7–9 November 2016: Conference & Tutorials
9–10 November 2016: Training
Amsterdam, The Netherlands

Staring into the eBPF abyss

Sasha Goldshtein (Sela Group)
9:30–11:00 Wednesday, 9/11/2016
Metrics/monitoring DevOps G104/105 Audience level: Intermediate
Average rating: ****.
(4.00, 1 rating)

Prerequisite knowledge

  • Experience developing and deploying applications or systems on Linux
  • Familiarity with Python, C/C++, or Lua

Materials or downloads needed in advance

  • A laptop with a recent Linux kernel (4.6+) and a small set of development dependencies (list TBD) installed prior to the tutorial

What you'll learn

  • Learn firsthand how to use BPF for tracing and monitoring modern Linux systems


eBPF (extended Berkeley Packet Filters) is a modern kernel technology that can be used to introduce dynamic tracing into a system that wasn’t prepared or instrumented in any way. The tracing programs run in the kernel, are guaranteed to never crash or hang your system, and can probe every module and function, from the kernel to user-space frameworks such as Node and Ruby.

Sasha Goldshtein offers you the chance to experiment with Linux dynamic tracing firsthand. Sasha begins by exploring BCC (the BPF compiler collection), a set of tools and libraries for dynamic tracing that answers many of your tracing needs. You will experiment with memory leak analysis, generic function tracing, kernel tracepoints, static tracepoints in user-space programs, and the baked-in tools for file I/O, network, and CPU analysis. You’ll be able to choose between working on a set of hands-on labs prepared by the instructors or trying the tools out on your own test system.

Sasha then helps you hack on some of the bleeding-edge tools in the BCC toolkit and build a couple of simple tools of your own. You’ll pick from a curated list of GitHub issues for the BCC project, a set of hands-on labs with known school solutions, and an open-ended list of problems that need tools for effective analysis. By the end of this workshop, you’ll be equipped with a toolbox for diagnosing issues in the field as well as a framework for building your own tools when the generic ones do not suffice.

Photo of Sasha Goldshtein

Sasha Goldshtein

Sela Group

Sasha Goldshtein is the CTO of Sela Group, a Microsoft C# MVP and Azure MRS, a Pluralsight author, and an international consultant and trainer. Sasha’s consulting work revolves mainly around distributed architecture, production debugging, and mobile application development. Sasha is the author of Introducing Windows 7 for Developers (Microsoft Press) and Pro .NET Performance (Apress). He is also a prolific blogger and the author of numerous training courses, including .NET Debugging, .NET Performance, Android Application Development, and Modern C++.