|
EBPF
eBPF is a technology that can run programs in a privileged context such as the operating system kernel. It is the successor to the Berkeley Packet Filter (BPF, with the "e" originally meaning "extended") filtering mechanism in Linux and is also used in non-networking parts of the Linux kernel as well. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring changes to kernel source code or loading kernel modules. Safety is provided through an in-kernel verifier which performs static code analysis and rejects programs which crash, hang or otherwise interfere with the kernel negatively. This validation model differs from sandboxed environments, where the execution environment is restricted and the runtime has no insight about the program. Examples of programs that are automatically rejected are programs without strong exit guarantees (i.e. for/while loops without exit conditions) and programs dereferencing pointers without safe ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Berkeley Packet Filter
The Berkeley Packet Filter (BPF; also BSD Packet Filter, classic BPF or cBPF) is a network tap and packet filter which permits computer network packets to be captured and filtered at the operating system level. It provides a raw interface to data link layers, permitting raw link-layer packets to be sent and received, and allows a userspace process to supply a filter program that specifies which packets it wants to receive. For example, a tcpdump process may want to receive only packets that initiate a TCP connection. BPF returns only packets that pass the filter that the process supplies. This avoids copying unwanted packets from the operating system kernel to the process, greatly improving performance. The filter program is in the form of instructions for a virtual machine, which are interpreted, or compiled into machine code by a just-in-time (JIT) mechanism and executed, in the kernel. BPF is used by programs that need to, among other things, analyze network traffic. If ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Express Data Path
XDP (eXpress Data Path) is an eBPF-based high-performance network data path used to send and receive network packets at high rates by bypassing most of the operating system networking stack. It is merged in the Linux kernel since version 4.8. This implementation is licensed under GPL. Large technology firms including Amazon, Google and Intel support its development. Microsoft released their free and open source implementation ''XDP for Windows'' in May 2022. It is licensed under MIT License. Data path The idea behind XDP is to add an early hook in the RX path of the kernel, and let a user supplied eBPF program decide the fate of the packet. The hook is placed in the network interface controller (NIC) driver just after the interrupt processing, and before any memory allocation needed by the network stack itself, because memory allocation can be an expensive operation. Due to this design, XDP can drop 26 million packets per second per core with commodity hardware. The eBPF prog ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Brendan Gregg
Brendan Gregg is a computer engineer known for his work on computing performance. He works for Intel, and previously worked at Netflix, Sun Microsystems, Oracle Corporation, and Joyent. He was born in Newcastle, New South Wales and graduated from the University of Newcastle, Australia. In November, 2013, he was awarded the LISA Outstanding Achievement Award "For contributions to the field of system administration, particularly groundbreaking work in systems performance analysis methodologies." He investigates and writes about Linux performance on his blog. Contributions Gregg has developed various methodologies for performance analysis, notably the USE Method methodology (short for ''Utilization Saturation and Errors Method''). He has also created visualization types to aid performance analysis, including latency heat maps, utilization heat maps, subsecond offset heat maps, and flame graphs. His tools are included in multiple operating systems and products, and are in use b ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cloud Native Computing Foundation
The Cloud Native Computing Foundation (CNCF) is a subsidiary of the Linux Foundation founded in 2015 to support cloud-native computing. History It was announced alongside Kubernetes 1.0, an open source container cluster manager, which was contributed to the Linux Foundation by Google as a seed technology. Founding members include Google, CoreOS, Mesosphere, Red Hat, Twitter, Huawei, Intel, RX-M, Cisco, IBM, Docker, Univa, and VMware. Today, CNCF is supported by over 450 members. In August 2018 Google announced that it was handing over operational control of Kubernetes to the community. Projects * ArgoArgois a collection of tools for getting work done with Kubernetes. Among its main features are Workflows and Events. It was accepted to CNCF on March 26, 2020 at the Incubating maturity level and then moved to the Graduated maturity level on December 6, 2022. * Cilium: Cilium provides networking, security, and observability for Kubernetes deployments using eBPF technology. I ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Loadable Kernel Module
A loadable kernel module (LKM) is an executable library that extends the capabilities of a running kernel, or so-called ''base kernel'', of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory and other resources. Most current Unix-like systems and Windows support loadable kernel modules but with different names, such as kernel loadable module (kld) in FreeBSD, kernel extension (kext) in macOS (although support for third-party modules is being dropped), kernel extension module in AIX, dynamically loadable kernel module in HP-UX, kernel-mode driver in Windows NT and downloadable kernel module (DKM) in VxWorks. They are also known as kernel loadable module (KLM), or simply as kernel module (KMOD). Advantages Without loadable kernel modules, an operating system would have to inc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer Security Software
Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense. The defense of computers against intrusion and unauthorized use of resources is called ''computer security''. Similarly, the defense of computer networks is called '' network security''. The subversion of computers or their unauthorized use is referred to using the terms ''cyberwarfare'', ''cybercrime'', or '' security hacking'' (later shortened to ''hacking'' for further references in this article due to issues with ''hacker'', ''hacker culture'' and differences in white/grey/black 'hat' color identification). The computer security software products industry was launched in the second half of the 1970s when computer f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Tracing (software)
Tracing in software engineering refers to the process of capturing and recording information about the execution of a software program. This information is typically used by programmers for debugging purposes, and additionally, depending on the type and detail of information contained in a trace log, by experienced system administrators or technical-support personnel and by software monitoring tools to diagnose common problems with software. Tracing is a cross-cutting concern. There is not always a clear distinction between ''tracing'' and other forms of ''logging'', except that the term ''tracing'' is almost never applied to logging that is a functional requirement of a program (therefore excluding logging of data from an external source, such as data acquisition in a high-energy physics experiment, and write-ahead logging). Logs that record program usage (such as a server log) or operating-system events primarily of interest to a system administrator (see for example '' E ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Packet Processing
In digital communications networks, packet processing refers to the wide variety of algorithms that are applied to a packet of data or information as it moves through the various network elements of a communications network. With the increased performance of network interfaces, there is a corresponding need for faster packet processing. There are two broad classes of packet processing algorithms that align with the standardized network subdivision of control plane and data plane. The algorithms are applied to either: :* Control information contained in a packet which is used to transfer the packet safely and efficiently from origin to destination :or :* The data content (frequently called the payload) of the packet which is used to provide some content-specific transformation or take a content-driven action. Within any network enabled device (e.g. router (computing), router, switch, network element or terminal such as a computer or smartphone) it is the packet processing subsystem ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hooking
In computer programming, the term hooking covers a range of techniques used to alter or augment the behaviour of an operating system, of applications, or of other software components by intercepting function calls or messages or events passed between software components. Code that handles such intercepted function calls, events or messages is called a hook. Hook methods are of particular importance in the template method pattern where common code in an abstract class can be augmented by custom code in a subclass. In this case each hook method is defined in the abstract class with an empty implementation which then allows a different implementation to be supplied in each concrete subclass. Hooking is used for many purposes, including debugging and extending functionality. Examples might include intercepting keyboard or mouse event messages before they reach an application, or intercepting operating system calls in order to monitor behavior or modify the function of an applicat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Run-to-completion
Run-to-completion scheduling or nonpreemptive scheduling is a scheduling model in which each task runs until it either finishes, or explicitly yields control back to the scheduler. Run-to-completion systems typically have an event queue which is serviced either in strict order of admission by an event loop, or by an admission scheduler which is capable of scheduling events out of order, based on other constraints such as deadlines. Some preemptive multitasking scheduling systems behave as run-to-completion schedulers in regard to scheduling tasks at one particular process priority level, at the same time as those processes still preempt other lower priority tasks and are themselves preempted by higher priority tasks. See also * Preemptive multitasking * Cooperative multitasking Cooperative multitasking, also known as non-preemptive multitasking, is a computer multitasking technique in which the operating system never initiates a context switch from a running Process (comp ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Event-driven Programming
In computer programming, event-driven programming is a programming paradigm in which the Control flow, flow of the program is determined by external Event (computing), events. User interface, UI events from computer mouse, mice, computer keyboard, keyboards, touchpads and touchscreens, and external sensor inputs are common cases. Events may also be programmatically generated, such as from message passing, messages from other programs, notifications from other thread (computer science), threads, or other Computer network, network events. Event-driven programming is the dominant paradigm used in graphical user interfaces applications and network servers. In an event-driven application, there is generally an event loop that listens for events and then triggers a callback (computer programming), callback function when one of those events is detected. Event-driven programs can be written in any programming language, although the task is easier in languages that provide abstraction (co ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Execution Model
In computing, a programming language consists of a syntax plus an execution model. The execution model specifies the behavior of elements of the language. By applying the execution model, one can derive the behavior of a program that was written in terms of that programming language. For example, when a programmer "reads" code, in their mind, they walk through what each line of code does. In effect they simulate the behavior inside their mind. What the programmer is doing is applying the execution model to the code, which results in the behavior of the code. Each and every programming language has an execution model, which determines the manner in which the units of work (that are indicated by program syntax) are scheduled for execution. Detailed examples of the specification of execution models of a few popular languages include those of Python, the execution model of the Unified Parallel C (UPC) programming language, a discussion of various classes of execution model su ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
