Add new post for 28 29 34 (#92)

* add 28 blog * update test * add 34 * Update test-libbpf.yml * add link * update 28 * add read only * Update english version * update 29 * update 29 * fix ci for 34
2026-03-22 04:40:45 +08:00 · 2024-01-19 23:48:42 +00:00
parent 0587db4c42
commit deee286952
21 changed files with 1047 additions and 82 deletions
--- a/src/36-userspace-ebpf/README.md
+++ b/src/36-userspace-ebpf/README.md
@@ -132,6 +132,70 @@ eBPF，原本因其在内核空间的强大性能而被广泛认知，但近年

 从更宏观的角度看，eBPF运行时和Wasm实际上可以被视为是相互补充的。尽管 eBPF 拥有出色的验证器机制来确保运行时安全性，但由于其编程语言的局限性和相对较高的开发难度，它并不总是适合作为业务逻辑的首选运行时。反之，eBPF 更适用于像网络流量转发、可观测性和 livepatch 这样的高专业性任务。相对而言，Wasm 运行时可以作为 Serverless 的运行时平台、插件系统和轻量级虚拟化等场景的首选。这两者都有自己的优势，但它们的选择取决于特定的用例和优先级。

+## bpftime 快速入门
+
+使用`bpftime`，您可以使用熟悉的工具（如clang和libbpf）构建eBPF应用程序，并在用户空间中执行它们。例如，`malloc` eBPF程序使用uprobe跟踪malloc调用，并使用哈希映射对其进行统计。
+
+您可以参考[documents/build-and-test.md](https://eunomia.dev/bpftime/documents/build-and-test)上的构建项目的方法，或者使用来自[GitHub packages](https://github.com/eunomia-bpf/bpftime/pkgs/container/bpftime)的容器映像。
+
+要开始，请构建并运行一个基于libbpf的eBPF程序，使用以下命令行：
+
+```console
+make -C example/malloc # 构建示例的eBPF程序
+bpftime load ./example/malloc/malloc
+```
+
+在另一个shell中，运行带有eBPF的目标程序：
+
+```console
+$ bpftime start ./example/malloc/victim
+Hello malloc!
+malloc called from pid 250215
+continue malloc...
+malloc called from pid 250215
+```
+
+您还可以动态地将eBPF程序附加到正在运行的进程上：
+
+```console
+$ ./example/malloc/victim & echo $! # 进程ID为101771
+[1] 101771
+101771
+continue malloc...
+continue malloc...
+```
+
+然后附加到该进程：
+
+```console
+$ sudo bpftime attach 101771 # 您可能需要以root身份运行make install
+Inject: "/root/.bpftime/libbpftime-agent.so"
+成功注入。ID: 1
+```
+
+您可以看到原始程序的输出：
+
+```console
+$ bpftime load ./example/malloc/malloc
+...
+12:44:35 
+        pid=247299      malloc calls: 10
+        pid=247322      malloc calls: 10
+```
+
+或者，您也可以直接在内核eBPF中运行我们的示例eBPF程序，以查看类似的输出：
+
+```console
+$ sudo example/malloc/malloc
+15:38:05
+        pid=30415       malloc calls: 1079
+        pid=30393       malloc calls: 203
+        pid=29882       malloc calls: 1076
+        pid=34809       malloc calls: 8
+```
+
+有关更多详细信息，请参阅[documents/usage.md](https://eunomia.dev/bpftime/documents/usage)。
+
 ## 总结与前景

 用户空间的eBPF运行时正在打破边界，将eBPF的能力从内核扩展到了更广阔的领域。这种扩展带来了显著的性能、灵活性和安全性提升。例如，`bpftime`运行时显示了其在某些低级性能场景下，甚至超越了像 Wasm 这样的其他技术。也有越来越多的应用将用户空间的 eBPF 用于快速补丁、轻量级虚拟化、网络过滤等场景。
--- a/src/36-userspace-ebpf/README_en.md
+++ b/src/36-userspace-ebpf/README_en.md
@@ -129,6 +129,70 @@ For both technologies, reliance on underlying libraries for complex operations i

 On the language support front, while eBPF's niche and specialized nature mean limited language support, Wasm boasts a broader language portfolio due to its origin and design for the web.

+## bpftime Quick Start
+
+With `bpftime`, you can build eBPF applications using familiar tools like clang and libbpf, and execute them in userspace. For instance, the `malloc` eBPF program traces malloc calls using uprobe and aggregates the counts using a hash map.
+
+You can refer to [documents/build-and-test.md](https://eunomia.dev/bpftime/documents/build-and-test) for how to build the project, or using the container images from [GitHub packages](https://github.com/eunomia-bpf/bpftime/pkgs/container/bpftime).
+
+To get started, you can build and run a libbpf based eBPF program starts with `bpftime` cli:
+
+```console
+make -C example/malloc # Build the eBPF program example
+bpftime load ./example/malloc/malloc
+```
+
+In another shell, Run the target program with eBPF inside:
+
+```console
+$ bpftime start ./example/malloc/victim
+Hello malloc!
+malloc called from pid 250215
+continue malloc...
+malloc called from pid 250215
+```
+
+You can also dynamically attach the eBPF program with a running process:
+
+```console
+$ ./example/malloc/victim & echo $! # The pid is 101771
+[1] 101771
+101771
+continue malloc...
+continue malloc...
+```
+
+And attach to it:
+
+```console
+$ sudo bpftime attach 101771 # You may need to run make install in root
+Inject: "/root/.bpftime/libbpftime-agent.so"
+Successfully injected. ID: 1
+```
+
+You can see the output from original program:
+
+```console
+$ bpftime load ./example/malloc/malloc
+...
+12:44:35 
+        pid=247299      malloc calls: 10
+        pid=247322      malloc calls: 10
+```
+
+Alternatively, you can also run our sample eBPF program directly in the kernel eBPF, to see the similar output:
+
+```console
+$ sudo example/malloc/malloc
+15:38:05
+        pid=30415       malloc calls: 1079
+        pid=30393       malloc calls: 203
+        pid=29882       malloc calls: 1076
+        pid=34809       malloc calls: 8
+```
+
+See [documents/usage.md](https://eunomia.dev/bpftime/documents/usage) for more details.
+
 ## Conclusion

 Userspace eBPF runtimes are an exciting development that expands the capabilities of eBPF beyond the kernel. As highlighted in this post, they offer compelling benefits like enhanced performance, flexibility, and security compared to kernel-based eBPF. Runtimes like bpftime demonstrate the potential for substantial speedups, even outperforming alternatives like Wasm runtimes in certain dimensions like low-level performance.