hngopher.com

       [HN Gopher] eBPF: A curated list of projects related to eBPF
       ___________________________________________________________________
        
       eBPF: A curated list of projects related to eBPF
        
       Author : GordonS
       Score  : 16 points
       Date   : 2021-08-30 19:48 UTC (3 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | daniel_rh wrote:
       | I was just experimenting with eBPF and ran into a limitation: Is
       | there a way to load the source IP into a register when working in
       | userspace? When I SO_ATTACH_BPF to a SOCK_DGRAM it only makes the
       | udp header accessible, per
       | https://github.com/danielrh/bpf_buffer_per_source/blob/main/... I
       | would love to be able to run logic based on both IP and port
       | rather than being limited to port alone. Yet it's not worth the
       | inconvenience/danger of running as root to operate with RAW
       | sockets.
        
       | daniel_rh wrote:
       | Does anyone have experience with eBPF on aarch64? How well is it
       | supported? On what kernel revisions was it phased in and well
       | tested there?
        
       | mike_d wrote:
       | eBPF is amazing because it has such a broad scope and is
       | relatively simple to implement.
       | 
       | I'd recommend anyone interested in a starting point look at
       | ebpfkit, the eBPF rootkit. https://github.com/Gui774ume/ebpfkit
        
       | zamadatix wrote:
       | Is eBPF directly able to perform simple modifications of the data
       | or only analyze and customize forwarding? E.g. if I had a custom
       | packet encapsulation format I wanted to remap into another
       | encapsulation format of a similar type I'm pretty sure I can use
       | XDP to forward packets that match a userspace program which can
       | then zero-copy modify the contents but at that point it seems to
       | have lost a lot of the luster compared to a kernel module as I'm
       | hopping back and forth between kernelspace and userspace. I'm not
       | sure if that is a limitation of just reading about XDP a lot
       | because dropping packets/load balancing is more popular and I
       | just need to look elsewhere in eBPF or if it's actually a
       | limitation of eBPF itself.
        
         | sophacles wrote:
         | Yes you can do modifications. (simple and not so simple!). For
         | encapsulation you may want to look into lightweight tunnels.
         | General transformation also often happens in the tc subsystem.
         | The available documentation isn't that great yet, but there's
         | good links in the OP about this.
        
       | phendrenad2 wrote:
       | Based on the hype around eBPF, you'd think it was a new JS
       | framework. I suspect that it's hype will dwindle as people
       | realize that it's mostly invisible to them. Just pay for <random
       | monitoring solution> and it'll plug into eBPF, without you having
       | to say the words e, b, or even pf.
        
         | sophacles wrote:
         | What if I also do networking on my computer? Will my monitoring
         | solution magically do packet manipulation without my input?
         | 
         | eBPF is not just for monitoring.
        
         | tptacek wrote:
         | There's no programming environment you can't say this about.
        
       ___________________________________________________________________
       (page generated 2021-08-30 23:01 UTC)