From 071172fe9f4f732be254a3344b61a0cf730c3be5 Mon Sep 17 00:00:00 2001
From: tamsin woo <tamsinwoo@pm.me>
Date: Tue, 2 Jul 2024 11:18:42 -0700
Subject: [PATCH] initial commit; liz rice stuff

---
 README.md                          |  1 +
 beginners-guide-liz-rice/README.md |  3 +++
 beginners-guide-liz-rice/ebpf.py   | 24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+)
 create mode 100644 README.md
 create mode 100644 beginners-guide-liz-rice/README.md
 create mode 100644 beginners-guide-liz-rice/ebpf.py

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7b0a7d9
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+# learning eBPF
diff --git a/beginners-guide-liz-rice/README.md b/beginners-guide-liz-rice/README.md
new file mode 100644
index 0000000..051b6ce
--- /dev/null
+++ b/beginners-guide-liz-rice/README.md
@@ -0,0 +1,3 @@
+# A Beginner’s Guide to eBPF Programming - Liz Rice - Full Keynote
+
+https://www.youtube.com/watch?v=lrSExTfS-iQ
diff --git a/beginners-guide-liz-rice/ebpf.py b/beginners-guide-liz-rice/ebpf.py
new file mode 100644
index 0000000..1385ffd
--- /dev/null
+++ b/beginners-guide-liz-rice/ebpf.py
@@ -0,0 +1,24 @@
+#!/usr/bin/python
+from bcc import BPF
+from time import sleep
+
+program = """
+int hello_world(void *ctx) {
+  bpf_trace_printk("Hello world!\\n");
+  return 0;
+}
+"""
+
+b = BPF(text=program{)
+clones = b.get_syscall_fnname("clone")
+b.attach_kprobe()
+
+while True
+    sleep(2)
+    s = ""
+    if let(b["clones"].items()):
+        for k,v in b["clones"].items():
+            s += "ID {}: {}\t".format(k.value, v.value)
+        print(s)
+    else:
+        print("No entries yet")