Muutke küpsiste eelistusi

Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security [Pehme köide]

4.45/5 (49 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 150 pages, kõrgus x laius: 232x178 mm
  • Ilmumisaeg: 21-Mar-2023
  • Kirjastus: O'Reilly Media
  • ISBN-10: 1098135121
  • ISBN-13: 9781098135126
Teised raamatud teemal:
  • Pehme köide
  • Hind: 54,01 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 63,54 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and SecuritySuurem pilt
  • Formaat: Paperback / softback, 150 pages, kõrgus x laius: 232x178 mm
  • Ilmumisaeg: 21-Mar-2023
  • Kirjastus: O'Reilly Media
  • ISBN-10: 1098135121
  • ISBN-13: 9781098135126
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781098135126.html
Märksõnad:

What is eBPF? With this revolutionary technology, you can write custom code that dynamically changes the way the kernel behaves. It's an extraordinary platform for building a whole new generation of security, observability, and networking tools.

This practical book is ideal for developers, system administrators, operators, and students who are curious about eBPF and want to know how it works. Author Liz Rice, chief open source officer with cloud native networking and security specialists Isovalent, also provides a foundation for those who want to explore writing eBPF programs themselves.

With this book, you will:

  • Learn why eBPF has become so important in the past couple of years
  • Write basic eBPF code, and manipulate eBPF programs and attach them to events
  • Explore how eBPF components interact with Linux to dynamically change the operating system's behavior
  • Learn how tools based on eBPF can instrument applications without changes to the apps or their configuration
  • Discover how this technology enables new tools for observability, security, and networking

Preface ix
1 What Is eBPF, and Why Is It Important?
1(14)
eBPFs Roots: The Berkeley Packet Filter
1(1)
From BPF to eBPF
2(1)
The Evolution of eBPF to Production Systems
3(2)
Naming Is Hard
5(1)
The Linux Kernel
5(2)
Adding New Functionality to the Kernel
7(1)
Kernel Modules
8(1)
Dynamic Loading of eBPF Programs
9(1)
High Performance of eBPF Programs
10(1)
eBPF in Cloud Native Environments
11(2)
Summary
13(2)
2 eBPF's "Hello World"
15(22)
BCC's "Hello World"
15(3)
Running "Hello World"
18(2)
BPF Maps
20(1)
Hash Table Map
21(3)
Perf and Ring Buffer Maps
24(5)
Function Calls
29(1)
Tail Calls
30(5)
Summary
35(1)
Exercises
35(2)
3 Anatomy of an eBPF Program
37(22)
The eBPF Virtual Machine
38(1)
eBPF Registers
38(1)
eBPF Instructions
38(2)
eBPF "Hello World" for a Network Interface
40(2)
Compiling an eBPF Object File
42(1)
Inspecting an eBPF Object File
42(3)
Loading the Program into the Kernel
45(1)
Inspecting the Loaded Program
45(2)
The BPF Program Tag
47(1)
The Translated Bytecode
47(1)
The JIT-Compiled Machine Code
48(1)
Attaching to an Event
49(2)
Global Variables
51(2)
Detaching the Program
53(1)
Unloading the Program
54(1)
BPF to BPF Calls
54(2)
Summary
56(1)
Exercises
56(3)
4 The bpf() System Call
59(20)
Loading BTF Data
63(1)
Creating Maps
63(1)
Loading a Program
64(1)
Modifying a Map from User Space
65(2)
BPF Program and Map References
67(1)
Pinning
67(1)
BPF Links
68(1)
Additional Syscalls Involved in eBPF
69(1)
Initializing the Perf Buffer
69(1)
Attaching to Kprobe Events
70(1)
Setting Up and Reading Perf Events
71(1)
Ring Buffers
72(2)
Reading Information from a Map
74(1)
Finding a Map
74(1)
Reading Map Elements
75(1)
Summary
76(1)
Exercises
77(2)
5 CO-RE, BTF, and Libbpf
79(30)
BCC s Approach to Portability
80(1)
CO-RE Overview
81(1)
BPF Type Format
82(1)
BTF Use Cases
82(1)
Listing BTF Information with bpftool
83(2)
BTF Types
85(2)
Maps with BTF Information
87(1)
BTF Data for Functions and Function Prototypes
88(1)
Inspecting BTF Data for Maps and Programs
89(1)
Generating a Kernel Header File
89(2)
CO-RE eBPF Programs
91(1)
Header Files
91(2)
Defining Maps
93(1)
eBPF Program Sections
94(3)
Memory Access with CO-RE
97(1)
License Definition
98(1)
Compiling eBPF Programs for CO-RE
98(1)
Debug Information
98(1)
Optimization
98(1)
Target Architecture
99(1)
Makefile
99(1)
BTF Information in the Object File
100(1)
BPF Relocations
100(1)
CO-RE User Space Code
101(1)
The Libbpf Library for User Space
102(1)
BPF Skeletons
102(4)
Libbpf Code Examples
106(1)
Summary
106(1)
Exercises
107(2)
6 The eBPF Verifier
109(16)
The Verification Process
110(1)
The Verifier Log
111(2)
Visualizing Control Flow
113(1)
Validating Helper Functions
114(1)
Helper Function Arguments
115(1)
Checking the License
116(1)
Checking Memory Access
116(3)
Checking Pointers Before Dereferencing Them
119(1)
Accessing Context
120(1)
Running to Completion
120(1)
Loops
121(1)
Checking the Return Code
122(1)
Invalid Instructions
122(1)
Unreachable Instructions
122(1)
Summary
123(1)
Exercises
123(2)
7 eBPF Program and Attachment Types
125(18)
Program Context Arguments
126(1)
Helper Functions and Return Codes
126(1)
Kfuncs
127(1)
Tracing
127(1)
Kprobes and Kretprobes
128(2)
Fentry/Fexit
130(1)
Tracepoints
131(2)
BTF-Enabled Tracepoints
133(1)
User Space Attachments
133(2)
LSM
135(1)
Networking
135(2)
Sockets
137(1)
Traffic Control
137(1)
XDP
137(1)
Flow Dissector
138(1)
Lightweight Tunnels
138(1)
Cgroups
138(1)
Infrared Controllers
139(1)
BPF Attachment Types
139(1)
Summary
140(1)
Exercises
140(3)
8 eBPF for Networking
143(28)
Packet Drops
144(1)
XDP Program Return Codes
144(1)
XDP Packet Parsing
145(3)
Load Balancing and Forwarding
148(3)
XDP Offloading
151(2)
Traffic Control (TC)
153(4)
Packet Encryption and Decryption
157(1)
User Space SSL Libraries
157(3)
eBPF and Kubernetes Networking
160(3)
Avoiding iptables
163(1)
Coordinated Network Programs
163(2)
Network Policy Enforcement
165(1)
Encrypted Connections
166(2)
Summary
168(1)
Exercises and Further Reading
169(2)
9 eBPF for Security
171(14)
Security Observability Requires Policy and Context
171(2)
Using System Calls for Security Events
173(1)
Seccomp
173(1)
Generating Seccomp Profiles
174(2)
Syscall-Tracking Security Tools
176(2)
BPFLSM
178(1)
Cilium Tetragon
179(1)
Attaching to Internal Kernel Functions
180(1)
Preventative Security
181(1)
Network Security
182(1)
Summary
183(2)
10 eBPF Programming
185(18)
Bpftrace
185(4)
Language Choices for eBPF in the Kernel
189(1)
BCC Python/Lua/C++
190(2)
C and Libbpf
192(1)
Go
193(1)
Gobpf
193(1)
Ebpf-go
193(3)
Libbpfgo
196(1)
Rust
196(1)
Libbpf-rs
197(1)
Redbpf
197(1)
Aya
198(2)
Rust-bcc
200(1)
Testing BPF Programs
200(1)
Multiple eBPF Programs
200(1)
Summary
201(1)
Exercises
202(1)
11 The Future Evolution of eBPF
203(6)
The eBPF Foundation
203(1)
eBPF for Windows
204(2)
Linux eBPF Evolution
206(2)
eBPF Is a Platform, Not a Feature
208(1)
Conclusion 209(2)
Index 211
Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security, and observability project. She was Chair of CNCF's Technical Oversight Committee in 2019-2022, and Cochair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly.