BPF: Tracing and More

Поделиться
HTML-код
  • Опубликовано: 23 дек 2024

Комментарии • 22

  • @cupajoesir
    @cupajoesir 7 лет назад +1

    I love dense material like this. Each time you watch it you notice something you didn't before. Notice I said dense, not sparse. Too many of the few talks cover advanced topics do it in a way that does not connect the series of ideas. Well done & thanks for posting.

  • @DavidMedberry
    @DavidMedberry 8 лет назад +6

    Great talk. Timely, important, and 99.99 on a geek scale.

  • @nagmatnazarov1759
    @nagmatnazarov1759 5 лет назад

    very informative talk, thanks. Have watched this video more than 20 times and each time understood some more stuff...

  • @NoobTube4148
    @NoobTube4148 7 лет назад +2

    This is brilliant. I didn't know you could do stuff like this. Being able to access the kernel with minimal over head on running systems, makes this ideal for troubleshooting on production. This is very cool.

  • @RogerBarraud
    @RogerBarraud 4 года назад +1

    03:22 I think you forgot the 'Amplification' box on the LHS... :-/

  • @iqrar318
    @iqrar318 5 лет назад

    Nice talk! sir how we can use it for power consumption estimation ?

  • @PoeticMachineDreams
    @PoeticMachineDreams 7 лет назад

    1:54 What architecture is that?

    • @RogerBarraud
      @RogerBarraud 4 года назад

      BPF VM in Linux kernel, on whatever ISA Linux is running on.

  • @coliniking
    @coliniking 8 лет назад +1

    BCC is now available as snap, wiki.ubuntu.com/Kernel/Reference/bcc

  • @pronounjow
    @pronounjow 8 лет назад

    I'm not sure that I understand correctly.
    Is BPF a way to safely issue instructions from user space to kernel space?
    Is it a way to safely run some part of a user space program in kernel space?
    Is it a performance tracer?
    Is it something to build and/or base performance tracers on?

    • @BrendanGregg
      @BrendanGregg 8 лет назад +2

      All of the above, and more. Except the instructions you issue are BPF instructions (its own basic instruction set) -- which are executed by an in-kernel virtual machine that maps them to native instructions (x86_64, etc). That virtual machine provides various security safeguards, so it's preferable to writing a kernel module. It can be used for performance tracers, but also security monitors, and software defined network programs. Lots of uses. So far I've mostly used BPF for performance tracers.

    • @pronounjow
      @pronounjow 8 лет назад

      So BPF could be used instead of dedicated kernel modules like drivers in the kernel? That could really slim down the kernel's footprint, I imagine.

    • @BrendanGregg
      @BrendanGregg 8 лет назад +2

      In some cases, yes. The actions a BPF program can do are limited, and while enough for things like observability or redirecting packets, it's unlikely to ever be enough for a full device driver. But yes, the question will be asked in the future whenever someone is proposing writing a kernel module will be -- can this just be a BPF program?

    • @sinkarharshad
      @sinkarharshad 7 лет назад

      Hello Sir, can you point such example where a BPF program can work as kernel driver? (beginner here). Thank you in advance.

  • @SarfarazAhmad89
    @SarfarazAhmad89 8 лет назад

    attack surface ?

  • @joshuadfranklin
    @joshuadfranklin 7 лет назад +1

    FYI, pony characters who have both a unicorn horn and Pegasus wings are called Alicorns.

  • @RogerBarraud
    @RogerBarraud 4 года назад

    Remember, There Is No Flame...

  • @RogerBarraud
    @RogerBarraud 4 года назад

    04:00 There's thing we used to used, called 'Hardware'...

  • @cutyboi8630
    @cutyboi8630 4 года назад

    they are great but using macos seems weird lol

  • @bahaduroroan7471
    @bahaduroroan7471 3 года назад

    Bpatl

  • @BarbaraYoung-n5q
    @BarbaraYoung-n5q 2 месяца назад

    White Anthony Perez Michael Taylor Jeffrey