When working with eBPF, retrieving process and thread information is essential for monitoring and observability. One commonly used helper function for this purpose is bpf_get_current_pid_tgid(). It provides both Thread Group ID (TGID) and the Process ID (PID). But what exactly are TDID and PID, and how do they differ🤔? Extracting TGID and PID with eBPFUnderstanding TGID… Continue reading Getting to Know TGID and PID in eBPF: Essential for Observability
TL;DR This guide demonstrates how to implement eBPF Tail Calls using Rust's Aya. 🦀🐝 Introduction: Tail CallsRun eBPF Tail Calls programPrerequisitesClone the RepositoryGenerate Struct codesBuildRunCheck logsCheck eBPF Programs and Maps in the KerneleBPF ProgramsLoaded eBPF ProgramsAttached eBPF ProgramseBPF Map for tail callsRust Code HighlightsProgramArray SetupTail CallsState Sharing with PerCpuArrayReferencesWrap up Introduction: Tail Calls Tail calls… Continue reading eBPF Tail Calls with Rust Aya
TL;DR In this post, I’ll walk you through an example of an eBPF Kprobe program using Aya with Rust. 🦀🐝 Introduction: KprobesRun eBPF Kprobe tracing programPrerequisitesCheck available KprobesClone the RepositoryGenerate Structs codesBuildRunTestCheck eBPF Program in the KernelCheck with bpftool(Optional) Check with bpftopArgument Handling in KprobesHow to Identify Argument TypesGenerate Struct Codes by aya-toolRead values from… Continue reading Writing eBPF Kprobe Program with Rust Aya
TL;DR In this post, I’ll walk you through an example of an eBPF RawTracepoint program using Aya with Rust. 🦀🐝 Introduction: RawTracepoints vs TracepointsArgument HandlingPerformanceRun eBPF RawTracepoint tracing programPrerequisitesCheck available TracepointsClone the RepositoryGenerate Structs codesBuild and RunCheck eBPF Program in the KerneleBPF ProgramAttachment to RawTracepointArgument Handling in RawTracepointsHow to Identify Argument TypesGenerate Struct Codes by… Continue reading Writing eBPF RawTracepoint Program with Rust Aya
Yuki Nakamura's Blog 