Linux Observability with BPF. Advanced Programming for Performance Analysis and Networking - Helion

ebook

Autor: David Calavera, Lorenzo Fontana
ISBN: 978-14-920-5015-5
stron: 180, Format: ebook
Data wydania: 2019-11-14
Księgarnia: Helion

Cena książki: 152,15 zł (poprzednio: 176,92 zł)
Oszczędzasz: 14% (-24,77 zł)

Osoby, które kupiły tę książkę, wybierały także »

Tagi: Linux

Build your expertise in the BPF virtual machine in the Linux kernel with this practical guide for systems engineers. You’ll not only dive into the BPF program lifecycle but also learn to write applications that observe and modify the kernel’s behavior; inject code to monitor, trace, and securely observe events in the kernel; and more.

Authors David Calavera and Lorenzo Fontana help you harness the power of BPF to make any computing system more observable. Familiarize yourself with the essential concepts you’ll use on a day-to-day basis and augment your knowledge about performance optimization, networking, and security. Then see how it all comes together with code examples in C, Go, and Python.

Write applications that use BPF to observe and modify the Linux kernel’s behavior on demand
Inject code to monitor, trace, and observe events in the kernel in a secure way—no need to recompile the kernel or reboot the system
Explore code examples in C, Go, and Python
Gain a more thorough understanding of the BPF program lifecycle

Osoby które kupowały "Linux Observability with BPF. Advanced Programming for Performance Analysis and Networking", wybierały także:

Administracja systemem Linux. Kurs video. Przewodnik dla początkujących 59,00 zł, (17,70 zł -70%)
Systemy operacyjne. Architektura, funkcjonowanie i projektowanie. Wydanie IX 125,48 zł, (38,90 zł -69%)
Gray Hat C#. Język C# w kontroli i łamaniu zabezpieczeń 57,74 zł, (17,90 zł -69%)
Python dla administrator 179,00 zł, (71,60 zł -60%)
Bash. Techniki zaawansowane. Kurs video. Zostań administratorem systemów IT 169,00 zł, (67,60 zł -60%)

Spis treści

Linux Observability with BPF. Advanced Programming for Performance Analysis and Networking eBook -- spis treści

Foreword
Preface
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
1. Introduction
- BPFs History
- Architecture
- Conclusion
2. Running Your First BPF Programs
- Writing BPF Programs
- BPF Program Types
  - Socket Filter Programs
  - Kprobe Programs
  - Tracepoint Programs
  - XDP Programs
  - Perf Event Programs
  - Cgroup Socket Programs
  - Cgroup Open Socket Programs
  - Socket Option Programs
  - Socket Map Programs
  - Cgroup Device Programs
  - Socket Message Delivery Programs
  - Raw Tracepoint Programs
  - Cgroup Socket Address Programs
  - Socket Reuseport Programs
  - Flow Dissection Programs
  - Other BPF Programs
- The BPF Verifier
- BPF Type Format
- BPF Tail Calls
- Conclusion
3. BPF Maps
- Creating BPF Maps
  - ELF Conventions to Create BPF Maps
- Working with BFP Maps
  - Updating Elements in a BPF Map
  - Reading Elements from a BPF Map
  - Removing an Element from a BPF Map
  - Iterating Over Elements in a BPF Map
  - Looking Up and Deleting Elements
  - Concurrent Access to Map Elements
- Types of BPF Maps
  - Hash-Table Maps
  - Array Maps
  - Program Array Maps
  - Perf Events Array Maps
  - Per-CPU Hash Maps
  - Per-CPU Array Maps
  - Stack Trace Maps
  - Cgroup Array Maps
  - LRU Hash and Per-CPU Hash Maps
  - LPM Trie Maps
  - Array of Maps and Hash of Maps
  - Device Map Maps
  - CPU Map Maps
  - Open Socket Maps
  - Socket Array and Hash Maps
  - Cgroup Storage and Per-CPU Storage Maps
  - Reuseport Socket Maps
  - Queue Maps
  - Stack Maps
- The BPF Virtual Filesystem
- Conclusion
4. Tracing with BPF
- Probes
  - Kernel Probes
    - Kprobes
    - Kretprobes
  - Tracepoints
  - User-Space Probes
    - Uprobes
    - Uretprobes
  - User Statically Defined Tracepoints
    - USDTs bindings for other languages
- Visualizing Tracing Data
  - Flame Graphs
  - Histograms
  - Perf Events
- Conclusion
5. BPF Utilities
- BPFTool
  - Installation
  - Feature Display
  - Inspecting BPF Programs
  - Inspecting BPF Maps
  - Inspecting Programs Attached to Specific Interfaces
  - Loading Commands in Batch Mode
  - Displaying BTF Information
- BPFTrace
  - Installation
  - Language Reference
  - Filtering
  - Dynamic Mapping
- kubectl-trace
  - Installation
  - Inspecting Kubernetes Nodes
- eBPF Exporter
  - Installation
  - Exporting Metrics from BPF
- Conclusion
6. Linux Networking and BPF
- BPF and Packet Filtering
  - tcpdump and BPF Expressions
  - Packet Filtering for Raw Sockets
    - The BPF program
    - Load and attach to a network interface
- BPF-Based Traffic Control Classifier
  - Terminology
    - Queueing disciplines
    - Classful qdiscs, filters, and classes
    - Classless qdiscs
  - Traffic Control Classifier Program Using cls_bpf
    - Notes on act_bpf and how cls_bpf is different
  - Differences Between Traffic Control and XDP
- Conclusion
7. Express Data Path
- XDP Programs Overview
  - Operation Modes
    - Native XDP
    - Offloaded XDP
    - Generic XDP
  - The Packet Processor
    - XDP result codes (packet processor actions)
  - XDP and iproute2 as a Loader
- XDP and BCC
- Testing XDP Programs
  - XDP Testing Using the Python Unit Testing Framework
- XDP Use Cases
  - Monitoring
  - DDoS Mitigation
  - Load Balancing
  - Firewalling
- Conclusion
8. Linux Kernel Security, Capabilities, and Seccomp
- Capabilities
- Seccomp
  - Seccomp Errors
  - Seccomp BPF Filter Example
- BPF LSM Hooks
- Conclusion
9. Real-World Use Cases
- Sysdig eBPF God Mode
- Flowmill
Index