A beginner's guide to eBPF

Liz Rice (Aqua Security)

11:35–12:15 Wednesday, 6 November 2019

Location: R2

Building Secure Systems

Average rating:

(5.00, 3 ratings)

Who is this presentation for?

Developers and DevOps practitioners

Level

Intermediate

Description

Brendan Gregg from Netflix described eBPF as “Superpowers for Linux,” and over the last couple of years we’ve seen an explosion of tools that use it to power observability and more. If you’re not content simply to run those tools but want to understand what eBPF is and how you could write your own eBPF programs, you’re in the right place.

Liz Rice dives into eBPF and why it’s so powerful, which is that it enables running bespoke programs directly in the kernel. You’ll look at the BCC framework, which makes it easier to write, compile, and run your eBPF code. With live-coding examples, you’ll not only see how to get started with eBPF but you’ll also explore what’s happening to give you an understanding of how it works and how user-space code can communicate with eBPF programs inside the kernel.

Prerequisite knowledge

A working knowledge of Linux
Familiarity with user space, kernel, and that syscalls are functions that allow user space to make requests of the kernel
General knowledge of C and Python

What you'll learn

Gain the knowledge and confidence to start writing eBPF programs of your own

Liz Rice

Aqua Security

Liz Rice is the technology evangelist at container security specialists Aqua Security and coauthor of the O’Reilly report Kubernetes Security. She has a wealth of software development, team, and product management experience from her years spent working on network protocols and distributed systems and in digital technology sectors such as video on demand (VOD), music, and voice over internet protocol (VoIP). When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London or racing in virtual reality on Zwift.