Technical Details - Linux
We are implementing eBPF through BPF Compiler Collection. Kernel probes are then attached to several system calls that are related to I/O activities. These system calls are in a group of Linux Storage Stack.
Systems call that we used are as such:
| Layer | Syscall Traced |
|---|---|
| VFS Layer | vfs_read, vfs_write, vfs_open, vfs_fsync, vfs_fsync_range, __fput |
| Block Layer | block_rq_issue, block_rq_complete |
| Page | filemap_add_folio, folio_mark_accessed |