kernel/bpf-developer-tutorial
1
0
Fork 0
mirror of https://github.com/eunomia-bpf/bpf-developer-tutorial.git synced 2026-02-10 21:55:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix some syntax errors and add 17 (#62)

Browse Source 
* update link to our website

* rename english title

* add biopattern

* fix too long titles

* fix syntax error

* fix syntax error

* fix intend
This commit is contained in:
云微
2023-08-15 16:14:55 +01:00
committed by GitHub
parent 7134d52f4e
commit 002414f578
26 changed files with 1222 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/4-opensnoop/README_en.md
View File

@@ -1,8 +1,8 @@
# eBPF Getting Started Development Tutorial 4: Capturing the System Call Collection of Process Opening Files in eBPF and Using Global Variables to Filter Process PIDs
# eBPF Tutorial by Example 4: Capturing Process Opening Files and Filter with Global Variables
eBPF (Extended Berkeley Packet Filter) is a kernel execution environment that allows users to run secure and efficient programs in the kernel. It is commonly used for network filtering, performance analysis, security monitoring, and other scenarios. The power of eBPF lies in its ability to capture and modify network packets or system calls at runtime in the kernel, enabling monitoring and adjustment of the operating system's behavior.
This article is the fourth part of the eBPF Getting Started Development Tutorial, mainly focusing on how to capture the system call collection of process opening files and filtering process PIDs using global variables in eBPF.
This article is the fourth part of the eBPF Tutorial by Example, mainly focusing on how to capture the system call collection of process opening files and filtering process PIDs using global variables in eBPF.
In Linux system, the interaction between processes and files is achieved through system calls. System calls serve as the interface between user space programs and kernel space programs, allowing user programs to request specific operations from the kernel. In this tutorial, we focus on the sys_openat system call, which is used to open files.
@@ -119,6 +119,4 @@ This article introduces how to use eBPF programs to capture the system calls for
By learning this tutorial, you should have a deeper understanding of how to capture and filter system calls for specific processes in eBPF. This method has widespread applications in system monitoring, performance analysis, and security auditing.
For more examples and detailed development guides, please refer to the official documentation of eunomia-bpf: <https://github.com/eunomia-bpf/eunomia-bpf>
If you want to learn more about eBPF knowledge and practices, you can visit our tutorial code repository at <https://github.com/eunomia-bpf/bpf-developer-tutorial> or website <https://eunomia.dev/tutorials/> for more examples and a complete tutorial.