
The art of writing eBPF programs - leakybucket
https://sysdig.com/blog/the-art-of-writing-ebpf-programs-a-primer/
======
stdcli
I logged in just to say this: I love the sysdig engineering blog. Please don't
stop writing blogposts. sysdig and clouflare are becoming my favorite
engineering blogs.

~~~
deanmoriarty
I agree. One of my all time favorites was [https://sysdig.com/blog/container-
isolation-gone-wrong/](https://sysdig.com/blog/container-isolation-gone-
wrong/), it kept me hooked til the last line, like a thriller ^_^

------
tzhenghao
There's also this 2017 LWN article on eBPF [1] which I find very interesting.

[1] - [https://lwn.net/Articles/740157/](https://lwn.net/Articles/740157/)

------
mjcohen
Took me a while to find that eBPF was extended/enhanced Berkeley Packet
Filter. Wikipedia was no help.

~~~
aargh_aargh
While that's the original meaning of the acronym, it was generalized into a
virtual machine, so it has come far from being able to just filter packets.

More details under "BPF kernel internals" here:
[https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin...](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/networking/filter.txt)

------
deanmoriarty
This is very interesting. I dabbled with eBPF before using the more
traditional bcc tools and the canned scripts, but this deep dive really gives
a good perspective on the implementation underneath.

I wonder how long before we will see more critical parts of the kernel
machinery being implemented completely in eBPF (like XDP currently).
Fascinating technology!

