fasterthanlime/mevi

eBPF Driver and Further Work

Opened this issue · 0 comments

This issue is to document a bit of the work that has been ongoing in the ebpf branch concerning the eBPF Driver for mevi, since I am currently busy with PhD exams and conferences. Development in the ebpf will most certainly resume mid-December.

Scaffolding eBPF programs around libbpf-rs has taken a bit more time than expected because of the way it deals with lifetimes in its generated skeletons. I may even, in the future, stop using the skeleton (except for the embedded program bytes), and deal with raw objects.

Some eBPF programs are missing, mainly for userfault detection, but these will be implemented once system call memory tracing is working.

I am currently thinking about how to ease validation and ease of use for mevi, and here are main points that I might implement while working on the ebpf branch to help debug my changes:

  1. Conception and implementation of a capture format and its associated driver.
  2. Rename mevi-frontend to mevi-web.
  3. mevi-frontend should start the :5001 server and proxy the data received to the web client.
  4. Allow mevi to configure where it outputs (i.e.: web, terminal, file, etc.).