eBPF, which stands for extended Berkeley Packet Filter, is exactly what it sounds like—an extended version of the Berkeley Packet Filter (BPF). It is a feature available in Linux kernels that allows you to run an abstract virtual machine (VM) inside the kernel. By executing user-defined programs inside a sandbox in the kernel, eBPF allows you to safely load programs into the kernel, in order to customize its operation.
eBPF is typically used to enable developers to write low-level monitoring, tracing, and networking programs in Linux in a way that ensures optimal performance. With eBPF, the kernel and its behavior become highly customizable, rather than fixed.
1. eBPF XDP
Learn how XDP enables fast traffic processing in eBPF, see use cases of XDP, and learn to write and load your first XDP program.
Is eBPF a one-stop shop solution for all of your Linux kernel needs? Learn about what eBPF does well, and how it stacks up against standard Linux iptables.