eBPF lets you run sandboxed programs inside the Linux kernel — without compiling kernel modules or rebooting. For performance engineers, it’s the closest thing to X-ray vision.
Getting Started
You don’t need to write eBPF programs from scratch. Tools like bpftrace give you one-liners that answer questions like “which files is this process reading?” or “why is this syscall slow?”
Practical Examples
opensnoop— trace file opens system-widebiolatency— histogram of block I/O latencytcplife— track TCP connection lifetimes
Leave a comment ✎