Techly NewsGet the app

Get the latest tech news

Writing a system call tracer using eBPF


Pre-RequisitesSystem calls, eBPF, C, basics of low-level programming. IntroductioneBPF (Extended Berkeley Packet Filter) is a technology that allows users to run custom programs within the kernel. BPF

eBPF (Extended Berkeley Packet Filter) is a technology that allows users to run custom programs within the kernel. It also performs the crucial task of sending the child process’s ID to the eBPF program via the BPF hashmap. bpf_object__open: Creates a bpf_object by opening the BPF ELF object file pointed to by the passed path and loading it into memory.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of eBPF

eBPF

Photo of system call tracer

system call tracer

Related news:

News photo

Instrumenting Python GIL with eBPF

News photo

Capturing Linux SSL/TLS plaintext without a CA certificate using eBPF

« India migrates 25,000 small lenders to ERP in just five months
Whatever Happened to MySpace? »