From eab62193c6394167f07f944fd979c6158d95d71d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BA=91=E5=BE=AE?= <1067852565@qq.com> Date: Thu, 31 Aug 2023 12:03:09 +0100 Subject: [PATCH] improve tutorial title for better seo (#70) * improve title for tutorial for better seo * Add description test for summary page * fix english documents syntax error * fix links --- src/1-helloworld/README_en.md | 2 +- src/10-hardirqs/README_en.md | 27 +++++++++++++------------- src/11-bootstrap/README_en.md | 2 +- src/12-profile/README_en.md | 16 ++++++++------- src/13-tcpconnlat/README_en.md | 2 +- src/15-javagc/README_en.md | 2 +- src/16-memleak/README_en.md | 2 +- src/17-biopattern/README_en.md | 2 +- src/19-lsm-connect/README_en.md | 2 +- src/20-tc/README_en.md | 2 +- src/22-android/README_en.md | 2 +- src/23-http/README_en.md | 2 +- src/24-hide/README_en.md | 2 +- src/25-signal/README.md | 2 +- src/25-signal/README_en.md | 2 +- src/30-sslsniff/README_en.md | 2 +- src/32-funclatency/README_en.md | 2 +- src/4-opensnoop/README_en.md | 2 +- src/5-uprobe-bashreadline/README_en.md | 2 +- src/6-sigsnoop/README_en.md | 2 +- src/7-execsnoop/README_en.md | 2 +- src/8-exitsnoop/README_en.md | 2 +- src/9-runqlat/README_en.md | 2 +- src/SUMMARY.md | 10 +++++++--- src/SUMMARY_en.md | 16 +++++++++++---- 25 files changed, 62 insertions(+), 49 deletions(-) diff --git a/src/1-helloworld/README_en.md b/src/1-helloworld/README_en.md index e456000..17649d6 100644 --- a/src/1-helloworld/README_en.md +++ b/src/1-helloworld/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 1 Hello World, Basic Framework and Development Process +# eBPF Tutorial by Example 1: Hello World, Framework and Development In this blog post, we will delve into the basic framework and development process of eBPF (Extended Berkeley Packet Filter). eBPF is a powerful network and performance analysis tool that runs on the Linux kernel, providing developers with the ability to dynamically load, update, and run user-defined code at kernel runtime. This enables developers to implement efficient, secure kernel-level network monitoring, performance analysis, and troubleshooting functionalities. diff --git a/src/10-hardirqs/README_en.md b/src/10-hardirqs/README_en.md index dd62997..012f301 100644 --- a/src/10-hardirqs/README_en.md +++ b/src/10-hardirqs/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 10: Capturing Interrupt Events Using hardirqs or softirqs +# eBPF Tutorial by Example 10: Capturing Interrupts with hardirqs or softirqs eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool on the Linux kernel. It allows developers to dynamically load, update, and run user-defined code at runtime in the kernel. @@ -63,7 +63,6 @@ struct { __uint(max_entries, 1); __type(key, u32); __type(value, u64); -``````c } start SEC(".maps"); struct { @@ -159,7 +158,7 @@ int BPF_PROG(irq_handler_entry, int irq, struct irqaction *action) } SEC("raw_tp/irq_handler_exit") -```int BPF_PROG(irq_handler_exit, int irq, struct irqaction *action) +int BPF_PROG(irq_handler_exit, int irq, struct irqaction *action) { return handle_exit(irq, action); } @@ -171,7 +170,7 @@ This code is an eBPF program used to capture and analyze the execution informati 1. Include necessary header files and define data structures: - ```c +```c #include #include #include @@ -179,13 +178,13 @@ This code is an eBPF program used to capture and analyze the execution informati #include "hardirqs.h" #include "bits.bpf.h" #include "maps.bpf.h" - ``` +``` - This program includes the standard header files required for eBPF development, as well as custom header files for defining data structures and maps. +This program includes the standard header files required for eBPF development, as well as custom header files for defining data structures and maps. 2. Define global variables and maps: - ```c +```c #define MAX_ENTRIES 256 const volatile bool filter_cg = false; @@ -194,17 +193,17 @@ This code is an eBPF program used to capture and analyze the execution informati const volatile bool do_count = false; ... - ``` +``` - This program defines some global variables that are used to configure the behavior of the program. For example, `filter_cg` controls whether to filter cgroups, `targ_dist` controls whether to display the distribution of execution time, etc. Additionally, the program defines three maps for storing cgroup information, start timestamps, and interrupt handler information. +This program defines some global variables that are used to configure the behavior of the program. For example, `filter_cg` controls whether to filter cgroups, `targ_dist` controls whether to display the distribution of execution time, etc. Additionally, the program defines three maps for storing cgroup information, start timestamps, and interrupt handler information. 3. Define two helper functions `handle_entry` and `handle_exit`: - These two functions are called at the entry and exit points of the interrupt handler. `handle_entry` records the start timestamp or updates the interrupt count, while `handle_exit` calculates the execution time of the interrupt handler and stores the result in the corresponding information map. +These two functions are called at the entry and exit points of the interrupt handler. `handle_entry` records the start timestamp or updates the interrupt count, while `handle_exit` calculates the execution time of the interrupt handler and stores the result in the corresponding information map. 4. Define the entry points of the eBPF program: - ```c +```c SEC("tp_btf/irq_handler_entry") int BPF_PROG(irq_handler_entry_btf, int irq, struct irqaction *action) { @@ -228,15 +227,15 @@ This code is an eBPF program used to capture and analyze the execution informati { return handle_exit(irq, action); } - ``` +``` - Here, four entry points of the eBPF program are defined, which are used to capture the entry and exit events of the interrupt handler. `tp_btf` and `raw_tp` represent capturing events using BPF Type Format (BTF) and raw tracepoints, respectively. This ensures that the program can be ported and run on different kernel versions. +Here, four entry points of the eBPF program are defined, which are used to capture the entry and exit events of the interrupt handler. `tp_btf` and `raw_tp` represent capturing events using BPF Type Format (BTF) and raw tracepoints, respectively. This ensures that the program can be ported and run on different kernel versions. The code for Softirq is similar, and I won't elaborate on it here. ## Run code.Translated content -"eunomia-bpf is an open-source eBPF dynamic loading runtime and development toolchain that combines Wasm. Its purpose is to simplify the development, building, distribution, and execution of eBPF programs. You can refer to to download and install the ecc compilation toolchain and ecli runtime. We use eunomia-bpf to compile and run this example. +eunomia-bpf is an open-source eBPF dynamic loading runtime and development toolchain that combines Wasm. Its purpose is to simplify the development, building, distribution, and execution of eBPF programs. You can refer to to download and install the ecc compilation toolchain and ecli runtime. We use eunomia-bpf to compile and run this example. To compile this program, use the ecc tool: diff --git a/src/11-bootstrap/README_en.md b/src/11-bootstrap/README_en.md index c850c14..c2532e8 100644 --- a/src/11-bootstrap/README_en.md +++ b/src/11-bootstrap/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 11: Using libbpf to Develop User-Space Programs in eBPF and Trace exec() and exit() System Calls +# eBPF Tutorial by Example 11: Develop User-Space Programs with libbpf and Trace exec() and exit() eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool on the Linux kernel. It allows developers to dynamically load, update, and run user-defined code during kernel runtime. diff --git a/src/12-profile/README_en.md b/src/12-profile/README_en.md index a9cf917..ec18144 100644 --- a/src/12-profile/README_en.md +++ b/src/12-profile/README_en.md @@ -162,17 +162,19 @@ Use the `bpf_get_stack()` function to get kernel stack information. Store the re ```c event->ustack_sz = bpf_get_stack(ctx, event->ustack, sizeof(event->ustack), BPF_F_USER_STACK); -```Using the `bpf_get_stack()` function with the `BPF_F_USER_STACK` flag retrieves information about the user space stack. Store the result in `event->ustack` and its size in `event->ustack_sz`. +``` + +Using the `bpf_get_stack()` function with the `BPF_F_USER_STACK` flag retrieves information about the user space stack. Store the result in `event->ustack` and its size in `event->ustack_sz`. 8. Submit the event to the Ring Buffer: - ```c +```c bpf_ringbuf_submit(event, 0); - ``` +``` - Finally, use the `bpf_ringbuf_submit()` function to submit the event to the Ring Buffer for the user space program to read and process. +Finally, use the `bpf_ringbuf_submit()` function to submit the event to the Ring Buffer for the user space program to read and process. - This kernel mode eBPF program captures the program's execution flow by sampling the kernel stack and user space stack of the program periodically. These data are stored in the Ring Buffer for the user mode `profile` program to read. +This kernel mode eBPF program captures the program's execution flow by sampling the kernel stack and user space stack of the program periodically. These data are stored in the Ring Buffer for the user mode `profile` program to read. ### User Mode Section @@ -286,7 +288,7 @@ static void show_stack_trace(__u64 *stack, int stack_sz, pid_t pid) blazesym_result_free(result); } -``` /* Receive events from the ring buffer. */".```c +/* Receive events from the ring buffer. */ static int event_handler(void *_ctx, void *data, size_t size) { struct stacktrace_event *event = data; @@ -327,4 +329,4 @@ Through this introductory tutorial on eBPF, we have learned how to use eBPF prog If you want to learn more about eBPF knowledge and practices, please refer to the official documentation of eunomia-bpf: . You can also visit our tutorial code repository or website for more examples and complete tutorials. -The next tutorial will further explore advanced features of eBPF. We will continue to share more content about eBPF development practices to help you better understand and master eBPF technology. We hope these contents will be helpful for your learning and practice on the eBPF development journey. \ No newline at end of file +The next tutorial will further explore advanced features of eBPF. We will continue to share more content about eBPF development practices to help you better understand and master eBPF technology. We hope these contents will be helpful for your learning and practice on the eBPF development journey. diff --git a/src/13-tcpconnlat/README_en.md b/src/13-tcpconnlat/README_en.md index 92999b4..e5df0a4 100644 --- a/src/13-tcpconnlat/README_en.md +++ b/src/13-tcpconnlat/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 13: Statistics of TCP Connection Delay and Data Processing in User Space Using libbpf +# eBPF Tutorial by Example 13: Statistics of TCP Connection Delay with libbpf eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool used in the Linux kernel. eBPF allows developers to dynamically load, update, and run user-defined code without restarting the kernel or changing the kernel source code. diff --git a/src/15-javagc/README_en.md b/src/15-javagc/README_en.md index 9a35af8..02b287f 100644 --- a/src/15-javagc/README_en.md +++ b/src/15-javagc/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 15: Capturing User-Space Java GC Event Duration Using USDT +# eBPF Tutorial by Example 15: Capturing User-Space Java GC Duration Using USDT eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool widely used in the Linux kernel. eBPF allows developers to dynamically load, update, and run user-defined code without the need to restart the kernel or modify the kernel source code. This feature provides eBPF with high flexibility and performance, making it widely applicable in network and system performance analysis. Furthermore, eBPF also supports capturing user-space application behavior using User-Level Statically Defined Tracing (USDT). diff --git a/src/16-memleak/README_en.md b/src/16-memleak/README_en.md index a70c84b..edec445 100644 --- a/src/16-memleak/README_en.md +++ b/src/16-memleak/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 16: Memleak for Monitoring Memory Leaks +# eBPF Tutorial by Example 16: Monitoring Memory Leaks eBPF (extended Berkeley Packet Filter) is a powerful network and performance analysis tool that is widely used in the Linux kernel. eBPF allows developers to dynamically load, update, and run user-defined code without restarting the kernel or modifying its source code. diff --git a/src/17-biopattern/README_en.md b/src/17-biopattern/README_en.md index 9ffae4c..5e7d6c0 100644 --- a/src/17-biopattern/README_en.md +++ b/src/17-biopattern/README_en.md @@ -1,4 +1,4 @@ -# eBPF Getting Started Hands-On Tutorial 17: Count Random/Sequential Disk I/O +# eBPF Tutorial by Example 17: Count Random/Sequential Disk I/O eBPF (Extended Berkeley Packet Filter) is a new technology in the Linux kernel that allows users to execute custom programmes in kernel space without changing the kernel code. This provides system administrators and developers with powerful tools to gain insight into and monitor system behaviour for optimisation. diff --git a/src/19-lsm-connect/README_en.md b/src/19-lsm-connect/README_en.md index b5cd8d3..532c3fe 100644 --- a/src/19-lsm-connect/README_en.md +++ b/src/19-lsm-connect/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example: Security Detection and Defense using LSM +# eBPF Tutorial by Example 19: Security Detection and Defense using LSM eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool widely used in the Linux kernel. eBPF allows developers to dynamically load, update, and run user-defined code without restarting the kernel or modifying the kernel source code. This feature enables eBPF to provide high flexibility and performance, making it widely applicable in network and system performance analysis. The same applies to eBPF applications in security, and this article will introduce how to use the eBPF LSM (Linux Security Modules) mechanism to implement a simple security check program. diff --git a/src/20-tc/README_en.md b/src/20-tc/README_en.md index 4d2925e..3d02608 100644 --- a/src/20-tc/README_en.md +++ b/src/20-tc/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 20: Use eBPF for tc Traffic Control +# eBPF Tutorial by Example 20: tc Traffic Control ## Background diff --git a/src/22-android/README_en.md b/src/22-android/README_en.md index 891e91a..e13fbaa 100644 --- a/src/22-android/README_en.md +++ b/src/22-android/README_en.md @@ -1,4 +1,4 @@ -# Using eBPF Programs on Android +# eBPF Tutorial by Example: Using eBPF Programs on Android > This article mainly documents the author's exploration process, results, and issues encountered while testing the level of support for CO-RE technology based on the libbpf library on high version Android kernels in the Android Studio Emulator. > The test was conducted by building a Debian environment in the Android Shell environment and attempting to build the eunomia-bpf toolchain and run its test cases based on this. diff --git a/src/23-http/README_en.md b/src/23-http/README_en.md index 3ec41a2..938eb00 100644 --- a/src/23-http/README_en.md +++ b/src/23-http/README_en.md @@ -1,3 +1,3 @@ -# http +# eBPF Practical Tutorial: trace http requests data TODO \ No newline at end of file diff --git a/src/24-hide/README_en.md b/src/24-hide/README_en.md index 9d9bb8c..834dbe3 100644 --- a/src/24-hide/README_en.md +++ b/src/24-hide/README_en.md @@ -1,4 +1,4 @@ -# eBPF Development Practice: Hiding Process or File Information with eBPF +# eBPF Practical Tutorial: Hiding Process or File Information eBPF (Extended Berkeley Packet Filter) is a powerful feature in the Linux kernel that allows you to run, load, and update user-defined code without having to change the kernel source code or reboot the kernel. This capability allows eBPF to be used in a wide range of applications such as network and system performance analysis, packet filtering, and security policies. diff --git a/src/25-signal/README.md b/src/25-signal/README.md index e0c9585..883e67d 100644 --- a/src/25-signal/README.md +++ b/src/25-signal/README.md @@ -159,7 +159,7 @@ eunomia-bpf 是一个结合 Wasm 的开源 eBPF 动态加载运行时和开发 使用方式: ```console -sudo ./ecli package.json +$ sudo ./ecli package.json ``` 这个程序会对任何试图使用 `ptrace` 系统调用的程序,例如 `strace`,发出 `SIG_KILL` 信号。 diff --git a/src/25-signal/README_en.md b/src/25-signal/README_en.md index 6dca54e..56aec4b 100644 --- a/src/25-signal/README_en.md +++ b/src/25-signal/README_en.md @@ -1,4 +1,4 @@ -# Terminate Malicious Processes Using bpf_send_signal +# eBPF Practical Tutorial: Terminate Malicious Processes Using bpf_send_signal Compile: diff --git a/src/30-sslsniff/README_en.md b/src/30-sslsniff/README_en.md index a740dac..a4b9540 100644 --- a/src/30-sslsniff/README_en.md +++ b/src/30-sslsniff/README_en.md @@ -1,4 +1,4 @@ -# eBPF Practical Tutorial: Capturing Plain Text Data of Various Libraries' SSL/TLS Using uprobe +# eBPF Practical Tutorial: Capturing SSL/TLS Plain Text Data Using uprobe With the widespread use of TLS in modern network environments, tracing microservices RPC messages has become increasingly challenging. Traditional traffic sniffing techniques often face limitations in accessing only encrypted data, preventing a genuine observation of the original communication content. This restriction poses significant obstacles to system debugging and analysis. diff --git a/src/32-funclatency/README_en.md b/src/32-funclatency/README_en.md index f463b15..4e71cf2 100644 --- a/src/32-funclatency/README_en.md +++ b/src/32-funclatency/README_en.md @@ -2,4 +2,4 @@ TODO: make it work -from https://github.com/iovisor/bcc/blob/master/libbpf-tools/funclatency.c. \ No newline at end of file +from . diff --git a/src/4-opensnoop/README_en.md b/src/4-opensnoop/README_en.md index 9c29128..6e4371b 100644 --- a/src/4-opensnoop/README_en.md +++ b/src/4-opensnoop/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 4: Capturing Process Opening Files and Filter with Global Variables +# eBPF Tutorial by Example 4: Capturing Opening Files and Filter with Global Variables eBPF (Extended Berkeley Packet Filter) is a kernel execution environment that allows users to run secure and efficient programs in the kernel. It is commonly used for network filtering, performance analysis, security monitoring, and other scenarios. The power of eBPF lies in its ability to capture and modify network packets or system calls at runtime in the kernel, enabling monitoring and adjustment of the operating system's behavior. diff --git a/src/5-uprobe-bashreadline/README_en.md b/src/5-uprobe-bashreadline/README_en.md index fa51296..f95f8f3 100644 --- a/src/5-uprobe-bashreadline/README_en.md +++ b/src/5-uprobe-bashreadline/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 5: Capturing readline Function Calls with uprobe +# eBPF Tutorial by Example 5: Capturing readline Function Calls with Uprobe eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool on the Linux kernel that allows developers to dynamically load, update, and run user-defined code at runtime. diff --git a/src/6-sigsnoop/README_en.md b/src/6-sigsnoop/README_en.md index a319068..cffe5ef 100755 --- a/src/6-sigsnoop/README_en.md +++ b/src/6-sigsnoop/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 6: Capturing Process Signal Sending and Using a Hash Map to Store State +# eBPF Tutorial by Example 6: Capturing Signal Sending and Store State with Hash Maps eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool on the Linux kernel that allows developers to dynamically load, update, and run user-defined code at runtime. diff --git a/src/7-execsnoop/README_en.md b/src/7-execsnoop/README_en.md index 3cf53d5..24fda3d 100644 --- a/src/7-execsnoop/README_en.md +++ b/src/7-execsnoop/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 7: Capturing Process Execution Event, Printing Output with perf event array +# eBPF Tutorial by Example 7: Capturing Process Execution, Output with perf event array eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool on the Linux kernel that allows developers to dynamically load, update, and run user-defined code at runtime. diff --git a/src/8-exitsnoop/README_en.md b/src/8-exitsnoop/README_en.md index a6567f4..40daf8c 100644 --- a/src/8-exitsnoop/README_en.md +++ b/src/8-exitsnoop/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 8: Monitoring Process Exit Events, Print Output with Ring Buffer +# eBPF Tutorial by Example 8: Monitoring Process Exit Events, Output with Ring Buffer eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool on the Linux kernel. It allows developers to dynamically load, update, and run user-defined code at runtime in the kernel. diff --git a/src/9-runqlat/README_en.md b/src/9-runqlat/README_en.md index efe779e..ffd3377 100755 --- a/src/9-runqlat/README_en.md +++ b/src/9-runqlat/README_en.md @@ -1,4 +1,4 @@ -# eBPF Tutorial by Example 9: Capturing Process Scheduling Latency and Recording as Histogram +# eBPF Tutorial by Example 9: Capturing Scheduling Latency and Recording as Histogram eBPF (Extended Berkeley Packet Filter) is a powerful network and performance analysis tool on the Linux kernel. It allows developers to dynamically load, update, and run user-defined code at runtime. diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 98737dd..7a0db73 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -1,6 +1,10 @@ -# Summary +# eBPF 开发实践教程:基于 CO-RE,通过小工具快速上手 eBPF 开发 -# eBPF 实践教程:基于 libbpf 和 CO-RE +这是一个基于 `CO-RE`(一次编译,到处运行)的 eBPF 的开发教程,提供了从入门到进阶的 eBPF 开发实践,包括基本概念、代码实例、实际应用等内容。和 BCC 不同的是,我们使用 libbpf、Cilium、libbpf-rs、eunomia-bpf 等框架进行开发,包含 C、Go、Rust 等语言的示例。 + +本教程不会进行复杂的概念讲解和场景介绍,主要希望提供一些 eBPF 小工具的案例(**非常短小,从二十行代码开始入门!**),来帮助 eBPF 应用的开发者快速上手 eBPF 的开发方法和技巧。教程内容可以在目录中找到,每个目录都是一个独立的 eBPF 工具案例。 + +教程关注于可观测性、网络、安全等等方面的 eBPF 示例: - [介绍 eBPF 的基本概念、常见的开发工具](0-introduce/README.md) - [eBPF Hello World,基本框架和开发流程](1-helloworld/README.md) @@ -36,7 +40,7 @@ - [BPF的生命周期:使用 Detached 模式在用户态应用退出后持续运行 eBPF 程序](28-detach/README.md) - [使用 eBPF 用户态捕获多种库的 SSL/TLS 明文数据](30-sslsniff/README.md) -# bcc tutorial +# bcc 教程与文档 - [BPF Features by Linux Kernel Version](bcc-documents/kernel-versions.md) - [Kernel Configuration for BPF Features](bcc-documents/kernel_config.md) diff --git a/src/SUMMARY_en.md b/src/SUMMARY_en.md index 451eea8..410cbb5 100644 --- a/src/SUMMARY_en.md +++ b/src/SUMMARY_en.md @@ -1,6 +1,14 @@ -# Summary +# eBPF Tutorial by Example: Learning CO-RE eBPF Step by Step with Tools -# eBPF Practice Tutorial: Based on libbpf and CO-RE +[![CI](https://github.com/eunomia-bpf/bpf-developer-tutorial/actions/workflows/main.yml/badge.svg)](https://github.com/eunomia-bpf/bpf-developer-tutorial/actions/workflows/main.yml) + +Dive straight into eBPF development with this concise tutorial, built around the powerful CO-RE (Compile Once, Run Everywhere) philosophy. Whether you're a newbie or a pro, we've got you covered with: + +- 🛠 **Practical Examples:** Start coding with bite-sized examples, some as short as just 20 lines! +- 🔍 **Focused Learning:** We prioritize hands-on learning, skipping the lengthy theory. Each directory offers an independent eBPF tool example. +- 💼 **Modern Frameworks:** Get comfortable with the latest eBPF frameworks such as libbpf, Cilium, libbpf-rs, and eunomia-bpf. +- 🌐 **Multi-language Support:** Play with code samples in C, Go, and Rust. +- 🌍 **Bilingual Content:** This tutorial is available in both Chinese and English. For the English version, click [here](README_en.md) or check the README_en.md inside each directory. - [Introduction to basic concepts of eBPF and common development tools](0-introduce/README.md) - [eBPF Hello World, basic framework and development process](1-helloworld/README.md) @@ -27,7 +35,7 @@ - [Using eBPF programs on Android](22-android/README.md) - [Tracing HTTP requests or other layer 7 protocols using eBPF](23-http/README.md) -- [Capturing Plain Text Data of Various Libraries' SSL/TLS Using uprobe](30-sslsniff/README_en.md) +- [Capturing Plain Text Data of Various Libraries' SSL/TLS Using uprobe](30-sslsniff/README.md) - [Accelerating network request forwarding using sockops](29-sockops/README.md) - [Hiding process or file information using eBPF](24-hide/README.md) - [Terminating processes by sending signals using bpf_send_signal](25-signal/README.md) @@ -41,4 +49,4 @@ - [Kernel Configuration for BPF Features](bcc-documents/kernel_config.md) - [bcc Reference Guide](bcc-documents/reference_guide.md) - [Special Filtering](bcc-documents/special_filtering.md) -- [bcc Tutorial](bcc-documents/tutorial.md)".- [bcc Python Developer Tutorial](bcc-documents/tutorial_bcc_python_developer.md) \ No newline at end of file +- [bcc Tutorial](bcc-documents/tutorial.md)".- [bcc Python Developer Tutorial](bcc-documents/tutorial_bcc_python_developer.md)