Hacker News with Generative AI: eBPF

eBPF Mystery: When is IPv4 not IPv4? When it's pretending to be IPv6 (gripdev.xyz)
This adventures starts with a simple eBPF program to transparently redirect DNS requests on port 53 for a single program (or docker container).
Networking, Linux, eBPF, Security
58 points by tanelpoder 7 hours ago | 14 comments
Show HN: Using eBPF to see through encryption without a proxy (github.com/qpoint-io)
Qtap: An eBPF agent that captures pre-encrypted network traffic, providing rich context about egress connections and their originating processes.
Security, Networking, eBPF, Open Source, Data Analysis
240 points by tylerflint 18 hours ago | 72 comments
Optimizing eBPF I/O latency accounting when running 37M IOPS, on 384 CPUs (tanelpoder.com)
In this post I will introduce a much more efficient method for accounting block I/O latencies with eBPF on Linux.
Performance Optimization, Linux, eBPF, I/O
22 points by tanelpoder 9 days ago | 0 comments
Why Does My eBPF Program Work on One Kernel but Fail on Another? (ebpfchirp.substack.com)
In a perfect world, everyone’s systems would be fully updated, patched regularly, and running the latest kernel.
eBPF, Linux Kernel, Debugging, Software Development, Operating Systems
108 points by musha68k 16 days ago | 22 comments
Isolated Execution Environment for eBPF (ebpf.foundation)
The post below is an update on a research project sponsored by the eBPF Foundation. It is the first in a series of posts about this research. The post was prepared by Zhe Wang (Institute of Computing Technology, Chinese Academy of Sciences; wangzhe12@ict.ac.cn), and Patrick Peihua Zhang (WeChat, Tencent; patrickzhang2333@gmail.com). Read about the status of all the sponsored research projects in this post.
Security, eBPF, Research, Networking, Operating Systems
21 points by tuananh 24 days ago | 2 comments
How Netflix Accurately Attributes eBPF Flow Logs (netflixtechblog.com)
In a previous blog post, we described how Netflix uses eBPF to capture TCP flow logs at scale for enhanced network insights. In this post, we delve deeper into how Netflix solved a core problem: accurately attributing flow IP addresses to workload identities.
Networking, eBPF, Cloud Computing, Security, Netflix
160 points by simplesort 31 days ago | 58 comments
A List of eBPF Research Papers (pchaigno.github.io)
When I started reading on BPF there weren’t many academic papers to describe how it worked, how it didn’t, or how it is used.
eBPF, Research Papers, Networking
9 points by tanelpoder 61 days ago | 0 comments
When eBPF pt_regs reads return garbage on the latest Linux kernels, blame Fred (tanelpoder.com)
TLDR; Starting from Linux kernel version 6.9 on x86_64, there’s a new config option CONFIG_X86_FRED enabled and it adds 16 bytes to the bottom of a task’s kernel stack area, so you’ll need to account for this extra padding in your “raw” kernel stack & pt_regs lookup code.
Linux Kernel, Kernel Development, x86_64, eBPF, Security
105 points by tanelpoder 69 days ago | 11 comments
List Any Linux Tracepoint with Their Arguments, Datatypes and Related Structs (tanelpoder.com)
This should be something useful for Linux kernel explorers and eBPF nerds!
Linux Kernel, eBPF, Programming, Debugging, System Programming
40 points by tanelpoder 98 days ago | 5 comments
Case Study: ByteDance Uses eBPF to Enhance Networking Performance (ebpf.foundation)
Bytedance, a global technology company operating a wide range of content platforms around the world at massive scale, faced significant challenges in ensuring performance and stability across its data centers.
Case Study, Networking, Performance, eBPF, ByteDance
178 points by ChrisArchitect 100 days ago | 26 comments
Harpoon: Trace syscalls from user-space functions, by using eBPF (github.com/alegrey91)
Harpoon aims to capture the syscalls (as if they were fishes) from the execution flow (the river) of a single user-defined function.
Security, Linux, Programming, eBPF, Debugging
8 points by thunderbong 142 days ago | 0 comments
A KeyLogger using eBPF written in Rust (github.com/pythops)
Capture keystrokes and store them in a queue in the kernel. Intercept DNS requests and inject the captured keystroes in the DNS payload then redirect the request designated remote server acting as a DNS proxy. On the remote server, extract the keys from the DNS payload and send a valid DNS response. Intercept the response and modify its source address so the initial request will complete successfully.
Security, Rust, eBPF, Networking, Keylogging
11 points by pythops 157 days ago | 0 comments
eBPF Security Threat Model [pdf] (github.com/ebpffoundation)
Security, eBPF, Threat Modeling
9 points by mooreds 159 days ago | 0 comments
eBPF Verifier Code Review – NCC Group [pdf] (nccgroup.com)
Security, Code Review, eBPF
14 points by ghostpepper 173 days ago | 0 comments
Kyanos: eBPF-based network issue analysis tool (github.com/hengyoush)
Kyanos is an eBPF-based network issue analysis tool that enables you to capture network requests, such as HTTP, Redis, and MySQL requests.
Network Analysis, eBPF, Open Source, Tools, Networking
194 points by lijunhao 174 days ago | 14 comments
Every boring problem found in eBPF (2022) (tmpout.sh)
You may be wondering, "if you're filling an article with caveats about BPF, why should I even bother trying to use it?" Great question, straw man. There are a number of things BPF is really, really, good at that you should consider.
eBPF, Operating Systems, Networking, Security, Performance
163 points by udev4096 189 days ago | 11 comments
TUI for sniffing network traffic using eBPF on Linux (github.com/pythops)
🕵️‍♂️ TUI for sniffing network traffic using eBPF on Linux
Network Security, Linux, eBPF, TUI, Open Source
11 points by pythops 243 days ago | 0 comments
Show HN: Goroutine Monitor Powered by eBPF (github.com/keisku)
gmon is a tool designed to monitor the creation and destruction of goroutines in a Go program, drawing inspiration from the presentation Real World Debugging with eBPF.
Go Programming, Debugging, Performance Monitoring, eBPF
75 points by keisku 243 days ago | 2 comments
Writing a system call tracer using eBPF (sh4dy.com)
System Calls, eBPF, Linux Kernel, Security, Programming
99 points by tim_sw 277 days ago | 2 comments
eBPF Offensive Capabilities – Get Ready for Next-Gen Malware (2023) (sysdig.com)
Security, Malware, eBPF, Networking
89 points by password4321 289 days ago | 13 comments
Instrumenting Python GIL with eBPF (coroot.com)
Python, Performance, eBPF, Monitoring, Debugging
118 points by lukastyrychtr 294 days ago | 33 comments
Instrumenting Python GIL with eBPF (coroot.com)
Python, Instrumentation, eBPF
19 points by avivallssa 301 days ago | 0 comments
Capturing Linux SSL/TLS plaintext without a CA certificate using eBPF (github.com/gojue)
Linux, Security, Networking, eBPF
183 points by walterbell 302 days ago | 70 comments
The coming eBPF revolution and why Kubernetes monitoring will never be the same (getanteon.com)
Kubernetes, Monitoring, eBPF, Revolution, Cloud
17 points by nickwritesit 304 days ago | 13 comments
How eBPF is shaping the future of Linux and platform engineering (infoworld.com)
Linux, Network Engineering, eBPF, Platform Engineering
10 points by cempaka 317 days ago | 1 comments
Bpftop: Dynamic real-time view of running eBPF programs (github.com/Netflix)
Networking, eBPF, Linux, Open Source, Performance Monitoring
31 points by tanelpoder 318 days ago | 2 comments
eBPF BCC to libbpf conversion guide (nakryiko.com)
eBPF, BCC, Linux Kernel, Networking, Performance Optimization
13 points by tanelpoder 332 days ago | 0 comments
Linux: Easy Keylogger with eBPF (2018) (blogspot.com)
Linux, Security, Keylogging, eBPF
13 points by mooreds 387 days ago | 1 comments