Learning eBPF: High performance observability, networking, and security programming on Linux (English Edition)
Author:Michael Kehoe (Author)
Publisher finelybook 出版社: BPB Publications
Publication Date 出版日期: 2025-05-13
Language 语言: English
Print Length 页数: 234 pages
ISBN-10: 9365898854
ISBN-13: 9789365898859
Book Description
Description
Unlock the power of eBPF, the revolutionary Linux kernel technology transforming observability, networking, and security. This book serves as your comprehensive resource to master this cutting-edge technology, whether you are a beginner exploring its potential or a seasoned professional seeking in-depth knowledge.
Embark on a structured learning journey, starting with classic BPF (cBPF) and its evolution to modern eBPF, grasping its architecture and core programming primitives like the BPF syscall and various program/attachment types. Discover practical development using key eBPF programming libraries such as libbpf and bpftrace, and learn to write your first program. Explore BPF portability with CO-RE and efficient eBPF deployment. Uncover potent applications in eBPF observability (kprobes, tracepoints), eBPF networking (XDP, socket filters), and eBPF security. Finally, delve into key eBPF open-source projects like Cilium and Falco.
By the end of this definitive guide, you will possess a robust understanding of eBPF, equipped with the practical skills to develop, deploy, and leverage its immense capabilities across diverse domains, making you a proficient practitioner in this transformative field.
What you will learn
● cBPF history, eBPF architecture, core primitives, and deployment.
● eBPF programming, portability, observability, networking, and security.
● BPF evolution, eBPF internals, practical application, and ecosystem.
● Kernel probing, packet manipulation, and secure eBPF development.
● eBPF tools, libraries, deployment strategies, and open-source projects.
● Tracing kernel/user space, network filtering/modification, and security enforcement.
● Understanding BPF syscall, program/attach types, and map utilization.
● Developing portable eBPF, managing lifecycle, and exploring use cases.
Who this book is for
Whether you are a software developer, network engineer, security professional, or systems administrator, this book provides the knowledge to leverage eBPF for enhanced system observability, advanced networking, and security enforcement in your environment.
Table of Contents
1. Classic Berkeley Packet Filter
2. Extended Berkeley Packet Filter
3. eBPF Programming Concepts
4. eBPF Programming Libraries and Frameworks
5. Writing Your First eBPF Program
6. eBPF Portability and Deploying
7. eBPF Observability
8. eBPF Networking
9. eBPF Security
10. eBPF Open Source Projects and the Future of eBPF
