Saturday, September 29, 2018

How I ended up writing opensnoop in pure C using eBPF

Hello friends, it's been awhile. I recently had the opportunity to do a deep dive on eBPF and I learned a lot in the process. There isn't a lot out there on the subject, so I decided to put together a long-form article about the experience: https://bolinfest.github.io/opensnoop-native/.

You'll notice that this is hosted on GitHub Pages rather than on bolinfest.com itself. I expect there to be typos to fix and cross-references to add over time, so it seemed easiest to colocate the article with the code and have both in version control so I can track changes properly. Also, it's nice to be able to compose things in Markdown (or in Quip and then export to Markdown) and then let a GitHub Pages template do the rest, particularly when it comes to syntax highlighting the code samples.