Get started with your own BPF application quickly and painlessly with libbpf-bootstrap scaffolding, which takes care of all the mundane setup steps and lets you dive right into BPF fun and minimize the necessary boilerplate. We'll take a look at what libbpf-bootstrap provides and how everything is tied together.

There is now a new BPF data structure available: BPF ring buffer. It solves memory efficiency and event re-ordering problems of the BPF perf buffer (a de facto standard today for sending data from kernel to user-space) while meeting or beating its performance. It provides both perfbuf-compatible for easy migration, but also has the new reserve/commit API with better usability. Also, both synthetic and real-world benchmarks show that in almost all cases so think about making it a default choice for sending data from the BPF program to user-space.

A practical guide to converting your BCC-based BPF application to libbpf and BPF CO-RE.

What does it mean for a BPF application to be portable? And why it's actually hard to achieve that without BPF Compile Once — Run Everywhere (CO-RE)? In this post we'll see what are the challenges of writing BPF programs that can work across multiple kernel versions and how BPF CO-RE is helping to address this problem.

This is a slightly updated (in 2020) version of the post first published at Facebook's BPF blog back in 2018. BTF deduplication is what got me started with BPF and Linux kernel development, so I'm re-publishing it here retroactively for a more complete story of my involvement with BPF. Please also check out updated "What's next" section for a short summary on what happened in BPF world after BTF dedup was developed.