academy of Sciences; wangzhe12@ict.ac.cn), and Patrick Peihua Zhang (WeChat, Tencent; patrickzhang2333@gmail.com). Read about the status of all the sponsored research projects in this post.

Security, eBPF, Research, Networking, Operating Systems

21 points by tuananh 11 days ago | 2 comments

How Netflix Accurately Attributes eBPF Flow Logs (netflixtechblog.com)
In a previous blog post, we described how Netflix uses eBPF to capture TCP flow logs at scale for enhanced network insights. In this post, we delve deeper into how Netflix solved a core problem: accurately attributing flow IP addresses to workload identities.

Networking, eBPF, Cloud Computing, Security, Netflix

160 points by simplesort 18 days ago | 58 comments

A List of eBPF Research Papers (pchaigno.github.io)
When I started reading on BPF there weren’t many academic papers to describe how it worked, how it didn’t, or how it is used.

eBPF, Research Papers, Networking

9 points by tanelpoder 48 days ago | 0 comments

When eBPF pt_regs reads return garbage on the latest Linux kernels, blame Fred (tanelpoder.com)
TLDR; Starting from Linux kernel version 6.9 on x86_64, there’s a new config option CONFIG_X86_FRED enabled and it adds 16 bytes to the bottom of a task’s kernel stack area, so you’ll need to account for this extra padding in your “raw” kernel stack & pt_regs lookup code.

Linux Kernel, Kernel Development, x86_64, eBPF, Security

105 points by tanelpoder 56 days ago | 11 comments

List Any Linux Tracepoint with Their Arguments, Datatypes and Related Structs (tanelpoder.com)
This should be something useful for Linux kernel explorers and eBPF nerds!

Linux Kernel, eBPF, Programming, Debugging, System Programming

40 points by tanelpoder 85 days ago | 5 comments

Case Study: ByteDance Uses eBPF to Enhance Networking Performance (ebpf.foundation)
Bytedance, a global technology company operating a wide range of content platforms around the world at massive scale, faced significant challenges in ensuring performance and stability across its data centers.

Case Study, Networking, Performance, eBPF, ByteDance

178 points by ChrisArchitect 87 days ago | 26 comments

Harpoon: Trace syscalls from user-space functions, by using eBPF (github.com/alegrey91)
Harpoon aims to capture the syscalls (as if they were fishes) from the execution flow (the river) of a single user-defined function.

Security, Linux, Programming, eBPF, Debugging

8 points by thunderbong 129 days ago | 0 comments

A KeyLogger using eBPF written in Rust (github.com/pythops)
Capture keystrokes and store them in a queue in the kernel. Intercept DNS requests and inject the captured keystroes in the DNS payload then redirect the request designated remote server acting as a DNS proxy. On the remote server, extract the keys from the DNS payload and send a valid DNS response. Intercept the response and modify its source address so the initial request will complete successfully.

Security, Rust, eBPF, Networking, Keylogging

11 points by pythops 143 days ago | 0 comments

eBPF Security Threat Model [pdf] (github.com/ebpffoundation)

Security, eBPF, Threat Modeling

9 points by mooreds 146 days ago | 0 comments

eBPF Verifier Code Review – NCC Group [pdf] (nccgroup.com)

Security, Code Review, eBPF

14 points by ghostpepper 159 days ago | 0 comments

Kyanos: eBPF-based network issue analysis tool (github.com/hengyoush)
Kyanos is an eBPF-based network issue analysis tool that enables you to capture network requests, such as HTTP, Redis, and MySQL requests.

Network Analysis, eBPF, Open Source, Tools, Networking

194 points by lijunhao 161 days ago | 14 comments

Every boring problem found in eBPF (2022) (tmpout.sh)
You may be wondering, "if you're filling an article with caveats about BPF, why should I even bother trying to use it?" Great question, straw man. There are a number of things BPF is really, really, good at that you should consider.

eBPF, Operating Systems, Networking, Security, Performance

163 points by udev4096 176 days ago | 11 comments

TUI for sniffing network traffic using eBPF on Linux (github.com/pythops)
🕵️‍♂️ TUI for sniffing network traffic using eBPF on Linux

Network Security, Linux, eBPF, TUI, Open Source

11 points by pythops 230 days ago | 0 comments

Show HN: Goroutine Monitor Powered by eBPF (github.com/keisku)
gmon is a tool designed to monitor the creation and destruction of goroutines in a Go program, drawing inspiration from the presentation Real World Debugging with eBPF.

Go Programming, Debugging, Performance Monitoring, eBPF

75 points by keisku 230 days ago | 2 comments

Writing a system call tracer using eBPF (sh4dy.com)

System Calls, eBPF, Linux Kernel, Security, Programming

99 points by tim_sw 264 days ago | 2 comments

eBPF Offensive Capabilities – Get Ready for Next-Gen Malware (2023) (sysdig.com)

Security, Malware, eBPF, Networking

89 points by password4321 275 days ago | 13 comments

Instrumenting Python GIL with eBPF (coroot.com)

Python, Performance, eBPF, Monitoring, Debugging

118 points by lukastyrychtr 281 days ago | 33 comments

Instrumenting Python GIL with eBPF (coroot.com)