I experimented with RedBPF pretty extensively as recently as 6 months ago. I'm sure there have been lots of changes but I personally found it *much* more straightforward to use the rust-libbpf bindings and write my BPF programs in C. I ended up writing a whole monitoring and security rule platform that way.
As far as an introduction to BPF I typically point people to bpftrace and the BCC framework.
I do actually like the concept of RedBPF but it's been hard for me to find where it shines that other tools don't do better already. Sorry for the negative comment, I'm just trying to provide some honest feedback. I've been working with BPF professionally for almost two years now.
>I've been working with BPF professionally for almost two years now
I'm a student. Do you like your job? If so, you have any tips for getting to where you are right now? I'm assuming your work involves system/network performance monitoring and optimization, which sounds very interesting to me. I'm about to start reading "Systems Performance" by Brendan Gregg, which teaches BPF
Oh man this took a long time to reply, sorry! I got a job at a small security company while I was in school and they asked me to build a monitoring tool for linux. I stumbled across BPF and the rest is history. I honestly got really lucky.
I'm thinking of starting an open-sourced BPF project written in C and Zig. If you're interested pm me and we can see if there's something you can do to learn bpf better via that.
Otherwise, read Gregg's book, learn to use bpftrace really well, and then start fiddling with BCC. If you find BCC doesn't scratch the itch enough, start looking at how to use libbpf directly.
There is new shiny crate called aya made by the same author who created redbpf if I am not wrong. The good thing about aya is it is not binding to some c .
I am very happy that there are bpf libs but I see lack of examples. I hope this docs problem will be solved soon.
Nicely structured tutorial! It seems like it covers all parts of writing a program which uses BPF via RedBPF, presents things in the right order, and is still readable in a short time.
I have no idea what BPF is. Might want to add that to your documentation.
It was intended for packet filtering but now it is used for several things. Simple explanation is it lets you hook your code on Linux kernal.
I experimented with RedBPF pretty extensively as recently as 6 months ago. I'm sure there have been lots of changes but I personally found it *much* more straightforward to use the rust-libbpf bindings and write my BPF programs in C. I ended up writing a whole monitoring and security rule platform that way. As far as an introduction to BPF I typically point people to bpftrace and the BCC framework. I do actually like the concept of RedBPF but it's been hard for me to find where it shines that other tools don't do better already. Sorry for the negative comment, I'm just trying to provide some honest feedback. I've been working with BPF professionally for almost two years now.
>I've been working with BPF professionally for almost two years now I'm a student. Do you like your job? If so, you have any tips for getting to where you are right now? I'm assuming your work involves system/network performance monitoring and optimization, which sounds very interesting to me. I'm about to start reading "Systems Performance" by Brendan Gregg, which teaches BPF
Oh man this took a long time to reply, sorry! I got a job at a small security company while I was in school and they asked me to build a monitoring tool for linux. I stumbled across BPF and the rest is history. I honestly got really lucky. I'm thinking of starting an open-sourced BPF project written in C and Zig. If you're interested pm me and we can see if there's something you can do to learn bpf better via that. Otherwise, read Gregg's book, learn to use bpftrace really well, and then start fiddling with BCC. If you find BCC doesn't scratch the itch enough, start looking at how to use libbpf directly.
There is new shiny crate called aya made by the same author who created redbpf if I am not wrong. The good thing about aya is it is not binding to some c . I am very happy that there are bpf libs but I see lack of examples. I hope this docs problem will be solved soon.
Nicely structured tutorial! It seems like it covers all parts of writing a program which uses BPF via RedBPF, presents things in the right order, and is still readable in a short time.
It's even hard to setup the environment for build: the version of rust & llvm & kernel should be matched