eBPF Hookpoint Gotchas: Why Your Program Fires (or Fails) in Unexpected Ways
H.1308 (Rolin) | Day 1 | 10:30 - 11:00 | Speakers: Donia Chaiehloudj, Chris Tarazi
Abstract
eBPF programs often behave differently than developers expect, not because of incorrect logic, but because of subtle behaviours of the hookpoints themselves. In this talk, we focus on a small set of high-impact, commonly misunderstood attachment types — kprobes/fentry, tracepoints and uprobes, and expose the internal kernel mechanics that cause surprising edge cases.
Rather than attempting to cover all eBPF hooks, this session distills a practical set of real-world gotchas that routinely affect production tools, explaining why they occur and how to work around them.
Speakers
Donia is a Software Engineer on the Open Source Community team at Isovalent, where she focuses on learning and creating content around eBPF, Cilium, and Go. She explores the developer experience side of cloud-native networking and security, sharing what she learns with the wider community.
Chris Tarazi is a FOSS advocate and senior staff software engineer at Isovalent@Cisco, where he has been a core contributor to the Cilium project for over six years, focusing on networking and security.
Links
External Links
Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.