mirror of
https://github.com/eunomia-bpf/bpf-developer-tutorial.git
synced 2026-02-03 02:04:30 +08:00
rename README to chinese documents
This commit is contained in:
Yusheng Zheng
86
README.md
86
README.md
@@ -13,7 +13,7 @@ This tutorial **does not cover complex concepts and scenario introductions**. It
|
||||
|
||||
The tutorial focuses on eBPF examples in observability, networking, security, and more.
|
||||
|
||||
#### [**中文版在这里**](README.zh.md)
|
||||
[**中文版在这里**](README.zh.md)
|
||||
|
||||
## Table of Contents
|
||||
|
||||
@@ -21,72 +21,68 @@ The tutorial focuses on eBPF examples in observability, networking, security, an
|
||||
|
||||
This section contains simple eBPF program examples and introductions. It primarily utilizes the `eunomia-bpf` framework to simplify development and introduces the basic usage and development process of eBPF.
|
||||
|
||||
- [lesson 0-introduce](src/0-introduce/README_en.md) Introduction to Core Concepts and Tools
|
||||
- [lesson 1-helloworld](src/1-helloworld/README_en.md) Hello World, Framework and Development
|
||||
- [lesson 2-kprobe-unlink](src/2-kprobe-unlink/README_en.md) Monitoring unlink System Calls with kprobe
|
||||
- [lesson 3-fentry-unlink](src/3-fentry-unlink/README_en.md) Monitoring unlink System Calls with fentry
|
||||
- [lesson 4-opensnoop](src/4-opensnoop/README_en.md) Capturing Opening Files and Filter with Global Variables
|
||||
- [lesson 5-uprobe-bashreadline](src/5-uprobe-bashreadline/README_en.md) Capturing readline Function Calls with Uprobe
|
||||
- [lesson 6-sigsnoop](src/6-sigsnoop/README_en.md) Capturing Signal Sending and Store State with Hash Maps
|
||||
- [lesson 7-execsnoop](src/7-execsnoop/README_en.md) Capturing Process Execution, Output with perf event array
|
||||
- [lesson 8-exitsnoop](src/8-exitsnoop/README_en.md) Monitoring Process Exit Events, Output with Ring Buffer
|
||||
- [lesson 9-runqlat](src/9-runqlat/README_en.md) Capturing Scheduling Latency and Recording as Histogram
|
||||
- [lesson 10-hardirqs](src/10-hardirqs/README_en.md) Capturing Interrupts with hardirqs or softirqs
|
||||
- [lesson 0-introduce](src/0-introduce/README.md) Introduction to Core Concepts and Tools
|
||||
- [lesson 1-helloworld](src/1-helloworld/README.md) Hello World, Framework and Development
|
||||
- [lesson 2-kprobe-unlink](src/2-kprobe-unlink/README.md) Monitoring unlink System Calls with kprobe
|
||||
- [lesson 3-fentry-unlink](src/3-fentry-unlink/README.md) Monitoring unlink System Calls with fentry
|
||||
- [lesson 4-opensnoop](src/4-opensnoop/README.md) Capturing Opening Files and Filter with Global Variables
|
||||
- [lesson 5-uprobe-bashreadline](src/5-uprobe-bashreadline/README.md) Capturing readline Function Calls with Uprobe
|
||||
- [lesson 6-sigsnoop](src/6-sigsnoop/README.md) Capturing Signal Sending and Store State with Hash Maps
|
||||
- [lesson 7-execsnoop](src/7-execsnoop/README.md) Capturing Process Execution, Output with perf event array
|
||||
- [lesson 8-exitsnoop](src/8-exitsnoop/README.md) Monitoring Process Exit Events, Output with Ring Buffer
|
||||
- [lesson 9-runqlat](src/9-runqlat/README.md) Capturing Scheduling Latency and Recording as Histogram
|
||||
- [lesson 10-hardirqs](src/10-hardirqs/README.md) Capturing Interrupts with hardirqs or softirqs
|
||||
|
||||
### Advanced Documents and Examples
|
||||
|
||||
We start to build complete eBPF projects mainly based on `libbpf` and combine them with various application scenarios for practical use.
|
||||
|
||||
- [lesson 11-bootstrap](src/11-bootstrap/README_en.md) Develop User-Space Programs with libbpf and Trace exec() and exit()
|
||||
- [lesson 12-profile](src/12-profile/README_en.md) Using eBPF Program Profile for Performance Analysis
|
||||
- [lesson 13-tcpconnlat](src/13-tcpconnlat/README_en.md) Statistics of TCP Connection Delay with libbpf
|
||||
- [lesson 14-tcpstates](src/14-tcpstates/README_en.md) Recording TCP Connection Status and TCP RTT
|
||||
- [lesson 15-javagc](src/15-javagc/README_en.md) Capturing User-Space Java GC Duration Using USDT
|
||||
- [lesson 16-memleak](src/16-memleak/README_en.md) Monitoring Memory Leaks
|
||||
- [lesson 17-biopattern](src/17-biopattern/README_en.md) Count Random/Sequential Disk I/O
|
||||
- [lesson 18-further-reading](src/18-further-reading/README_en.md) More Reference Materials: papers, projects
|
||||
- [lesson 19-lsm-connect](src/19-lsm-connect/README_en.md) Security Detection and Defense using LSM
|
||||
- [lesson 20-tc](src/20-tc/README_en.md) tc Traffic Control
|
||||
- [lesson 21-xdp](src/21-xdp/README_en.md) Programmable Packet Processing with XDP
|
||||
- [lesson 11-bootstrap](src/11-bootstrap/README.md) Develop User-Space Programs with libbpf and Trace exec() and exit()
|
||||
- [lesson 12-profile](src/12-profile/README.md) Using eBPF Program Profile for Performance Analysis
|
||||
- [lesson 13-tcpconnlat](src/13-tcpconnlat/README.md) Statistics of TCP Connection Delay with libbpf
|
||||
- [lesson 14-tcpstates](src/14-tcpstates/README.md) Recording TCP Connection Status and TCP RTT
|
||||
- [lesson 15-javagc](src/15-javagc/README.md) Capturing User-Space Java GC Duration Using USDT
|
||||
- [lesson 16-memleak](src/16-memleak/README.md) Monitoring Memory Leaks
|
||||
- [lesson 17-biopattern](src/17-biopattern/README.md) Count Random/Sequential Disk I/O
|
||||
- [lesson 18-further-reading](src/18-further-reading/README.md) More Reference Materials: papers, projects
|
||||
- [lesson 19-lsm-connect](src/19-lsm-connect/README.md) Security Detection and Defense using LSM
|
||||
- [lesson 20-tc](src/20-tc/README.md) tc Traffic Control
|
||||
- [lesson 21-xdp](src/21-xdp/README.md) Programmable Packet Processing with XDP
|
||||
|
||||
### In-Depth Topics
|
||||
|
||||
This section covers advanced topics related to eBPF, including using eBPF programs on Android, possible attacks and defenses using eBPF programs, and complex tracing. Combining the user-mode and kernel-mode aspects of eBPF can bring great power (as well as security risks).
|
||||
|
||||
|
||||
|
||||
Android:
|
||||
|
||||
- [lesson 22-android](src/22-android/README_en.md) Using eBPF Programs on Android
|
||||
|
||||
- [lesson 22-android](src/22-android/README.md) Using eBPF Programs on Android
|
||||
|
||||
Networking:
|
||||
|
||||
- [lesson 23-http](src/23-http/README_en.md) L7 Tracing with eBPF: HTTP and Beyond via Socket Filters and Syscall Tracepoints
|
||||
- [lesson 29-sockops](src/29-sockops/README_en.md) Accelerating Network Request Forwarding with Sockops
|
||||
- [lesson 41-xdp-tcpdump](src/41-xdp-tcpdump/README_en.md) Capturing TCP Information with XDP
|
||||
- [lesson 42-xdp-loadbalancer](src/42-xdp-loadbalancer/README_en.md) XDP Load Balancer
|
||||
|
||||
- [lesson 23-http](src/23-http/README.md) L7 Tracing with eBPF: HTTP and Beyond via Socket Filters and Syscall Tracepoints
|
||||
- [lesson 29-sockops](src/29-sockops/README.md) Accelerating Network Request Forwarding with Sockops
|
||||
- [lesson 41-xdp-tcpdump](src/41-xdp-tcpdump/README.md) Capturing TCP Information with XDP
|
||||
- [lesson 42-xdp-loadbalancer](src/42-xdp-loadbalancer/README.md) XDP Load Balancer
|
||||
|
||||
Security:
|
||||
|
||||
- [lesson 24-hide](src/24-hide/README_en.md) Hiding Process or File Information
|
||||
- [lesson 25-signal](src/25-signal/README_en.md) Using bpf_send_signal to Terminate Malicious Processes in eBPF
|
||||
- [lesson 26-sudo](src/26-sudo/README_en.md) Using eBPF to add sudo user
|
||||
- [lesson 27-replace](src/27-replace/README_en.md) Replace Text Read or Written by Any Program with eBPF
|
||||
- [lesson 28-detach](src/28-detach/README_en.md) Running eBPF After Application Exits: The Lifecycle of eBPF Programs
|
||||
- [lesson 34-syscall](src/34-syscall/README_en.md) Modifying System Call Arguments with eBPF
|
||||
|
||||
- [lesson 24-hide](src/24-hide/README.md) Hiding Process or File Information
|
||||
- [lesson 25-signal](src/25-signal/README.md) Using bpf_send_signal to Terminate Malicious Processes in eBPF
|
||||
- [lesson 26-sudo](src/26-sudo/README.md) Using eBPF to add sudo user
|
||||
- [lesson 27-replace](src/27-replace/README.md) Replace Text Read or Written by Any Program with eBPF
|
||||
- [lesson 28-detach](src/28-detach/README.md) Running eBPF After Application Exits: The Lifecycle of eBPF Programs
|
||||
- [lesson 34-syscall](src/34-syscall/README.md) Modifying System Call Arguments with eBPF
|
||||
|
||||
Scheduler:
|
||||
|
||||
- [lesson 44-scx-simple](src/44-scx-simple/README_en.md) Introduction to the BPF Scheduler
|
||||
|
||||
- [lesson 44-scx-simple](src/44-scx-simple/README.md) Introduction to the BPF Scheduler
|
||||
|
||||
Other:
|
||||
|
||||
- [lesson 35-user-ringbuf](src/35-user-ringbuf/README_en.md) Asynchronously Send to Kernel with User Ring Buffer
|
||||
- [lesson 36-userspace-ebpf](src/36-userspace-ebpf/README_en.md) Userspace eBPF Runtimes: Overview and Applications
|
||||
- [lesson 38-btf-uprobe](src/38-btf-uprobe/README_en.md) Expanding eBPF Compile Once, Run Everywhere(CO-RE) to Userspace Compatibility
|
||||
- [lesson 43-kfuncs](src/43-kfuncs/README_en.md) Extending eBPF Beyond Its Limits: Custom kfuncs in Kernel Modules
|
||||
- [lesson 35-user-ringbuf](src/35-user-ringbuf/README.md) Asynchronously Send to Kernel with User Ring Buffer
|
||||
- [lesson 36-userspace-ebpf](src/36-userspace-ebpf/README.md) Userspace eBPF Runtimes: Overview and Applications
|
||||
- [lesson 38-btf-uprobe](src/38-btf-uprobe/README.md) Expanding eBPF Compile Once, Run Everywhere(CO-RE) to Userspace Compatibility
|
||||
- [lesson 43-kfuncs](src/43-kfuncs/README.md) Extending eBPF Beyond Its Limits: Custom kfuncs in Kernel Modules
|
||||
|
||||
Continuously updating...
|
||||
|
||||
|
||||
Reference in New Issue
Block a user