eBPF Tutorial

English

简体中文

English

简体中文

Appearance

eBPF TutorialLearn eBPF from Scratch

A comprehensive hands-on guide to eBPF programming

Get Started
View on GitHub

Hook Mechanisms

Master Kprobe, Uprobe, Tracepoint, and Raw Tracepoint for kernel and user-space tracing

Data Structures

Learn to use BPF Maps, Ring Buffer, and Perf Buffer for efficient data transfer

Network Programming

Explore TC (Traffic Control) and XDP for high-performance packet processing

Multi-language Support

Develop eBPF programs using both C and Go with libbpf and cilium/ebpf

GitHub StarsGitHub ForksLicense

Course Overview

This tutorial provides a step-by-step guide to learning eBPF programming from zero to advanced topics.

What You'll Learn

  • Lesson 1-3: eBPF basics, Kprobe, and Uprobe
  • Lesson 4-5: BPF Maps for user and kernel space communication
  • Lesson 6: Go language development with eBPF
  • Lesson 7: Ring Buffer and Perf Buffer
  • Lesson 8-9: Tracepoint and Raw Tracepoint
  • Lesson 10: BTF and CO-RE for portable eBPF
  • Lesson 11-12: TC Ingress and Egress
  • Lesson 13: SSL/TLS traffic analysis
  • Lesson 14-17: Practical projects (HTTPS monitoring, process tracing)

Prerequisites

  • Linux kernel 5.4+ (5.8+ recommended)
  • Basic C programming knowledge
  • Understanding of Linux system calls

Released under the MIT License.

Copyright © 2024-present haolipeng