I have written an eBPF program which captures HTTP requests and responses using kprobes on system calls like accept4, accept, read, write, close(both entry & exit) and sending these as a captured event to userspace using ringbuf.
I have few questions which i am unable to find out.
- How many concurrent requests this setup can handle?
- Since i was missing some kretprobes on
readsystem call due to low default value ofmaxactiveparameter (determines number of kretprobes instances), so i have set this to some value say 1024(max = 4096). I know that even at this maximum value some kretprobes will be ignored. But still how much it can handle say i am on 2 core cpu. - So i will set this
maxactiveparameter to all of the above mentioned syscall kretprobe, what can be the overhead?
I have limited familiarity with eBPF and its concepts, please help.
Architecture: x86_64
Kernel Version: 5.15+
