Add HID-BPF tutorial and implementation for virtual mouse input modification

- Introduced a comprehensive tutorial in README.md explaining how to fix broken HID devices using eBPF without kernel patches.
- Implemented a userspace program (hid-input-modifier.c) that creates a virtual HID mouse using the uhid interface and sends synthetic mouse events.
- Developed a BPF program (hid-input-modifier.bpf.c) that intercepts HID events and modifies mouse movement data, effectively doubling the X and Y movement.
- Created necessary header files (hid_bpf.h, hid_bpf_defs.h, hid_bpf_helpers.h) to define structures and helper functions for the BPF program.
- Added functionality to find and manage the virtual HID device, ensuring seamless integration with the BPF program.

Author: yunwei37

scripts/generate_toc.py

@@ -15,13 +15,13 @@ def generate_toc(base_dir, project_root):
         "GPU": "\n\nGPU:\n\n",
         "Scheduler": "\n\nScheduler:\n\n",
         "Networking": "\n\nNetworking:\n\n",
-        "tracing": "\n\nTracing:\n\n",
+        "Tracing": "\n\nTracing:\n\n",
         "Security": "\n\nSecurity:\n\n",
         "Features": "\n\nFeatures:\n\n",
-        "Other": "\n\nFeatures:\n\n"
+        "Other": "\nOther:\n\n"
     }
 
-    subsection_order = ['GPU', 'Scheduler', 'Networking', 'tracing', 'Security', 'Features', 'Other', 'Android']
+    subsection_order = ['GPU', 'Scheduler', 'Networking', 'Tracing', 'Security', 'Features', 'Other', 'Android']
 
     # To ensure numeric sorting of directories
     def sort_key(directory_name):

src/10-hardirqs/README.md

@@ -5,6 +5,8 @@ eBPF (Extended Berkeley Packet Filter) is a powerful network and performance ana
 This article is the tenth part of the eBPF Tutorial by Example, focusing on capturing interrupt events using hardirqs or softirqs in eBPF.
 hardirqs and softirqs are two different types of interrupt handlers in the Linux kernel. They are used to handle interrupt requests generated by hardware devices, as well as asynchronous events in the kernel. In eBPF, we can use the eBPF tools hardirqs and softirqs to capture and analyze information related to interrupt handling in the kernel.
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/10-hardirqs>
+
 ## What are hardirqs and softirqs?
 
 hardirqs are hardware interrupt handlers. When a hardware device generates an interrupt request, the kernel maps it to a specific interrupt vector and executes the associated hardware interrupt handler. Hardware interrupt handlers are commonly used to handle events in device drivers, such as completion of device data transfer or device errors.

src/11-bootstrap/README.md

@@ -4,6 +4,8 @@ eBPF (Extended Berkeley Packet Filter) is a powerful network and performance ana
 
 In this tutorial, we will learn how kernel-space and user-space eBPF programs work together. We will also learn how to use the native libbpf to develop user-space programs, package eBPF applications into executable files, and distribute them across different kernel versions.
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/11-bootstrap>
+
 ## The libbpf Library and Why We Need to Use It
 
 libbpf is a C language library that is distributed with the kernel version to assist in loading and running eBPF programs. It provides a set of C APIs for interacting with the eBPF system, allowing developers to write user-space programs more easily to load and manage eBPF programs. These user-space programs are typically used for system performance analysis, monitoring, or optimization.

src/12-profile/README.md

@@ -4,6 +4,8 @@ This tutorial will guide you on using eBPF programs for performance analysis wit
 
 This implementation uses libbpf-rs, a Rust wrapper around libbpf, along with blazesym for symbol resolution. Perf is a performance analysis tool in the Linux kernel that allows users to measure and analyze the performance of kernel and user space programs, as well as obtain corresponding call stacks. It collects performance data using hardware counters and software events in the kernel.
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/12-profile>
+
 ## eBPF Tool: profile Performance Analysis Example
 
 The `profile` tool is implemented based on eBPF and utilizes the perf events in the Linux kernel for performance analysis. The `profile` tool periodically samples each processor to capture the execution of kernel and user space functions.

src/13-tcpconnlat/README.md

@@ -4,6 +4,8 @@ eBPF (Extended Berkeley Packet Filter) is a powerful network and performance ana
 
 This article is the thirteenth installment of the eBPF Tutorial by Example, mainly about how to use eBPF to statistics TCP connection delay and process data in user space using libbpf.
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/13-tcpconnlat>
+
 ## Background
 
 When developing backends, regardless of the programming language used, we often need to call databases such as MySQL and Redis, perform RPC remote calls, or call other RESTful APIs. The underlying implementation of these calls is usually based on the TCP protocol. This is because TCP protocol has advantages such as reliable connection, error retransmission, congestion control, etc., so TCP is more widely used in network transport layer protocols than UDP. However, TCP also has some drawbacks, such as longer connection establishment delay. Therefore, some alternative solutions have emerged, such as QUIC (Quick UDP Internet Connections).

src/14-tcpstates/README.md

@@ -4,6 +4,8 @@ eBPF (Extended Berkeley Packet Filter) is a powerful network and performance ana
 
 In this article of our eBPF Tutorial by Example series, we will introduce two sample programs: `tcpstates` and `tcprtt`. `tcpstates` is used to record the state changes of TCP connections, while `tcprtt` is used to record the Round-Trip Time (RTT) of TCP.
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/14-tcpstates>
+
 ## `tcprtt` and `tcpstates`
 
 Network quality is crucial in the current Internet environment. There are many factors that affect network quality, including hardware, network environment, and the quality of software programming. To help users better locate network issues, we introduce the tool `tcprtt`. `tcprtt` can monitor the Round-Trip Time of TCP connections, evaluate network quality, and help users identify potential problems.

src/15-javagc/README.md

@@ -4,6 +4,8 @@ eBPF (Extended Berkeley Packet Filter) is a powerful network and performance ana
 
 In this article of our eBPF Tutorial by Example series, we will explore how to use eBPF and USDT to capture and analyze the duration of Java garbage collection (GC) events.
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/15-javagc>
+
 ## Introduction to USDT
 
 USDT is a mechanism for inserting static tracepoints into applications, allowing developers to insert probes at critical points in the program for debugging and performance analysis purposes. These probes can be dynamically activated at runtime by tools such as DTrace, SystemTap, or eBPF, allowing access to the program's internal state and performance metrics without the need to restart the application or modify the program code. USDT is widely used in many open-source software applications such as MySQL, PostgreSQL, Ruby, Python, and Node.js.

src/16-memleak/README.md

@@ -4,6 +4,8 @@ eBPF (extended Berkeley Packet Filter) is a powerful network and performance ana
 
 In this tutorial, we will explore how to write a Memleak program using eBPF to monitor memory leaks in programs.
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/16-memleak>
+
 ## Background and Importance
 
 Memory leaks are a common problem in computer programming and should not be underestimated. When memory leaks occur, programs gradually consume more memory resources without properly releasing them. Over time, this behavior can lead to a gradual depletion of system memory, significantly reducing the overall performance of the program and system.

src/17-biopattern/README.md

@@ -4,6 +4,8 @@ eBPF (Extended Berkeley Packet Filter) is a new technology in the Linux kernel t
 
 In this tutorial, we will explore how to use eBPF to write programs to count random and sequential disk I/O. Disk I/O is one of the key metrics of computer performance, especially in data-intensive applications.
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/17-biopattern>
+
 ## Random/Sequential Disk I/O
 
 As technology advances and data volumes explode, disk I/O becomes a critical bottleneck in system performance. The performance of an application depends heavily on how it interacts with the storage tier. Therefore, it becomes especially important to deeply understand and optimise disk I/O, especially random and sequential I/O.

src/18-further-reading/README.md

@@ -5,6 +5,8 @@ You may find more about eBPF in these places:
 - A curated list of awesome projects related to eBPF: <https://github.com/zoidbergwill/awesome-ebpf>
 - A website of eBPF projects and tutorials: <https://ebpf.io/>
 
+> The complete source code: <https://github.com/eunomia-bpf/bpf-developer-tutorial/tree/main/src/18-further-reading>
+
 This is also list of eBPF related papers I read in recent years, might be helpful for people who are interested in eBPF related research.
 
 eBPF (extended Berkeley Packet Filter) is an emerging technology that allows safe execution of user-provided programs in the Linux kernel. It has gained widespread adoption in recent years for accelerating network processing, enhancing observability, and enabling programmable packet processing.