{"id":5628,"date":"2019-12-26T14:20:52","date_gmt":"2019-12-26T12:20:52","guid":{"rendered":"https:\/\/skeletor.org.ua\/?p=5628"},"modified":"2023-12-28T15:50:28","modified_gmt":"2023-12-28T13:50:28","slug":"ebpf-%d1%82%d1%80%d0%b0%d1%81%d1%81%d0%b8%d1%80%d1%83%d0%b5%d0%bc-%d0%bf%d1%80%d0%b8%d0%bb%d0%be%d0%b6%d0%b5%d0%bd%d0%b8%d1%8f","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=5628","title":{"rendered":"eBPF: \u0442\u0440\u0430\u0441\u0441\u0438\u0440\u0443\u0435\u043c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f"},"content":{"rendered":"\n

The Berkeley Packet Filter (BPF) started (article 1992<\/a>) as a special-purpose virtual machine (register based filter evaluator) for filtering network packets, best known for its use in tcpdump. It is documented in the kernel tree, in the first part of: Documentation\/networking\/filter.txt<\/a><\/p>\n\n\n\n

The extended BPF (eBPF) variant has become a universal in-kernel virtual machine, that has hooks all over the kernel. The eBPF instruction set is quite different, see description in section \u201cBPF kernel internals\u201d of Documentation\/networking\/filter.txt<\/a> or look at this presentation by Alexei<\/a>.<\/p>\n\n\n\n

eBPF enables programmers to write code which gets executed in kernel space in a more secure and restricted environment. Yet this environment enables them to create tools which otherwise would require writing a new kernel module.<\/p>\n\n\n\n

\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u044b: <\/p>\n\n\n\n

https:\/\/eax.me\/bcc-ebpf\/<\/a>
https:\/\/habr.com\/ru\/post\/435142\/<\/a>
https:\/\/habr.com\/ru\/company\/otus\/blog\/436528\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The Berkeley Packet Filter (BPF) started (article 1992) as a special-purpose virtual machine (register based filter evaluator) for filtering network packets, best known for its use in tcpdump. It is documented in the kernel tree, in the first part of: Documentation\/networking\/filter.txt The extended BPF (eBPF) variant has become a universal in-kernel virtual machine, that has hooks […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-5628","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5628"}],"version-history":[{"count":3,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5628\/revisions"}],"predecessor-version":[{"id":6306,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5628\/revisions\/6306"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}