kernel/bpf-developer-tutorial
1
0
Fork 0
mirror of https://github.com/eunomia-bpf/bpf-developer-tutorial.git synced 2026-04-09 13:50:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix some syntax errors and add 17 (#62)

Browse Source 
* update link to our website

* rename english title

* add biopattern

* fix too long titles

* fix syntax error

* fix syntax error

* fix intend
This commit is contained in:
云微
2023-08-15 16:14:55 +01:00
committed by GitHub
parent 7134d52f4e
commit 002414f578
26 changed files with 1222 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/3-fentry-unlink/README_en.md
View File

@@ -1,8 +1,8 @@
# eBPF Introductory Development Practice Tutorial 3: Detecting Captured Unlink System Calls in eBPF
# eBPF Tutorial by Example 3: Monitoring unlink System Calls with fentry
eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool on the Linux kernel. It allows developers to dynamically load, update, and execute user-defined code at runtime in the kernel.
This article is the third part of the eBPF introductory development practice tutorial, focusing on capturing unlink system calls using fentry in eBPF.
This article is the third part of the eBPF Tutorial by Example, focusing on capturing unlink system calls using fentry in eBPF.
## Fentry
@@ -83,6 +83,6 @@ $ sudo cat /sys/kernel/debug/tracing/trace_pipe
This program is an eBPF program that captures the `do_unlinkat` and `do_unlinkat_exit` functions using fentry and fexit, and uses `bpf_get_current_pid_tgid` and `bpf_printk` functions to obtain the ID, filename, and return value of the process calling do_unlinkat, and print them in the kernel log.
To compile this program, you can use the ecc tool, and to run it, you can use the ecli command, and view the output of the eBPF program by checking the `/sys/kernel/debug/tracing/trace_pipe` file. For more examples and detailed development guide, please refer to the official documentation of eunomia-bpf: [here](https://github.com/eunomia-bpf/eunomia-bpf)
To compile this program, you can use the ecc tool, and to run it, you can use the ecli command, and view the output of the eBPF program by checking the `/sys/kernel/debug/tracing/trace_pipe` file.
If you want to learn more about eBPF knowledge and practice, you can visit our tutorial code repository [here](https://github.com/eunomia-bpf/bpf-developer-tutorial) for more examples and complete tutorials.".
If you'd like to learn more about eBPF knowledge and practices, you can visit our tutorial code repository at <https://github.com/eunomia-bpf/bpf-developer-tutorial> or website <https://eunomia.dev/tutorials/> for more examples and complete tutorials.