The design and implementation of bpftime
The hook implementation is based on binary rewriting and the underly technique is inspired by:
The hook implementation is based on binary rewriting and the underly technique is inspired by:
- Userspace function hook: frida-gum
- Syscall hooks: zpoline: a system call hook mechanism based on binary rewriting and pmem/syscall_intercept.
For more details about how to implement the inline hook, please refer to our blog: Implementing an Inline Hook in C in 5 minutes and the demo https://github.com/eunomia-bpf/inline-hook-demo
The injection of userspace eBPF runtime into a running program is based on ptrace and also provided by frida-gum library.
How the bpftime work entirely in userspace:
How the bpftime work with kernel eBPF:
For more details, please refer to:
Continue exploring
Back to index
bpftime document Userspace eBPF runtime for Observability, Network, GPU & General extensions Framework
High-performance userspace eBPF runtime. Run eBPF programs with 10x faster uprobe performance, cross-platform support, and no kernel requirements.
Previous
Write and Run eBPF on GPU with bpftime
bpftime provides GPU support through its CUDA/ROCm attachment implementation, enabling eBPF programs to execute within GPU kernels on NVIDIA and AMD GPUs. This brings eBPF's programmability, observability, and customizat
Next
Benchmark and performance evaluation for bpftime
The benchmark directory contains benchmarks and experiments for the bpftime project, including:
- Last updated
- Jan 26, 2024
- First published
- Jan 13, 2024
- Contributors
- yunwei37, 云微
Was this page helpful?