eBPF is a technology that can run programs in a privileged context such as the operating system kernel.[5] It is the successor to the Berkeley Packet Filter (BPF) filtering mechanism in Linux, and is also used in other parts of the Linux kernel as well.
It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring changes to kernel source code or loading kernel modules.[6] Safety is provided through an in-kernel verifier which performs static code analysis and rejects programs which crash, hang or otherwise interfere with the kernel negatively.[7][8]
This validation model differs from sandboxed environments, where the execution environment is restricted and the runtime has no insight about the program.[9] Examples of programs that are automatically rejected are programs without strong exit guarantees (i.e. for/while loops without exit conditions) and programs dereferencing pointers without safety checks.[10]
^ ab"Meta, Google, Isovalent, Microsoft and Netflix Launch eBPF Foundation as Part of the Linux Foundation". Linux Foundation. 12 August 2021. Retrieved 1 July 2022.
^"BPF Internals". USENIX LISA 2021 conference. 1 June 2021. Retrieved 1 July 2022.
^"eBPF and Kubernetes: Little Helper Minions for Scaling Microservices". CNCF KubeCon + CloudNativeCon Europe 2020. 19 August 2020. Retrieved 1 July 2022.
^"Making eBPF work on Windows". Microsoft Open Source Blog. 10 May 2021. Retrieved 1 July 2022.
^"eBPF Documentation: What is eBPF?". eBPF.io. Retrieved 1 July 2022.
^"eBPF - Rethinking the Linux Kernel". QCon 2020. Retrieved 1 July 2022.
^"Safe Programs The Foundation of BPF". eBPF Summit 2021. 8 November 2020. Retrieved 1 July 2022.
^"BPF and Spectre: Mitigating transient execution attacks". POPL 2022 conference. 22 January 2022. Retrieved 1 July 2022.
^"eBPF - The Silent Platform Revolution from Cloud Native" (PDF). SIGCOMM 2023, 1st Workshop on eBPF and Kernel Extensions. 10 September 2023. Retrieved 5 October 2023.
^Hedam, Niclas (26 May 2023). "eBPF - From a Programmer's Perspective" (PDF). doi:10.13140/RG.2.2.33688.11529/4.
eBPF is a technology that can run programs in a privileged context such as the operating system kernel. It is the successor to the Berkeley Packet Filter...
which supports JIT and eBPF (without cBPF). Its code has been reused to provide eBPF support in non-Linux systems. Microsoft's eBPF on Windows builds on...
XDP (eXpress Data Path) is an eBPF-based high-performance data path used to send and receive network packets at high rates by bypassing most of the operating...
by companies worldwide. He pioneered eBPF as an observability technology, including authoring many advanced eBPF tracing tools to provide unique insights...
classifiers. The eBPF functionality brought by version 4.1 of the Linux kernel in 2015 extends the classic BPF programmable classifiers to eBPF. These can be...
programs only, and requires least privilege. The newest backend is based on eBPF byte-code, is limited to the Linux kernel interpreter's capabilities, and...
consumer applications, and the CQ buffer is writable only by the kernel.: 3 eBPF can be combined with io_uring. The Linux kernel has supported asynchronous...
Packet Filter, a mechanism to write/read packets to/from network interface eBPF, an extended version used to run sandboxed programs in the operating system...
specifications pquic MIT License C An extensible QUIC implementation that includes an eBPF virtual machine that is able to dynamically load extensions as plugins QUANT...
later known as Outercurve Foundation Confidential Computing Consortium eBPF Foundation Eclipse Adoptium Working Group Eclipse Foundation F# Software...
organelle Cilium (computing), a container network interface (CNI) based on eBPF, a project of Cloud Native Computing Foundation Caput Cilla, Ancient city...
networking, security, and observability for Kubernetes deployments using eBPF technology. It joined the CNCF at incubation level in October 2021 and the...
3.13. kernelnewbies.org. 2014-01-19. Retrieved 2016-03-04. "How We Used eBPF to Build Programmable Packet Filtering in Magic Firewall". "Moving from iptables...
was developed by Gigamon and was announced on September 12, 2023. Using eBPF technology, GigamonPrecryption technology captures traffic prior to encryption...
in 2008. Computer programming portal Free and open-source software portal eBPF – Linux kernel tracing backend providing a set of features similar to DTrace...