Rootconf 2019

eBPF is an upcoming in-kernel mechanism that provides ability inject arbitrary user space code into the kernel in a safe manner.

With ability to program any userspace code into the kernel, it open up a lot of possibilities for end-user to easily interact with kernel components.
This lets users to develop various hooks into the kernel and use existing infrastructure to improve various parts of it.

One such major use case is High performance networking. With the advent of XDP(Express Data Path), it is allowing people to do packet filtering at an early point in the software stack in an extensible manner, which enables very fast packet processing compared to nftables, iptables etc.

Other such usecase is Kernel tracing, which is possible due to bcc(https://github.com/iovisor/bcc) and Bpftrace(DTrace for Linux, https://github.com/iovisor/bpftrace). It enables you to use kprobes, uprobes and tracepoints to deep dive into the intricacies in kernelspace/userspace and make sense of it.

Outline

• Introduction to eBPF
  • Tracing applications
  • tcpdump: Beginning of BPF
• What is eBPF?
  • Features
  • Use-cases
• How does eBPF works?
  • BPF syscall, maps, prog types
  • How is BPF safe?
    • Overview of eBPF verfier
• How to use eBPF?
  • System requirements
  • Writing eBPF program in python using BCC(BPF compiler collection)
  • frontends, DSL etc
• XDP
  • Overview
  • XDP real life-scenario
    • Test setup
    • Benchmark comparison between iptables and XDP
• Takeaways
• Q&A

Speaker bio

Performance engineer at Red Hat. Currently working on improving kernel networking performance. Open source enthusiast. Co-organizer/Volunteer of India Linux User group Delhi.

Previous talks:
How command line params are parsed(ILUG-D): http://slides.com/tksourabh/how-command#/
Basics: Logging in python(PyDelhi): https://slides.com/tksourabh/basics-logging-in-python#/
Github: https://github.com/sourabhtk37/

Slides

https://docs.google.com/presentation/d/1tWXuNlu6E1uT9aSJZm6m7JnmcG4uNssBZ2-q9WeGxCU/