kernel/bpf-developer-tutorial
1
0
Fork 0
mirror of https://github.com/eunomia-bpf/bpf-developer-tutorial.git synced 2026-02-03 02:04:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: Update TOC generation functions to include output file directory parameter and adjust lesson paths in SUMMARY files

Browse Source
This commit is contained in:
Littlefisher
2025-11-12 07:38:53 -08:00
parent 78bad8296c
commit fd03b86248
3 changed files with 123 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
scripts/generate_toc.py
View File

@@ -2,7 +2,7 @@ import os
import re
# Define a function to walk through the directory and generate the TOC structure
def generate_toc(base_dir, project_root):
def generate_toc(base_dir, project_root, output_file_dir):
toc = "## Table of Contents\n\n"
section_headers = {
"Basic": "### Getting Started Examples\n\nThis section contains simple eBPF program examples and introductions. It primarily utilizes the `eunomia-bpf` framework to simplify development and introduces the basic usage and development process of eBPF.\n\n",
@@ -81,8 +81,8 @@ def generate_toc(base_dir, project_root):
if ":" in first_title:
first_title = first_title.split(":", 1)[1].strip()
# Get the relative path for the lesson
lesson_rel_path = os.path.relpath(readme_path, project_root)
# Get the relative path for the lesson (relative to the output file's directory)
lesson_rel_path = os.path.relpath(readme_path, output_file_dir)
# Prepare lesson data
# Handle both numbered lessons (e.g., "12-profile") and named lessons (e.g., "features/bpf_arena")
@@ -130,7 +130,7 @@ def generate_toc(base_dir, project_root):
# Define a function to walk through the directory and generate the TOC structure in Chinese
def generate_toc_cn(base_dir, project_root):
def generate_toc_cn(base_dir, project_root, output_file_dir):
toc = "## 目录\n\n"
section_headers = {
"Basic": "### 入门示例\n\n这一部分包含简单的 eBPF 程序示例和介绍。主要利用 `eunomia-bpf` 框架简化开发,介绍 eBPF 的基本用法和开发流程。\n\n",
@@ -209,8 +209,8 @@ def generate_toc_cn(base_dir, project_root):
if ":" in first_title:
first_title = first_title.split(":", 1)[1].strip()
# Get the relative path for the lesson
lesson_rel_path = os.path.relpath(readme_path, project_root)
# Get the relative path for the lesson (relative to the output file's directory)
lesson_rel_path = os.path.relpath(readme_path, output_file_dir)
# Prepare lesson data
# Handle both numbered lessons (e.g., "12-profile") and named lessons (e.g., "features/bpf_arena")
@@ -276,42 +276,48 @@ def generate_file_from_template(template_path, output_path, toc_content):
# Main execution
if __name__ == "__main__":
base_directory = "src/" # Base directory for lessons
project_root = "./" # The root of the project
scripts_dir = "scripts/" # Directory containing templates
# Get the absolute path to the script's directory
script_dir = os.path.dirname(os.path.abspath(__file__))
# Get the project root (parent of scripts directory)
project_root = os.path.dirname(script_dir)
# Generate TOC content for English
toc_en = generate_toc(base_directory, project_root)
base_directory = os.path.join(project_root, "src")
scripts_dir = os.path.join(project_root, "scripts")
# Generate TOC content for Chinese
toc_cn = generate_toc_cn(base_directory, project_root)
# Generate TOC content for SUMMARY.md files (output in src/ directory)
toc_summary_en = generate_toc(base_directory, project_root, os.path.join(project_root, 'src'))
toc_summary_cn = generate_toc_cn(base_directory, project_root, os.path.join(project_root, 'src'))
# Generate TOC content for README.md files (output in project root)
toc_readme_en = generate_toc(base_directory, project_root, project_root)
toc_readme_cn = generate_toc_cn(base_directory, project_root, project_root)
# Generate SUMMARY.md from template
generate_file_from_template(
os.path.join(scripts_dir, 'SUMMARY.md.template'),
os.path.join('src', 'SUMMARY.md'),
toc_en
os.path.join(project_root, 'src', 'SUMMARY.md'),
toc_summary_en
)
# Generate SUMMARY.zh.md from template
generate_file_from_template(
os.path.join(scripts_dir, 'SUMMARY.zh.md.template'),
os.path.join('src', 'SUMMARY.zh.md'),
toc_cn
os.path.join(project_root, 'src', 'SUMMARY.zh.md'),
toc_summary_cn
)
# Generate README.md from template
generate_file_from_template(
os.path.join(scripts_dir, 'README.md.template'),
'README.md',
toc_en
os.path.join(project_root, 'README.md'),
toc_readme_en
)
# Generate README.zh.md from template
generate_file_from_template(
os.path.join(scripts_dir, 'README.zh.md.template'),
'README.zh.md',
toc_cn
os.path.join(project_root, 'README.zh.md'),
toc_readme_cn
)
print("\nAll files generated successfully!")

96
src/SUMMARY.md
View File

@@ -12,32 +12,32 @@ For the complete source code of the tutorial, please refer to the repo [https://
This section contains simple eBPF program examples and introductions. It primarily utilizes the `eunomia-bpf` framework to simplify development and introduces the basic usage and development process of eBPF.
- [lesson 0-introduce](src/0-introduce/README.md) Introduction to Core Concepts and Tools
- [lesson 1-helloworld](src/1-helloworld/README.md) Hello World, Framework and Development
- [lesson 2-kprobe-unlink](src/2-kprobe-unlink/README.md) Monitoring unlink System Calls with kprobe
- [lesson 3-fentry-unlink](src/3-fentry-unlink/README.md) Monitoring unlink System Calls with fentry
- [lesson 4-opensnoop](src/4-opensnoop/README.md) Capturing Opening Files and Filter with Global Variables
- [lesson 5-uprobe-bashreadline](src/5-uprobe-bashreadline/README.md) Capturing readline Function Calls with Uprobe
- [lesson 6-sigsnoop](src/6-sigsnoop/README.md) Capturing Signal Sending and Store State with Hash Maps
- [lesson 7-execsnoop](src/7-execsnoop/README.md) Capturing Process Execution, Output with perf event array
- [lesson 8-exitsnoop](src/8-exitsnoop/README.md) Monitoring Process Exit Events, Output with Ring Buffer
- [lesson 9-runqlat](src/9-runqlat/README.md) Capturing Scheduling Latency and Recording as Histogram
- [lesson 10-hardirqs](src/10-hardirqs/README.md) Capturing Interrupts with hardirqs or softirqs
- [lesson 0-introduce](0-introduce/README.md) Introduction to Core Concepts and Tools
- [lesson 1-helloworld](1-helloworld/README.md) Hello World, Framework and Development
- [lesson 2-kprobe-unlink](2-kprobe-unlink/README.md) Monitoring unlink System Calls with kprobe
- [lesson 3-fentry-unlink](3-fentry-unlink/README.md) Monitoring unlink System Calls with fentry
- [lesson 4-opensnoop](4-opensnoop/README.md) Capturing Opening Files and Filter with Global Variables
- [lesson 5-uprobe-bashreadline](5-uprobe-bashreadline/README.md) Capturing readline Function Calls with Uprobe
- [lesson 6-sigsnoop](6-sigsnoop/README.md) Capturing Signal Sending and Store State with Hash Maps
- [lesson 7-execsnoop](7-execsnoop/README.md) Capturing Process Execution, Output with perf event array
- [lesson 8-exitsnoop](8-exitsnoop/README.md) Monitoring Process Exit Events, Output with Ring Buffer
- [lesson 9-runqlat](9-runqlat/README.md) Capturing Scheduling Latency and Recording as Histogram
- [lesson 10-hardirqs](10-hardirqs/README.md) Capturing Interrupts with hardirqs or softirqs
### Advanced Documents and Examples
We start to build complete eBPF projects mainly based on `libbpf` and combine them with various application scenarios for practical use.
- [lesson 11-bootstrap](src/11-bootstrap/README.md) Develop User-Space Programs with libbpf and Trace exec() and exit()
- [lesson 12-profile](src/12-profile/README.md) Using eBPF Program Profile for Performance Analysis
- [lesson 13-tcpconnlat](src/13-tcpconnlat/README.md) Statistics of TCP Connection Delay with libbpf
- [lesson 14-tcpstates](src/14-tcpstates/README.md) Recording TCP Connection Status and TCP RTT
- [lesson 15-javagc](src/15-javagc/README.md) Capturing User-Space Java GC Duration Using USDT
- [lesson 16-memleak](src/16-memleak/README.md) Monitoring Memory Leaks
- [lesson 17-biopattern](src/17-biopattern/README.md) Count Random/Sequential Disk I/O
- [lesson 18-further-reading](src/18-further-reading/README.md) More Reference Materials papers, projects
- [lesson 19-lsm-connect](src/19-lsm-connect/README.md) Security Detection and Defense using LSM
- [lesson 20-tc](src/20-tc/README.md) tc Traffic Control
- [lesson 21-xdp](src/21-xdp/README.md) Programmable Packet Processing with XDP
- [lesson 11-bootstrap](11-bootstrap/README.md) Develop User-Space Programs with libbpf and Trace exec() and exit()
- [lesson 12-profile](12-profile/README.md) Using eBPF Program Profile for Performance Analysis
- [lesson 13-tcpconnlat](13-tcpconnlat/README.md) Statistics of TCP Connection Delay with libbpf
- [lesson 14-tcpstates](14-tcpstates/README.md) Recording TCP Connection Status and TCP RTT
- [lesson 15-javagc](15-javagc/README.md) Capturing User-Space Java GC Duration Using USDT
- [lesson 16-memleak](16-memleak/README.md) Monitoring Memory Leaks
- [lesson 17-biopattern](17-biopattern/README.md) Count Random/Sequential Disk I/O
- [lesson 18-further-reading](18-further-reading/README.md) More Reference Materials papers, projects
- [lesson 19-lsm-connect](19-lsm-connect/README.md) Security Detection and Defense using LSM
- [lesson 20-tc](20-tc/README.md) tc Traffic Control
- [lesson 21-xdp](21-xdp/README.md) Programmable Packet Processing with XDP
### In-Depth Topics
This section covers advanced topics related to eBPF, including using eBPF programs on Android, possible attacks and defenses using eBPF programs, and complex tracing. Combining the user-mode and kernel-mode aspects of eBPF can bring great power (as well as security risks).
@@ -46,46 +46,46 @@ This section covers advanced topics related to eBPF, including using eBPF progra
GPU:
- [lesson 47-cuda-events](src/47-cuda-events/README.md) Tracing CUDA GPU Operations
- [lesson xpu/npu-kernel-driver](src/xpu/npu-kernel-driver/README.md) Tracing Intel NPU Kernel Driver Operations
- [xpu flamegraph](src/xpu/flamegraph/README.md) Building a GPU Flamegraph Profiler with CUPTI
- [lesson xpu/gpu-kernel-driver](src/xpu/gpu-kernel-driver/README.md) Monitoring GPU Driver Activity with Kernel Tracepoints
- [lesson 47-cuda-events](47-cuda-events/README.md) Tracing CUDA GPU Operations
- [lesson xpu/gpu-kernel-driver](xpu/gpu-kernel-driver/README.md) Monitoring GPU Driver Activity with Kernel Tracepoints
- [xpu flamegraph](xpu/flamegraph/README.md) Building a GPU Flamegraph Profiler with CUPTI
- [lesson xpu/npu-kernel-driver](xpu/npu-kernel-driver/README.md) Tracing Intel NPU Kernel Driver Operations
Scheduler:
- [lesson 44-scx-simple](src/44-scx-simple/README.md) Introduction to the BPF Scheduler
- [lesson 45-scx-nest](src/45-scx-nest/README.md) Implementing the `scx_nest` Scheduler
- [lesson 44-scx-simple](44-scx-simple/README.md) Introduction to the BPF Scheduler
- [lesson 45-scx-nest](45-scx-nest/README.md) Implementing the `scx_nest` Scheduler
Networking:
- [lesson 23-http](src/23-http/README.md) L7 Tracing with eBPF: HTTP and Beyond via Socket Filters and Syscall Tracepoints
- [lesson 29-sockops](src/29-sockops/README.md) Accelerating Network Request Forwarding with Sockops
- [lesson 41-xdp-tcpdump](src/41-xdp-tcpdump/README.md) Capturing TCP Information with XDP
- [lesson 42-xdp-loadbalancer](src/42-xdp-loadbalancer/README.md) XDP Load Balancer
- [lesson 46-xdp-test](src/46-xdp-test/README.md) Building a High-Performance XDP Packet Generator
- [lesson 23-http](23-http/README.md) L7 Tracing with eBPF: HTTP and Beyond via Socket Filters and Syscall Tracepoints
- [lesson 29-sockops](29-sockops/README.md) Accelerating Network Request Forwarding with Sockops
- [lesson 41-xdp-tcpdump](41-xdp-tcpdump/README.md) Capturing TCP Information with XDP
- [lesson 42-xdp-loadbalancer](42-xdp-loadbalancer/README.md) XDP Load Balancer
- [lesson 46-xdp-test](46-xdp-test/README.md) Building a High-Performance XDP Packet Generator
Tracing:
- [lesson 30-sslsniff](src/30-sslsniff/README.md) Capturing SSL/TLS Plain Text Data Using uprobe
- [lesson 31-goroutine](src/31-goroutine/README.md) Using eBPF to Trace Go Routine States
- [lesson 33-funclatency](src/33-funclatency/README.md) Measuring Function Latency with eBPF
- [lesson 37-uprobe-rust](src/37-uprobe-rust/README.md) Tracing User Space Rust Applications with Uprobe
- [lesson 39-nginx](src/39-nginx/README.md) Using eBPF to Trace Nginx Requests
- [lesson 40-mysql](src/40-mysql/README.md) Using eBPF to Trace MySQL Queries
- [lesson 48-energy](src/48-energy/README.md) Energy Monitoring for Process-Level Power Analysis
- [lesson 30-sslsniff](30-sslsniff/README.md) Capturing SSL/TLS Plain Text Data Using uprobe
- [lesson 31-goroutine](31-goroutine/README.md) Using eBPF to Trace Go Routine States
- [lesson 33-funclatency](33-funclatency/README.md) Measuring Function Latency with eBPF
- [lesson 37-uprobe-rust](37-uprobe-rust/README.md) Tracing User Space Rust Applications with Uprobe
- [lesson 39-nginx](39-nginx/README.md) Using eBPF to Trace Nginx Requests
- [lesson 40-mysql](40-mysql/README.md) Using eBPF to Trace MySQL Queries
- [lesson 48-energy](48-energy/README.md) Energy Monitoring for Process-Level Power Analysis
Security:
- [lesson 24-hide](src/24-hide/README.md) Hiding Process or File Information
- [lesson 25-signal](src/25-signal/README.md) Using bpf_send_signal to Terminate Malicious Processes in eBPF
- [lesson 26-sudo](src/26-sudo/README.md) Privilege Escalation via File Content Manipulation
- [lesson 27-replace](src/27-replace/README.md) Transparent Text Replacement in File Reads
- [lesson 28-detach](src/28-detach/README.md) Running eBPF After Application Exits: The Lifecycle of eBPF Programs
- [lesson 34-syscall](src/34-syscall/README.md) Modifying System Call Arguments with eBPF
- [lesson 24-hide](24-hide/README.md) Hiding Process or File Information
- [lesson 25-signal](25-signal/README.md) Using bpf_send_signal to Terminate Malicious Processes in eBPF
- [lesson 26-sudo](26-sudo/README.md) Privilege Escalation via File Content Manipulation
- [lesson 27-replace](27-replace/README.md) Transparent Text Replacement in File Reads
- [lesson 28-detach](28-detach/README.md) Running eBPF After Application Exits: The Lifecycle of eBPF Programs
- [lesson 34-syscall](34-syscall/README.md) Modifying System Call Arguments with eBPF
Features:
@@ -101,11 +101,11 @@ Features:
Other:
- [lesson 49-hid](src/49-hid/README.md) Fixing Broken HID Devices Without Kernel Patches
- [lesson 49-hid](49-hid/README.md) Fixing Broken HID Devices Without Kernel Patches
Android:
- [lesson 22-android](src/22-android/README.md) Using eBPF Programs on Android
- [lesson 22-android](22-android/README.md) Using eBPF Programs on Android
Continuously updating...

96
src/SUMMARY.zh.md
View File

@@ -12,76 +12,76 @@
这一部分包含简单的 eBPF 程序示例和介绍。主要利用 `eunomia-bpf` 框架简化开发,介绍 eBPF 的基本用法和开发流程。
- [lesson 0-introduce](src/0-introduce/README.zh.md) eBPF 示例教程 0核心概念与工具简介
- [lesson 1-helloworld](src/1-helloworld/README.zh.md) eBPF 入门开发实践教程一Hello World基本框架和开发流程
- [lesson 2-kprobe-unlink](src/2-kprobe-unlink/README.zh.md) eBPF 入门开发实践教程二:在 eBPF 中使用 kprobe 监测捕获 unlink 系统调用
- [lesson 3-fentry-unlink](src/3-fentry-unlink/README.zh.md) eBPF 入门开发实践教程三:在 eBPF 中使用 fentry 监测捕获 unlink 系统调用
- [lesson 4-opensnoop](src/4-opensnoop/README.zh.md) eBPF 入门开发实践教程四:在 eBPF 中捕获进程打开文件的系统调用集合,使用全局变量过滤进程 pid
- [lesson 5-uprobe-bashreadline](src/5-uprobe-bashreadline/README.zh.md) eBPF 入门开发实践教程五:在 eBPF 中使用 uprobe 捕获 bash 的 readline 函数调用
- [lesson 6-sigsnoop](src/6-sigsnoop/README.zh.md) eBPF 入门开发实践教程六:捕获进程发送信号的系统调用集合,使用 hash map 保存状态
- [lesson 7-execsnoop](src/7-execsnoop/README.zh.md) eBPF 入门实践教程七:捕获进程执行事件,通过 perf event array 向用户态打印输出
- [lesson 8-exitsnoop](src/8-exitsnoop/README.zh.md) eBPF 入门开发实践教程八:在 eBPF 中使用 exitsnoop 监控进程退出事件,使用 ring buffer 向用户态打印输出
- [lesson 9-runqlat](src/9-runqlat/README.zh.md) eBPF 入门开发实践教程九:捕获进程调度延迟,以直方图方式记录
- [lesson 10-hardirqs](src/10-hardirqs/README.zh.md) eBPF 入门开发实践教程十:在 eBPF 中使用 hardirqs 或 softirqs 捕获中断事件
- [lesson 0-introduce](0-introduce/README.zh.md) eBPF 示例教程 0核心概念与工具简介
- [lesson 1-helloworld](1-helloworld/README.zh.md) eBPF 入门开发实践教程一Hello World基本框架和开发流程
- [lesson 2-kprobe-unlink](2-kprobe-unlink/README.zh.md) eBPF 入门开发实践教程二:在 eBPF 中使用 kprobe 监测捕获 unlink 系统调用
- [lesson 3-fentry-unlink](3-fentry-unlink/README.zh.md) eBPF 入门开发实践教程三:在 eBPF 中使用 fentry 监测捕获 unlink 系统调用
- [lesson 4-opensnoop](4-opensnoop/README.zh.md) eBPF 入门开发实践教程四:在 eBPF 中捕获进程打开文件的系统调用集合,使用全局变量过滤进程 pid
- [lesson 5-uprobe-bashreadline](5-uprobe-bashreadline/README.zh.md) eBPF 入门开发实践教程五:在 eBPF 中使用 uprobe 捕获 bash 的 readline 函数调用
- [lesson 6-sigsnoop](6-sigsnoop/README.zh.md) eBPF 入门开发实践教程六:捕获进程发送信号的系统调用集合,使用 hash map 保存状态
- [lesson 7-execsnoop](7-execsnoop/README.zh.md) eBPF 入门实践教程七:捕获进程执行事件,通过 perf event array 向用户态打印输出
- [lesson 8-exitsnoop](8-exitsnoop/README.zh.md) eBPF 入门开发实践教程八:在 eBPF 中使用 exitsnoop 监控进程退出事件,使用 ring buffer 向用户态打印输出
- [lesson 9-runqlat](9-runqlat/README.zh.md) eBPF 入门开发实践教程九:捕获进程调度延迟,以直方图方式记录
- [lesson 10-hardirqs](10-hardirqs/README.zh.md) eBPF 入门开发实践教程十:在 eBPF 中使用 hardirqs 或 softirqs 捕获中断事件
### 高级文档和示例
我们开始构建完整的 eBPF 项目,主要基于 `libbpf`,并将其与各种应用场景结合起来,以便实际使用。
- [lesson 11-bootstrap](src/11-bootstrap/README.zh.md) eBPF 入门开发实践教程十一:在 eBPF 中使用 libbpf 开发用户态程序并跟踪 exec() 和 exit() 系统调用
- [lesson 12-profile](src/12-profile/README.zh.md) eBPF 入门实践教程十二:使用 eBPF 程序 profile 进行性能分析
- [lesson 13-tcpconnlat](src/13-tcpconnlat/README.zh.md) eBPF入门开发实践教程十三统计 TCP 连接延时,并使用 libbpf 在用户态处理数据
- [lesson 14-tcpstates](src/14-tcpstates/README.zh.md) eBPF入门实践教程十四记录 TCP 连接状态与 TCP RTT
- [lesson 15-javagc](src/15-javagc/README.zh.md) eBPF 入门实践教程十五:使用 USDT 捕获用户态 Java GC 事件耗时
- [lesson 16-memleak](src/16-memleak/README.zh.md) eBPF 入门实践教程十六:编写 eBPF 程序 Memleak 监控内存泄漏
- [lesson 17-biopattern](src/17-biopattern/README.zh.md) eBPF 入门实践教程十七:编写 eBPF 程序统计随机/顺序磁盘 I/O
- [lesson 18-further-reading](src/18-further-reading/README.zh.md) 更多的参考资料:论文、项目等等
- [lesson 19-lsm-connect](src/19-lsm-connect/README.zh.md) eBPF 入门实践教程:使用 LSM 进行安全检测防御
- [lesson 20-tc](src/20-tc/README.zh.md) eBPF 入门实践教程二十:使用 eBPF 进行 tc 流量控制
- [lesson 21-xdp](src/21-xdp/README.zh.md) eBPF 入门实践教程二十一: 使用 XDP 进行可编程数据包处理
- [lesson 11-bootstrap](11-bootstrap/README.zh.md) eBPF 入门开发实践教程十一:在 eBPF 中使用 libbpf 开发用户态程序并跟踪 exec() 和 exit() 系统调用
- [lesson 12-profile](12-profile/README.zh.md) eBPF 入门实践教程十二:使用 eBPF 程序 profile 进行性能分析
- [lesson 13-tcpconnlat](13-tcpconnlat/README.zh.md) eBPF入门开发实践教程十三统计 TCP 连接延时,并使用 libbpf 在用户态处理数据
- [lesson 14-tcpstates](14-tcpstates/README.zh.md) eBPF入门实践教程十四记录 TCP 连接状态与 TCP RTT
- [lesson 15-javagc](15-javagc/README.zh.md) eBPF 入门实践教程十五:使用 USDT 捕获用户态 Java GC 事件耗时
- [lesson 16-memleak](16-memleak/README.zh.md) eBPF 入门实践教程十六:编写 eBPF 程序 Memleak 监控内存泄漏
- [lesson 17-biopattern](17-biopattern/README.zh.md) eBPF 入门实践教程十七:编写 eBPF 程序统计随机/顺序磁盘 I/O
- [lesson 18-further-reading](18-further-reading/README.zh.md) 更多的参考资料:论文、项目等等
- [lesson 19-lsm-connect](19-lsm-connect/README.zh.md) eBPF 入门实践教程:使用 LSM 进行安全检测防御
- [lesson 20-tc](20-tc/README.zh.md) eBPF 入门实践教程二十:使用 eBPF 进行 tc 流量控制
- [lesson 21-xdp](21-xdp/README.zh.md) eBPF 入门实践教程二十一: 使用 XDP 进行可编程数据包处理
### 深入主题
这一部分涵盖了与 eBPF 相关的高级主题,包括在 Android 上使用 eBPF 程序、利用 eBPF 程序进行的潜在攻击和防御以及复杂的追踪。结合用户模式和内核模式的 eBPF 可以带来强大的能力(也可能带来安全风险)。
GPU:
- [lesson 47-cuda-events](src/47-cuda-events/README.zh.md) eBPF 教程:追踪 CUDA GPU 操作
- [lesson xpu/npu-kernel-driver](src/xpu/npu-kernel-driver/README.zh.md) eBPF 实例教程:跟踪 Intel NPU 内核驱动操作
- [xpu flamegraph](src/xpu/flamegraph/README.zh.md) eBPF 示例:使用 CUPTI 构建 GPU 火焰图分析器
- [lesson xpu/gpu-kernel-driver](src/xpu/gpu-kernel-driver/README.zh.md) eBPF 实例教程:使用内核跟踪点监控 GPU 驱动活动
- [lesson 47-cuda-events](47-cuda-events/README.zh.md) eBPF 教程:追踪 CUDA GPU 操作
- [lesson xpu/gpu-kernel-driver](xpu/gpu-kernel-driver/README.zh.md) eBPF 实例教程:使用内核跟踪点监控 GPU 驱动活动
- [xpu flamegraph](xpu/flamegraph/README.zh.md) eBPF 示例:使用 CUPTI 构建 GPU 火焰图分析器
- [lesson xpu/npu-kernel-driver](xpu/npu-kernel-driver/README.zh.md) eBPF 实例教程:跟踪 Intel NPU 内核驱动操作
调度器:
- [lesson 44-scx-simple](src/44-scx-simple/README.zh.md) eBPF 教程BPF 调度器入门
- [lesson 45-scx-nest](src/45-scx-nest/README.zh.md) eBPF 示例教程:实现 `scx_nest` 调度器
- [lesson 44-scx-simple](44-scx-simple/README.zh.md) eBPF 教程BPF 调度器入门
- [lesson 45-scx-nest](45-scx-nest/README.zh.md) eBPF 示例教程:实现 `scx_nest` 调度器
网络:
- [lesson 23-http](src/23-http/README.zh.md) 通过 eBPF socket filter 或 syscall trace 追踪 HTTP 请求等七层协议 - eBPF 实践教程
- [lesson 29-sockops](src/29-sockops/README.zh.md) eBPF 开发实践:使用 sockops 加速网络请求转发
- [lesson 41-xdp-tcpdump](src/41-xdp-tcpdump/README.zh.md) eBPF 示例教程:使用 XDP 捕获 TCP 信息
- [lesson 42-xdp-loadbalancer](src/42-xdp-loadbalancer/README.zh.md) eBPF 开发者教程: 简单的 XDP 负载均衡器
- [lesson 46-xdp-test](src/46-xdp-test/README.zh.md) eBPF 实例教程:构建高性能 XDP 数据包生成器
- [lesson 23-http](23-http/README.zh.md) 通过 eBPF socket filter 或 syscall trace 追踪 HTTP 请求等七层协议 - eBPF 实践教程
- [lesson 29-sockops](29-sockops/README.zh.md) eBPF 开发实践:使用 sockops 加速网络请求转发
- [lesson 41-xdp-tcpdump](41-xdp-tcpdump/README.zh.md) eBPF 示例教程:使用 XDP 捕获 TCP 信息
- [lesson 42-xdp-loadbalancer](42-xdp-loadbalancer/README.zh.md) eBPF 开发者教程: 简单的 XDP 负载均衡器
- [lesson 46-xdp-test](46-xdp-test/README.zh.md) eBPF 实例教程:构建高性能 XDP 数据包生成器
安全:
- [lesson 24-hide](src/24-hide/README.zh.md) eBPF 开发实践:使用 eBPF 隐藏进程或文件信息
- [lesson 25-signal](src/25-signal/README.zh.md) eBPF 入门实践教程:用 bpf_send_signal 发送信号终止恶意进程
- [lesson 26-sudo](src/26-sudo/README.zh.md) 文件操纵实现 sudo 权限提升
- [lesson 27-replace](src/27-replace/README.zh.md) 替换任意程序读取或者写入的文本
- [lesson 28-detach](src/28-detach/README.zh.md) 在应用程序退出后运行 eBPF 程序eBPF 程序的生命周期
- [lesson 34-syscall](src/34-syscall/README.zh.md) eBPF 开发实践:使用 eBPF 修改系统调用参数
- [lesson 24-hide](24-hide/README.zh.md) eBPF 开发实践:使用 eBPF 隐藏进程或文件信息
- [lesson 25-signal](25-signal/README.zh.md) eBPF 入门实践教程:用 bpf_send_signal 发送信号终止恶意进程
- [lesson 26-sudo](26-sudo/README.zh.md) 文件操纵实现 sudo 权限提升
- [lesson 27-replace](27-replace/README.zh.md) 替换任意程序读取或者写入的文本
- [lesson 28-detach](28-detach/README.zh.md) 在应用程序退出后运行 eBPF 程序eBPF 程序的生命周期
- [lesson 34-syscall](34-syscall/README.zh.md) eBPF 开发实践:使用 eBPF 修改系统调用参数
特性:
- [lesson 35-user-ringbuf](src/35-user-ringbuf/README.zh.md) eBPF开发实践使用 user ring buffer 向内核异步发送信息
- [lesson 36-userspace-ebpf](src/36-userspace-ebpf/README.zh.md) 用户空间 eBPF 运行时:深度解析与应用实践
- [lesson 38-btf-uprobe](src/38-btf-uprobe/README.zh.md) 借助 eBPF 和 BTF让用户态也能一次编译、到处运行
- [lesson 43-kfuncs](src/43-kfuncs/README.zh.md) 超越 eBPF 的极限:在内核模块中定义自定义 kfunc
- [features bpf_wq](src/features/bpf_wq/README.zh.md) eBPF 教程BPF 工作队列用于异步可睡眠任务
- [features bpf_iters](src/features/bpf_iters/README.zh.md) eBPF 教程BPF 迭代器用于内核数据导出
- [features bpf_arena](src/features/bpf_arena/README.zh.md) eBPF 实例教程BPF Arena 零拷贝共享内存
- [lesson 35-user-ringbuf](35-user-ringbuf/README.zh.md) eBPF开发实践使用 user ring buffer 向内核异步发送信息
- [lesson 36-userspace-ebpf](36-userspace-ebpf/README.zh.md) 用户空间 eBPF 运行时:深度解析与应用实践
- [lesson 38-btf-uprobe](38-btf-uprobe/README.zh.md) 借助 eBPF 和 BTF让用户态也能一次编译、到处运行
- [lesson 43-kfuncs](43-kfuncs/README.zh.md) 超越 eBPF 的极限:在内核模块中定义自定义 kfunc
- [features bpf_iters](features/bpf_iters/README.zh.md) eBPF 教程BPF 迭代器用于内核数据导出
- [features bpf_arena](features/bpf_arena/README.zh.md) eBPF 实例教程BPF Arena 零拷贝共享内存
- [features bpf_wq](features/bpf_wq/README.zh.md) eBPF 教程BPF 工作队列用于异步可睡眠任务
特性:
- [lesson 49-hid](src/49-hid/README.zh.md) eBPF 教程:无需内核补丁修复故障的 HID 设备
- [lesson 49-hid](49-hid/README.zh.md) eBPF 教程:无需内核补丁修复故障的 HID 设备
Android:
- [lesson 22-android](src/22-android/README.zh.md) 在 Android 上使用 eBPF 程序
- [lesson 22-android](22-android/README.zh.md) 在 Android 上使用 eBPF 程序
持续更新中...