As someone who has gone through the ipfwadm -> ipchains -> iptables history, I would generally be pretty meh about another firewalling change. But, I have high hopes that it'll give me the ability to do reasonable traffic shaping in Linux.
I once set up a FreeBSD box to do shaping for an ISP's entire DSL customer base, and it was a couple commands and worked brilliantly! By contrast, I've dabbled with Linux shaping for ~2 decades, and the best I've gotten is one recipe that works well for one limited use case. Maybe it's just me, but I've never been able to make it do my bidding, despite several occasions sitting down and giving it the old college try.
For other kernel paths, I'm really interested in using it to monitor for file modifications in the way that inotify is not very good. And I often resort to strace to figure out low level what is going on, it might be really good for that too.
> And I often resort to strace to figure out low level what is going on, it might be really good for that too.
BPF is a double-edged sword in that regard. It's being used to write better tracing tools for normal kernel facilities, but facilities which migrate to BPF become more opaque and unstructured than ever.
I like iptables fairly well, though it does take some planning to ensure it can remain speedy. In fact, the only way I could make shaping in Linux work involved using iptables to tag the packets for tc to then shape. Used that for our mirror server, among other things. Even had a fairly slick setup where our core routers would, every few seconds, report their bandwidth usage to the mirror server, which would adjust it's shaping to consume all our committed bandwidth, without interfering with customers traffic or costing us more bandwidth charges.
Thanks for that pointer, I had only used wondershaper as provided in the Ubuntu package, which is version 1.1a, and horribly broken. I recently had a system that was downloading around 1TB of archive data, and killing the network for other use, so I set up wondershaper on that VM. It did indeed limit it, but I couldn't get it to limit it to anything other than the 768kbps it seemed built to do. I really needed more like 50-100Mbps. I'll have to try version 1.4 on github.
I have never been successful at using tc or the recipes in LARTC or other resources to set up anything more than a basic shaping setup. And even basic ones took hours of messing around to get working. Maybe that's just me?
Alastair added struct support for kprobes yesterday, based on the functionality in bcc (which bpftrace uses). That was the final missing piece, and why I'm posting about it now. See the last example here:
Thanks for sharing Jessie! I am definitely going to order this book :-)
Why did I get down voted? I am not affiliated with this book, the authors of the book, or the OP in anyway. It just so happens that I will find this book very useful, so I thanked the OP for sharing.
It is sad we live in a world where there is so much manipulation that we are suspicious of each other's sincerity. I guess I understand where the downvoter was coming from :-(