Ebpf

eBPF helpers are a vital part of any eBPF program. It is often not easy to figure out, which helper you have available for a certain program type at a given Linux Kernel Version. The goal of this blog post is, to document some ways of answering the question “Can I use bpf helper abc in a xyz program at Linux Kernel version n”. docs.ebpf.io One pretty amazing resource for anything eBPF related is docs.ebpf.io. It was started by Dylan Reimerink (as far as I can tell). ...

The aim of this talk was to explain some nitty gritty details of how eBPF works a CNCF meetup in Innsbruck. I have to say I went a bit overboard with the details and lost half of the audience during the talk. Oops! The talk ended with an sample on a deep dive how the container drift detection in Kvisor (Cast.AIs eBPF sensor) works. Sadly no recording is available for the talk. ...