bpftime
bcc
| bpftime | bcc | |
|---|---|---|
| 6 | 71 | |
| 637 | 19,546 | |
| 7.7% | 1.5% | |
| 9.2 | 9.2 | |
| about 18 hours ago | 3 days ago | |
| C++ | C | |
| MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bpftime
-
eBPF Tutorial by Example 16: Monitoring Memory Leaks
Uprobe in kernel mode eBPF runtime may also cause relatively large performance overhead. In this case, you can also consider using user mode eBPF runtime, such as bpftime. bpftime is a user mode eBPF runtime based on LLVM JIT/AOT. It can run eBPF programs in user mode and is compatible with kernel mode eBPF, avoiding context switching between kernel mode and user mode, thereby improving the execution efficiency of eBPF programs by 10 times.
-
bpftime: Extending eBPF from Kernel to Userspace
In this blog, we are excited to introduce a new open-source user-space eBPF runtime: https://github.com/eunomia-bpf/bpftime. bpftime further expands the capabilities of eBPF, allowing existing eBPF tools and applications, such as BCC tools, bpftrace, Deepflow, etc., to run in non-privileged user space without any code modifications, while using the same libraries and toolchains as kernel eBPF.
- The Secure Path Forward for eBPF runtime: Challenges and Innovations
-
Bpftime: Userspace eBPF runtime for fast Uprobe and Syscall hook and Plugins
Thanks for sharing your talk and insights! bpftrace is a wonderful tool, and the talk is great!
In fact, bpftime can already run bpftrace in userspace for uprobes, without any modification: https://github.com/eunomia-bpf/bpftime/tree/master/example/b...
(There might still need some bug fixes in some cases, eg. the signal handler to stop the bpf program...
bcc
-
eBPF: Unleashing Kernel Magic for Modern Infrastructure
But wait, there's more! Enter the BCC toolkit and library, your trusty sidekick in simplifying the arcane art of writing eBPF applications. With BCC by your side, you'll be wielding eBPF like a seasoned pro in no time.
-
Linux: Easy Keylogger with eBPF (2018)
Nice - I normally use [bash-readline](https://github.com/iovisor/bcc/blob/master/tools/bashreadlin...) when coworking/co-inhabiting a server or training someone.
-
eBPF Documentary
One of the big wins is not so much “build and run your own stuff” but there are very nice low-cost (in terms of compute) performance utilities built on eBPF
https://github.com/iovisor/bcc
There are so many utilities in that list; there’s a diagram midway down the readme which tries to help show their uses. bcc-tools should be available in any distro.
Also, Brendan Gregg does a ton of performance stuff that is worth knowing about if you check out his other work. Not eBPF only. Flame graphs are useful.
- Bpftop: Streamlining eBPF performance optimization
-
eBPF Tutorial by Example 16: Monitoring Memory Leaks
Reference: https://github.com/iovisor/bcc/blob/master/libbpf-tools/memleak.c
- eBPF Tutorial by Example 9: Capturing Scheduling Latency and Recording as Histogram
-
Uprobes Siblings - Capturing HTTPS Traffic: A Rust and eBPF Odyssey
In this article, we'll build a basic version of an HTTPS sniffer, inspired by bcc-sslsniff.py, but we'll use Rust and Aya. We're going to demonstrate the capabilities of uprobes by employing uprobe and uretprobe along with familiar maps like PerCpuArray, HashMap, and PerEventArray. This will be a straightforward example to help us explore how uprobes function.
-
Issue XDP_REDIRECT on other interface in the same namespace
As xpd program I am using the BCC example xdp_redirect_map.py in skb mode as my NIC does not support native mode, attaching the program to veth2 and a dummy function to veth3
-
Linux runtime security agent powered by eBPF
https://github.com/iovisor/bcc/blob/master/docs/reference_gu...
- eBPF Practical Tutorial: Capturing SSL/TLS Plain Text Data Using uprobe
What are some alternatives?
chaotix - The chaotix operating system! (Previously known as Magma or Psychix)
libbpf - Automated upstream mirror for libbpf stand-alone build.
wasm-micro-runtime - WebAssembly Micro Runtime (WAMR)
bpftrace - High-level tracing language for Linux eBPF [Moved to: https://github.com/bpftrace/bpftrace]
bpf-developer-tutorial - eBPF Developer Tutorial: Learning eBPF Step by Step with Examples
ebpf-for-windows - eBPF implementation that runs on top of Windows
AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
zfs - OpenZFS on Linux and FreeBSD
bpfman - An eBPF Manager for Linux and Kubernetes
linux - Linux kernel source tree
opentelemetry-go-instrumentation - OpenTelemetry Auto Instrumentation using eBPF
nokogiri-rust - Ruby FFI wrapper around scraper crate to be used instead of Nokogiri. Status: proof of concept.