在Linux系统中，动态追踪技术一直是性能监控、故障排查和网络安全等领域的核心技术。随着技术的演进，一种名为eBPF（Extended Berkeley Packet Filter）的新兴技术逐渐崭露头角，成为Linux系统中下一代动态追踪技术的领导者同时也成为Android下的一种动态分析的技术手段 ...

I have been trying to implement a packet sniffer on QNX to read outgoing UDP packets for a software unit test. As far as I am aware, it isn't possible to create a raw socket and set it promiscuous ...

The recently released Linux 6.4 kernel is making some big networking strides that end users, enterprises and service providers will benefit from in the months to come. Among the key networking ...

The latest version of the Linux kernel cleans out nearly 100K lines of code, adds file encryption and the Berkeley Packet Filter, plus makes a nod to gamers and ...

eBPF是extended BPF的缩写，而BPF是Berkeley Packet Filter的缩写。对linux网络比较熟悉的伙伴对BPF应该比较了解，它通过特定的语法规则使用基于寄存器的虚拟机来描述包过滤的行为。比较常用的功能是通过过滤来统计流量，tcpdump工具就是基于BPF实现的。而eBPF对它进行了 ...

A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines.

Network geeks among you may remember my article, “Linux Socket Filter: Sniffing Bytes over the Network”, in the June 2001 issue of LJ, regarding the use of the packet filter built inside the Linux ...