KernelScript tackles the growing complexity of eBPF projects by unifying kernel‑side programs, userspace loaders, and kernel modules into a single codebase, using annotations to let the compiler generate the necessary glue code, thereby reducing boilerplate and improving team productivity.
By combining low‑overhead eBPF data collection with AI‑driven diagnosis and an agent‑based execution layer, the authors present a three‑tier system that shifts mobile optimization from peak performance to sustained energy efficiency, achieving sub‑1% monitoring overhead and up to 20% power savings in real‑world video workloads.
The article introduces bpftime for GPU, a tool that extends eBPF's programmable, low‑overhead observation capabilities into GPU kernels, explains its implementation pipeline, compares its performance against Nsight and NVBit, and outlines future enhancements for GPU profiling.
This article provides an in‑depth technical walkthrough of the eBPF loader implementation, explains two signature schemes, details map creation, hash calculation, CO‑RE relocation handling, the use_loader mode, kernel‑side verification via Hornet LSM, and discusses the advantages, limitations, and TOCTOU concerns.
Cube Sandbox, an open‑source AI sandbox runtime built with RustVMM on KVM, achieves sub‑60 ms cold‑start times, under 5 MB memory per instance, and hardware‑level isolation, outperforming Docker containers and traditional VMs while remaining 100 % E2B compatible.
Webminal, a free online Linux learning platform, has survived for fifteen years on a single 8 GB CentOS server, serving over half a million users by using a minimalist stack—including Python 2.7, Flask, Shellinabox, User Mode Linux and eBPF—while deliberately avoiding modern container orchestration and commercial monetisation.
The article examines why traditional Linux commands like ps, netstat, and ss cannot be trusted on a potentially root‑kit‑infected system, introduces the LinIR tool that collects forensic data without relying on the host's user‑space toolchain, and compares it against manual scripts, other automation tools, and commercial EDR solutions.
Webminal, a free online Linux learning platform built in 2010, has survived 15 years on a single 8 GB CentOS server, serving over 500,000 users by using minimalist architecture, User Mode Linux, Shellinabox, eBPF monitoring, and a community‑first mindset despite multiple outages and failed monetisation attempts.
This comprehensive guide explains Kubernetes networking fundamentals, compares major CNI plugins such as Flannel, Calico, and Cilium, and provides detailed troubleshooting steps for pod communication, service routing, DNS issues, and eBPF‑based enhancements, helping operators build reliable, high‑performance clusters.
The article examines Adversarial Testing Performance Optimization (ATPO) as a new industrial-quality paradigm, detailing how adversarial samples expose hidden performance bottlenecks across AI pipelines, presenting three typical adversarial loads with corresponding optimization targets, common implementation pitfalls, and emerging intelligent approaches using reinforcement learning and digital twins.
This article explores the strategic role of eBPF in cloud‑native operations, detailing its technical foundations, real‑world use cases from major tech companies, step‑by‑step troubleshooting methods, and a concrete implementation for TCP retransmission monitoring in a high‑traffic gateway system.
A NetEase interview probes deep JVM garbage‑collection knowledge, exposing misconceptions about default GC, demanding precise G1/ZGC tuning, and challenging candidates with performance‑critical scenarios that reveal hidden latency and memory‑usage pitfalls.
The article explains a Go compile‑time instrumentation tool that automatically injects OpenTelemetry tracing into binaries without source changes, compares it with eBPF and manual instrumentation, and provides usage steps, code examples, and links to the open‑source project.
This practical guide walks you through Linux kernel stack backtracing, covering GDB installation, core dump analysis, handling corrupted stacks, and advanced tracing techniques using ftrace and eBPF, with step‑by‑step commands, code examples, and troubleshooting tips to pinpoint the root cause of crashes.
This tutorial explains how to use eBPF and bpftrace to monitor the Intel NPU kernel driver on Lunar Lake and Meteor Lake CPUs, mapping Level Zero API calls to kernel ioctls, tracking memory allocation, IPC communication, and identifying performance bottlenecks through detailed function‑call statistics.
In cloud‑native deployments, container abstraction hides memory consumption, leading to high file cache, SReclaimable, cgroup leaks, and invisible kernel‑allocated memory, but SysOM’s non‑intrusive, low‑overhead diagnostics map pages to inodes and containers to pinpoint the root causes quickly.
This article introduces pwru, Cilium's eBPF‑based packet‑tracing tool, explains kernel requirements, shows how to install the pre‑built binary, details command‑line options, and provides practical examples for filtering, output customization, and debugging dropped packets in Linux networking.
This article details the year‑long exploration of Profile‑Guided Optimization (PGO) for WeChat’s backend, covering its theory, compiler implementations, practical experiments with Propeller and BOLT, transparent eBPF sampling, engineering challenges, and the measurable CPU and memory savings achieved across production services.
The article traces the evolution of Linux CPU scheduling from CFS to the EEVDF algorithm, explains EEVDF’s deadline‑driven allocation with concrete task examples, and details Zang Chunxin’s patch that enables shorter slices and wake‑up preemption to reduce latency.
The 20th China Linux Kernel Developers Conference, hosted by vivo, presented eleven technical talks covering AI‑driven kernel challenges, memory‑compression techniques, heterogeneous compression, async file‑cache management, uncached I/O, direct I/O for compressed files, parallel writeback, host‑initiated defragmentation, zoned storage, energy‑efficient I/O, and eBPF‑based CPU idle policies, each with concrete performance results and implementation details.
vshell is a versatile remote‑shell framework offering eBPF C2 support, interactive terminals, zero‑compile client generation, multi‑protocol traffic handling, in‑memory plugin execution, WebSocket CDN relay, and full NPS proxy capabilities, all managed via a single‑file server and a web UI.
This tutorial explains how to leverage Linux kernel tracepoints with eBPF and bpftrace to capture real‑time GPU driver activity—including job scheduling, memory management, and command submission—across Intel, AMD, Nouveau, and NVIDIA GPUs, providing detailed examples, scripts, and analysis of the resulting data.
This article walks ops engineers through a real production incident, explains why deep Linux kernel knowledge is crucial, presents typical high‑traffic, log‑burst, and DB‑slow‑query scenarios, and shares a three‑step practical tuning methodology with code snippets, monitoring scripts, and future‑proof tips such as eBPF and AIOps.
This article examines recent efforts to make Linux kernel memory management programmable with eBPF, covering BPF‑MM patches for mTHP order, cache‑ext’s customizable LRU, FetchBPF prefetch policies, and BPF OOM hooks, and discusses their design, implementation details, and performance impacts.
PacketScope leverages eBPF to trace every packet inside the TCP/IP stack, visualizes protocol interactions, and uses large language models to automatically detect and block sophisticated network attacks with zero‑delay, addressing the growing $10.5 trillion cyber‑crime threat projected for 2025.
The article explains how bpftime extends eBPF to NVIDIA and AMD GPUs, exposing fine‑grained execution details that traditional CPU‑side tools miss, and demonstrates a unified, programmable observability stack that overcomes the limitations of existing GPU profilers in both synchronous and asynchronous workloads.
The article explains how the emerging Model Context Protocol (MCP) for AI tools lacks visibility, outlines security and monitoring challenges, compares alternative tracing methods, and presents MCPSpy—a Linux‑only eBPF‑based, non‑intrusive solution that captures MCP stdio traffic, parses JSON‑RPC messages, and outputs human‑readable or JSON logs.
Cilium leverages eBPF to provide a high‑performance, secure, and observable cloud‑native networking solution for Kubernetes, offering flat L3 networking, flexible routing, advanced load balancing, identity‑based security policies, and seamless integration via CNI, Helm, and Hubble, with step‑by‑step deployment instructions.
This guide walks you through a systematic three-step methodology for diagnosing and resolving Linux performance issues—covering CPU, memory, and I/O bottlenecks—using practical commands, real-world case studies, and automation scripts, while also exploring future trends like eBPF and cloud‑native challenges.
When a production server hit 100% CPU at 3 AM, the author walks through a three‑minute, step‑by‑step method—quickly identifying the offending process, drilling into threads, and pinpointing problematic code—while sharing useful shell commands, common pitfalls, advanced safeguards like cgroup limits and eBPF tracing.
An in‑depth guide for operations engineers covering TCP/IP stack fundamentals, practical routing and firewall configurations, kernel and NIC tuning, automation scripts, and emerging technologies such as eBPF, providing real‑world case studies and step‑by‑step commands to master network reliability and performance.
PacketScope leverages eBPF to provide a real-time, kernel-level visualization of TCP/IP protocol interactions, enabling detailed security analysis, performance diagnostics, and zero-delay defense, while offering installation guides and a UI that highlights packet analysis, function call chains, and cross-layer metrics.
LoongCollector, the core component of Alibaba Cloud's LoongSuite, delivers zero‑intrusion, multi‑tenant, high‑performance data collection and processing for AI services, enabling full‑stack observability across logs, metrics, traces, events and profiles in cloud‑native environments.
LoongCollector, the core component of Alibaba Cloud's LoongSuite, delivers zero‑intrusion, multi‑tenant, high‑performance data collection and processing for AI services, integrating logs, metrics, traces, events, and profiles into a unified, programmable pipeline that scales elastically across heterogeneous GPU clusters.
This article walks through designing and implementing a zero‑intrusion, real‑time network anomaly detection system for Kubernetes using eBPF, covering architecture, kernel‑space eBPF programs, Go user‑space collectors, deployment via DaemonSet, performance optimizations, alerting integration with Prometheus/Grafana, and real‑world case studies.
This article explains how to design and implement a service‑level NAS traffic tracing solution using Linux eBPF, NFS kernel hooks, and Kubernetes metadata to correlate container processes with NAS devices, generate real‑time metrics, and visualize them in Prometheus dashboards.
This article explains why traditional Linux monitoring tools often miss deep kernel issues and shows how to use eBPF‑based utilities such as biolatency, runqlat, and offcputime to pinpoint CPU, I/O, and lock‑contention problems with concrete command examples and a practical troubleshooting workflow.
This article outlines the standard BCC workflow for creating eBPF tools, then dissects the opensnoop source code, covering requirement analysis, kernel‑space program writing, BPF map configuration, user‑space Python integration, argument handling, testing, optimization, and deployment steps to monitor open system calls.
This article provides an in‑depth analysis of BPF maps—explaining their design principles, core features, various map types with code examples, and the macro expansion process that turns high‑level BCC helpers into native kernel map definitions for cloud‑native observability.
This tutorial explains how to build an eBPF‑based tracing tool that intercepts CUDA runtime API calls via uprobes, captures detailed event data such as memory sizes, transfer directions, kernel launches and errors, and presents it in a readable format for debugging and performance analysis.
This article explains the problem of internal and external memory fragmentation in Linux systems, introduces eBPF as a powerful tracing tool, and provides step‑by‑step guidance for building, loading, and running eBPF programs to analyze and mitigate fragmentation on both Linux and Android platforms.
This tutorial introduces the BPF Compiler Collection (BCC) suite, explains how to install it, lists essential Linux commands, and provides step‑by‑step examples of each BCC tool for fast performance analysis, fault isolation, and network troubleshooting on Linux systems.
This article analyzes the security risks of the Model Context Protocol (MCP), demonstrates a tool‑poisoning attack that steals private keys via malicious tool descriptions, explores client‑side and server‑side threat vectors, and presents observability‑based mitigation using eBPF and LoongCollector.
This article explains how the eBPF verifier checks user‑supplied BPF programs, details register types, instruction encoding, and the verification workflow, and illustrates typical verifier errors with concrete code examples and the exact kernel checks that trigger them.
This article explains eBPF from a developer's perspective, covering the eBPF virtual machine, instruction encoding, bytecode generation with LLVM/Clang, loading via the bpf() syscall, verifier rules, execution flow, JIT compilation, and how Android builds and packages eBPF programs.
The article recaps the 3rd eBPF Developer Conference in Xi'an, highlighting talks on BPF‑on‑MPTCP, system‑wide PGO, bperf, autonomous‑driving use cases, and AI‑driven observability, while sharing the author's insights on continuous profiling, SysOM, and future challenges of scaling eBPF with large models.
This article demonstrates how to use ACK AI Profiling, built on eBPF and dynamic process injection, to perform non-intrusive, low‑overhead profiling of Kubernetes‑deployed large‑language‑model inference services, identify GPU memory growth causes, and apply optimization recommendations to prevent OOM issues.
The 3rd eBPF Developer Conference held on April 19, 2025 at Xi'an University of Posts and Telecommunications featured 36 expert talks on eBPF advancements, network and security innovations, observability, performance optimization, a vibrant project marketplace, student projects, and provides video and PPT resources for the community.
The article explains how Alibaba Cloud's SysOM console uses low‑overhead process hotspot tracing, stack unwinding, symbol resolution, eBPF and AI diagnostics to pinpoint CPU, memory, lock and network issues, offering visual flame‑graph analysis and real‑world case studies for faster root‑cause identification.
This article explains the concept of process hotspot tracing, analyzes common performance pain points in cloud‑native environments, and details Sysom's solution—including stack unwinding, symbol resolution, flame‑graph generation, and real‑world case studies—to help developers and operators quickly locate and resolve system bottlenecks.
This article introduces bpftrace, an eBPF‑based dynamic tracing tool for Linux, explains its core concepts, technical architecture, installation methods, basic syntax, and demonstrates real‑world performance analysis, fault diagnosis, and security monitoring scenarios while comparing it with DTrace, SystemTap, and BCC.
The article traces the evolution of AI training stability from early manual operations on small GPU clusters to sophisticated, fault‑tolerant infrastructures for thousand‑card and ten‑thousand‑card models, detailing Baidu Baige’s metrics, monitoring, eBPF‑based diagnostics, and checkpoint strategies that reduce invalid training time and accelerate fault recovery.
This article traces the decade‑long evolution of AI training stability—from early small‑model manual operations to large‑scale, multi‑thousand‑GPU clusters—detailing metrics like invalid training time, fault‑tolerance architectures, eBPF‑based hidden‑fault detection, BCCL enhancements, multi‑level restart strategies, and trigger‑based checkpointing that together shrink downtime from minutes to seconds.
This article compares three Gin observability solutions—manual instrumentation, compile‑time injection, and eBPF automatic tracing—detailing setup steps, code examples, and a feature matrix to help developers choose the most suitable approach for cloud‑native Go applications.
This article analyzes eBPF tracing hook mechanisms—kprobe, tracepoint/raw_tp, and fentry—explaining their implementation, performance trade‑offs, kernel version support, and benchmark results, to guide developers in choosing the most efficient hook for production workloads.
The article examines how Baidu Baige evolved AI training stability from manual operations to precise engineering, detailing metrics, fault‑perception techniques, eBPF‑based diagnostics, multi‑level restart strategies, and trigger‑based checkpointing that together achieve sub‑minute recovery and 99.5% effective training time on massive GPU clusters.
Last Branch Record (LBR) is a CPU‑level feature that records branch jumps; the Linux kernel’s bpf_get_branch_snapshot helper (since 5.16) enables eBPF programs to capture LBR data, and the bpflbr tool demonstrates how to trace kernel functions and bpf program execution, disassemble code, and output call stacks.
UprobeStats, introduced in Android 15, uses the Linux kernel eBPF uprobe mechanism to dynamically insert probes into user‑space methods, capture timestamps and arguments, load BPF programs, and forward the data to StatsD via configurable protobufs, enabling flexible, source‑free instrumentation with minimal overhead.
The article outlines 2025 observability trends, covering the rise of AIOps platforms, AI‑driven prediction, OpenTelemetry becoming the de‑facto standard, unified telemetry platforms, the shift of observability left and right, eBPF’s role in platform engineering, and cost‑effective strategies for modern cloud‑native environments.
The article introduces GPUprobe, an eBPF‑based tool that provides lightweight, continuous, application‑level monitoring of CUDA memory allocation, leaks, and kernel launches, compares it with NSight Systems and DCGM, and demonstrates near‑zero overhead integration with Prometheus and Grafana through detailed code examples and real‑world output analysis.
This article compiles predictions from multiple sources to outline ten common observability trends for 2025, covering AIOps platform evolution, AI‑driven prediction, OpenTelemetry adoption, unified monitoring, edge observability, shift‑left development, eBPF integration, log‑centric analytics, cost‑saving strategies, and proactive reliability.
The article explains how to add runtime‑configurable filtering of kernel function arguments in eBPF programs by parsing a C‑style expression, validating its AST, converting it to BPF instructions using BTF metadata, and injecting the generated code into the probe, with a complete example for skb filtering.
This article presents a lightweight, non‑intrusive eBPF‑based method for instantly identifying Redis big‑key operations, explains the underlying kernel and user‑space implementation, provides complete code samples, and evaluates performance before and after optimization.
This article presents a lightweight, zero‑code‑change solution that leverages eBPF uprobe tracing to monitor Redis in real time, capture client IP, command arguments, and response size, detect big‑key operations, and report them with minimal performance impact.
ByteDance engineers are adopting the Linux kernel's new netkit feature, an eBPF‑based container network device that bypasses veth's L2 bottlenecks, delivering up to 10% performance gains and lower CPU usage while maintaining compatibility with existing workloads.
The article explains how eBPF‑based sched_ext enables painless design, implementation and deployment of new Linux schedulers, offering faster iteration, better observability, lower entry barriers, and showcases simple FIFO examples, advanced LAVD and rustland schedulers, their adoption in major distros, and performance gains for gaming workloads.
This article explains how to use eBPF and perf events to trace NFS read/write system calls, capture kernel and user stack traces, resolve them to source locations via DWARF, and generate flame‑graph data that is pushed to Pyroscope for performance analysis.
The article outlines six distinct kernel‑level bugs affecting the eBPF tailcall feature across multiple Linux versions, explains the underlying causes and the commits that fixed them, and introduces a detection tool to verify whether a running kernel is affected.
This article compares three Go observability solutions—SDK instrumentation, eBPF‑based monitoring, and compile‑time code injection—explaining their mechanisms, open‑source implementations, trade‑offs, and why Alibaba Cloud's Instgo compile‑time approach offers a low‑overhead, non‑intrusive APM alternative.
This article introduces tcpw, a small eBPF‑based utility that traces TCP, UDP, and Unix‑domain sockets to display the five‑tuple of commands like curl or telnet, explains its command‑line options, shows concrete usage examples, and details the underlying BPF and Go implementation, including connect, accept, and fork tracing.
This tutorial shows how to use an eBPF program with the PERF_EVENT type to trace kernel activity, collect samples via performance counters, and pinpoint which processes and functions consume the most execution time, covering dynamic tracing concepts and overflow handling.
This article demonstrates how to write an eBPF program that attaches to Linux soft‑interrupt entry and exit points, records timestamps in eBPF maps, computes handling duration, updates counters and histograms, and exposes the data to user space for performance analysis.
The article explains why backtracing with eBPF fentry on arm64 is harder than on x86, details the stack layout differences, shows how recent commits changed register saving, and provides a practical detection routine to locate the frame pointer and retrieve the tracee's instruction pointer.
This article explains the kfunc mechanism behind Linux's sched_ext, covering instruction modification, verification, address fixup, and detailing common kfunc functions such as scx_bpf_dispatch, scx_bpf_consume, and queue management APIs.
Facing bandwidth contention when high‑volume video analytics compete with online services, Dahua partnered with the openEuler community to replace the tc htb limiter with an eBPF‑based Kmesh‑bwm solution that introduces lock‑free packet scheduling, directional monitoring and multi‑priority bandwidth guarantees, achieving over 50 % latency reduction, more than 50 % increase in container deployment density, and roughly 30 % overall resource savings.
This article explains how the eBPF technology is applied in a cloud‑native environment to extend observability from the application layer to the kernel, enabling real‑time traffic analysis, low‑overhead continuous profiling of C++ services, and scalable metric collection across thousands of nodes.
This article demonstrates how to use eBPF together with BTF to trace BPF map update and delete functions, shows concrete command‑line output, explains the code that identifies target kernel functions, and details the data‑dumping logic for debugging map contents.
This guide explains how to use Kmesh, an eBPF‑based high‑performance service‑mesh data plane, with Alibaba Cloud ASM by configuring the control plane, deploying the Kmesh DaemonSet, setting required environment variables, and verifying traffic routing and service status.
This article explains how China Mobile built a hybrid‑cloud production environment for its customer‑service LLM, using eBPF and WebAssembly plugins from DeepFlow to achieve zero‑intrusion observability, automatically capture full‑stack topology, application/network metrics, and key LLM business indicators such as TTFT, TPOT, and token throughput.
The article details how a long‑standing bug that displayed incorrect call‑address information in bpftool’s JIT disassembly was reproduced, analyzed, and fixed by correcting the PC parameter to use the function’s kernel symbol address, with patches applied to both LLVM and libbfd back‑ends.
The article analyzes how attackers can abuse eBPF to steal data, elevate privileges, execute commands, and hide processes, then presents concrete eBPF code for such attacks and outlines practical protection, detection, and auditing techniques—including file analysis, bpftool usage, and kernel tracing—to mitigate these threats.
The article introduces Intel's AI Flame Graph, a low‑overhead profiling tool that visualizes AI accelerator and GPU workloads across the full software stack, explains its design, demonstrates SYCL matrix‑multiply benchmarks, discusses challenges of AI instruction analysis, and outlines future adoption and impact.
The article introduces Intel’s AI Flame Graph, a low‑overhead profiling tool that visualizes AI accelerator and GPU execution alongside the full software stack, explains its design, shows SYCL matrix‑multiply examples, discusses challenges of AI workload analysis, and outlines future adoption and impact on performance and energy savings.
This article demonstrates how to use eBPF to audit fileless command‑execution attacks and reverse‑shell techniques by tracing memfd_create, Kprobe/LSM hooks, dup2 redirections, and related kernel functions, providing concrete code examples and analysis of the detection logic.
This article examines how the KPROBE_OVERRIDE feature, combined with eBPF, enables precise kernel‑level error injection, discusses its configuration requirements, demonstrates a practical example on a Mellanox NIC driver, and evaluates the associated security and performance implications.
This guide explains how to leverage eBPF’s Kprobe, Tracepoint, and LSM features to audit file read/write activity, extract process and file details, and optionally block operations using helpers like bpf_send_signal or bpf_override_return, with complete code examples and configuration steps.
This article explains how zero‑intrusion eBPF technology enables detailed, non‑disruptive TCP network monitoring, covering data collection interfaces, aggregation methods, implementation steps, usage limitations, and practical installation and visualization guidance for improving network performance and fault analysis.
The article explains how to use eBPF tracepoints to monitor and record changes in Linux process capabilities, detailing the kernel data structures, BPF program logic, and user‑space handling needed to debug real‑world capability issues such as tcpdump failures and systemd service launches.
The article explains how attackers exploit SUID binaries for privilege escalation and demonstrates how to use eBPF LSM hooks (file_open, bprm_check_security) and Kprobe tracing to audit such operations, then shows how to block them by returning error codes while exempting root users.
netcap is an open‑source eBPF‑driven kernel network packet capture tool that extends tcpdump syntax to trace skb‑related functions across the Linux network stack, offering detailed packet tracing, customizable filters, multi‑trace aggregation, and user‑defined output to improve debugging of packet loss and performance issues.
At the recent virtual eBPF summit, Isovalent CTO Thomas Graf revealed that Microsoft is developing a Windows version of eBPF, aiming for cross‑platform compatibility with Linux, while the IETF works on standardizing the eBPF ISA and verifier to ensure secure, portable kernel bytecode execution.
This article walks through the Linux kernel mechanisms for creating and destroying processes, covering copy‑on‑write, the fork/vfork/clone system calls, the kernel_clone implementation in kernels 5.0 and 6.5, the copy_process workflow, and the steps the kernel takes to wake up a new task and clean up a terminated one.
Kyanos is an open‑source command‑line utility that leverages eBPF to provide low‑overhead, kernel‑compatible network tracing and performance analysis for HTTP, MySQL, and Redis traffic, offering simple watch and stat commands that replace slow tcpdump workflows with seconds‑level diagnostics.
This article explains how kube-proxy and CNI plugins cooperate within a Kubernetes cluster to translate Service ClusterIP requests into real Pod IPs, detailing the Netfilter, iptables/ipvs rule configuration, overlay networking modes, and the emerging proxy‑free approaches using eBPF.
retsnoop is an eBPF‑based tracing utility that uses wildcard patterns to hook kernel functions, automatically captures full stack traces whenever a function returns an error, and offers three complementary modes—stack trace, function‑call trace, and LBR—to quickly pinpoint the source of kernel failures, with practical examples and source‑code insights.
This tutorial shows how to use eBPF, bpftrace, and the funclatency tool to instrument key Nginx functions, measure their execution latency, analyze the distribution of request processing times, and identify performance bottlenecks for optimization.
This article walks through removing the per‑CPU map used to pass the TCP‑option offset in an XDP program, shows the required code changes, explains the verifier errors that arise, and presents the final fix using an int offset with a bitwise mask.
The presentation outlines Alibaba Cloud's ACK container service observability framework, covering its architecture, key capabilities such as eBPF‑based tracing, GPU profiling, network diagnostics, storage monitoring, and FinOps integration, and demonstrates how these features support AI workloads, large‑scale production stability, and automated incident response.
The article explains the motivation, design, and API of the new multi‑producer single‑consumer eBPF Ring Buffer, compares it with perf buffers and other alternatives, and provides complete BPF and userspace code examples demonstrating reservation, commit, and polling of events while preserving ordering across CPUs.
This article explains why packets are dropped in Linux, introduces the kfree_skb_reason API added in kernel 5.17, and shows step‑by‑step how to use bpftrace to capture drop reasons, five‑tuple details, and stack traces for precise network debugging.
