eBPF has been described as “Superpowers for Linux,” and recently we’ve seen an explosion of tools that use it to power observability, security and more. It’s an exciting technology that enables running bespoke programs directly in the kernel. In this talk Liz uses live-coding examples to explore how eBPF programs are loaded and run in the kernel, and how user-space code can communicate with them to extract valuable information.

TIMECODES

  • 00:00 Intro
  • 01:05 What is eBPF?
  • 04:34 Eyplore bpf syscalls in bpftrace
  • 04:39 demo
  • 06:43 eBPF programs & maps
  • 09:56 Attach custom code to an event
  • 10:35 demo
  • 11:39 How to write eBPF hello world?
  • 14:50 eBPF hello world
  • 14:58 demo
  • 24:40 eBPF maps
  • 25:37 demo
  • 31:55 Recreate bpftrace command
  • 32:05 demo
  • 34:48 Outro

#ebpf #go #golang #secureity

A Beginner's Guide to eBPF Programming with Go
10.15 GEEK