tanjunchen
diff --git a/‎README.md
+3-2 b/‎README.md
+3-2
diff --git a/‎bcc-documents/kernel-versions.md
+507 b/‎bcc-documents/kernel-versions.md
+507
diff --git a/‎bcc-documents/kernel_config.md
+48 b/‎bcc-documents/kernel_config.md
+48
@@ -1,6 +1,6 @@
 # 基于 libbpf 的 eBPF 开发者教程：通过 20 个小工具一步步学习 eBPF
 
-这是一个基于 `CO-RE`（一次编译，到处运行）的 `libbpf` 的 eBPF 的开发教程，提供了从入门到进阶的 eBPF 开发实践，包括基本概念、代码实例、实际应用等内容。
+这是一个基于 `CO-RE`（一次编译，到处运行）的 `libbpf` 的 eBPF 的开发教程，提供了从入门到进阶的 eBPF 开发实践，包括基本概念、代码实例、实际应用等内容。除了通常的教程文本内容，我们也希望通过 ChatGPT 等工具，为您提供交互式的 eBPF 学习体验！
 
 本教程不会进行复杂的概念讲解和场景介绍，主要希望提供一些 eBPF 小工具的案例（**非常短小，从二十行代码开始入门！**），来帮助 eBPF 应用的开发者快速上手 eBPF 的开发方法和技巧。教程内容可以在目录中找到，每个目录都是一个独立的 eBPF 工具案例。
 
@@ -12,7 +12,8 @@
 
 Gitee 镜像： <https://gitee.com/yunwei37/bpf-developer-tutorial>
 
-> 我们还提供了一个使用 ChatGPT ，通过自然语言描述即可自动编写 eBPF 程序和追踪 Linux 系统的小工具，可以让您交互式地学习 eBPF 程序：[GPTtrace](https://github.com/eunomia-bpf/GPTtrace)
+> - 我们还提供了一个使用 ChatGPT ，通过自然语言描述即可自动编写 eBPF 程序和追踪 Linux 系统的小工具，可以让您交互式地学习 eBPF 程序：[GPTtrace](https://github.com/eunomia-bpf/GPTtrace)
+> - 欢迎在本仓库的 issue 或 discussion 中提出任意关于 eBPF 学习的疑惑和问题，或者生产实践中遇到的 bug，我们会尽力帮助您解答！
 
 ## 目录
 
 
@@ -0,0 +1,48 @@
+# Kernel Configuration for BPF Features
+
+## BPF Related Kernel Configurations
+
+| Functionalities | Kernel Configuration | Description |
+|:----------------|:---------------------|:------------|
+| **Basic** | CONFIG_BPF_SYSCALL | Enable the bpf() system call |
+|  | CONFIG_BPF_JIT | BPF programs are normally handled by a BPF interpreter. This option allows the kernel to generate native code when a program is loaded into the kernel. This will significantly speed-up processing of BPF programs |
+|  | CONFIG_HAVE_BPF_JIT | Enable BPF Just In Time compiler |
+|  | CONFIG_HAVE_EBPF_JIT | Extended BPF JIT (eBPF) |
+|  | CONFIG_HAVE_CBPF_JIT | Classic BPF JIT (cBPF) |
+|  | CONFIG_MODULES | Enable to build loadable kernel modules |
+|  | CONFIG_BPF | BPF VM interpreter |
+|  | CONFIG_BPF_EVENTS | Allow the user to attach BPF programs to kprobe, uprobe, and tracepoint events |
+|  | CONFIG_PERF_EVENTS | Kernel performance events and counters |
+|  | CONFIG_HAVE_PERF_EVENTS | Enable perf events |
+|  | CONFIG_PROFILING | Enable the extended profiling support mechanisms used by profilers |
+| **BTF** | CONFIG_DEBUG_INFO_BTF | Generate deduplicated BTF type information from DWARF debug info |
+| | CONFIG_PAHOLE_HAS_SPLIT_BTF | Generate BTF for each selected kernel module |
+| | CONFIG_DEBUG_INFO_BTF_MODULES | Generate compact split BTF type information for kernel modules |
+| **Security** | CONFIG_BPF_JIT_ALWAYS_ON | Enable BPF JIT and removes BPF interpreter to avoid speculative execution |
+| | CONFIG_BPF_UNPRIV_DEFAULT_OFF | Disable unprivileged BPF by default by setting |
+| **Cgroup** | CONFIG_CGROUP_BPF | Support for BPF programs attached to cgroups |
+| **Network** | CONFIG_BPFILTER | BPF based packet filtering framework (BPFILTER) |
+| | CONFIG_BPFILTER_UMH | This builds bpfilter kernel module with embedded user mode helper |
+| | CONFIG_NET_CLS_BPF | BPF-based classifier - to classify packets based on programmable BPF (JIT'ed) filters as an alternative to ematches |
+| | CONFIG_NET_ACT_BPF | Execute BPF code on packets. The BPF code will decide if the packet should be dropped or not |
+| | CONFIG_BPF_STREAM_PARSER | Enable this to allow a TCP stream parser to be used with BPF_MAP_TYPE_SOCKMAP |
+| | CONFIG_LWTUNNEL_BPF | Allow to run BPF programs as a nexthop action following a route lookup for incoming and outgoing packets |
+| | CONFIG_NETFILTER_XT_MATCH_BPF | BPF matching applies a linux socket filter to each packet and accepts those for which the filter returns non-zero |
+| | CONFIG_IPV6_SEG6_BPF | To support  BPF seg6local hook. bpf: Add IPv6 Segment Routing helpersy. [Reference](https://github.com/torvalds/linux/commit/fe94cc290f535709d3c5ebd1e472dfd0aec7ee7) |
+| **kprobes** | CONFIG_KPROBE_EVENTS | This allows the user to add tracing events (similar to tracepoints) on the fly via the ftrace interface |
+|  | CONFIG_KPROBES | Enable kprobes-based dynamic events |
+|  | CONFIG_HAVE_KPROBES | Check if krpobes enabled |
+|  | CONFIG_HAVE_REGS_AND_STACK_ACCESS_API | This symbol should be selected by an architecture if it supports the API needed to access registers and stack entries from pt_regs. For example the kprobes-based event tracer needs this API. |
+|  | CONFIG_KPROBES_ON_FTRACE | Have kprobes on function tracer if arch supports full passing of pt_regs to function tracing |
+| **kprobe multi** | CONFIG_FPROBE | Enable fprobe to attach the probe on multiple functions at once |
+| **kprobe override** | CONFIG_BPF_KPROBE_OVERRIDE | Enable BPF programs to override a kprobed function |
+| **uprobes** | CONFIG_UPROBE_EVENTS | Enable uprobes-based dynamic events |
+|  | CONFIG_ARCH_SUPPORTS_UPROBES | Arch specific uprobes support |
+|  | CONFIG_UPROBES | Uprobes is the user-space counterpart to kprobes: they enable instrumentation applications (such as 'perf probe') to establish unintrusive probes in user-space binaries and libraries, by executing handler functions when the probes are hit by user-space applications. |
+|  | CONFIG_MMU | MMU-based virtualised addressing space support by paged memory management |
+| **Tracepoints** | CONFIG_TRACEPOINTS | Enable inserting tracepoints in the kernel and connect to proble functions |
+|  | CONFIG_HAVE_SYSCALL_TRACEPOINTS | Enable syscall enter/exit tracing |
+| **Raw Tracepoints** | Same as Tracepoints | |
+| **LSM** | CONFIG_BPF_LSM | Enable instrumentation of the security hooks with BPF programs for implementing dynamic MAC and Audit Policies |
+| **LIRC** | CONFIG_BPF_LIRC_MODE2 | Allow attaching BPF programs to a lirc device |
+