eBPF
eBPF with Nix: laptop to testbed
<p>Setting up eBPF development environment often require some effort on getting the correct headers, manage compiler versions, tweaking kconfig knobs, just to get a program running. In this session, we'll cover how to solve these problems using <a href="https://nixos.org/">Nix</a> [1] (NixOS not required). Unlike traditional workflows that rely on imperative package managers, Nix allows us to define kernel, userspace tooling, and testing infrastructure reproducibly.</p>
<p>We'll explore a workflow that bridges the gap between local prototyping and experiments/production environments using <a href="https://wiki.nixos.org/wiki/NixOS_VM_tests">NixOS VM tests</a> [2], which would allow developers easily to spin up multiple QEMU VMs with custom kernel (e.g. with patches or non-conventional config/build flags) and network connection.</p>
<p>We'll then demonstrate how to scale the exact environment from a laptop to testbeds like <a href="https://www.grid5000.fr/w/Grid5000:Home">Grid'5000</a> [3]. With Nix and <a href="https://github.com/oar-team/nixos-compose">NixOS-Compose</a> [4], we can deploy multi-node experiments with bit-perfect* reproducibility. In the demo, we'll use a trivial eBPF program (using <a href="https://docs.ebpf.io/linux/helper-function/bpf_override_return/"><code>bpf_override_return</code></a> to mandate <code>CONFIG_BPF_KPROBE_OVERRIDE</code> + <code>ALLOW_ERROR_INJECTION</code> and mock syscalls),
test it locally, and deploy to a cluster to collect live telemetry and visualizations.</p>
<p>[1] https://nixos.org/
[2] https://wiki.nixos.org/wiki/NixOS_VM_tests
[3] https://www.grid5000.fr/w/Grid5000:Home
[4] https://github.com/oar-team/nixos-compose
[*] https://reproducible.nixos.org/</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/h1308 |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 1/31/26 |
<p>eBPF programs often behave differently than developers expect, not because of incorrect logic, but because of subtle behaviours of the hookpoints themselves. In this talk, we focus on a small set of high-impact, commonly misunderstood attachment types — kprobes/fentry, tracepoints and uprobes, and expose the internal kernel mechanics that cause surprising edge cases.</p> <p>Rather than attempting to cover all eBPF hooks, this session distills a practical set of real-world gotchas that ...
|
| 1/31/26 |
<p>Training large models requires significant resources and failure of any GPU or Host can significantly prolong training times. At Meta, we observed that 17% of our jobs fail due to RDMA-related syscall errors which arise due to bugs in the RDMA driver code. Unlike other parts of the Kernel RDMA-related syscalls are opaque and the errors create a mismatched application/kernel view of hardware resources. As a result of this opacity and mismatch existing observability tools provided limited ...
|
| 1/31/26 |
<p>Any eBPF project that has started in the last couple of years is most likely written to take advantage of CO-RE, compiling your eBPF programs ahead of time, and being able to run that program on a wide range of kernels and machines.</p> <p>Before CO-RE it was common to ship the whole toolchain and compile on target. This is what Cillium currently still does. Compiling on target empowered a core value of Cilium: "you do not pay for what you do not use". But it turns out that with CO-RE ...
|
| 1/31/26 |
<p>This talk will go over a number of performance and reliability pitfalls of the different eBPF program types we have discovered building production ready eBPF based products at Datadog. This includes the changing performance characteristics of kprobes over different kernel versions, reliability issues with fentry due to a kernel bug, and the pains of scaling uprobes, among other things.</p>
|
| 1/31/26 |
<p><a href="http://github.com/parca-dev/oomprof">OOMProf</a> is a Go library that installs a eBPF programs that listen to Linux kernel tracepoints involved in OOM killing and records a memory profile before your Go program is dead and gone. The memory profile can be logged as a pprof file or sent to a <a href="http://parca.dev/">Parca</a> server for storage and analysis. This talk will be a deep dive into the implementation and its limitations and possible future directions.</p>
|
| 1/31/26 |
<p>XDP and AF_XDP provide a high-performance mechanism for driver-layer packet processing and zero-copy delivery of packets into userspace, while maintaining access to standard kernel networking constructs — capabilities that distinguish them from full kernel-bypass frameworks such as DPDK. However, the current AF_XDP implementation offers no efficient in-kernel mechanism for forwarding packets between AF_XDP sockets in a zero-copy manner. Because AF_XDP operates without the conventional full ...
|
| 1/31/26 |
<p>The eBPF eXpress Data Path (XDP) allows high-speed packet processing applications. Achieving high throughput requires careful design and profiling of XDP applications. However, existing profiling tools lack eBPF support. We introduce InXpect, a lightweight monitoring framework that profiles eBPF programs with fine granularity and minimal overhead, making it suitable for XDP-based in-production systems. We demonstrate how InXpect outperforms existing tools in profiling overhead and ...
|
