As mentioned in the office hours notes for today, ...
# ebpfa
alessandrogario
04/26/2022, 11:59 AM
As mentioned in the office hours notes for today, here's the PoC for the new bpf_network_events table. See https://hackmd.io/023_mOVkRi2zv49WMn5PEQ?view#Introducing-the-bpf_network_events-experiment for more information
🚀 3
alessandrogario
04/28/2022, 5:27 PM
Hey @Zander Mackie && @Matt Uebel, any chance you can take a look at this PoC? 🙂
alessandrogario
04/28/2022, 5:28 PM
Only has network events, but should be a huge performance improvement compared to core (and I will add process events too in the future!)
m
Matt Uebel
04/28/2022, 8:56 PMI'll take a look!
a
alessandrogario
04/29/2022, 2:32 PM
I have forgot to mention this but bpf needs to
1. be able to call the bpf() syscall
2. access debug symbols defined in /sys/kernel/btf/linux
so it will likely not work inside a container out of the box
11 Views