利用 eBPF 释放内核潜能.pdf

《利用 eBPF 释放内核潜能.pdf》由会员分享，可在线阅读，更多相关《利用 eBPF 释放内核潜能.pdf（63页珍藏版）》请在三个皮匠报告上搜索。

1、Unleashing the kernelwith eBPFLiz Rice|lizriceChief Open Source Officer,IsovalentEmeritus Chair,CNCF Technical Oversight Committee|CNCF&OpenUK boards lizriceWhat is?extended Berkeley PacketFilterlizriceWhat is?eBPF is a kernel technology enabling high-performance,low overhead tools for networking,se

2、curity and observabilitylizriceWhat is?Makes the kernel programmablelizriceuserspacekernelappeventsystem callseBPF programRun custom code in the kernellizriceSEC(kprobe/sys_execve)int hello(void*ctx)bpf_printk(Hello!);return 0;$sudo./hello bash-20241 004 d.84210.752785:0:Im alive!bash-20242 004 d.84

3、216.321993:0:Im alive!bash-20243 004 d.84225.858880:0:Im alive!Info about process that called execve syscall+userspace code to load eBPF programeBPF Hello WorldlizricePacket of Death mitigationlizricehosteth0Packet of Deathlizricehosteth0Packet of DeathDiscard?lizriceSEC(xdp/bye)int goodbye_ping(str

4、uct xdp_md*ctx).if(iph-protocol=IPPROTO_ICMP)return XDP_DROP;return XDP_PASS;eBPF Packet DroplizriceDynamically change kernel behaviourlizricelizricelizriceeBPF code has to be safeuserspacekernelappeventsystem callseBPF programverifierlizriceeBPF code runs as native instructionsuserspacekernelappeve

5、ntsystem callseBPF program JIT compilerlizriceCustom behaviour without transitionslizriceuserspacekernelappXDP eventsystem callseBPF programeXpress Data path-ingress,before network stacknetwork packetXDP_DROPnetwork stackXDP_TXXDP_PASSlizriceuserspacekernelappeventsystem callseBPF programRun custom

6、code on network packetsnetwork packetProgram triggered by packetNo polling from user spacePacket in kernel memoryPer CPU eBPF mapslizriceImproved network performance(eBPF)(eBPF)(eBPF)(not eBPF)Miano et al:A Framework for eBPF-Based Network Functions in an Era of Microserviceslizricecilium.io/blog/20