Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.

For the best experience please use the latest Chrome, Safari or Firefox browser.

Talking to the Linux Kernel 
with Python and eBPF
Navin Pai
The Agenda
- What is eBPF?
- Why is eBPF awesome?
- Tooling for eBPF
- Python + eBPF = 🚀
- Making eBPF part of your arsenal
- What next?
- QnA
Talking to the kernel
Talking to the kernel
Kernel Changes: Very slow release and change cycles 
(with very good reasons we can imagine)

Kernel Modules: Commonly used to bork your system
(a la the oops/Kernel Panic we're familiar with)
"Let there be light"
Well, as ongoing additions to the Linux Kernel from v3.15 ( 2014+)

So what is eBPF
(1992) Berkeley Packet Filters
⇓
(2014) extended Berkeley Packet Filters
⇓
(today)  eBPF / BPF
How eBPF Works
So what can I do with eBPF?
Hook into pretty much anything that uses 
linux kernel functionality like:

System Calls, Network Events, cGroup Events,
Kprobes and Uprobes

Talk is cheap...
Talk is cheap...
Demo
Building with eBPF
System Profiling
Building with eBPF
Load Balancing
Building with eBPF
Network Security
Building with eBPF
Policy Enforcement
Tools leveraging eBPF