As mentioned in the office hours notes for today here s the

Question

As mentioned in the office hours notes for today here s the PoC for the new bpf network events table See <https hackmd io 023 mOVkRi2zv49WMn5PEQ view Introducing the bpf network events experiment> for more information

alessandrogario · Answer

Hey < Zander Mackie> amp amp < Matt Uebel> any chance you can take a look at this PoC slightly smiling face

alessandrogario · Answer

Only has network events but should be a huge performance improvement compared to core and I will add process events too in the future

Matt Uebel · Answer

I ll take a look

alessandrogario · Answer

I have forgot to mention this but bpf needs to 1 be able to call the bpf syscall 2 access debug symbols defined in sys kernel btf linux so it will likely not work inside a container out of the box