Interactive eBPF

4 comments

• deivid 22 days ago
  Thanks for sharing my site!

  I've been thinking about building a platform like this for a while, and it was quite fun to build.

  Let me know if you have questions or ideas for new exercises.

  [-]
  • self_awareness 22 days ago
    This is really cool.

    Are you planning to add "lessons" related to deployment? For example, using libbcc vs CO-RE?

    [-]
    • deivid 22 days ago
      I wanted to add all kind of exercises, but I'm not sure what's a good way of presenting a deployment exercise.

      On libbcc specifically, I'm not sure it's worth it, CO-RE / BTF is where things are heading, and any reasonably new kernel supports it (<5 years old)
  • 0x4a50 22 days ago
    Thanks for making this, looking forward trying it out!
• mattrighetti 22 days ago
  Nice, always wanted to get my hands on eBPF and this looks like a good way to try it out. Thanks!
• natas 21 days ago
  @deivid I would certainly buy a pdf or book with this and more examples (with full source code).

  Just a hint if you want to change the world and make a few bucks :)
• flipped 21 days ago
  For all it's innovative way of kernel programming, isn't eBPF a huge attack surface? Even a paradise for rootkit devs, perfectly able to hide using eBPF features.
  [-]
  • shorden 21 days ago
    Also worth noting that the verifier is under active development not only to verify more legitimate programs, but also to reject programs with exploits and side channels (and there are runtime defenses too, like dead code elimination and ALU sanitation).
  • razighter777 21 days ago
    Yes, but you need cap_bpf now to load ebpf programs.