eBPF Driver and Further Work
Opened this issue · 0 comments
This issue is to document a bit of the work that has been ongoing in the ebpf
branch concerning the eBPF Driver for mevi, since I am currently busy with PhD exams and conferences. Development in the ebpf
will most certainly resume mid-December.
Scaffolding eBPF programs around libbpf-rs
has taken a bit more time than expected because of the way it deals with lifetimes in its generated skeletons. I may even, in the future, stop using the skeleton (except for the embedded program bytes), and deal with raw objects.
Some eBPF programs are missing, mainly for userfault detection, but these will be implemented once system call memory tracing is working.
I am currently thinking about how to ease validation and ease of use for mevi, and here are main points that I might implement while working on the ebpf
branch to help debug my changes:
- Conception and implementation of a capture format and its associated driver.
- Rename
mevi-frontend
tomevi-web
. mevi-frontend
should start the :5001 server and proxy the data received to the web client.- Allow mevi to configure where it outputs (i.e.: web, terminal, file, etc.).