Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security / Изучение eBPF: Программирование ядра Linux для повышения наблюдаемости, сетевого взаимодействия и безопасности Год издания: 2023 Автор: Rice Liz / Райс Лиз Издательство: O’Reilly Media ISBN: 978-1-098-13512-6 Язык: Английский Формат: PDF, EPUB Качество: Издательский макет или текст (eBook) Интерактивное оглавление: Да Количество страниц: 237 Описание: What is eBPF? With this revolutionary technology, you can write custom code that dynamically changes the way the kernel behaves. It's an extraordinary platform for building a whole new generation of security, observability, and networking tools. This practical book is ideal for developers, system administrators, operators, and students who are curious about eBPF and want to know how it works. Author Liz Rice, chief open source officer with cloud native networking and security specialists Isovalent, also provides a foundation for those who want to explore writing eBPF programs themselves. With this book, you will: Learn why eBPF has become so important in the past couple of years Write basic eBPF code, and manipulate eBPF programs and attach them to events Explore how eBPF components interact with Linux to dynamically change the operating system's behavior Learn how tools based on eBPF can instrument applications without changes to the apps or their configuration Discover how this technology enables new tools for observability, security, and networking Что такое eBPF? С помощью этой революционной технологии вы можете писать пользовательский код, который динамически изменяет поведение ядра. Это экстраординарная платформа для создания совершенно нового поколения средств обеспечения безопасности, наблюдаемости и сетевых инструментов. Эта практическая книга идеально подходит для разработчиков, системных администраторов, операторов и студентов, которые интересуются eBPF и хотят знать, как это работает. Автор Лиз Райс, главный специалист по открытым исходным кодам в компании Isovalent, специализирующейся на облачных сетях и безопасности, также предоставляет основу для тех, кто хочет самостоятельно изучить написание программ eBPF. С помощью этой книги вы: Узнаете, почему eBPF стал таким важным за последние пару лет Напишите базовый код eBPF, манипулировать программами eBPF и прикреплять их к событиям Изучите, как компоненты eBPF взаимодействуют с Linux для динамического изменения поведения операционной системы Узнаете, как инструменты, основанные на eBPF, могут управлять приложениями без внесения изменений в приложения или их конфигурацию Узнаете, как эта технология позволяет создавать новые инструменты для обеспечения наблюдаемости, безопасности и взаимодействия в сети
Примеры страниц
Оглавление
Preface ix 1. What Is eBPF, and Why Is It Important? 1 eBPF’s Roots: The Berkeley Packet Filter 1 From BPF to eBPF 2 The Evolution of eBPF to Production Systems 3 Naming Is Hard 4 The Linux Kernel 5 Adding New Functionality to the Kernel 7 Kernel Modules 8 Dynamic Loading of eBPF Programs 9 High Performance of eBPF Programs 10 eBPF in Cloud Native Environments 11 Summary 13 2. eBPF’s “Hello World” 15 BCC’s “Hello World” 15 Running “Hello World” 18 BPF Maps 20 Hash Table Map 21 Perf and Ring Buffer Maps 24 Function Calls 29 Tail Calls 30 Summary 35 Exercises 35 3. Anatomy of an eBPF Program 37 The eBPF Virtual Machine 38 eBPF Registers 38 eBPF Instructions 38 eBPF “Hello World” for a Network Interface 40 Compiling an eBPF Object File 42 Inspecting an eBPF Object File 42 Loading the Program into the Kernel 44 Inspecting the Loaded Program 45 The BPF Program Tag 47 The Translated Bytecode 47 The JIT-Compiled Machine Code 48 Attaching to an Event 49 Global Variables 51 Detaching the Program 53 Unloading the Program 54 BPF to BPF Calls 54 Summary 56 Exercises 56 4. The bpf() System Call 59 Loading BTF Data 63 Creating Maps 63 Loading a Program 64 Modifying a Map from User Space 65 BPF Program and Map References 67 Pinning 67 BPF Links 68 Additional Syscalls Involved in eBPF 69 Initializing the Perf Buffer 69 Attaching to Kprobe Events 70 Setting Up and Reading Perf Events 71 Ring Buffers 72 Reading Information from a Map 74 Finding a Map 74 Reading Map Elements 75 Summary 76 Exercises 77 5. CO-RE, BTF, and Libbpf 79 BCC’s Approach to Portability 80 CO-RE Overview 81 BPF Type Format 82 BTF Use Cases 82 Listing BTF Information with bpftool 83 BTF Types 85 Maps with BTF Information 87 BTF Data for Functions and Function Prototypes 88 Inspecting BTF Data for Maps and Programs 89 Generating a Kernel Header File 89 CO-RE eBPF Programs 91 Header Files 91 Defining Maps 93 eBPF Program Sections 94 Memory Access with CO-RE 97 License Definition 98 Compiling eBPF Programs for CO-RE 98 Debug Information 98 Optimization 98 Target Architecture 99 Makefile 99 BTF Information in the Object File 100 BPF Relocations 100 CO-RE User Space Code 101 The Libbpf Library for User Space 102 BPF Skeletons 102 Libbpf Code Examples 106 Summary 106 Exercises 107 6. The eBPF Verifier 109 The Verification Process 110 The Verifier Log 111 Visualizing Control Flow 113 Validating Helper Functions 114 Helper Function Arguments 115 Checking the License 116 Checking Memory Access 116 Checking Pointers Before Dereferencing Them 119 Accessing Context 120 Running to Completion 120 Loops 120 Checking the Return Code 121 Invalid Instructions 122 Unreachable Instructions 122 Summary 122 Exercises 123 7. eBPF Program and Attachment Types 125 Program Context Arguments 125 Helper Functions and Return Codes 126 Kfuncs 127 Tracing 127 Kprobes and Kretprobes 128 Fentry/Fexit 130 Tracepoints 131 BTF-Enabled Tracepoints 133 User Space Attachments 133 LSM 134 Networking 135 Sockets 137 Traffic Control 137 XDP 137 Flow Dissector 138 Lightweight Tunnels 138 Cgroups 138 Infrared Controllers 139 BPF Attachment Types 139 Summary 140 Exercises 140 8. eBPF for Networking 143 Packet Drops 144 XDP Program Return Codes 144 XDP Packet Parsing 145 Load Balancing and Forwarding 148 XDP Offloading 151 Traffic Control (TC) 153 Packet Encryption and Decryption 157 User Space SSL Libraries 157 eBPF and Kubernetes Networking 160 Avoiding iptables 163 Coordinated Network Programs 163 Network Policy Enforcement 165 Encrypted Connections 166 Summary 168 Exercises and Further Reading 169 9. eBPF for Security 171 Security Observability Requires Policy and Context 171 Using System Calls for Security Events 173 Seccomp 173 Generating Seccomp Profiles 174 Syscall-Tracking Security Tools 176 BPF LSM 178 Cilium Tetragon 179 Attaching to Internal Kernel Functions 180 Preventative Security 180 Network Security 182 Summary 183 10. eBPF Programming 185 Bpftrace 185 Language Choices for eBPF in the Kernel 189 BCC Python/Lua/C++ 189 C and Libbpf 191 Go 192 Gobpf 193 Ebpf-go 193 Libbpfgo 195 Rust 196 Libbpf-rs 196 Redbpf 197 Aya 197 Rust-bcc 199 Testing BPF Programs 199 Multiple eBPF Programs 200 Summary 201 Exercises 201 11. The Future Evolution of eBPF 203 The eBPF Foundation 203 eBPF for Windows 204 Linux eBPF Evolution 206 eBPF Is a Platform, Not a Feature 208 Conclusion 209 Index 211
Rice Liz / Райс Лиз - Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security / Изучение eBPF: Программирование ядра Linux для повышения наблюдаемости, сетевого взаимодействия и безопасности [2023, PDF, EPUB, download torrent for free and without registration
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
![[Quote]](./templates/default/images/lang/en/icon_quote.gif "Reply with quote"){kind=icon}
![[Profile]](./templates/default/images/lang/en/icon_profile.gif "View user's profile"){kind=icon}
![[PM]](./templates/default/images/lang/en/icon_pm.gif "Send private message"){kind=icon}
