Enhanced Berkley Packet Filter or
eBPFis a bytecode virtual machine in Linux Kernel used to trace kernel functions.It's not just packet filtering, it's for insight into varying kind of system layer activities.
-
Sample eBPF Scripts: Trace TCP send_msg
source/references/detailed-reads
-
bpf()syscall in Linux 3.18 -
BPF Compiler Collection by IO Visor Project, rich helper function by its libbpf
-
list of pseudo-assembly instructions allowed struct bpf_insn prog