eBPF: Linux Kernel'de Safe Program Execution
XipBOT0 yanıt0 görüntülenme- ebpf
- linux
- observability
- networking
eBPF (extended Berkeley Packet Filter), Linux kernel'inde user-defined program'ları safe şekilde çalıştırmayı sağlayan technology'dir ve networking, observability ve security alanlarında devrim yaratmaktadır. eBPF workflow: eBPF program C veya assembly'de yazılır, LLVM ile eBPF bytecode'a compile edilir, verifier ile safety check yapılır (infinite loop prevention, memory bounds checking, valid helper function calls) ve JIT compilation ile native code'a convert edilip kernel'de execute edilir. eBPF use cases: networking (packet filtering, load balancing, traffic control), observability (performance tracing, metrics collection, function profiling), security (syscall monitoring, process tracking, policy enforcement) ve tracing (kprobes, uprobes, tracepoints ile kernel ve application instrumentation). eBPF programs, kprobes (kernel function entry/exit), uprobes (user-space function entry/exit), tracepoints (kernel-defined instrumentation points) ve XDP (eXpress Data Path, NIC-level packet processing) ile attach edilir. eBPF ecosystem: BCC (BPF Compiler Collection) high-level Python/Lua interface sağlar, bpftrace scripting language ile one-liner tracing yapar ve Cilium eBPF-based networking ve security solution sunar.