eBPF.party – Learn eBPF through hands-on exercises. Write, compile, and run programs directly in your browser:

https://ebpf.party/

#Linux #LinuxKernel #kernel #ebpf #bpf

""[…] eBPF (Extended Berkeley Packet Filter) lets you attach tiny, sandboxed programs directly to the #Linux #kernel, no restarts, no recompiling, no intrusive overhead. In practice, you gain X-ray vision into your system’s behavior, in real time, with almost zero performance penalty.

And thanks to the amazing CLI tools built around eBPF, you can debug problems that were previously “impossible” to catch. […]""

1. bpftrace: The ultimate custom debugger
2. execsnoop: Catching fleeting processes
3. opensnoop: Permission denied demystified
4. tcplife: Tracing microservice sessions
5. gethostlatency: Fixing intermittent slowness
6. biotop: Disk I/O task manager
7. biolatency: The I/O performance historian
8. tcpretrans: Spotting network reliability issues
9. tcpconnect: Tracing outbound connections
10. tcpaccept: Tracing inbound connections
11. biosnoop: I/O operations in detail
12. bpftool: Inspect and debug eBPF programs already running

https://itsfoss.com/ebpf-sysadmin-tools/

#BPF #LinuxKernel

Recordings from last week's @linuxplumbersconf 2025 are now available.🥳

You have two options to find the ones you might be interested in:

* Look through this YouTube-Playlist (https://www.youtube.com/playlist?list=PLVsQ_xZBEyN3-ZbrEgTiCpm1-Sg_ihLVF)

* Find and open interesting talks via the Schedule Overview (https://lpc.events/event/19/timetable/#all) or the Detailed Schedule (https://lpc.events/event/19/timetable/?view=lpc), as the individual talk descriptions link to the videos. And as a bonus, they besides the summary usually contain links to the slides shown, too.

#Linux #kernel #LinuxPlumbersConference #LinuxPlumbersConference2025 #eBPF #BPF

Мониторинг в Linux на уровне ядра. Краткое практическое введение в eBPF+Cilium

Добрый день, всем читающим данную статью. Недавно эксперементируя с eBPF для разработки нового функционала своей EDR для linux-серверов , я столкнулся с огромной проблемой: на просторах интернета есть огромный пласт статей по теории работы с eBPF, однако кратких практических статей как работать с BPF мной найдено не было. Если быть более точным, то такие статьи есть, однако, они не дают понимания функционала. В общем, в данной статье хотелось бы написать краткий гайд по работе с eBPF с уклоном в практику

https://habr.com/ru/articles/972602/

#eBPF #bpf #go #edr #разработка #мониторинг #трассировка #ядро #ядро_linux #linux

☀️The deeply detailed talk from ulexec and secoalba from @inversive_xyz about reverse engineering #Solana #eBPF binaries with #radare2 was built on top of several improvements for the elf bin parser and the architecture support for the 64bit #BPF.

All that stuff was also included in the last r2-6.0.6 release:

- esil emulation of bytecode
- pseudo decompilation
- AI-based disassembly
- bpf-specific elf relocs
- bpf-specific analysis plugin to extract strings
- document every bpf instruction
- support multiple "cpu" models
- binary patching and assembling BPF instructions

Cook some popcorns and take notes because their presentation was really detailed! Worth watching!
🎥 https://www.youtube.com/watch?v=IAt-HgKPN88

Je suis à Cyb'Air aujourd'hui et mes slides sont sur https://GitHub.com/cryptax/talks.

C'était sur des variantes de 2025 de Linux/Symbiote et BPFDoor. Avec des nouveautés sur le filtre BPF comme le support d'IPv6.

Les samples sont analysés avec r2, r2ai, r2mcp et mcpico.

#malware #cybair #salon #BPF #AI

Enable BPF filtering on sockets https://www.undeadly.org/cgi?action=article;sid=20251030110053 #openbsd #bpf #filtering #sockets #networking #security #development #poc #proofofconcept #earlydays #freesoftware #libresoftware

Kernel Recipes 2025 c'est fini : les vidéos sont en ligne ! https://linuxfr.org/news/kernel-recipes-2025-c-est-fini-les-videos-sont-en-ligne #kernel_recipes #virtualisation #conférence #communauté #kernel #Noyau #rust #bpf

Wow, riveting stuff: a bunch of geeks decided it's finally time for a #GNU makeover with #BPF support. They gathered at the 2025 GNU Tools #Cauldron to talk shop—because nothing screams #innovation like a cauldron and a horde of #kernel #enthusiasts 🧙🔧. Who knew #toolchains could be this exciting? 🌟
https://lwn.net/Articles/1039827/ #HackerNews #ngated

Next steps for BPF support in the GNU toolchain

https://lwn.net/Articles/1039827/

#HackerNews #BPF #GNU #Toolchain #Linux #Development #OpenSource #TechNews

Support for signing #BPF programms has hit #Linux-next and thus is slated for inclusion in #kernel 6.18:

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=58a5820582e4c809dd26b3f2d396cf072411d6e8

Quote from that merge commit: ""BPF Signing has gone over multiple discussions in various conferences with the kernel and BPF community and the following patch series is a culmination of the current of discussion and signed BPF programs. […]

Signing also paves the way for allowing unprivileged users to load vetted BPF programs and helps in adhering to the principle of least privlege […]""

See also the recent @lwn article "Possible paths for signing BPF programs": https://lwn.net/Articles/1031854/

#LinuxKernel

You could also use #bpf instead of #strace, albeit modern strace uses bpf if told so:

How to use the new Docker Seccomp profiles https://blog.jessfraz.com/post/how-to-use-new-docker-seccomp-profiles/

#Google #engineer Roman #Gushchin has proposed the ability for the #Linux #kernel to customize the out-of-memory " #OOM" behavior using #BPF programs.

https://www.phoronix.com/news/Linux-OOM-BPF-Proposal

#Google #engineer Roman #Gushchin has proposed the ability for the #Linux #kernel to customize the out-of-memory " #OOM" behavior using #BPF programs. www.phoronix.com/news/Linux-O...

New Linux Patches Allow Manipu...

It's been too long since the last ebpf_exporter release, so I cut v2.5.0 today.

https://github.com/cloudflare/ebpf_exporter/releases/tag/v2.5.0

#ebpf_exporter #ebpf #bpf #linux #kernel

'"Today we are marking the celebration of Alan #Turing's 113th birthday by implementing the #Enigma machine in #eBPF. The Enigma machine was not developed by Turing himself, but it was the machine he famously broke during World War II."'

https://isovalent.com/blog/post/breaking-boundaries-implementing-the-enigma-machine-in-ebpf/

#Linux #LinuxKernel #kernel #bpf

dhcpd(8): use UDP sockets instead of BPF https://www.undeadly.org/cgi?action=article;sid=20250613111800 #openbsd #dhcpd #tcpip #networking #udp #bpf #development #newfeature #testing #freesoftware #libresoftware

Before wiping the pre-installed #Windows 11 Pro on my new Beelink mini PC, I tested #WSL2 with #Fedora #Linux. I compiled my pet project, I/O Riot NG (ior), which requires many system libraries, including #BPF. I’m impressed—everything works just like on native Fedora, and my tool runs and traces I/O syscalls with BPF out of the box. I might would prefer now Windows over MacOS if I had to chose between those two for work.

https://codeberg.org/snonux/ior

Ummm 🤔

#linux #kernel #bpf #fanotify #lsm #opensource

https://lwn.net/Articles/1018493/